Abstract: Methods, systems and computer program products are provided which generate an RSA cryptographic value by obtaining user specific information about a user and determining a user specific range of values based on the user specific information. The potential range of RSA prime values is divided into at least two subintervals and the user specific range of values mapped onto a first of the at least two subintervals. A first user-dependent RSA prime is then selected from the range of RSA prime values in the first subinterval corresponding to the mapped user specific range of values.

Abstract: Methods, systems and computer program products are provided which allow for generation and authentication of RSA encrypted values by utilizing a combination of entity specific information such as biometric information and by incorporating information about the secret seeds into the cryptographic values p and q utilized to encrypt the information. Thus, authentication of an encrypted message may be achieved without requiring storage of the secret seed values utilized to generate the cryptographic values. Furthermore the present invention assures that users with different entity specific information utilize different p and q values.

Abstract: A system for secure communication. A random value generator is configured to generate a random value. A message validation code generator is coupled to the random value generator and configured to generate a message validation code based on a predetermined key, a message, and the random value. A one-time pad generator is coupled to the random number generator and configured to generate a one-time pad based on the random value and the predetermined key. And a masked message generator is coupled to the one-time pad generator and configured to generate a masked message based on the one-time pad and the message. In a particular aspect, a protected message envelope generator is coupled to the random value generator, the message validation code generator, and the masked message generator, and is configured to generate a protected message envelope based on the random value, the message validation code, and the masked message.

Abstract: A remote user, two-way authentication and password change protocol that also allows parties to optionally establish a session key which can be used to protect subsequent communication. In a preferred embodiment, a challenge token is generated and exchanged which is a one-time value that includes a random value that changes from session to session. The construction and use of the challenge token avoids transmission of the password or even the transmission of a digest of the password itself. Thus the challenge token does not reveal any information about a secret password or a digest of the password.

Abstract: The present invention provides for authenticating a message. A security function is performed upon the message. The message is sent to a target. The output of the security function is sent to the target. At least one publicly known constant is sent to the target. The received message is authenticated as a function of at least a shared key, the received publicly known constants, the security function, the received message, and the output of the security function. If the output of the security function received by the target is the same as the output generated as a function of at least the received message, the received publicly known constants, the security function, and the shared key, neither the message nor the constants have been altered.

Abstract: A method and system for encrypting and verifying the integrity of a message using a three-phase encryption process is provided. A source having a secret master key that is shared with a target receives the message and generates a random number. The source then generates: a first set of intermediate values from the message and the random number; a second set of intermediate values from the first set of values; and a cipher text from the second set of values. At the three phases, the values are generated using the encryption function of a block cipher encryption/decryption algorithm. The random number and the cipher text are transmitted to the target, which decrypts the cipher text by reversing the encryption process. The target verifies the integrity of the message by comparing the received random number with the random number extracted from the decrypted cipher text.

Abstract: A secure method for changing a password to a new password when the passwords are being transmitted over a network is presented. The present invention does not require the use of any additional keys (such as symmetric keys or public/private key pairs) to protect the password exchanges. Moreover, the present solution does not require the use of any encryption algorithms (such as DES, RC4/RC5, etc.), it only requires the use of a collision-resistant hash function.

Abstract: A method to exchange and authenticate public cryptographic keys between parties that share a common but secret password. The parties exchange public keys, where the public keys are accompanied by hashed values based on the keys, the password, and random numbers. Each party then encrypts its random number using the public key of the other party, and the encryptions are exchanged. Based on the received encryptions and the known password, each party then re-computes the hashed value received from the other party, and compares the re-computed hashed value with the received hashed value. If the two are the same, the public key that accompanied the hashed value is judged authentic.

Abstract: A method to exchange and authenticate public cryptographic keys between parties that share a common but secret password, using a pair of random numbers, a pair of Diffie-Hellman public keys computed from the random numbers and the password, a Diffie-Hellman symmetric secret key computed from the Diffie-Hellman public keys and the random numbers, and hashed values of arguments that depend upon these elements.

Abstract: A method to distribute and authenticate public encryption keys. A client concatenates its ID, its public key, and a secret password known to the client and a server, and hashes the result. The client forms an extended concatenation including the ID, the public key, and the hashed value, and sends the extended concatenation to the server. The server reads the ID and public key, and re-computes the hashed value based on its own knowledge of the password. If the received and the computed hashed values are the same, the server concludes that the client's public key is authentic. An analogous process enables the server to distribute its public key, and enables the client to authenticate the server's distributed public key.

Abstract: A method for time stamping a digital document is disclosed. The document originator creates a time stamp receipt by combining the document and a digital time indication. The time stamp receipt is submitted to a time stamping agent having a trusted clock. The time stamping agent optionally validates the time stamp receipt and then computes the age of the time stamp receipt. If valid, the time stamping agent certifies the time stamp receipt by signing the time stamp receipt with a private signature key. The private signature key is selected from a group of signature keys by the time stamping agent based on the computed age of the time stamp receipt.

Abstract: Methods, systems and computer program products are provided which allow for multi-party authentication by receiving a plurality of biometric authentication messages from a corresponding plurality of users. The biometric authentication messages include biometric data corresponding to the user. It is determined if each of the plurality of received biometric authentication messages is a valid message based on the biometric data contained in the biometric authentication messages so as to determine a quantity of valid biometric authentication messages. An indication of authentication is then provided if the quantity of the valid messages of the received plurality of messages is at least an authentication threshold value.

Abstract: Methods, systems and computer program products are provided which generate a cryptographic key utilizing user specific information to generate a user dependent key. The user specific information may be a user identification or biometric information associated with a user. In particular embodiments of the present invention a seed value is modified with biometric information to generate a user dependent key value. In alternative embodiments a key value is hashed with user specific information or user specific information is hashed and then combined with the key value to generate the user dependent key value. In still another embodiment of the present invention the space of potential key values is divided into subspaces and the subspaces assigned based on user specific information. A key value is then generated from the assigned subspace. Thus, the generated key values for different users are guaranteed to be disjoint.

Abstract: A data processing system-based password protection system protects a resource with an access password that may be user selected. The access password and an encryption key unique to the resource are stored in non-volatile storage at a data processing system, where the encryption key is at least partially derived from unique information associated with the resource. In response to receipt of an attempted access password at the data processing system, access to the resource is permitted if the attempted access password matches the stored access password. However, in response to an indication that the access password has been forgotten, an encrypted access password generated at the data processing system from the stored access password utilizing the encryption key is output from the data processing system. The access password can thereafter be recovered from the encrypted access password and the unique information.

Abstract: A Resource Reservation System includes a Token Generation Unit (TGU) which generates and circulates among nodes of a communications system a Slotted Token (SLT) message having sub-fields to carry identification number for each input port in a node and the resource available for each input port. On receiving the message the Resource Control Unit (RCU) in each node can write port identification number, available resource in appropriate sub-fields of the SLT message, and reserve resources in other nodes by adjusting information in the sub-field associated with the other nodes.

Abstract: A parallel processing system includes a plurality of stages operatively coupled in parallel and operating simultaneously. Each stage including a process unit generating a predetermined function and a buffer coupled via a slow output and a slow input ports to the process unit. The buffer also includes a fast input port and a fast output port. A controller drives the buffer to operate in a Slow Read Phase when data is written from the buffer into the process unit, a Slow Write Phase when data is written into the buffer from the process unit, a Fast Write Phase when data is written at a fast rate into the buffer and a Fast Read Phase when data is read from the buffer.

Abstract: Systems, methods and computer program products reduce effective key length of a symmetric key cipher by deriving an intermediate value from an initial key, using a one-way cryptographic function. Predetermined bit locations of the intermediate value are selected to obtain an intermediate key. An intermediate shortened key is derived from the intermediate key by setting predetermined bit locations of the intermediate key to predetermined values. A diffused intermediate shortened key is derived from the intermediate shortened key using the one-way cryptographic function. Predetermined bit locations of the diffused intermediate shortened key are then selected to obtain a shortened key. In first embodiments, the one-way cryptographic function is a one-way hash function. Second embodiments use the symmetric key cipher itself to perform the one-way cryptographic function.

Abstract: A stateless message-passing scheme for interactions between a network processor and a coprocessor is provided. The network processor, when receiving data frames for transmission from a network element to another network element encapsulates the entire packet that it receives within a frame. In this frame, there is provided a header field and a data field. The data field contains the data that needs to be transferred, and the header field contains all of the information regarding the deep-processing that the coprocessor is to perform so that no information of any type need be stored either by the network processor or separately regarding the processing of the data in the data packet. The coprocessor performs the operation designated by the header and returns the altered packet and header to the network processor.

Abstract: Packets or frames of data may be compressed, encrypted/decrypted, filtered, classified, searched or subjected to other deep-packet processing operations before being distributed through the internet. The microprocessor system and method of the present invention provide for the orderly processing of such data packets without disrupting or changing the sequence in which the data is intended to be transmitted to its destination. This is achieved by receiving frames into an input buffer for processing. Associated with this input buffer is a unit for determining the operation to be performed on each frame. An arbitrator assigns each frame to a processing core engine. An output buffer collects the processed frames, and a sequencer forwards the processed frames from the output buffer to their destination in the same order as received by the input/output buffer. Maintaining the sequence of data transmission is particularly useful in voice transmission, such as videos and movies.

Abstract: Key-dependent sampling of a biometric characteristic is performed at a client, to thereby generate key-dependent biometric data samples. The key-dependent biometric data samples are then transmitted from the client to a server. By sampling the biometric characteristic at the client in a key-dependent manner, the key-dependent biometric data samples may be transmitted from the client to the server without the need for additional encryption and/or a signature. A key is preferably transmitted from the server to the client. The key is then used to perform the key-dependent sampling of the biometric characteristic at the client. The key-dependent sampling may be performed by sampling the biometric characteristic at a sampling frequency that is a function of the key. Alternatively, the key can be applied to the sampled biometric data, to thereby generate the key-dependent biometric data samples that are a function of the key.