Abstract: A method for encryption and sealing of a plaintext file by hashing the plaintext file to produce a plaintext hash, encrypting the plaintext file to produce ciphertext, hashing the ciphertext to produce a ciphertext hash, hashing the plaintext hash and the ciphertext hash to produce a result hash, and sealing the ciphertext together with the result hash. This provides verification for non-repudiation and protects against undetected malware corrupting the plaintext or ciphertext files.

Abstract: A method for encryption and sealing of a plaintext file by hashing the plaintext file to produce a plaintext hash, encrypting the plaintext file to produce ciphertext, hashing the ciphertext to produce a ciphertext hash, hashing the plaintext hash and the ciphertext hash to produce a result hash, and sealing the ciphertext together with the result hash. This provides verification for non-repudiation and protects against undetected malware corrupting the plaintext or ciphertext files.

Abstract: A device and method for file encryption and decryption with a cryptographic processor reconstituting a file encryption key from a version of the key which has been shrouded with a network authorization code. This meets a need for restricted communication and data containment by limiting access to a pre-defined community-of-interest, so that no one outside of that community can decrypt encrypted content.

Abstract: A portable encryption device with logon access controlled by an encryption key, with an on board cryptographic processor for reconstituting the encryption key from a plurality of secrets generated by a secret sharing algorithm, optionally shrouded with external secrets using an invertible transform resistant to quantum computing attacks. Another embodiment provides file decryption controlled by a file encryption key, with the on board cryptographic processor reconstituting the file encryption key from a version of the file encryption key which has been shrouded with a network authorization code. A method for encryption of a plaintext file by hashing, compressing, and encrypting the plaintext file, hashing the ciphertext, hashing the plaintext hash and the ciphertext hash, and sealing the ciphertext together with the resulting hash. A portable encryption device for performing the method is also disclosed.

Abstract: A method and system for deploying a suite of advanced cryptographic algorithms that includes: providing a legacy cryptographic interface that is associated with a legacy operating system and a legacy application, and supports a suite of legacy cryptographic algorithms; providing a suite of advanced cryptographic algorithms that includes one or more of an advanced asymmetric key algorithm, an advanced symmetric key algorithm, and/or an advanced hash function; providing an advanced cryptographic interface that is independent of the legacy operating system and the legacy application, backwards compatible with the legacy cryptographic interface, and capable of supporting the suite of advanced cryptographic algorithms; and transparently and automatically substituting the suite of advanced cryptographic algorithms for the legacy cryptographic algorithms through the invocation of the advanced cryptographic interface at the time of an initial performance of encrypting, hashing, digitally signing the hash of, decrypti

Abstract: A portable encryption device with logon access controlled by an encryption key, with an on board cryptographic processor for reconstituting the encryption key from a plurality of secrets generated by a secret sharing algorithm, optionally shrouded with external secrets using an invertible transform resistant to quantum computing attacks. Another embodiment provides file decryption controlled by a file encryption key, with the on board cryptographic processor reconstituting the file encryption key from a version of the file encryption key which has been shrouded with a network authorization code. A method for encryption of a plaintext file by hashing, compressing, and encrypting the plaintext file, hashing the ciphertext, hashing the plaintext hash and the ciphertext hash, and sealing the ciphertext together with the resulting hash. A portable encryption device for performing the method is also disclosed.

Abstract: A method and system for deploying a suite of advanced cryptographic algorithms that includes: providing a legacy cryptographic interface that is associated with a legacy operating system and a legacy application, and supports a suite of legacy cryptographic algorithms; providing a suite of advanced cryptographic algorithms that includes one or more of an advanced asymmetric key algorithm, an advanced symmetric key algorithm, and/or an advanced hash function; providing an advanced cryptographic interface that is independent of the legacy operating system and the legacy application, backwards compatible with the legacy cryptographic interface, and capable of supporting the suite of advanced cryptographic algorithms; and transparently and automatically substituting the suite of advanced cryptographic algorithms for the legacy cryptographic algorithms through the invocation of the advanced cryptographic interface at the time of an initial performance of encrypting, hashing, digitally signing the hash of, decrypti

Abstract: An apparatus and method provide a controlled, dynamically loaded, modular, cryptographic implementation for integration of flexible policy implementations on policy engines, and the like, into a base executable having at least one slot. The base executable may rely on an integrated loader to control loading and linking of fillers and submodules. A policy module may be included for use in limiting each module's function, access, and potential for modification or substitution. The policy may be implemented organically within a manager layer or may be modularized further in an underlying engine layer as an independent policy, or as a policy created by a policy engine existing in an engine layer. The policy module is subordinate to the manager module in the manager layer in that the manager module calls the policy module when it is needed by the manager module. The policy module is preferably dynamically linkable, providing flexibility, and is layered deeper within the filler module than the manager module.

Abstract: An apparatus and method provide a controlled, dynamically loaded, modular, cryptographic implementation for integration of flexible policy implementations on policy engines, and the like, into a base executable having at least one slot. The base executable may rely on an integrated loader to control loading and linking of fillers and submodules. A policy module may be included for use in limiting each module's function, access, and potential for modification or substitution. The policy may be implemented organically within a manager layer or may be modularized further in an underlying engine layer as an independent policy, or as a policy created by a policy engine existing in an engine layer. The policy module is subordinate to the manager module in the manager layer in that the manager module calls the policy module when it is needed by the manager module. The policy module is preferably dynamically linkable, providing flexibility, and is layered deeper within the filler module than the manager module.

Abstract: An apparatus, system, and method to provide an initial and an on-going authentication mechanism with which two executable entities may unilaterally or bilaterally authenticate the identity, origin, and integrity of each other. In one instance, the authentication mechanisms are implemented within a dynamically loaded, modular, cryptographic system. The initial authentication mechanism may include digitally signed challenge and possibly encrypted response constructs that are alternately passed between the authenticating and authenticated executable entities. A chain of certificates signed and verified with the use of asymmetric key pairs may also be part of the initial authentication mechanism. Representative asymmetric key pairs include a run-time key pair, a per-instance key pair, and a certifying authority master key pair. The on-going authentication mechanism may include a nonce variable having a state associated therewith.

Abstract: A cryptography-based entity authentication device (EAD) operated by a remote entity located at a subscriber site enables a telephone switch or computer system to identify and verify the authenticity of the entity. In one embodiment, the EAD encrypts a random digital sequence transmitted by a host facility and returns the encrypted signal to the host for comparison with another encryption signal generated locally by the host. If a match is detected, this serves as confirmation that the remote entity possesses the same encryption key as the host, therefore verifying the authenticity of the remote entity. Otherwise, the entity is deemed fraudulent and access is denied. In another embodiment, the host and subscriber site each include a respective time generation means which are maintained in relative time synchronicity. The EAD generates and encrypts a time signal for comparison with another encrypted time signal generated locally by the host.

Abstract: An open loop TDMA communications system includes a transponder located on a spacecraft in quasi-synchronous earth orbit; a reference station periodically transmits a timing marker through said transponder to a plurality of geographically separated earth stations. Spacecraft position varies within controlled limits, and at any time the reference station has available to it information respecting the spacecraft's position. The reference station transmits, along with the timing marker, a spacecraft position index signal which is received at the geographically separated stations. Each of the stations detects the spacecraft position index signal, and based on its own geographic location, translates the spacecraft position index into a transmit timing adjustment. The transmit timing adjustment is employed to vary transmit timing from nominal and to thereby reduce the extent of the guard time used to ensure non-overlapping of bursts from the plurality of stations at the transponder.