Abstract: A method is provided for sending a data packet from a client through a network and to a server. The data packet is a data structure having an originating address portion and destination address portion. The network includes a first mix router and a second mix router. The client has a client address, whereas the first mix router has a first mix router address, the second mix router has a second mix router address and the server has a server address. The method includes encrypting the originating address portion of the data packet and encrypting the destination portion of the data packet, transmitting the encrypted data packet, decrypting the originating address portion of the encrypted data packet and the destination portion of the encrypted data packet, providing a first data packet and providing a second data packet.

Abstract: A device is provided for use with a database server having a matrix of data stored therein, wherein the database can transmit a return vector based on the matrix of data. The device includes a communication portion, an encryption portion and a decryption portion. The encryption portion can generate an encrypted request to obtain a portion of the matrix of data, wherein the encrypted request includes a plurality of subqueries. The communication portion can transmit the encrypted request to the database server and can receive the return vector from the database server. One of the subqueries is based on a first random vector and a target vector corresponding to the portion of the matrix of data. One of the subqueries is based on a second random vector. The decryption portion can decrypt the return vector by way of a modulo summation.

Abstract: In a first aspect of the invention, method for classifying characters within a character string entered via a keyboard device includes logging interrupts, checking a time between interrupts, checking an interrupt duration and classifying the characters within the character string based upon the time between interrupts and the interrupt duration. In a second aspect of the invention, a method for protecting against timing attacks against a trusted path mechanism includes employing a multithreaded process with a first thread to prevent any timing Trojan horses from running, running the first thread in a loop at a first priority and preventing unprivileged processes from obtaining a priority higher than the first priority.

Abstract: A method is provided for sending a data packet from a client through a network and to a server. The data packet is a data structure having an originating address portion and destination address portion. The network includes a first mix router and a second mix router. The client has a client address, whereas the first mix router has a first mix router address, the second mix router has a second mix router address and the server has a server address. The method includes encrypting the originating address portion of the data packet and encrypting the destination portion of the data packet, transmitting the encrypted data packet, decrypting the originating address portion of the encrypted data packet and the destination portion of the encrypted data packet, providing a first data packet and providing a second data packet.

Abstract: Methods and apparatuses are provided for limiting access, by users of a networked computer system, to networked services on the computer system. More specifically, the present invention facilitates limiting access by other users to a first user's credential that can be used to facilitate access to networked services. A method includes authenticating a user, determining a credential for that user, and generating a corresponding random secret. The credential is stored in memory that can only be accessed through execution of a local security authority (LSA). The random secret is written to a secret file that is readable and writeable only by the user. When the user initiates an application, a security library associated with the application reads the random secret from the secret file and passes the secret to the LSA. The LSA identifies the credential corresponding to that secret and return a credential handle to the application client via the security library.

Abstract: Methods and apparatuses are provided for limiting access, by users of a networked computer system, to networked services on the computer system. More specifically, the present invention facilitates limiting access by other users to a first user's credential that can be used to facilitate access to networked services. A method includes authenticating a user, determining a credential for that user, and generating a corresponding random secret. The credential is stored in memory that can only be accessed through execution of a local security authority (LSA). The random secret is written to a secret file that is readable and writeable only by the user. When the user initiates an application, a security library associated with the application reads the random secret from the secret file and passes the secret to the LSA. The LSA identifies the credential corresponding to that secret and return a credential handle to the application client via the security library.

Abstract: A method for a first participant to establish a shared secret with a second participant, where the first participant and the second participant share a password-based first master key and a hash function includes sending a first message including a first private value for the second participant and a first authenticator for the second participant encrypted with the first master key. The first message also includes a first hashed authenticator for the first participant encrypted with a first shared secret key. The first message also includes a first public value for the first participant. The first participant receives a second message, the second message including the first authenticator for the second participant and a first public value for the second participant encrypted with the first shared secret key.

Abstract: A system for authenticating and authorizing a user to access services on a heterogenous computer network. The system includes at least one workstation and one authorization server connected to each other through a network. A user couples a personally protectable coprocessor (smart card) to the workstation by means of a bidirectional communications channel. The coprocessor is adapted to receive signals including first encrypted authentication information and to decrypt the first encrypted authentication information using a preselected first key. The coprocessor is further adapted to assemble and encrypt second authentication information using a preselected second key and to transmit the encrypted second encrypted authentication information to the workstation. The workstation then communicates the information onto the network whereby the user is authenticated to access the networked computer or service.