Abstract: A quantum cryptography apparatus securely generates a key to be used for secure transmission between a sender and a receiver connected by an atmospheric transmission link. A first laser outputs a timing bright light pulse; other lasers output polarized optical data pulses after having been enabled by a random bit generator. Output optics transmit output light from the lasers that is received by receiving optics. A first beam splitter receives light from the receiving optics, where a received timing bright light pulse is directed to a delay circuit for establishing a timing window for receiving light from the lasers and where an optical data pulse from one of the lasers has a probability of being either transmitted by the beam splitter or reflected by the beam splitter. A first polarizer receives transmitted optical data pulses to output one data bit value and a second polarizer receives reflected optical data pulses to output a second data bit value.

Abstract: Codeword synchronization and scrambler synchronization in a block-coded serial communications link are accomplished by (i) substituting a specific comma control codeword for a selected codeword value occurring in the output of a scrambler receiving an input data stream, and (ii) using selected polarity-independent bits of the block-coded scrambled bit stream to convey samples of the scrambler state. Inversion of received control codewords indicates polarity inversion somewhere along the link, enabling automatic polarity correction to be applied.

Abstract: A method and system for maintaining computer network security allows for changeable encryption keys used by each individual work station to be looked up by a server. The server will have numerous logical interfaces corresponding to the active encryption keys, and information is routed through the appropriate interface depending upon which work station is communicating with the server. Each encryption key is encrypted into a transport key for transmission as part of each information packet.

Abstract: A method and apparatus for controlling release of time-sensitive information is accomplished by a server that establishes access information for a specific future time which only becomes active once the specific future time has passed. When the specific future time has passed, the server releases the access information such that an end-user or end-users may utilize the access information to obtain time-sensitive information. The access information may be a random number which can be used to calculate a decryption key and an encryption key. The encryption key can be released by the server at any time such that an end-user may encrypt time sensitive information for release at the specific future time, but the random number is not released until the specific future time has passed. When the random number is released, end-users may generate the decryption key and subsequently decrypt the time-sensitive information.

Abstract: An apparatus and method for secure cryptographic communications between a sender and a receiver or multiple receivers that includes first and second timing elements, and first and second key storage units containing multiple keys in a predetermined order for selection depending on respective key times, where the key times occur periodically according to the first and second timing elements, respectively. A data encryptor obtains a new key from the first key storage unit at each occurrence of the key time of the first key storage unit, and uses the key to encrypt an inputted data. And, at least one data decryptor obtains a new key from the second key storage unit at each occurrence of the key time of the second key storage unit. Time synchronization of the participants' equipment provides the method of selecting compatible keys for the encryption and decryption process.

Abstract: Prior methods of encryption can be broken by sufficiently powerful decryption techniques. The present invention provides a method of making decryption practically extremely difficult. It involves having synchronized processors continuously calculate a defined pseudo-random number and communicate the message by adding it to the sequentially continuously calculated number.

Abstract: A method and an apparatus for generating encryption stream ciphers are based on a recurrence relation designed to operate over finite fields larger than GF(2). A non-linear output can be obtained by using one or a combination of non-linear processes to form an output function. The recurrence relation and the output function can be selected to have distinct pair distances such that, as the shift register is shifted, no identical pair of elements of the shift register are used twice in either the recurrence relation or the output function. Under these conditions, the recurrence relation and the output function also can be chosen to optimize cryptographic security or computational efficiency. Moreover, it is another object of the present invention to provide a method of assuring that the delay that results for the encryption process does not exceed predetermined bounds.

Abstract: Codeword synchronization and scrambler synchronization in a block-coded serial communications link are accomplished by (i) substituting a specific comma control codeword for a selected codeword value occurring in the output of a scrambler receiving an input data stream, and (ii) using selected polarity-independent bits of the block-coded scrambled bit stream to convey samples of the scrambler state. Inversion of received control codewords indicates polarity inversion somewhere along the link, enabling automatic polarity correction to be applied.

Abstract: A method for protecting digital content from copying and/or other misuse as it is transferred between one or more computationally constrained devices over insecure links, includes preliminarily authenticating that both a content source and a content sink are compliant devices, and transferring content between compliant devices. In a further aspect of the invention, in the background, concurrently with the transfer of content, at least a second cryptographic process is performed. In an embodiment, establishing a preliminary control channel includes exchanging random challenges between devices, encrypting, under a shared secret key, and hashing the exchanged random challenges, exchanging the results of the encryption and hash functions and then verifying that the appropriate results have been generated.

Abstract: A method and apparatus for reestablishing secured communication after a desynchronization event. Secured communication is established between a first device and a second device using synchronized device dependent sequence values. A security sequence value from the first device is stored, preferably on a nonvolatile medium. After a desynchronization event, the first device sends the stored security sequence value to the second device as a resynchronization request. The second device returns the stored security sequence value as security assurance, preferably with a security sequence value from the second device for resynchronization.

Abstract: A rolling code transmitter is useful in a security system for providing secure encrypted RF transmission comprising an interleaved trinary bit fixed code and rolling code. A receiver demodulates the encrypted RF transmission and recovers the fixed code and rolling code. Upon comparison of the fixed and rolling codes with stored codes and determining that the signal has emanated from an authorized transmitter, a signal is generated to actuate an electric motor to open or close a movable barrier.

Abstract: A system for allocation of radio resources to a mobile station, in a multiservice mobile radio cellular system, performs radio resource allocation for the various services independently. The radio resources are formed by transmission channels having multiple access provisions, using combinations of multiplexing techniques including frequency multiplexing. The system includes a coordination device for coordinating the allocation of radio resources for the various services accessed simultaneously by a mobile station, in order to allocate different channels carried by a single carrier frequency to the various services for the mobile station.

Abstract: A method for generating an identical electronic one-time pad at a first location and a second location, the method comprising the steps of: (a) providing a first electronic device at the first location and a second electronic device at the second location, each of the first and the second electronic devices having: (i) a non-volatile memory; (ii) a processor; (iii) at least one table of true random numbers being stored on the non-volatile memory, the table being identical for the first and the second electronic devices; and (iv) at least one software program for obtaining a true random number from the table, the software program being stored on the non-volatile memory and the at least one software program being operated by the processor; (b) providing a communication channel for communication between the first electronic device and the second electronic device; (c) selecting a selected true random number from the table at the first and the second electronic devices according to a selection procedure, the sele

Abstract: A system and method for communicating a key between two stations using an interferometric system for quantum cryptography. The method includes sending at least two light pulses over a quantum channel and detecting the interference created by the light pulses. The interfering pulses traverse the same arms of an interferometer but in a different sequence such that the pulses are delayed when traversing a quantum channel. The pulses are reflected by Faraday mirrors at the ends of the quantum channel so as to cancel any polarization effects. Because the interfering pulses traverse the same arms of an interferometer, there is no need to align or balance between multiple arms of an interferometer.

Abstract: A system for synchronizing chaotic transmitters and receivers that is less sensitive to channel effects than other known chaotic communication methods. The system employs duplicate transmitter and receiving modules and in addition to the chaotic output a synchronizing signal which occupies a reduced bandwidth. The small bandwidth affords the system a greater resistance to the affects of frequency dependent channel distortion and noise. The broad band chaotic signal is transmitted and appears to be noise to an unauthorized listener. The receiving unit employs band pass filtering, and when the signal is received the receiver filters the chaotic signal through band pass filters which eliminate channel noise and make gain control easier to implement.

Abstract: A hybrid one time pad encryption and decryption apparatus with methods for encrypting and decrypting data wherein a one time random number pad provides high security encryption. The random number sequence is encrypted using DES, RSA or other technique and embedded in the message as a function of the random pad itself. This generates an encryption message that is impervious to attempts to directly decode the message text as the message is randomly dispersed throughout a message and the message contains as much quasi-random data as text. The message is also relatively impervious to attempts to decode the cipher, as the cipher is randomly interrupted by the encrypted data.

Abstract: An access control/crypto system having a smart card reader and an access control program for requesting information from a user to determine if the user is authorized to access the computer. The access control/crypto system uses encryption and smart card technology as a means for securing files stored on the system, telecommunicated globally, or archived to a chosen media. The system includes an access hierarchy, combined with the issuance of smart cards, to control the various levels of access provided by the system. Further, the present system provides secure file transfer by encrypting sensitive files at a first site, transferring the encrypted version to a second site, providing an authorized user at the second site with a secret password, and decrypting the file at the second site using the secret password under control of the authorized user.

Abstract: An apparatus and method for secure cryptographic communications between a sender and a receiver or multiple receivers that includes first and second timing elements, and first and second key storage units containing multiple keys in a predetermined order for selection depending on respective key times, where the key times occur periodically according to the first and second timing elements, respectively. A data encryptor obtains a new key from the first key storage unit at each occurrence of the key time of the first key storage unit, and uses the key to encrypt an inputted data. And, at least one data decryptor obtains a new key from the second key storage unit at each occurrence of the key time of the second key storage unit. Time synchronization of the participants' equipment provides the method of selecting compatible keys for the encryption and decryption process.

Abstract: In order to unambiguously allocate a data carrier to an object, key information is written into the data carrier. Before writing-in the key information, secret identification information and open identification information is written into the data carrier. Copies of the secret and open information are stored in a central station. In the central station, for a particular data carrier, the open and secret information is associated with each other. In addition thereto, in the central station, object information for the particular object, and key information for the object are associated with each other. From the data carrier, the open identification information is sent to the central station to access the associated stored open and secret identification information so as to retrieve the stored secret identification information. In addition thereto, object information is sent to the central station to access the associated stored object and key information so as to retrieve the stored key information.

Abstract: The certification of electronic documents for subsequent verification and authentication is disclosed. Pursuant to a request to certify a document, a digital signature is extracted from the document. The digital signature corresponds to the content of the document and is unique to the document. Thus, signatures extracted from documents that are even slightly different from the certified document, or from a document that has been changed, will be different. A certification provider maintains the digital certification signature, an identification code such as a serial number, and other information such as the time and date of certification. The serial number is returned to the certification requester. When verification is sought, the serial number and the document alleged to have been certified are given to the certification provider. The serial number is used to index the previously extracted digital certification signature.

Abstract: Improved techniques for facilitating secure data transfer over one-way data channels or narrowband channels are disclosed. Often, these channels are wireless channels provided by wireless data networks. The techniques enable cryptographic handshake operations for a one-way data channel to be performed over a companion two-way data channel so that the one-way data channel is able to effectively satisfy security protocols that require two-way communications for the cryptographic handshake operations. Once the cryptographic handshake operations are complete, data can be transmitted over the one-way data channel in a secure manner. Additionally, the techniques also enable the cryptographic handshake operations to be performed more rapidly because the two-way channel is typically a wideband channel.

Abstract: A modular exponentiator is adapted to receive a first communicated signal and derive a second signal therefrom by computation of a modular exponentiation of the form be mod n based on the first signal. The modular exponentiator divides the modular exponentiation according to the Chinese remainder theorem into first and second portions respectively having modulus values p and q of approximately half of an original modulus value n of the modular exponentiation. Each portion of the modular exponentiation is factored into respective pluralities of smaller modular exponentiations having precalculated exponent values. The respective pluralities of smaller modular exponentiations are then multiplied together to provide respective intermediate products. The intermediate products are then recombined to yield the modular exponentiation result.

Abstract: Process and device for quantum distribution of an encryption key. According to the invention, a light beam is modulated by a signal, the phase of which can be adjusted at random. On reception, the received beam is modulated by a signal, the phase of which is also adjustable. The intensity of one of the lateral modes is measured, which depends on the difference between the two phases used. The key is distributed by the photons contained in one of the lateral modes. Application to cryptography with secret key.

Abstract: When generating a common key for use in an encryption process of encrypting a plaintext into a ciphertext and a decryption process of decrypting the ciphertext into the plaintext, components which are contained in the secret keys of one entity and correspond to other entity as a communicating party are extracted and composition of all the extracted components is performed while shifting the components to generate a common key. Thus, the common key consisting of a larger number of bits than the number of bits in each of the extracted components is generated. A common key of any size is generated by adjusting the amount of shift.

Abstract: A logical tree structure and method for managing membership in a multicast group provides scalability and security from internal attacks. The structure defines key groups and subgroups, with each subgroup having a subgroup manager. Dual encryption allows the sender of the multicast data to manage distribution of a first set of encryption keys whereas the individual subgroup managers manage the distribution of a second set of encryption keys. The two key sets allow the sender to delegate much of the group management responsibilities without compromising security because a key from each set is required to access the multicast data. Security is further maintained via a method in which subgroup managers can be either member subgroup managers or participant subgroup managers. Access to both keys is provided to member subgroup managers whereas access to only one key is provided to participant subgroup managers.

Abstract: In an electronic component including a two-way bus through which data elements travel between peripherals and a central processing unit at the rate of a clock signal, the central processing unit and at least one of the peripherals each includes a data encryption/decryption cell. Each data encryption/decryption cell uses the same secret key. The secret key is produced locally at each clock cycle in each cell from a random signal synchronous with the clock signal, and is applied to each of the cells by a one-way transmission line.

Abstract: A group key management system and method for providing secure many-to-many communication is presented. The system employs a binary distribution tree structure. The binary tree includes a first internal node having a first branch and a second branch depending therefrom. Each of the branches includes a first member assigned to a corresponding leaf node. The first member has a unique binary ID that is associated with the corresponding leaf node to which the first member is assigned. A first secret key of the first member is operable for encrypting data to be sent to other members. The first member is associated with a key association group that is comprised of other members. The other members have blinded keys. A blinded key derived from the first secret key of the first member is transmitted to the key association group. Wherein, the first member uses the blinded keys received from the key association group and the first secret key to calculate an unblinded key of the first internal node.

Abstract: An apparatus and method for detecting erroneous initialization vectors transmitted over a communications channel and maintaining cryptographic synchronization by comparing a received vector with a predicted correct vector. The vectors are random-like in nature by utilizing a pseudo-random number generator having a long overall cycle length. If the level of bit errors of the comparison is relatively small, considering the predicted vector is considered correct and used for synchronization, but if the number of bit errors of the comparison is relatively large, the predicated vector is considered in correct.

Abstract: A secured access to data in a portable document format (PDF) file is provided by encapsulating a Public Key Cryptography Standard number 7 (PKCS#7) object having a recipient list into data. ‘Enveloped data’ encapsulated in the PKCS#7 object contains access information that is used to access the remainder of the document into which the PKCS#7 object is encapsulated. The access information can be decrypted by all recipients in the PKCS#7 recipient list. If a recipient listed in the recipient list attempts to access data in the document, the access information is decrypted using the recipient's private key. The access information is used to obtain an access key that is used to decrypt data in the document.

Abstract: Apparatus and method for authenticating that a sender has sent certain information via a dispatcher to a recipient is disclosed. The method includes the steps of: (a) providing a set A comprising a plurality of information elements a1, . . . an, said information element a1 comprising the contents of said dispatched information, and said one or more information elements a2, . . .

Abstract: Secure communication may be conducted between two or more parties over a network, e.g the Internet without prior security arrangements among the parties or agreed to encryption/decryption software. A sending party is connected to a data network through a computer and has access to a communications network, e.g. a public switched telephone network. The sender prepares a file designated, e.g. “X” containing confidential information for secure transmission over the Internet or the like to one or more receivers. In one embodiment, the sender downloads encryption/decryption or “crypto” software stored at a location on the Internet e.g. location “U” in a Uniform Resource Locator (URL). The “crypto” software is written in executable code or an interpretive language such as JAVA. The sender selects a key “K” and encrypts the plain text file “X” into cipher text.

Abstract: A transmission apparatus 100 includes a secret key storage unit 103 that stores three secret keys K1, K2 and K3, a secret key selection unit 104 that selects one secret key Ks from the secret keys, a message generation unit 106 for generating a message M used as a carrier for indicating a secret key, an encryption module 105 for generating a cryptogram Ca by encrypting the generated message M using the secret key Ks, an encryption module 107 for generating a cryptogram Cm by encrypting the message M using the message M itself as the secret key, and two transmission units 111 and 112 for transmitting the cryptograms Ca and Cm to the reception apparatus 200 to indicate the selected secret key Ks.

Abstract: The invention relates to an encryption key management system and method of securely communicating data. First and second communicating devices are provided with a first and second identical sequences or databases of encryption keys. A pointer is set in both the first and second sequences at the same encryption key. Data from the first communicating device is encrypted using an encryption key adjacent the pointer in the first sequence of encryption keys. The encrypted data is then transmitted from the first communicating device and received by the second communicating device. The second communicating device decrypts the encrypted data received using an encryption key adjacent the pointer in the second sequence of encryption keys. After encrypting and/or decrypting data segments, the pointers in both the first and second sequences of encryption keys are incremented or moved in preparation for the next data segment or communication.

Abstract: An agent is permanently resident in a server as software for the purpose of cryptographic processing. In addition, another agent that is described in mobile code and contains a program for the purpose of cryptographic processing is also stored in the server. When data that are to be sent and received between the server and a client are encrypted, the agent that is described in mobile code is sent from the server to the client. When the client receives data that were encrypted in the server, it reproduces those data by decryption using the received agent.

Abstract: A system and method provides signaling privacy for communications between nodes of a communications network (30). Multiple logical links exist between distinct network nodes (38-40, 42, 50-53) of the communication network (30). Signaling privacy is achieved by a subscriber unit (80) providing encryption/decryption of signaling data messages at the messaging level. The subscriber unit (80) employs a signaling encryptor/decryptor (86) along the signaling path, which enables the signaling data messages to be separately encrypted from data on the traffic channel. The encrypted signaling data can then be sent along a different logical link from the traffic, while maintaining cipher key synchronization between the signaling encryptor/decryptor (86) and a network encryptor/decryptor (78) at a remote end of the logical link which transports the encrypted signaling data.