Abstract: Secure devices (e.g., a cryptophone, a cryptofax, a computer or other such electronic device) have an encryptor and a digitizer, the digitizer for receiving an input and generating an output supplied to the encryptor. According to the invention, the encryptor and the digitizer are coupled either physically, logically or through non-tamperable software to guarantee that a given ciphertext is the encryption, generated by the encryptor, of an output generated by the digitizer.

Abstract: The present invention describes new digital signature schemes that are provably secure against any adaptive chosen-message attack. The scheme, which is based on selection of a hash function from a space of such functions, has a very short public key, fast signing, a reasonable signature length and high security. Several algorithmic techniques are provided for enhancing the efficiency of the signature scheme in terms of time and memory.

Abstract: A method for certifying public keys of a digital signature scheme in a secure communications system is provided. The secure communications system in one in which there are authorities with previously-certified public verification keys. The method begins by having a user U present an authority a verification key PK.sub.U. The authority then identifies the presenting user as U. Thereafter, the authority verifies that the presenting user knows the secret signing key associated with PK.sub.U. If so, the authority computes a digital signature S relative to the authority's own public key PK.sub.A of its verification that PK.sub.U is the public key of user U. The authority then issues a certificate that PK.sub.U is the public key of user U, the certificate including both S and a certificate for PK.sub.A.

Abstract: The method and system of the present invention utilizes public-key cryptography to create "secure" titles for personal and real property such as vehicles and the like. The title preferably comprises a card in which is stored a digital signature of one or more identifiers such as a vehicle identification number, the vehicle license plate and the owner's name. To effect a transfer of the property, the digital signature on the title must first be shown to have been generated from the one or more identifiers.

Abstract: A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys. According to the method, each user's secret key is broken into shares. Then, each user provides a plurality of "trustees" pieces of information. The pieces of information provided to each trustee enable that trustee to verify that such information includes a "share" of a secret key of some given public key. Each trustee can verify that the pieces of information provided include a share of the secret key without interaction with any other trustee or by sending messages to the user. Upon a predetermined request or condition, e.g., a court order authorizing the entity to monitor the communications of a user suspected of unlawful activity, the trustees reveal to the entity the shares of the secret key of such user.

Abstract: A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein each user is assigned a pair of matching secret and public keys. According to the method, each user's secret key is broken into shares. Then, each user provides a plurality of "trustees" pieces of information. The pieces of information provided to each trustee enable that trustee to verify that such information includes a "share" of a secret key of some given public key. Each trustee can verify that the pieces of information provided include a share of the secret key without interaction with any other trustee or by sending messages to the user. Upon a predetermined request or condition, e.g., a court order authorizing the entity to monitor the communications of a user suspected of unlawful activity, the trustees reveal to the entity the shares of the secret key of such user.

Abstract: A method for "on-line/off-line" digital signing is described and begins by pre-computing a data string x from a pair of matching public and secret keys of a digital signature scheme such that, for any message m later selected to be signed, a signature of m derived from x can be computed substantially faster than the signature of m derived from the matching public and secret keys. After a message m is selected to be signed, the method computes a signature .sigma. of the message m using the data string x. Because the method uses a two-stage approach to sign a message, the technique can be advantageously used to enhance the security of known digital signature schemes or to effect transaction processing using "smart" cards.

Abstract: The method and system for the invention utilizes any of a number of "proofs of legitimacy" to generate and verify a personal identification card. A card is generated by computing a digital signature of a non-secret password. The password and the digital signature are then encoded and stored on a magnetic stripe or other memory device of the card. To effect a transaction, the digital signature on a received card must be shown to have been generated from the password on the received card. The password preferably includes a digitized photograph of the authorized cardholder which is capable of being displayed at the transaction terminal. This enables the operator of the terminal to verify the identity of the cardholder by visual inspection.

Abstract: A seed random sequence is extended in successive nodes of a tree structure of a random sequence generator. At each node, an input sequence is expanded to an output sequence substantially greater than the length of the input sequence. Plural processors operate in parallel in generating the final output sequence, and subsequences may be directly accessed as a starting location of the output sequence. The random sequence generator is accessed by an index in an encryption system. In a sequential generator, less than all of the bits from the generator unit are reapplied to the generator unit in an iterative process.

Abstract: The method and system of the invention utilizes a private key of a public-key cryptosystem key pair to encrypt a non-secret password into a digital signature. The password and the digital signature are then encoded and stored on a magnetic stripe or other memory device of the card. To effect a transaction, the digital signature on a received card must be shown to have been generated from the password on the received card. The password preferably includes a digitized photograph of the authorized cardholder which is capable of being displayed at the transaction terminal. This enables the operator of the terminal to verify the identity of the cardholder by visual inspection.