Abstract: A system and method establishes a secure communication channel over an optical network. More specifically, the system and method can generally include securing a communications channel to prevent unauthorized access such as eavesdropping or masquerading by employing 1) an encryption scheme derived from the non-linear filtering of shift registers, 2) a method for authenticating and exchanging parameters between two parties over an unsecured data channel for deriving a shared encryption key having a property of perfect forward secrecy, and 3) employing a unique format of the messages that can transport non-secret key exchange parameters over an unsecured data channel and secure communications over a data channel.

Abstract: An apparatus and method provides one or more controlled, dynamically loaded, modular, cryptographic fillers. Fillers may be loaded by a single loader, multiple independent loaders, or nested loaders. Loaders may be adapted to load other loaders, within cryptographic controls extant and applicable thereto. Integration into a base executable having one or more slots, minimizes, controls, and links the interface between the fillers and base executables. The filler may itself operate recursively to load another filler in nested operations, whether or not the fillers are in nested relation to one another. An ability of any filler to be loaded may be controlled by the base executable verifying the integrity, authorization, or both for any filler. The base executable may rely on an integrated loader to control loading and linking of fillers and submodules. A policy may limit each module function, access, and potential for modification or substitution.

Abstract: An apparatus and method provides one or more controlled, dynamically loaded, modular, cryptographic fillers. Fillers may be loaded by a single loader, multiple independent loaders, or nested loaders. Loaders may be adapted to load other loaders, within cryptographic controls extant and applicable thereto. Integration into a base executable having one or more slots, minimizes, controls, and links the interface between the fillers and base executables. The filler may itself operate recursively to load another filler in nested operations, whether or not the fillers are in nested relation to one another. An ability of any filler to be loaded may be controlled by the base executable verifying the integrity, authorization, or both for any filler. The base executable may rely on an integrated loader to control loading and linking of fillers and submodules. A policy may limit each module's function, access, and potential for modification or substitution.

Abstract: An intermediate system provides remote clients with access to a primary system, such as a server. The intermediate system creates and stores a log-in record for each client. The log-in record contains an encrypted primary system client identifier (PSCI). The PSCI contains authentication information for verifying a client's right to access the primary system. Storing an encrypted version of the PSCI enhances the security of the authentication information on the intermediate system. In some implementations of the present invention, the PSCI itself is an encrypted value. When a client attempts to log into the primary system, the intermediate system initially verifies the client's intermediate system access rights. The intermediate system makes this determination using the log-in record and data provided by the client. Next, the intermediate system sends the PSCI to the client's primary system for further authentication. The primary system uses the PSCI to verify the client's right to access primary system data.

Abstract: An intermediate system provides remote clients with access to a primary system. The intermediate system creates and stores a log-in record for each client. The log-in record contains an encrypted primary system client identifier (PSCI) and a security scheme identifier (Security ID). The PSCI contains authentication information for verifying a client's right to access the primary system. The Security ID identifies the security scheme employed to secure information for a client's log-in process. The intermediate system initially verifies a client's access rights using the security scheme identified by the Security ID and data provided by the client. Next, the intermediate system sends the PSCI to the client's primary system, which uses the PSCI to verify the client's access rights. When necessary, a security scheme update modifies values in the client log-in record. The update modifies values that depend on log-in data provided by the client, including modifications to the encrypted PSCI.

Abstract: A system and method for tagging sheets of recording material, so that the origin of the sheets and the authenticity of the sheets may be determined, includes a roller that applies at least a portion of the random pattern to the document. The random pattern is applied by imprinting, embossing, or by piercing the sheet. The pattern applied to the sheet can be determined by any known forensic technique and the pattern can be imaged and stored in a database. A series of rollers may apply phase shifted random patterns to one side or both sides of the sheet. The phase shift of the random patterns may be determined to establish a sequence code. The roller or rollers including the random patterns may be installed in an image forming apparatus, preferably in a sheet transport mechanism of the image forming apparatus.

Abstract: An apparatus and method provide a controlled, dynamically loaded, modular, cryptographic filler for integration into a base executable having a "slot" minimizing the interface between the filler and the base executable, and between individual component modules in the filler. Cryptographic engines provide for security (privacy and integrity) of data. The base executable having potential cryptographic capability may rely on an integrated loader to control linking of the filler and its modules according to a controlling policy set by export or import laws. A base executable may be a network operating system having a "slot" for dynamically linking the filler and its modules. Modules may be created by a third party vendor within controls enforced by the loader and a management module in the filler. Asymmetric key cryptography may assure that modules have not been modified, functionally extended, or created by unauthorized sources, and may ensure that keys used in the modules come only from authorized sources.

Abstract: A method and apparatus for digital cellular telephone encryption includes a switch when a choice between compatibility security and a higher security is required. Plaintext is converted into ciphertext using a three-stage transformation process. In a first stage, the plaintext is transformed using a secret key to control encrypting by an invertible transformation process. In a second stage, the output of the first stage is transformed by an involutory transformation, which is unkeyed when the compatibility switch is in a compatibility setting and keyed when the compatibility switch is in a secure setting. In a third stage, the output of the second stage is transformed by the inverse of the transformation performed in the first stage. The compatibility switch is used to toggle between compatibility with a less secure encryption standard and a key-based secure encryption.