Abstract: This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead.

Abstract: This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead.

Abstract: This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead.

Abstract: A trusted display (18) of a trusted authorization device (TAD) (10) displays on a trusted display (18) first information about a transaction to be authorized by a user (14) using a trusted keypad (20). The TAD (10) generates (208) a random number (R); generates (1210) second information from the first information, the random number (R) and a first identification code (TADID-A) of the TAD (10); generates (212) a signature of the second information using a first encryption process; egnerates (216) a set of session keys (Ks1, Ks2, Ks3) by a second encryption process responsive to the random number (R) and a set of stored working keys (Kw1, Kw2, Kw3); and generates (218) third information by encrypting the second information and the signature using a third encryption process responsive to the set of session keys (Ks1, Ks2, Ks3).

Abstract: A user enters into a token a token PIN, and an identification number of a financial instrument and a transaction amount of a transaction to be verified. If the token PIN is correct, a processor in the token increments a transaction count, and generates a first passcode using an encryption process using a digest keyset to digest the information entered into the token. The user provides the first passcode, the transaction count, and an identification number associated with the token to a merchant, who then transmits this to a financial institution, along with the identification number of the financial instrument and the transaction amount. The financial institution transmits this information to a verification server, which uses the digest keyset associated with the token to generate a second passcode by digesting the same quantities as used to generate the first passcode.

Abstract: The disclosed system relates to metered use cryptographic systems, and particularly to a data package and system operation for effecting metered purchases of encrypted data from a local encrypted database. A local CD ROM encrypted database includes one or more data package records containing one or more message keys encrypted under a database key, and one or more data packages encrypted under said message keys. The user decrypts portions of the database, and the data used is metered locally and recorded as a stored data usage record. The local stored data usage record is reported by telephone modem or other telecommunications link from a remote user terminal, such as a host personal computer containing a remote cryptographic control unit, to a cryptographic operations center.

Abstract: A cryptographic communications system includes a method and apparatus for sending and receiving a plurality of encrypted signal packets in a system for metering the use of encrypted information. Plural packet communication between a user terminal containing a remote cryptographic control unit and a cryptographic operations center typically includes uploading usage records and downloading credit. Plural packet messages are protected to detect alterations in the form of packet reordering by cross linking data cryptographic codes and message authentication codes (MAC). In particular, a first cryptographic code key is used to encrypt a first plurality of signal packets. A second cryptographic code key is used to encrypt the encrypted first plurality of signal packets to form an appended MAC. The initial vector for computing the MAC for a given packet is the last encrypted data block of the previous packet encrypted with the first cryptographic code key.

Abstract: The disclosed system relates to metered use cryptographic systems, and particularly to a data package and system operation for effecting metered purchases of encrypted data from a local encrypted database. A local CD ROM encrypted database includes one or more data package records containing one or more message keys encrypted under a database key, and one or more data packages encrypted under said message keys. The user decrypts portions of the database, and the data used is metered locally and recorded as a stored data usage record. The local stored data usage record is reported by telephone modem or other telecommunications link from a remote user terminal, such as a host personal computer containing a remote cryptographic control unit, to a cryptographic operations center.

Abstract: A cryptographic communications system includes a method and apparatus for exchanging messages between a user terminal, containing a secret key, and an operations center wherein each party authenticates signals received from the other party before any other information is exchanged. An initial identification message from the user terminal to the operations center contains an encrypted value of current time. The operations center checks the received message against local time to verify real time concurrent operation of the user terminal. Subsequently, the operations center and the user terminal mutually exchange encrypted challenge blocks, and each provide respective encrypted responses to the encrypted challenge blocks. The challenge and response exchanges demonstrate that each knows the secret key stored in the user terminal before other information, such as downloaded credit or uploaded data usage, is exchanged.

Abstract: An electron beam tester (11) utilizes a source (13) of stored electrons to produce a probing beam (14) of short pulses and high intensity. The high intensity improves the signal-to-noise ratio of the potential being measured and is especially suited for measuring potentials in high speed integrated circuits (19) while they are operating. The cyclotron principle is adapted for storing the electrons in an orbital configuration wherein the electrons are clustered in bunches having substantially the same energy level. These characteristics of the electrons in a beam facilitate its operation and control in an electron beam tester for contactless monitoring of voltage potentials in an operating high speed integrated circuit.

Abstract: A security unit is disclosed for controlling access to a main computer system. The security unit provides a comprehensive mechanism for detecting and inhibiting sophisticated attackers. A method of operation and special purpose hardware for implementing this operation are disclosed.

Abstract: A bistable multivibrator circuit responds to the voltage across a device to be protected. The circuit changes its state when this voltage drops below a predetermined value.

Abstract: Improved migration imaging techniques and apparatus utilizing a mixture of multicolor electrophotosensitive particles are achieved by exposure of the mixture, between electrodes which create a migration-inducing field, sequentially to the color separation components of the original image to be reproduced. Certain disclosed embodiments utilize exposure at spatially separated color sub-zones within an overall imaging zone to effect migration in controlled sequence, by particle type.