Abstract: A system for securing data includes a set of descriptors associated with data, a node, and a server. The set of descriptors include a first group of descriptors, and at least one additional descriptor. Each descriptor has a respective, associated value. The node provides a first component by binding together the respective values of each of the first group of descriptors. The server receives the first component from the node, provides a key by binding together the first component and the respective values of each of the additional descriptor, and encrypts the data with the key. The user (via a token) and/or the server can provide at least one of the descriptors. At least one server can establish a trusted cryptographic virtual domain that exhibits an established trust based on the descriptors that are policy enforced.

Abstract: A container security device includes a housing, electronic circuitry, and cabling. The electronic circuitry is disposed within the housing, and includes first and second microprocessor functions and an interface for accepting and providing data. The cabling is removably coupled to the housing, provides the only communicative coupling between the first microprocessor function and the second microprocessor function, and is adapted to be attached to a container latch so as to break the communicative coupling if the latch is opened. The housing includes a port for the electronic circuitry interface. A method of providing container security includes closing a container using a latch device and removably coupling the cabling to the housing so that the communicative coupling is broken if the latch is opened, providing the only communicative coupling between the first microprocessor function and the second microprocessor function.

Abstract: A method of electronically signing a document includes initializing a user, including generating an asymmetric key pair including a private signing key and a public signing key, and storing the private signing key and the public signing key; and providing an electronic signature, including receiving document data corresponding to at least one selected portion of the document, binding the stored private signing key and the document data to create an electronic signature, and providing the electronic signature for a recipient.

Abstract: A process of accessing and controlling medical information data enforced by an encryption process utilizes a split key design. The split key design includes a cryptographic key that is formed from one or more permissions as key splits.

Abstract: A method of securing an object at an access level includes selecting a profile for a user, including a credential having an encrypted credential public key, an encrypted credential public key encryption key, and a multiple-level access identifier. A working key is generated by binding a domain value with a random value. The object is encrypted with the working key. A random value encryption key is generated based on the shared value by decrypting the credential public key encryption key with the profile key encryption key, decrypting the credential public key with the credential public key encryption key, generating an ephemeral key pair, and generating a shared value based on the ephemeral private key and the credential public key. The random value is encrypted with the random value encryption key, and the encrypted object, the ephemeral public key, and the encrypted random value are provided for an authorized recipient.

Abstract: A method of authenticating the identity of a user to determine access to a system includes providing a plurality of factor-based data instances corresponding to a user, evaluating the factor-based data instances to determine if the user's identity is authenticated, and granting or restricting the user's access to the system if the user's identity is authenticated. More particularly, the method includes providing a modified data instance based on a second data instance, generating a key based on a first data instance, applying the key to the modified data instance to generate a recovered data instance, interrogating the recovered data instance against the second data instance to generate an authentication value as a result of a correspondence evaluation, and granting or restricting the user's access to the system based at least in part on the validity of the authentication value.

Abstract: A method of electronically signing a document includes initializing a user, including generating an asymmetric key pair including a private signing key and a public signing key, and storing the private signing key and the public signing key; and providing an electronic signature, including receiving document data corresponding to at least one selected portion of the document, binding the stored private signing key and the document data to create an electronic signature, and providing the electronic signature for a recipient.

Abstract: A cryptographic key split combiner includes a number of key split generators for generating cryptographic key splits from seed data, and a key split randomizer for randomizing the key splits to produce a cryptographic key. The key split generators can include a random split generator for generating random key splits, a token split generator for generating token key splits based on label data, a console split generator for generating console key splits based on maintenance data, a biometric split generator for generating biometric key splits based on biometric data, and a location split generator for generating location key splits based on location data. Label data can be read from storage, and can include user authorization data. A process for forming cryptographic keys includes randomizing or otherwise binding the splits to form the key.

Abstract: A key management overlay system includes a first key management system that produces a first cryptographic key, a second key management system that produces a second cryptographic key, and a math module that implements a math model that generates a third cryptographic key based at least in part on the first and second cryptographic keys. A key management overlay process includes generating a first cryptographic key according to a first key management system, generating a second cryptographic key according to a second key management system, and generating a third cryptographic key based at least in part on the first and second cryptographic keys.

Abstract: A cryptographic key split binder includes key split generators that generate cryptographic key splits from seed data and a key split randomizer for randomizing cryptographic key splits to produce a cryptographic key, and a process for forming cryptographic keys. Key split generators can include a random split generator for generating a random key split based on reference data, a token split generator for generating a token key split based on label data, a console split generator for generating a console key split based on maintenance data or a biometric split generator for generating a biometric key split based on biometric data. Any key split can further be based on static data, which can be updated. Label data can be read from a storage medium, and can include user authorization data. A cryptographic key can be, for example, a stream of symbols, at least one symbol block, or a key matrix.

Abstract: A method of providing object security includes selecting an object to secure, selecting at least one criterion for authorization to access the object, generating an authorization profile based on the at least one criterion, generating an encryption key, binding the authorization profile to at least one of the object and the key, and encrypting the object with the encryption key.

Abstract: A cryptographic key split combiner, which includes a number of key split generators for generating cryptographic key splits and a key split randomizer for randomizing the cryptographic key splits to produce a cryptographic key, and a process for forming cryptographic keys. Each of the key split generators generates key splits from seed data. The key split generators may include a random split generator for generating a random key split based on reference data. Other key split generators may include a token split generator for generating a token key split based on label data, a console split generator for generating a console key split based on maintenance data, and a biometric split generator for generating a biometric key split based on biometric data. All splits may further be based on static data, which may be updated, for example by modifying a prime number divisor of the static data. The label data may be read from a storage medium, and may include user authorization data.

Abstract: A system provides cryptographic processing of input data on a parallel processor array that includes plural processors. A format filter extracts control and main data from the input data. A control unit receives the control data, and based on the control data, forwards control and cryptographic parameters to the processors. A first distributor distributes to each processor at least a portion of the main data. A second distributor receives output information from each processor, and based thereon, generates output data. Each processor generates output information based on the control and cryptographic parameters. The output data is a cryptographic processing result.

Abstract: A method of authenticating a user to use a system includes using a provider token to generate a random value. The token generates a derived key based at least in part on a token-provided salt value and a user-provided password. The provider generates a token unlock key based at least in part on the derived key and sends it to the token. First and second challenge data instances are generated by the provider and the token, respectively, and the process is terminated if the challenge data instances are determined not to match. If the challenge data instances are determined to match, then an encrypted data transfer system is established between the token and the provider, and the token unlocks locked private data stored on the token. The user is authenticated for secured use of the system based at least in part on the unlocked private data.

Abstract: A method of authenticating the identity of a user to determine access to a system includes providing a plurality of factor-based data instances corresponding to a user, evaluating the factor-based data instances to determine if the user's identity is authenticated, and granting or restricting the user's access to the system if the user's identity is authenticated. More particularly, the method includes providing a modified data instance based on a second data instance, generating a key based on a first data instance, applying the key to the a modified data instance to generate a recovered data instance, interrogating the recovered data instance against the second data instance to generate an authentication value as a result of a correspondence evaluation, and granting or restricting the user's access to the system based at least in part on the validity of the authentication value.

Abstract: A system provides cryptographic processing of input data on a parallel processor array that includes plural processors. A format filter extracts control and main data from the input data. A control unit receives the control data, and based on the control data, forwards control and cryptographic parameters to the processors. A first distributor distributes to each processor at least a portion of the main data. A second distributor receives output information from each processor, and based thereon, generates output data. Each processor generates output information based on the control and cryptographic parameters. The output data is a cryptographic processing result.

Abstract: A method of electronically signing a document includes initializing a user, including generating an asymmetric key pair including a private signing key and a public signing key, and storing the private signing key and the public signing key; and providing an electronic signature, including receiving document data corresponding to at least one selected portion of the document, binding the stored private signing key and the document data to create an electronic signature, and providing the electronic signature for a recipient.