Abstract: The present invention provides methods and apparatus to generate a statistical object, the deterministic statistical representation of an original object, using a Deterministic Random Bit Generator (DRBG) (10). Multiple DRBG Statistical Object Generators (10) may be chained together to increase security by using independent security configurations (22) for each DRBG Statistical Object Generator (10).

Abstract: Methods and apparatus for a Secure Time Communication System (10) are disclosed. One embodiment of the invention provides secure and non-interactive communication of clock information over an unsecured communications channel. This communication provides perfect forward secrecy, while detecting and blocking message spoofing, message replay, denial of service and cryptographic performance attacks. This mechanism also bounds the effect of message delay manipulation. The mechanism consists of two components, a filtered time encryptor (16) and a filtered time decryptor (28). The filtered time encryptor (16) produces a message in two parts; a time token followed by an encrypted message body. The time token is used as a filter to detect most attacks and to determine the message key.

Abstract: Systems, apparatuses and methods are described for facilitating connection between two or more clients across a network that includes network address translators (NATs). In a particular implementation, the techniques include peer-to-peer (P2P) traffic processing and network address translator (NAT) traversal. Low cost data traffic processing techniques with minimal server intervention are disclosed. The techniques can establish direct connections between clients located in private networks behind NATs. In the case where the clients are each behind a symmetric NAT, the connection can be established indirectly via a non-symmetric NAT (used as a relay) which establishes connection with both symmetric NATs using the disclosed direct connection techniques.

Abstract: A method for generating a word sequence for a passcode involves choosing a schema to guide the generation of the word sequence, and transforming the passcode into the word sequence using the schema, wherein the word sequence contains mnemonic structure.

Abstract: A method for generating a word sequence for a passcode involves choosing a schema to guide the generation of the word sequence, and transforming the passcode into the word sequence using the schema, wherein the word sequence contains mnemonic structure.

Abstract: A method and apparatus is disclosed for providing a secure wireless communication link between a mobile nomadic device and a base computing unit. A mobile sends a host certificate (Cert.sub.-- Mobile) to the base along with a randomly chosen challenge value (CH1) and a list of supported shared key algorithms ("SKCS"). The base determines if the Cert.sub.-- Mobile is valid. If the Cert.sub.-- Mobile is not valid, then the base unit rejects the connection attempt. The base then sends a Cert.sub.-- Base, random number (RN1) encrypted in mobile's public key and an identifier for the chosen SKCS to the mobile. The base saves the RN1 value and adds the CH1 value and the chosen SKCS to messages sent to the base. The mobile unit then validates the Cert.sub.-- Base, and if the certificate is valid, the mobile verifies under the public key of the base (Pub.sub.-- Base) the signature on the message.

Abstract: A method and apparatus is disclosed for providing a secure wireless communication link between a mobile nomadic device and a base computing unit. A mobile sends a host certificate (Cert.sub.-- Mobile) to the base along with a randomly chosen challenge value (CH1) and a list of supported shared key algorithms ("SKCS"). The base determines if the Cert.sub.-- Mobile is valid. If the Cert.sub.-- Mobile is not valid, then the base unit rejects the connection attempt. The base then sends a Cert.sub.-- Base, random number (RN1) encrypted in mobile's public key and an identifier for the chosen SKCS to the mobile. The base saves the RN1 value and adds the CH1 value and the chosen SKCS to messages sent to the base. The mobile unit then validates the Cert.sub.-- Base, and if the certificate is valid, the mobile verifies under the public key of the base (Pub.sub.-- Base) the signature on the message.