Abstract: Methods and apparatus are presented for secure, authenticated communication and data storage. The methods can be based on other methods such as IAPM, in which the encryption and authentication keys are of the same strength. In the HR-IAPM mode, a sender encrypts the data as in the IAPM mode using two encryption keys K0 and K1. The sender then XORs the plaintexts with corresponding ciphertexts, and combines the results to form a checksum This checksum is encrypted under the authentication key K2, this value is appended to the encrypted message as a message authentication code (MAC). The receiver decrypts as with IAPM, XORs the plaintexts with the corresponding ciphertexts and combines these values to form a checksum. The receiver then encrypts the checksum under the authentication key K2 and verifies that the resulting value agrees with the MAC. The HR mode allows blocks to be sent un-encrypted if desired.

Abstract: Methods and apparatus are presented for partially encrypting a data transmission, yet providing authentication for all of the data transmission. Plaintext blocks are combined with noise blocks and then either encrypted or decrypted to form ciphertext blocks and authentication blocks.

Abstract: A system and method for digital tickets. An issuer provides a digital ticket to a portable wireless devices such as a sonic token, e.g., acoustic key fob or wireless telephone. The ticket can include a ticket index that may be encrypted. When entry is desired into an entity (such as a movie theater) whose access is controlled by a verifier, a user manipulates the token to wirelessly (e.g., acoustically) transmit the ticket index to the verifier, which grants access if the ticket is valid and has not previously been used or voided.

Abstract: A hand-held token can be operated to generate an acoustic signal representing the digital signature generated by a private key of a public key/private key pair. Verifiers that might be located at, e.g., buildings, in vehicles, at bank ATMs, etc. receive the signal and retrieve the corresponding public key to selectively grant access authorization to components served by the verifiers. Methods and systems permit adding and removing a token from the access list of a verifier. Other methods and systems enable the token to be used with several verifiers that are nearby each other, such as might be the case with multiple vehicles owned by the same user and parked nearby each other, without more than one verifier being operated to grant access.

Abstract: A method and apparatus for generating encryption stream ciphers. The recurrence relation is designed to operate over finite fields larger than GF(2) and is maximal length. An output equation generates the output based on a plurality of elements in the shift register used to implement the recurrence relation. The recurrence relation and the output equation are selected to have distinct pair distances such that, as the shift register shifts, no particular pair of elements of the shift register are used twice in either the recurrence relation or the output equation.

Abstract: In a communications system, a method of transforming a set of message signals representing a message comprising the steps of first encoding one of the set of message signals in accordance with a first keyed transformation, a second encoding of the one of the set of message signals in accordance with at least one additional keyed transformation, a third encoding of the one of the set of message signals in accordance with a self inverting transformation in which at least one of the set of message signals is altered, a fourth encoding of the one of the set of message signals in accordance with at least one additional inverse keyed transformation wherein each of the at least one additional inverse keyed transformation is a corresponding inverse of at least one additional keyed transformation, and fifth encoding the one of the set of message signals in accordance with first inverse keyed transformation wherein the first inverse keyed transformation is the inverse of the first keyed transformation.

Abstract: Method and apparatus for permitting encrypted communications between two stations which are operable with encryption algorithms that accept encryption keys having work factors with different values, by determining the lower one of the values; providing an initial encryption key having a first work factor value; comparing the first work factor value with the lower one of the work factors when the first work factor value is greater than the lower one of the work factor values, performing a first hash function on the initial encryption key to produce a first output, and deriving from the first output a first intermediate key having a work factor value not greater than the lower one of the work factor values; performing the first hash function on the first intermediate key to produce a second output, and deriving from the second output a final encryption key having a work factor value not greater than the lower one of the work factor values; and using the final encryption key to encrypt communications between the

Abstract: A hand-held token can be operated to generate an acoustic or other wireless signal representing a digital signature produced from the private key of a public key/private key pair, with the public key being confidential in that it is known only to authorized entities, such as bank computers. The signal from the token can be received by, e.g., a receiver at a bank ATM that also requires a PIN for account access. The user enters the PIN into the ATM, and the ATM encrypts the signal from the token with the PIN and sends it on to the bank computer over a link that need not be secure, since even if the PIN is guessed there is no way to verify that it is the correct PIN without also knowing the confidential public key held by the bank computer.

Abstract: The method and apparatus updates a binary number that will be used in cellular telephone system authentication procedures by applying a first algorithm to a plurality of most significant bits of a first binary number to obtain a second binary number; operates on a plurality of least significant bits of the first binary number with a second algorithm to obtain a third binary number, and applies a block cipher to the concatenation of the second and third numbers to obtain the updated binary number. When the most significant bits of the updated binary number comprise an all-zeroes number they are replaced with the most significant bits of the concatenation of the second and third numbers.

Abstract: An apparatus and method for authentication having a processor and at least one activator coupled to the processor is claimed. A signature generator is coupled to the processor and capable of generating a secure identifier. An emitter coupled to the signal generator capable of emitting the secure identifier. A receiver receives the emitted secure identifier and verifies that the secure identifier was appropriately transmitted. The public key corresponding to the key identifier transmitted is accessed to determine the validity of the secure identifier using the accessed key and that the time indicated in the received secure identifier is verified to be within acceptable time tolerances.

Abstract: In a disclosed embodiment, a visitor location register first initializes an assignment table to store N entries. Next, the visitor location register waits until a TMSI assignment is needed. Then, a counter is maintained in memory and is incremented. The value of the counter is then hashed to produce an assignment table index. Beginning at the assignment table index, the assignment table is searched for an available entry. The counter is then encrypted to produce a TMSI. The IMSI corresponding to the TMSI assignment is then stored in the assignment table.

Abstract: A method for permitting encrypted communications between two stations which are operable with encryption algorithms that accept encryption keys having work factors with different values, by: in a first determining step, determining the lower one of the different values; providing an initial encryption key having a first work factor value; comparing the first work factor value with the lower one of the work factors determined in the determining step; when, in the comparing step, the first work factor value is greater than the lower one of the work factor values determined in the determining step, performing the following steps: performing a first hash function on the initial encryption key to produce a first output, and deriving from the first output a first intermediate key having a work factor value not greater than the lower one of the different work factor values determined in the determining step; performing the first hash function on the first intermediate key to produce a second output, and deriving fro

Abstract: A method and an apparatus for generating encryption stream ciphers are based on a recurrence relation designed to operate over finite fields larger than GF(2). A non-linear output can be obtained by using one or a combination of non-linear processes to form an output function. The recurrence relation and the output function can be selected to have distinct pair distances such that, as the shift register is shifted, no identical pair of elements of the shift register are used twice in either the recurrence relation or the output function. Under these conditions, the recurrence relation and the output function also can be chosen to optimize cryptographic security or computational efficiency. Moreover, it is another object of the present invention to provide a method of assuring that the delay that results for the encryption process does not exceed predetermined bounds.

Abstract: Method and apparatus for secure transmissions. Each user is provided a registration key. A long-time updated broadcast key is encrypted using the registration key and provided periodically to a user. A short-time updated key is encrypted using the broadcast key. The short-time key is available with each broadcast message, wherein sufficient information to calculate the short-time key is provided in an Internet protocol header preceding the broadcast content. Broadcasts are then encrypted using the short-time key, wherein the user decrypts the broadcast message using the short-time key.

Abstract: A method and apparatus for decrypting stream ciphers. An SSC2-type stream cipher is decrypted by utilizing the period of LFG output and the correlation of the LSBs of LSFR output. A dynamic probability of error for each bit of a data stream is calculated to determine whether a particular bit should be inverted.

Abstract: A method and apparatus for generating and communicating random challenge values to mobile stations is disclosed that does not lose the unpredictability of a truly random number but can be simply and economically synchronized across cellular systems. The method and apparatus updates a binary number that will be used in cellular telephone system authentication procedures by applying a first algorithm to a plurality of most significant bits of a first binary number to obtain a second binary number; operates on a plurality of least significant bits of the first binary number with a second algorithm to obtain a third binary number, and applies a block cipher to the concatenation of the second and third numbers to obtain the updated binary number. When the most significant bits of the updated binary number comprise an all-zeroes number they are replaced with the most significant bits of the concatenation of the second and third numbers.

Abstract: Method and apparatus for secure transmissions. Each user is provided a registration key. A long-time updated broadcast key is encrypted using the registration key and provided periodically to a user. A short-time updated key is encrypted using the broadcast key and provided periodically to a user. Broadcasts are then encrypted using the short-time key, wherein the user decrypts the broadcast message using the short-time key. One embodiment provides link layer content encryption. Another embodiment provides end-to-end encryption.

Abstract: A method and apparatus for generating encryption stream ciphers. The recurrence relation is designed to operate over finite fields larger than GF(2). The linear feedback shift register used to implement the recurrence relation can be implemented using a circular buffer or sliding a window. Multiplications of the elements of the finite field are implemented using lookup tables. A non-linear output can be obtained by using one or a combination of non-linear processes. The stream ciphers can be designed to support multi-tier keying to suit the requirements of the applications for which the stream ciphers are used.

Abstract: A method and an apparatus for generating encryption stream ciphers are based on a recurrence relation designed to operate over finite fields larger than GF(2). A non-linear output can be obtained by using one or a combination of non-linear processes to form an output function. The recurrence relation and the output function can be selected to have distinct pair distances such that, as the shift register is shifted, no identical pair of elements of the shift register are used twice in either the recurrence relation or the output function. Under these conditions, the recurrence relation and the output function also can be chosen to optimize cryptographic security or computational efficiency.

Abstract: A method and an apparatus for generating encryption stream ciphers are based on a recurrence relation designed to operate over finite fields larger than GF(2). A non-linear output can be obtained by using one or a combination of non-linear processes to form an output function. The recurrence relation and the output function can be selected to have distinct pair distances such that, as the shift register is shifted, no identical pair of elements of the shift register are used twice in either the recurrence relation or the output function. Under these conditions, the recurrence relation and the output function also can be chosen to optimize cryptographic security or computational efficiency.