Abstract: A cryptographic device comprising a processing logic and memory associated with the processing logic. The memory is loaded with a first segment of code to control execution of cryptographic functions and hash functions, and a second segment of code to perform cryptographic functions on behalf of a third party having no physical control of hardware employing the cryptographic device.

Abstract: The system and method to protect integrity of a data set during post-processing operations. In general, integrity is protected by operations performed by a manipulation agent including a processor connected to dedicated memory. The operations of the manipulation agent include at least providing a data set and recording characteristics of each post-processing operation into the data set. The data set includes data and a record. The record includes a number of entries (fields) to contain the various characteristics of a post-processing operation such as an incoming hash value of the data, an extended digital signature, and the like.

Abstract: A cryptographic device is implemented in communication with a host processor to prevent the host processor from performing a standard boot-up procedure until a basic input output system (BIOS) code is authenticated. This is accomplished by a cryptographic device which is addressed by the host processor during execution of a first instruction following a power-up reset. The cryptographic device includes a first integrated circuit (IC) device and a second IC device. The first IC device includes a memory to contain firmware and a root certification key. The second IC device includes logic circuitry to execute a software code to authenticate the BIOS code before permitting execution of the BIOS code by the host processor.

Abstract: In one embodiment, a method to provide reliable electronic distribution of information between a first system and a second system remotely located from the first system coupled together by a communication link. The method comprises storing a public key, a private key, and signed key parameters in a semiconductor device associated with the first system. The signed key parameters are output from the semiconductor device to the second system via the communication link. Then, the first system is authenticated by the second system; and the information is transmitted from the second system to the first system, provided the first system is authenticated.

Abstract: A cryptographic device and corresponding method for producing a cloaked watermark which is a private watermark having the functionality of a public watermark. In one embodiment, the cryptographic device comprises an internal memory and a processor contained in a package. The internal memory provides a region for storage of key information used at least to produce the cloaked watermark. The processor is coupled to the internal memory and is responsible for producing a cloaked watermark based on the key and for inserting the cloaked watermark into an outgoing data set.

Abstract: A body panel mounting system for a vehicle has a hinge bar (30), a hinge bracket (32), a hinge pivot stop (34), longitudinal positioning collars (36), a latch bar (38), latch bar fasteners (40), and latch brackets (42). The hinge bar (30) is adapted to removably interlock with each hinge bracket (32) to form a hinge mechanism (44). The hinge bar (30) attaches to a vehicle chassis (24). Each hinge bracket (32) retains an edge of a body panel (22). The hinge pivot stop (34) is adapted to limit the pivotal range of each hinge bracket (32) about the hinge bar (30). The latch bar (38) attaches to the body panel (22) via the latch bar fasteners (40), and the latch bar removably attaches to the chassis (24) via the latch brackets (42).

Abstract: A digital arbitration system comprising a server node and at least one signatory node coupled together through a communication link. Each of the signatory node(s) may be configured with a unique private key which is used to digitally sign a message, a hash value of an electronic document for example, and transmits the digitally signed message being a digital signature to the server node via the communication link. The server node determines whether the digital signatures have been received from at least one of the signatory node(s) and whether each of the digital signatures is valid. The server node then transmits all of the digital signatures to each of the signatory node(s), provided both conditions described have been met.

Abstract: Circuitry implemented within a multi-chip module comprising a first integrated circuit chip and a second integrated circuit chip coupled together through an interconnect. Both the first and second integrated circuit chips include a cryptographic engine coupled to the interconnect and a non-volatile memory element used to contain key information. These cryptographic engines are solely used to encrypt outgoing information being output across the interconnect or to decrypt incoming information received from the interconnect. This prevents fraudulent physical attack of information transmitted across the interconnect.

Abstract: A method and apparatus for encoding a purpose into a digital signature, where purpose and digital signature bound into an extended digital signature. The extended digital signature capability binds a purpose description identifying the purpose for the digital signature so that when affixed to a digital signature, the digital signature cannot be employed for improper purposes. A hash function is used to generate a hash value from the purpose description. The hash value is used in a digital signature function to bind the purpose to a digital signature. The extended digital signature can be verified for validity by comparing it to a hash value. In an electronic transaction, the extended digital signature can allow a purpose to be bound with the digital signature so that improper or unauthorized transactions are detected and disallowed.

Abstract: A method of producing a hardware agent being a single integrated circuit encapsulated within a semiconductor device package. The method comprises the steps of generating a device-specific key pair internally within the hardware agent, and verifying that the key pair is unique. After production, secure communications are established through transmission of at least one digital certificate, followed by a successful challenge and response communication exchange.

Abstract: A biometric device comprises a biometric processor including a data capture circuit that captures data associated with a predetermined biometric characteristic that is checked to regulate access to the node or area. The biometric processor further includes a cryptographic circuit, coupled to the data capture circuit, that internally processes the data clip which may include comparison of the data clip with pre-stored data being a master copy of the predetermined biometric characteristic of the user. Thereafter, the biometric processor transfers a message to the node to control access thereto.

Abstract: An electronic system that remains disabled after power-on until its user is recognized. The electronic system includes a host processor and a deactivation circuit coupled to the host processor. The deactivation circuit places the host processor into an inoperative state until the user is recognized. In one embodiment, the deactivation circuit is a security processor coupled to a reset input of the host processor. The security processor includes a processing unit and an internal memory unit to contain software required by the host processor to complete a booting procedure.

Abstract: An integrated circuit device comprised of a backlapped integrated circuit (IC) and a molding compound. The molding compound is deemed to be secure if it is made of a material which, when tampered, increases the likelihood of damaging a portion of the IC. Otherwise, the molding compound is deemed to be non-secure. This molding compound substantially surrounds the backlapped IC in order to prevent unwanted and unauthorized physical analysis.

Abstract: An electronic system with security functionality that optimizes performance of the electronic system during cryptographic operations. In one embodiment, the electronic system includes a chipset having circuitry to perform bulk cryptographic operations and a circuitry physically removed from the chipset to control and manage operations of the chipset.

Abstract: A wireless authentication system to control an operating state of a node being a computer, door control mechanism or any muti-state product based on the proximity of an authorized user to the node. The wireless authentication system comprises a security device implemented within the computer and a user authentication token ("token") in possession of the authorized user. A Challenge/Response protocol is configured between the security device and the token. The first successful Challenge/Response message exchange between the security device and the token places the node in an operational state allowing the authorized user access to the contents and/or networked resources of the node. Later Challenge/Response message exchanges are set to occur periodically to check whether the authorized user possessing the token has left the node unattended thereby causing the node to be placed in a non-operational state.

Abstract: A secure video content processor ("SVCP") which receives encrypted digital video information and converts it into analog information for a monitor while preventing unauthorized access to the intermediate unencrypted digital data. The SVCP uses hardware envelopes to prevent unauthorized access to the decrypted digital stream. When a need arises to transmit digital data outside the hardware envelope, the digital data is encrypted and then decrypted when it re-enters a hardware protected section of circuitry.

Abstract: A cryptographic device being remotely modified only by proper authorization. The cryptographic device comprising a processor, non-volatile memory and a bus interface. The non-volatile memory stores at least a public key of an upgrade entity and possibly a public key of a regulatory entity, a unique, device-specific encryption/decryption key pair and/or internal memory for storing cryptographic programs. The processor processes the cryptographic programs to modifying contents of the non-volatile memory based on an upgrade directive within an upgrade message transmitted by the upgrade entity to the cryptographic device.

Abstract: A method and apparatus for encoding a purpose into a digital signature, where purpose and digital signature bound into an extended digital signature. The extended digital signature capability binds a purpose description identifying the purpose for the digital signature so that when affixed to a digital signature, the digital signature cannot be employed for improper purposes. A hash function is used to generate a hash value from the purpose description. The hash value is used in a digital signature function to bind the purpose to a digital signature. The extended digital signature can be verified for validity by comparing it to a hash value. In an electronic transaction, the extended digital signature can allow a purpose to be bound with the digital signature so that improper or unauthorized transactions are detected and disallowed.

Abstract: A cryptography unit having a cipher unit and a hash unit coupled in parallel for simultaneous ciphering and hashing. The cipher unit implements a cipher algorithm that operates on a data block having a first predetermined size M. The hash unit implements a hash algorithm on a data block having a second predetermined size N. Buffers of a size Q, where Q is an integer multiple of M and N, are employed to receive the input data into the present invention. A security unit that ensures that the cipher unit and the hash unit operate on the same data block of size Q is also provided.