Abstract: An efficient multicast key management is achieved by using seals. A security server generates a seal. In one embodiment, the seal contains a key. In another embodiment, the seal contains information for generating a key. An application server requests the seal from the security server and broadcasts the seal to a plurality of recipients. A recipient wishing to encrypt or decrypt a data stream transmits the received seal to the security server to be opened. If the recipient is authorized, the security server transmits a permit to the authorized recipient. In one embodiment, the recipient generates a key from the permit. In another embodiment, the permit is the key. If the recipient is a sender, the recipient encrypts data using the key and broadcasts the same encrypted data stream to all receivers. If the recipient is a receiver, the recipient decrypts an encrypted data stream using the key. In one embodiment, a seal with a corresponding offset value is sent periodically in a data stream.

Abstract: An encryption system and method utilizes a bit stream, called a "master signature", which is divided into bytes with each byte being assigned a byte address. A portion of the master signature, called an "access signature" is randomly selected to encode the message to be transmitted. Both a sender and a receiver have the same access signature. The particular portion of the access signature to be used to encrypt and decrypt a message is identified at the sender by identifying the address of the first byte in this portion of the access signature and the number of bytes sequentially related to this first byte which together with the first byte will be used to encode the message to be transmitted. This information is sent to the receiver. Thus, using this information, the sender can encrypt and the receiver can decrypt the message using the same portion of the access signature.

Abstract: Secure transmission of a message is achieved by using a one-time encryption key derived at the receiver and the sender from information present at both the sender and the receiver, but wherein the information from which the encryption key is derived is not transmitted between the sender and the receiver. A plurality of bytes, known as a master signature, is randomly generated and stored at the sender, wherein each byte is uniquely identified by an address. A first random subset of this plurality of bytes, called an access signature, and the addresses in the master signature of the bytes in this access signature, are stored at the receiver. To generate an encryption key, the receiver selects a second random subset of bytes, known as a session signature, from the access signature and sends the addresses in the master signature of the bytes in this session signature to the sender.

Abstract: A system and method for distributing video or audio or other interactive program information to multiple users includes master files of such program information that can be selectively distributed to community systems in which individual users are selectively coupled with computing microcells that process the selected program information from within the entire set of programs that are all contained in moving memory modules which cyclically and recurringly distribute the entire set of programs to multiple computing microcells. A microcell access switch controls coupling of users to computing microcells, and controls selective interaction between master files and moving memory modules for updating the set of programs stored therein. The microcell access switch provides network programs to users without requiring a computing microcell for enhanced versatility and reduced system costs.

Abstract: A computer system architecture includes microcell computing units with a moving memory distribution of data and instructions to the microcells which are connected to users and other peripheral devices via a telephony type of cell access switch. The computing microcell can be a single computing element or can be a nucleus processor which is connected to a number of satellite processors via a bus or star configuration, and which interfaces with the moving memory modules and cell access switch. The moving memory modules are functionally petitioned to include user's files for data, and operating system instructions, and journal files and reservation files, all of which repetitively broadcast the contents of memory via a moving memory bus within dissimilar repetition intervals.

Abstract: A computer system is described whose architecture employs a microcell computing system with a moving memory architecture (MMA). The MMA sequentially broadcasts or otherwise transmits the stored data in common to an array of computing microcells which are connected to users and other peripheral devices via a telephony type of cell access switch. The computing microcell can be a single computing element or can be a nucleus processor which is connected to a number of satellite processors via a bus or star configuration, and which interfaces with the moving memory modules and cell access switch.

Abstract: The method and means of transmitting a user's transaction message to a destination node in a computer-secured network operates on the message, and a sequence number that is unique to the transaction message to form a message authentication code in combination with the user's personal identification number. The message authentication code is encrypted with a generated random number and a single session encryption key which also encrypts the user's personal identification number. An intermediate node may receive the encryptions to reproduce the personal identification number that is then used to encrypt the received message and sequence number to produce the random number and a message authentication code for comparison with a decrypted message authentication code.

Abstract: A method and apparatus for electronic financial transaction processing systems used by customers of certain credit or electronic banking card-issuing institutions. The present invention involves two levels of secure interaction between the customer and the card-issuing institution. The first level of interaction involves the enrollment of a customer in the institution's electronic financial transaction processing system. The customer either selects or is issued a personal identification number and a card encoded with a personal key. The personal key and peronal identification number are used to generate a PIN transmission number and personal vertification number, which is stored in bank records. The second level of interaction involves the authorization of a customer's use of the electronic financial transaction processing system for executing an electronic transaction.

Abstract: The invention comprises a method for encrypting data for communication between a host computer and each of a plurality of remote terminals in a network. A method is provided for periodically generating a unique dynamic encryption key for each of said plurality of terminals using a system seed key residing only in the host computer. The dynamic encryption key generated for use by said terminal in encrypting data transmitted to said host computer and for decrypting data received from said host computer. The method includes storing at said terminal the dynamic key previously generated by said host for said terminal.

Abstract: An inexpensive encryption device, system and method includes coded alphanumeric characters preprinted according to different key codes on mail-out forms that can be manipulated by a prospective user to yield encrypted data that can be returned over unsecure transmission channels for secure decryption by the operator of a computer-secured operating system. Error-correcting encoding is included to obviate the effects upon telephone keypad entry of secured data that includes error-prone alpha and numeric characters.

Abstract: An inexpensive encryption device, system and method includes coded alphanumeric characters preprinted according to different key codes or mail-out forms that can be manipulated by a prospective user to yield encrypted data that can be returned over unsecure transmission channels for secure decryption by the operator of a computer-secured operating system.

Abstract: An improved file access security technique and associated apparatus accesses data which is stored in encrypted form under one encryption key and re-stores the data re-encrypted under another encryption key, and produces a record of each access and data re-encryption both as the control source of encryption keys for access and re-entry of encrypted data and as a secured audit record of users that had access to each file.

Abstract: Method and means of supplying currency includes assembling and packing currency on a transport medium which is secured within a housing and which is incrementally unpacked under security control to dispense the desired amount of currency. Method and means for assembling and packing currency on the transport medium include adhesive regions on the transport medium for attaching currency thereto in substantially coplanar array to facilitate selective unpacking by non-coplanar manipulation of currency and transport medium. Another embodiment utilizes packets of currency that move along with the adhesive transport medium to facilitate self-contained assembly of units of currency on the transport medium. Equal rates of movement of the next unit of currency and the transport medium assure that only the next unit of currency will be transported on the adhesive medium.

Abstract: A portable banking terminal under control of an authorized user and operating within a system of banks and retailers may be initialized for personal use under separate controls by the banks and the retailers to facilitate the completion of basic transactions such as deposits and withdrawals from remote locations. Multiple verification checks for authorization of the user secure the transactions against interception and alteration during transmission over unsecured communication channels.

Abstract: Units of currency are assembled and packed on a transport medium which is secured within a housing and which is incrementally unpacked under security control to dispense the desired amount of currency. The units of currency are removably attached to the transport medium by isolated, discontinuous adhesive regions on the transport medium that attach the currency thereto in substantially coplanar array with the forward edge unattached to facilitate selective unpacking by non-coplanar manipulation of the transport medium that separates the forward edge of the currency from the transport medium.

Abstract: A card-encoding system and method preserves the security of the encoding process against duplication and counterfeiting of cards by securing the interactions under the control of the individual and then of the issuing institution. Multilevels of offset codes are generated in successive interactions so that attempted alteration, duplication, or counterfeiting of a coded card will be readily detectable using "off-line" card-checking apparatus. An "active" card is initially issued or authorized with an established credit balance, and its authenticity, balance, and proper use are continuously checked, debited and updated in each authorized transactions completed by the proper individual. A card or other data-carrying medium may be verified as authentic and unaltered, and the identity of an authorized individual assigned to the card may be verified by initially recording an offset on the card and by subsequently comparing the recorded offset with an offset regenerated from the same data used initially.

Abstract: A card-encoding system and method preserves the security of the encoding process against duplication and counterfeiting of cards by securing the interactions under the control of the individual and then of the issuing institution. Multilevels of offset codes are generated in successive interactions so that attempted alteration, duplication, or counterfeiting of a coded card will be readily detectable using "off-line" card-checking apparatus.

Abstract: A method and apparatus are provided for improving the security of data transmissions between stations and for controlling secured transactions from remote locations in a data-transfer system. The method and apparatus obviate the need for transmitting user-identification information such as personal identification number (PIN) from station to station, e.g., from the station utilized by the user to enter his PIN and initiate a transaction, to the station that processes the transaction. Also, for added security, the method and apparatus provide for encryption (encoding) and decryption (decoding) of data during a transaction using encryption and decryption keys produced from different (independent) PIN's. The apparatus includes at least one irreversible algorithm module, a random number generator and at least one data file (e.g., disc or magnetic tape storage). The apparatus also includes a comparator or, alternatively, an encoding algorithm module and a matching decoding algorithm module.

Abstract: A card-coding system and method preserves the security of the encoding process against duplication and counterfeiting of cards by securing the interactions under the control of the individual and then of the issuing institution. Multilevels of offset codes are generated in successive interactions so that attempted alteration, duplication, or counterfeiting of a coded card will be readily detectable using "off-line" card-checking apparatus. An "active" card is initially issued or authorized with an established credit balance, and its authenticity, balance, and proper use are continuously checked, debited and updated in each authorized transaction completed by the proper individual.

Abstract: An improved secured data transmission system relies on the favorable comparison of coded signals derived from information about authorized individuals and particular data terminals that is both prestored and subsequently supplied under manual command in order to generate an operating key which is then used to encode and decode data that is entered after the initialization procedure.