Abstract: Devices, systems and methods for controlling a patient's body temperature by endovascular heat exchange.

Abstract: A system for executing a symmetric key cryptographic method includes a processor selecting data paths, a key, an initialization vector, a memory storing batched operation parameters, a bus connected to the processor and the memory, a cryptographic processor connected to the bus and controlled by the processor for performing a plurality of operations according to the operations parameter, wherein data for each operation is received individually and separately from the batched operation parameters, wherein an output for each operation is transmitted separately, and a pair of first-in-first-out (FIFO) state machines controlled by the processor and selectably connected to one of the cryptographic processor and the bus, bypassing the cryptographic processor.

Abstract: A symmetric key cryptographic method is provided for short operations. The method includes batching a plurality of operation parameters (1503), and performing an operation according to a corresponding operation parameter (1505). The symmetric key cryptographic method is a Data Encryption Standard (DES) method. The short operations can be less than about 80 bytes. The short operations can be between 8 and 80 bytes. The method includes reading the batched parameters from a dynamic random access memory (1504), and transmitting each operation through a DES engine according to the operations parameter (1505).

Abstract: A symmetric key cryptographic method is provided for short operations. The method includes batching a plurality of operation parameters (1503), and performing an operation according to a corresponding operation parameter (1505). The symmetric key cryptographic method is a Data Encryption Standard (DES) method. The short operations can be less than about 80 bytes. The short operations can be between 8 and 80 bytes. The method includes reading the batched parameters from a dynamic random access memory (1504), and transmitting each operation through a DES engine according to the operations parameter (1505).

Abstract: A symmetric key cryptographic method is provided for short operations. The method includes batching a plurality of operation parameters (1503), and performing an operation according to a corresponding operation parameter (1505). The symmetric key cryptographic method is a Data Encryption Standard (DES) method. The short operations can be less than about 80 bytes. The short operations can be between 8 and 80 bytes. The method includes reading the batched parameters from a dynamic random access memory (1504), and transmitting each operation through a DES engine according to the operations parameter (1505).

Abstract: A symmetric key cryptographic method is provided for short operations. The method includes batching a plurality of operation parameters (1503), and performing an operation according to a corresponding operation parameter (1505). The symmetric key cryptographic method is a Data Encryption Standard (DES) method. The short operations can be less than about 80 bytes. The short operations can be between 8 and 80 bytes. The method includes reading the batched parameters from a dynamic random access memory (1504), and transmitting each operation through a DES engine according to the operations parameter (1505).

Abstract: A trusted co-server, and a method of using a trusted co-server, for a service provider. The co-server executes a program such that: for multiple parties P0–Pn (where Po is said co-server), each party Pi may (optionally) provide input Ii, and then said co-server carries out N functions: Fi (io . . . In) describes what the co-server returns to party Pi. The preferred embodiment of the invention raises the trust level of the computation and data storage at the server. For instance, this invention may be witness to authenticity of certain data coming back to the client. This data can include assertions from the trusted co-server about the server content and configuration. The invention, also, can provide privacy of data going back to the server, by keeping it encrypted between the client and the co-server, and then re-encrypting it before inserting it into the server.

Abstract: A method (and system) for guaranteeing authenticity of an object, includes providing a sample of material obtainable only by at least one of chemical and physical processes such that the sample is random and not reproducible, associating a number reproducibly to the sample by using a specific reader, and forming at least one coded version of the number, the at least one coded version being obtained by a key signature, and the version being recorded into an area of the object.

Abstract: An online coupon issuing and redemption system and method receives requests for coupons from consumers, presents advertisements and issues coupons to consumers electronically. The system presents advertisements before issuing the coupons, such that an issuer may be assured its targeted consumer are receiving its advertisements. The coupons are issued on a smart card, thereby eliminating a need for paper coupons. The coupons are digitally signed in order to prevent fraud. In order to prevent further fraudulent tampering of coupons, the redemption station includes a tamper-protected coprocessor for performing operations on the coupons. The system further includes capability for the redemption station to link to an issuing station for electronic reimbursements.

Abstract: Authentication is provided for secure devices with limited cryptography, particularly for devices which do not have the capability to do public-key cryptography and generate random numbers. An initialization process is disclosed for limited-power Devices which are unable to perform public-key cryptography and generate random-numbers, as well as for full-power Devices which have the capability to do public-key cryptography and generate random numbers. A Challenge-Response procedure is also disclosed for ensuring the secure state of a device.

Abstract: Authentication is provided for secure devices with limited cryptography, particularly for devices which do not have the capability to do public-key cryptography and generate random numbers. An initialization process is disclosed for limited-power Devices which are unable to perform public-key cryptography and generate random-numbers, as well as for full-power Devices which have the capability to do public-key cryptography and generate random numbers. A Challenge-Response procedure is also disclosed for ensuring the secure state of a device.

Abstract: Apparatus and methods for providing secure electronic brokers are provided. The apparatus and methods make use of trading programs and their matching rules (and if needed some negotiation protocols) which allows the apparatus to communicate with customers using messaging middleware, thereby becoming an electronic broker or e-broker for the customers. The e-broker device publishes, using Pub/Sub messaging technology, for example, the type of trades it expects to broker. Potential users subscribe, using content based matching, to the types of trades they would like to make. Together with its advertising, the e-broker publishes the public part of its public encryption scheme. The user then sends it encrypted bids and the public part of its own public encryption scheme to the e-broker. When the users submit their identification, the e-broker device checks their overall quality (credit, reputation, etc.).

Abstract: An apparatus for permitting access to protected code, protected data or protected devices only when a computer system is in a trusted state, where said trusted state occurs only when said system is executing trusted code under a set of preselected conditions. This apparatus also has a device for exiting the trusted state and for preventing access to protected code, data and devices when the trusted state is exited. The computer system is also programmed to automatically generate a disabling signal upon the completion of execution of trusted code, and this disabling signal will result in the prevention of access to protected devices or code.

Abstract: A system collects information associated with movement between locations. The system includes individual cards. Each individual card has a storage area and an interactor for receiving promotional unit data. A plurality of promotional units are also included. Each promotional unit transmits respective promotional unit data to any card with which it interacts. The promotional unit data within each card may then be downloaded to determine with which promotional units interaction has occurred.

Abstract: Authentication is provided for secure devices with limited cryptography, particularly for devices which do not have the capability to do public-key cryptography and generate random numbers. An initialization process is disclosed for limited-power Devices which are unable to perform public-key cryptography and generate random-numbers, as well as for full-power Devices which have the capability to do public-key cryptography and generate random numbers. A Challenge-Response procedure is also disclosed for ensuring the secure state of a device.

Abstract: A method and apparatus is presented for establishing provable integrity or untampered state in secure devices. It employs active tamper response; generating authentication secrets inside the device via real hardware randomness to minimize risk of compromised factory machines; activating tamper response at a trusted point of trust to protect against attacks and/or continually certify the integrity of the device along shipping channels and at user sites; and allowing for all keys to be regenerated so that in accordance with sound cryptographic practice no one needs to depend on permanent keys. The point of trust is a central authority that is trusted by all parties that need to trust the provable untampered state of the secure device. At any point the certifying authority authenticates the integrity and/or untampered state of the device, and re-issues a new certificate for that device.

Abstract: A computer watchdog system monitors and controls distribution content sent form producers, through distributors, to subscribers. The computer watchdog system acting to ensure the just execution of agreements between a producer of content and a distributor of content. The computer watchdog system serving as an agent trusted by both producers and distributors. The computer watchdog system may be equipped with tamper protection for resisting exogenous attempts to gain unauthorized access to the system. The computer watchdog system may be installed entirely within distributor's sites. Alternatively, the computer watchdog system may reside partially within distributor's sites and partially within subscriber's sites. The computer watchdog system logs and reports on information relating to the distribution of content. Further, the computer watchdog system may selectively transform content provided by a producer, customizing the content for distributors and subscribers.

Abstract: An apparatus, system and method for secure code-downloading and information exchange, in the full generality of complex code dependencies while considering the implications of mutual distrust and hot-swapping. Included are secure techniques wherein an authority signs code from another party upon which that authority depends in order to establish that a trusted execution environment, is being preserved. Trusted code is employed to ensure that proprietary data is destroyed, disabled, and/or made unreadable, when a change causes the trusted execution environment to cease holding to a certain security level. A carefully constructed key structure is employed to ensure that communications allegedly from particular code in a particular environment can be authenticated as such. Authenticity of code that decides the authenticity of public-key signatures, and/or the authenticity of other code is cared for. In particular, the loading code that performs these tasks may itself be reloadable.

Abstract: Authentication is provided for secure devices with limited cryptography, particularly for devices which do not have the capability to do public-key cryptography and generate random numbers. An initialization process is disclosed for limited-power Devices which are unable to perform public-key cryptography and generate random-numbers, as well as for full-power Devices which have the capability to do public-key cryptography and generate random numbers. A Challenge-Response procedure is also disclosed for ensuring the secure state of a device.