Abstract: A method comprising the steps of creating a random permutation of data from a data input by executing at least one of a Pseudo-Random Permutation (PRP) and a Pseudo-Random Function (PRF), creating a first data block by combining the random permutation of data with a received second data block and executing an ?-differentially uniform function on the result of the combination, XORing the result of the ?-DU function evaluation with a secret key, and reducing the first data block to a first message authentication code.

Abstract: A method and system for a fair exchange of user information over a network is disclosed. The method comprises the steps of: transmitting over the network the user information encoded in association with a hidden value selected as one of a plurality of values distributed in a sequence wherein a difference between adjacent ones of said values increases and decreases symmetrically about one of the values of a known order; transmitting over said network a first set of the values and a last value in the sequence, wherein the values in said first set have increasing differences between adjacent ones of the values; and transmitting, individually, and in response to receipt of the other user's values, the remaining values in said sequence.

Abstract: Methods and apparatus are disclosed for generation of secure and efficient digital signatures in an information processing system. The system includes one or more user devices, a signing aid or other intermediary device, and a verifier. A given user device has associated therewith key pairs (s, p) and (s?, p?) corresponding to respective first and second digital signature protocols. As part of a setup process, an agreement relating to the public keys p and p? is signed by both the user device and the intermediary device, and the resulting twice-signed agreement is stored by both the user device and the intermediary device. A first digital signature s1 is then generated on a message m or a hash h(m) thereof in the user device using the secret key s? and is sent to the verifier. The verifier in turn sends s1 to the intermediary, and the intermediary checks that s1 is a valid digital signature for the user device.

Abstract: A method and system for determining sequence parameters to limit cycle attack in time-line sequences associated with digital signature technologies is disclosed. The method comprises the steps of determining a pair of values associated with a modulus value for generating said sequence, wherein said values are non-equal prime numbers of a known size, selecting a root value of said sequence and selecting a third value for determining the order of said sequence. In one aspect of the invention, each of the pair of values used to determine the modulus is a safe prime number.

Abstract: A method and apparatus are disclosed for evaluating the security of at least one client. An executable program is executed by the client being evaluated. A result is received from the executable program and an evaluation of the result indicates whether the client has been corrupted. The executable program is one of a plurality of possible programs. The result may be evaluated based on an elapsed time between when the executable program is provided to the client and when the result is received. The executable program may include at least one function that writes to a memory of the client. A program blinding technique is also disclosed to generate executable programs.

Abstract: A method and apparatus enhancing the security of an encrypted cryptographic key by storing its key re-transforming information in a decryption store that is separate from a cryptographic key store, which stores the encrypted cryptographic key, from which accessing circuitry is able to access the encrypted cryptographic key. The cryptographic key store may be a disk drive of a computer, the decryption store may be a network access card installed in that computer or a mobile terminal coupled to that computer, and the accessing circuitry may be the computer's controller. Decryption of the encrypted cryptographic key is carried out in the decryption store, as is the subsequent encryption or decryption using the decrypted cryptographic key.

Abstract: A hyperbaric oxygen therapy system includes a pressure vessel containing a gas, an oxygen concentration measurement apparatus for monitoring the concentration of oxygen in the gas, an environmental control apparatus for controlling the temperature of the gas in the vessel, and a pressure/ventilation control apparatus for controlling the pressure of the gas in the vessel. The pressure vessel is capable of accommodating a patient. The oxygen concentration measurement apparatus includes an oxygen concentration analyzer and a plurality of gas lines connecting the oxygen analyzer to the pressure vessel. The pressure/ventilation control apparatus includes a pressure controlling valve, a pressure sensor, a ventilation valve, and a controller having a programmable pressure profile. The environmental control apparatus includes a scrubber, a heat exchanger and a blower located within the pressure vessel. A compressor for the system includes a compressor silencer.

Abstract: A latching mechanism for a pressure chamber for hypobaric use is disclosed. The mechanism includes one or more pin modules positioned on a periphery of a door of the pressure chamber, the door being adapted to open into the chamber and abut a frame of the pressure chamber when the door is in a closed position. The mechanism further includes an actuator for selectively engaging or disengaging the pin with the frame. The pin module may include a pin adapted to be selectively positioned in an engaged or a disengaged position. The pin in the engaged position extends from the door to the frame of the pressure chamber, thereby preventing the door from opening into the chamber. The pin module includes a cylinder for actuating the pin. The cylinder may be a pneumatic cylinder operated with pneumatic pressure. The pneumatic cylinder of each of the pin modules may be centrally actuated.

Abstract: A method and system for a fair exchange of user information over a network is disclosed. The method comprises the steps of: transmitting over the network the user information encoded in association with a hidden value selected as one of a plurality of values distributed in a sequence wherein a difference between adjacent ones of said values increases and decreases symmetrically about one of the values of a known order; transmitting over said network a first set of the values and a last value in the sequence, wherein the values in said first set have increasing differences between adjacent ones of the values; and transmitting, individually, and in response to receipt of the other user's values, the remaining values in said sequence.

Abstract: A long-lived broadcast encryption method that adapts to the presence of compromised keys and continues to broadcast securely to privileged sets of users over time. In one aspect, a method for providing long-lived broadcast encryption comprises the steps of: allocating, to each of a plurality of subscribers, a corresponding set of subscriber keys; broadcasting encrypted content to the plurality of subscribers using a set of broadcast keys, wherein the encrypted content is decoded by a given subscriber using the subscriber's corresponding set of subscriber keys; modifying the set of broadcast keys, which are used for broadcasting encrypted content, by excluding compromised subscriber keys; and updating a set of subscriber keys corresponding to at least one subscriber when the at least one subscriber's set of subscriber keys comprises an amount of active keys that falls below a first predetermined threshold.

Abstract: A method and system for determining sequence parameters to limit cycle attack in time-line sequences associated with digital signature technologies is disclosed. The method comprises the steps of determining a pair of values associated with a modulus value for generating said sequence, wherein said values are non-equal prime numbers of a known size, selecting a root value of said sequence and selecting a third value for determining the order of said sequence. In one aspect of the invention, each of the pair of values used to determine the modulus is a safe prime number.

Abstract: Methods and apparatus are disclosed for generation of secure and efficient digital signatures in an information processing system. The system includes one or more user devices, a signing aid or other intermediary device, and a verifier. A given user device has associated therewith key pairs (s, p) and (s′, p′) corresponding to respective first and second digital signature protocols. As part of a setup process, an agreement relating to the public keys p and p′ is signed by both the user device and the intermediary device, and the resulting twice-signed agreement is stored by both the user device and the intermediary device. A first digital signature s1 is then generated on a message m or a hash h(m) thereof in the user device using the secret key s′ and is sent to the verifier. The verifier in turn sends s1 to the intermediary, and the intermediary checks that s1 is a valid digital signature for the user device.

Abstract: A scheme for authentication, dynamic key generation and exchange provides means for authentication of mobile nodes and networks, and for generation of per session, per node, security association and encryption keys for encrypting/decrypting communications between a mobile node and an access point in wireless local area networks. The scheme utilizes the same infrastructure and authentication information for both data link layers (layer 2) and network layers (layer 3). This scheme is particularly applicable to networks adhering to the IEEE 802 LAN family of standards.

Abstract: A method and apparatus enhancing the security of an encrypted cryptographic key by storing its key re-transforming information in a decryption store that is separate from a cryptographic key store, which stores the encrypted cryptographic key, from which accessing circuitry is able to access the encrypted cryptographic key. The cryptographic key store may be a disk drive of a computer, the decryption store may be a network access card installed in that computer or a mobile terminal coupled to that computer, and the accessing circuitry may be the computer's controller. Decryption of the encrypted cryptographic key is carried out in the decryption store, as is the subsequent encryption or decryption using the decrypted cryptographic key.

Abstract: This invention includes a consensus protocol, a broadcast protocol and a fault tolerant computer system created by using the two protocols together in combination. The protocols and system use the minimum number of processors to create a system tolerant of concurrent processor crash and byzantine failures. The protocols are subject to certain validity conditions. The system in the state of consensus is guaranteed to have all non-faulty processors in agreement as to what action the system should take. The system and protocols can tolerate up to t total number of processor failures, no more than b of which may fail in the byzantine mode.