Abstract: A method for managing operability of an on-chip debug capability (24) in a product (26) configured to execute software (30) includes storing (74, 76) a debug public key (40) and an operational public key (44) in product memory (54). The software (30) with either a debug signature (82) or an operational signature (88) is saved (84) in the memory (56). When enablement indication is received, the debug signature (82) is validated (102) using the debug public key (40). The debug capability (24) is enabled upon validation of the signature (82) and the software (30) is allowed to execute. When disablement indication is received, the operational signature (88) is verified (112) using the operational public key (44). The on-chip debug capability (24) is disabled upon verification of the signature (88) and the software (30) is allowed to execute.

Abstract: A communication network (22) includes a central node (30) loaded with a trusted key (26) and key material (56) corresponding to an asymmetric key agreement protocol (48). The network (22) further includes vulnerable nodes (32) loaded with key material (69) corresponding to the protocol (48). Successive secure connections (68, 70) are established between the central node (30) and the vulnerable nodes (32) using the key material (56, 69) to generate a distinct session key (52) for each of the secure connections (68, 70). The trusted key (26) and one of the session keys (52) are utilized to produce a mission key (39). The mission key (39) is transferred from the central node (30) to each of the vulnerable nodes (32) via each of the secure connections (68, 70) using the corresponding current session key (52). The mission key (39) functions for secure communication within the communication network (22).

Abstract: Authentication management of software (22) in a product (28) encompasses trust anchor assignment (66) and trust anchor verification (68). A root public key (40) of a root trust anchor (32) is stored (80) in non-changeable memory (54) in the product (28). A signed operational public key (86) is formed by attaching a root signature (84) to an operational public key (44) of an operational trust anchor (34) using a root private key (38). An operational signature (96) is appended to the software (22) using an operational private key. (42) to form signed software (98). The signed operational public key (86) and the signed software (98) are saved in changeable memory (56) in the product (28). Upon verification of the root signature (84) utilizing the root public key (40) and validation of the operational signature (96) using the operational public key (44), the software (22) is authenticated and enabled to execute.

Abstract: A method for managing operability of an on-chip debug capability (24) in a product (26) configured to execute software (30) includes storing (74, 76) a debug public key (40) and an operational public key (44) in product memory (54). The software (30) with either a debug signature (82) or an operational signature (88) is saved (84) in the memory (56). When enablement indication is received, the debug signature (82) is validated (102) using the debug public key (40). The debug capability (24) is enabled upon validation of the signature (82) and the software (30) is allowed to execute. When disablement indication is received, the operational signature (88) is verified (112) using the operational public key (44). The on-chip debug capability (24) is disabled upon verification of the signature (88) and the software (30) is allowed to execute.

Abstract: A secure memory and processing system is disclosed for use in various types of communication devices. The secure processing system provides for the encryption and storage of sensitive data in a storage medium external to the secure processing system. The encrypted data is decrypted with encryption logic circuitry within the secure memory and transferred to a zeroizable memory for use by a host processor. The secure memory uses a laser-scribed encryption key coupled to encryption logic circuitry within the secure memory for encrypting and decrypting the sensitive information.

Abstract: A method for purchasing items over a non-secure communication channel uses a secure communication device. The secure communication device includes a host processor, a secure memory that includes a laser-scribed encryption key, and a non-secure memory for storing encrypted data. A user's sensitive data is encrypted within the secure memory using the laser-scribed encryption key and stored as encrypted data in the non-secure memory. An encrypted credit card number and an encrypted secret key is retrieved from the non-secure memory, the encrypted credit card and secret key are decrypted with the laser-scribed encryption key, the credit card number is encrypted with a session key, and the encrypted credit card number is transferred over the network to a destination such as an internet vendor.

Abstract: Method for securing encryption keys for encrypting software while providing for secure updates of the key for other or updated versions of the software. A First Encryption Key which is used to encrypt an initial software version includes a FIRST SPLIT portion and a TOKEN portion. The FIRST SPLIT portion can be stored in an anti-tamper storage memory of a hardware product and the TOKEN can be stored in external storage medium so that the FIRST SPLIT and the TOKEN are separately provided to separate personnel of the user while the identity of the First Encryption Key is kept secure by remaining in custody of the provider. The user employs the hardware to combine the FIRST SPLIT and TOKEN to generate the First Encryption Key within the hardware to decrypt the encrypted software. To facilitate updates the provider combines the First Encryption Key with a Second Encryption Key to generate an UPDATE SPLIT for updated software which is encrypted with the Second Encryption Key.

Abstract: A system and method allows portable, encrypted data to be accessible through multiple hosts, including new hosts (14), without requiring a secure link to the new hosts. A split key encryption system encrypts (52) data and stores the encrypted data on a portable device (10). A split of the encryption key is stored (54) in the portable device (10), and another split of the key is stored (54) in a home host (12) . A password-modified key is then made (58) by combining a password with the encryption key. This password-modified key is then reduced (58), with one split being stored on the host (12) and another split stored on the portable device (10) . Data can be accessed with a new host (14) by transferring (78) the host password-modified split to the new host (14) and entering (80) the password into the portable device (10).

Abstract: A call is connected between secure terminals (16) through a network (12). If a network address for the call is included on an approved list (46), a secure call setup procedure (54) is performed automatically. One terminal (16) automatically sends an auto-secure signal. If the other terminal detects the auto-secure signal, secure call setup procedure (54) is performed automatically. The secure call setup procedure (54) determines a current user-identity for the opposing party. If the current user-identity corresponds to a user-identity included on an approved list (76), an abbreviated secure call setup process (80) is performed. If the current user identity is not approved, a full secure call setup process (78) is performed. The abbreviated process (80) differs from the full process (78) in that it uses a traffic key obtained from a prior secure communication session and may be performed more quickly.

Abstract: A call is connected between secure terminals (16) through a network (12). If a network address for the call is included on an approved list (46), a secure call setup procedure (54) is performed automatically. One terminal (16) automatically sends an auto-secure signal. If the other terminal detects the auto-secure signal, secure call setup procedure (54) is performed automatically. The secure call setup procedure (54) determines a current user-identity for the opposing party. If the current user-identity corresponds to a user-identity included on an approved list (76), an abbreviated secure call setup process (80) is performed. If the current user identity is not approved, a full secure call setup process (78) is performed. The abbreviated process (80) differs from the full process (78) in that it uses a traffic key obtained from a prior secure communication session and may be performed more quickly.

Abstract: A call is connected between secure terminals (16) through a network (12). If a network address for the call is included on an approved list (46), a secure call setup procedure (54) is performed automatically. One terminal (16) automatically sends an auto-secure signal. If the other terminal detects the auto-secure signal, secure call setup procedure (54) is performed automatically. The secure call setup procedure (54) determines a current user-identity for the opposing party. If the current user-identity corresponds to a user-identity included on an approved list (76), an abbreviated secure call setup process (80) is performed. If the current user identity is not approved, a full secure call setup process (78) is performed. The abbreviated process (80) differs from the full process (78) in that it uses a traffic key obtained from a prior secure communication session and may be performed more quickly.

Abstract: An apparatus for secure communications contains a controller for automatically selecting one of several data ciphering devices utilizing one of a plurality of ciphering algorithms common to transmitting and receiving terminals. A transmitter for transmitting encrypted data, and a receiver for receiving encrypted data are coupled to the plurality of ciphering devices. The controller automatically determines which of the ciphering devices to employ for any given secure communication. The method for establishing a secure communications link includes the steps of exchanging a first message for determining a common key generation and ciphering method and comparing a further shared message for validation of communications terminal security.

Abstract: A method for establishing a secure communications link between first and second terminals includes a step of exchanging a first message. The first message contains information describing encryption devices and communications modes available within the terminals and user authentication information. The method also includes a step of selecting, in at least one terminal, a common key generation and ciphering algorithm. The method further includes steps of exchanging a second message for providing data to form traffic keys, exchanging a third message for synchronizing secure communications and initiating secure communication.

Abstract: A method for passing supervisory control from a first station to a second station of a plurality of stations comprises steps of providing a message header in interstation messages in the first station, transmitting the interstation message from the first station to the second station, processing a message header from the interstation message to extract data and determining present identification of a system controller from the extracted data. The method includes steps of providing a first field containing message identification information, providing a second field containing supervisor station identification information, providing a third field containing update count information and providing a fourth field containing sending station identification information in the message header.

Abstract: An apparatus for secure communications contains a controller for automatically selecting one of several data ciphering devices utilizing one of a plurality of ciphering algorithms common to transmitting and receiving terminals. A transmitter for transmitting encrypted data, and a receiver for receiving encrypted data are coupled to the plurality of ciphering devices. The controller automatically determines which of the ciphering devices to employ for any given secure communication. The method for establishing a secure communications link includes the steps of exchanging a first message for determining a common key generation and ciphering method and comparing a further shared message for validation of communications terminal security.

Abstract: A cryptographic apparatus comprises a linear feedback shift register for providing a pseudo-random code, coupled to a ciphering device, which is in turn coupled to an adder. The ciphering device encrypts the pseudo-random code. One adder circuit input is coupled to a ciphering device, and the other adder circuit input is coupled to the data input. The adder circuit adds data input signals to ciphering device signals to provide output signals. A method for operation of a ciphering engine is described comprising the steps of providing a random number and setting tap weights for a linear feedback shift register, obtaining a pseudo-random bit stream therefrom, and then encrypting the pseudo-random bit stream to generating a traffic key stream. The traffic key stream is added to a data stream to produce encrypted data from plain-text data or, alternatively, the traffic key stream is added to an encrypted data stream to produce plain-text data.

Abstract: An apparatus for secure communications contains a controller for automatically selecting one of several data ciphering means utilizing one of a plurality of ciphering algorithms common to transmitting and receiving terminals. A transmitting means for transmitting encrypted data, and a receiving means for receiving encrypted data are coupled to the plurality of ciphering means. The control means automatically determines which of the ciphering means to employ for any given secure communication. The method for establishing a secure communications link includes the steps of exchanging a first message for determining a common key generation and ciphering method and comparing a further shared message for validation of communications terminal security.

Abstract: A printer/plotter incorporates four individual microprocessor-based print stations, each for printing on a print media a separate color image for superimposition with one another, forming a final full-color image. The four print stations are located along a transport path for single-pass operation, and each print station includes a transport system that allows the media to traverse a print station with controlled forces exerted on the media by that station. The invention further includes a precise registration system wherein each print station monitors registration marks to detect variations of the media (i.e., stretching or shrinkage) during the printing process and to correct for such variations on obtaining accurate registration of the individual images for a full-color result.