Abstract: Access to information is controlled by maintaining, for a given device or other entity through which information may be accessed, a contact list that includes information identifying one or more other entities which have attempted to communicate with the given entity. In accordance with the invention, the contact list is utilized in conjunction with a revocation list stored in a memory associated with the given entity in order to determine which of the other entities are authorized to communicate with the given entity. The contact list includes a number of entries, each entry having at least an identifier of a particular one of the other entities and a corresponding revocation flag indicating whether the particular entity has been revoked. The contact list is updated after a modification of the revocation list, or if a new entity not already included in the contact list attempts to communicate with the given entity.

Abstract: A list of public/private key pairs are stored at a server, wherein the private key is stored in an encrypted form, the encryption being based on a master key. To distribute a public/private key pair to a new user, an administrator who has access to the master key retrieves the next available public/private key pair from the server at a client processor that is convenient to both the administrator and the new user. At the client processor, the administrator decrypts the private key of the public/private key pair, using the master key, and provides both the public and private keys to the new user. The new user encrypts the private key, using a biometric or passphrase that is secret to the new user. The private key is immediately erased from the client processor upon encryption with the user's biometric or passphrase key.

Abstract: A system for providing security, such as copy protection, between a source device and a sink device, in accordance with the present invention, includes a first device including a list of certificates, each certificate of the list including a signature for identifying manufacturers of second devices. A second device is included for connecting to the first device, the second device including a list of certificates each certificate including a signature for identifying manufacturers of the first devices. At least one of the first device and the second device includes an adaptor for adapting a respective certificate list to provide entry of a new signature for identifying a new manufacturer of one of the first devices and the second devices.

Abstract: The common encryption of content material is provided for decryption at a plurality of destination devices, each destination device having a unique private key of a public-private key pair. A multiple device key exchange is utilized to create a session key for encrypting the content material that is based on each of the public keys of the plurality of destination devices. The content material is encrypted using this session key. A partial key is also created for each of the intended destination devices that relies upon the private key of the destination device to form a decryption key that is suitable for decrypting the encrypted content material. The encrypted content material and the corresponding partial key are communicated to each destination device via potentially insecure means, including broadcast over a public network. Each destination device decrypts the encrypted content material using the decryption key that is formed from its private key and the received partial key.

Abstract: A document is created and digitally signed using an author's private key. The signed document is provided to an electronic notary who notarizes (provides a time/date stamp and signs the time/date stamp using the notary's private key) the authors signed document. A reviewer requests and verifies the origin and integrity of the authors signed document using the author's public key. As the reviewer examines the documentary, a log is automatically created. The review log and reviewed document are digitally signed using the reviewer's private key and the signed reviewed document is provided to an electronic notary who notarizes the signed reviewed document. An auditor requests the reviewed document. The auditor verifies the origin and integrity of the document using the notary's public key. The auditor audits the signed review document.

Abstract: In a public key cryptosystem employing the El-Gamal algorithm, secret fresh random numbers are generated at a server and private keys of users, as encrypted with a symmetric algorithm by using individual user identifying keys determined by hashing the users' respective passphrases or biometric information (fingerprint, voiceprint, retina scan, or face scan) are maintained in a store accessible to the server, and the fresh random numbers and encrypted private keys are transmitted to the user equipment when needed via a network which is not secure. In order to prevent an attacker from discovering the random numbers or employing formerly used random numbers in a block replay attack, an interchange in the nature of a challenge response protocol is employed which passes at least one secret fresh random number from the server to the user equipment while also authenticating the user to the server.