Abstract: A memory card 110 extracts a session key Ks from the data applied onto a data bus BS3 by carrying out a decryption process. An encryption processing unit 1406 encrypts a public encryption key KPcard(1) of memory card 110 based on session key Ks, and applies the encrypted key to a server via data bus BS3. A memory 1412 receives from a server data such as license key Kc, license ID data License-ID and user ID data User-ID encrypted with a public encryption key KPcard(1) differing for each memory card for storage, and receives encrypted content data [Dc]Kc encrypted with license key Kc from data bus BS3 for storage.

Abstract: A certificate validation mechanism is provided for a network interface. The certificate validation mechanism maintains a certificate cache containing local copies of certificates with associated validity indications. The certificate validation mechanism is operable to compare a certificate associated with a received message to the certificate cache and, where the certificate associated with the received message is held in the certificate cache, to associate with the message an indication of validity retrieved from the certificate cache. By providing a cache for certificates local to the network interface, the need always to verify a certificate by reference to a public repository is removed. If a certificate is not held in the local cache, then it can still be necessary to query the public repository. Nevertheless, the verification mechanism provides more immediate verification of certificate validity as this can be made locally without the cost and time of the remote verification at the public repository.

Abstract: Systems and methods for distributing keys of the sort used for purposes including logging onto computer networks, accessing authorized domains, and accessing persistently-protected data. Also discussed is a smart card that offers network connectivity to a media device.

Abstract: An optimized approach for arriving at a shared secret key in a multicast or broadcast group environment is disclosed. The key exchange method is mathematically equivalent to the standard broadcast version of the Diffie-Hellman public-key algorithm. However, from an implementation perspective, nodes within a multicast or broadcast group are treated in a binary fashion, whereby a shared secret key is generated for a pair of nodes at a time. Once the shared secret key is computed by the pair, the nodes within the pair are viewed as a single entity by a node that is to be joined. This process is iteratively performed until all the nodes within the multicast group attain a common shared secret key. Under this approach, the number of messages exchanged between the nodes for establishing the secured channel is significantly reduced compared to the standard broadcast Diffie-Hellman method.

Abstract: A method for authenticating a message recipient and for secure communication of messages from a sender to the message recipient through a server, the method being carried out by one or more data processing systems in accordance with instructions carried on one or more computer readable media. The message is communicated by sending message data encrypted with a symmetric key algorithm, a private key for the encryption algorithm being generated by hashing first data, to the message recipient through a server. The message recipient is authenticated by the exchange of second data encrypted with the encryption algorithm, an authentication key for said encryption algorithm being generated by hashing third data. The first and second data include a password, which has previously been provided to the message recipient over a separate secure channel. The first and third data are hashed with an encryption algorithm defined hash algorithm using said encryption algorithm and based on Merkle's meta-method for hashing.

Abstract: The invention is to provide a group lock which is used in group units for encryption, decryption, and signature. A public key, private key, and common key are provided and the private key is encrypted by use of the common key. The common key is encrypted by use of each public key of the group/member. A group lock which includes the public key, a cryptogram of the private key, and a plurality of cryptograms of the common key is generated. The group/member acquires the group lock and decrypts the cryptograms of the common key by use of the private key of the subject itself to acquire the common key, and decrypts the cryptogram of the private key of the group lock to acquire the private key. The group/member acquires the cryptogram which is encrypted by use of the public key of the group lock sent to the group and decrypts the cryptogram by use of the decrypted private key.

Abstract: A method and apparatus for providing privacy of user identity and characteristics in a communication system. A public key and a private key is generated, corresponding to a transceiver. The public key is transmitted to a wireless communication device. The wireless communication device encrypts one or more an initial messages using the public key and transmits the one or more encrypted initial messages to the transceiver. The transceiver receives the one or more encrypted initial messages and decrypts it using the private key. The transceiver may then allocate resources to initiate a desired communication between said wireless communication device and a second communication device.

Abstract: A method in which information pertaining to a device (104) generating digital signatures (122) is reliably identified includes manufacturing (102) devices in a secure environment (114) and for each device (104) before it is released from the secure environment: creating a public-private key pair (116, 118); storing the private key (116) within the device (104) for utilization in generating a digital signature (122) for a message (122); and linking the public key (118) to a Security Profile (120) of the device (104). The devices (104) then are released from the secure environment (114) and a digital signature (122) is received from somewhere (108) in the world (106). The message (122) is authenticated using a suspect public key (124) and the suspect public key (124) is compared with the linked public keys (118).

Abstract: A method and system for enabling wireless devices distributed throughout an enterprise to be efficiently initialized for secure communications. The method and system utilize well known public key cryptography and machine unique identifiers to establish a secure channel and initialize the wireless devices.

Abstract: A method of managing accounts by an account authority for the same account holder includes associating identity information for each account with the same public key. A method for establishing a new account for the same account holder with each one of a plurality of account authorities includes associating respective identity information for each account with the same public key of the account holder. A method of setting up an account with account authorities for the later process of validating the identity of a sender of electronic communications representing requests for performance of actions regarding the accounts, each electronic communication including a digital signature and respective sender identity information, includes associating a public key with the account such that the public key later is retrievable following receipt of a communication based on the respective sender identity information in the communication, the public key being the same for each account authority.

Abstract: One embodiment of the present invention provides a system for managing public keys through a server that stores associations between public keys and email addresses. This system operates by receiving a first message from a client containing a request for approval of a client public key along with the client public key. In response this request for approval, the system sends a second message to the client containing a request for identity confirmation that includes the client public key. If a third message is received from the client containing an affirmative response to the request for identity confirmation, the system stores an association between a client email address and the client public key in a database. This allows other clients to look up the client public key in the database.

Abstract: In a method of managing a database of existing accounts (214) for account holders (202), each account holder (202) has multiple accounts with one or more account authorities (212) for use of a single device with multiple accounts, with each account of each account holder being associated with a public key of a public-private key pair of that account holder. A record of information pertaining to all accounts of a particular account holder is maintained in a central location by a central key authority. The information for that account includes the public keys of that account holder. The central key authority transfers information from the record for an account holder to a new account authority for which that account holder desires to establish a new account; the central key authority also receives information from account authorities for inclusion in the record centrally maintained for that account holder.

Abstract: A network system providing secure service facility has a central control & management equipment to enable unified key management. The network includes a plurality of switching equipment and central control & management equipment, each of which includes encryption section. The encryption section of central management & control equipment encrypts; (a) a public key of switching equipment of a called party (i.e. terminating switching equipment); and, (b) a common key for encrypting message to be transferred between switching equipment. This is carried out each time a call requesting secure communication is originated. Then, the encrypted keys are delivered to the switching equipment of a calling party (i.e. originating switching equipment). Central management & control equipment maintains public keys of any switching equipment in a database.

Abstract: A data processing system and method are disclosed for maintaining secure user private keys in a non-secure storage device. A master key pair is established for the system. The master key pair includes a master private key and a master public key. The master key pair is stored in a protected storage device. A unique user key pair is established for each user. The user key pair includes a user private key and a user public key. The user private key is encrypted utilizing the master public key. The encrypted user private key is stored in the non-secure storage device, wherein the encrypted user private key is secure while stored in the non-secure storage device.

Abstract: A Central Key Authority (CKA) database includes PuK-linked account information of users, wherein the PuK-linked account information maintained in the database for each user includes, (a) a public key of a user device that generates digital signatures, (b) information securely linked with the public key of the device within a secure environment of the manufacture of the device, and (c) third-party account identifiers each of which identifies to a third-party an account of the user that is maintained with the third-party and that has been associated with the user's public key by the third-party.

Abstract: An initial Puk-linked account database is established by (a) maintaining the database in a secure environment, (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being linked together, (c) distributing the manufactured devices from the secure environment to a plurality of users, and (d) identifying the database records of said distributed devices as the initial PuK-linked account database of the users. An initial Puk-linked account database record of a user is established with each one of a plurality of third-parties in similar manner.

Abstract: A digital wallet stores an cryptographically camouflaged access-controlled datum, e.g., a private key encrypted under the user's PIN. Entry of the correct PIN will correctly decrypt the stored key. Entry of certain pseudo-valid PINs will also decrypt the stored key, but improperly so, resulting in a candidate key indistinguishable from the correct key. Such pseudo-valid PINs are spread thinly over the space of PINs, so that the user is unlikely to realize a pseudo-valid PIN via a typographical error in entering the correct PIN. In existing wallet technologies, which lack pseudo-valid PINs, only the correct PIN produces a decrypted key; thus, hackers can find the correct PIN by entering all possible PINs until a key is produced. The present invention's plurality of candidate keys prevent a hacker from knowing when he has found the correct key. In addition, hacker detection may be moved off-line into devices accepting messages signed with candidate keys, and/or the lockout threshold may be increased.

Abstract: Authenticating an entity for access to a controlled resource by an access authentication component for the controlled resource includes the steps of: the requesting entity initially opening a security account with the access authentication component, with the access authentication component establishing and maintaining a record including information pertaining to the account and being retrievable based on a unique identifier for the requesting entity, and associating a public key of a public-private key pair with the record; the requesting entity originating an electronic message and generating a digital signature using a private key of the key pair, and sending the digitally signed electronic message to the access authentication component with the unique identifier; authenticating the electronic message using the public key associated with the record identified by the unique identifier; and upon successful authentication, authenticating access to the controlled resource.

Abstract: A network device represents a user having a predefined associated password, a predefined associated symmetric crypto-key and a predefined associated asymmetric crypto-key, including a first private key portion, a second private key portion and a public key portion. The device includes a memory, input device and processor. The memory stores a function. The input device allows the inputting of the user password. The processor operates in either a first or second mode of operation. In the first mode of operation, the processor processes the input password in accordance with the stored function to generate the associated first private key portion, and encrypts and/or decrypts or signs a message with the generated first private key portion. In a second mode of operation, the processor processes the input password in accordance with the same stored function to generate the associated symmetric crypto-key, and encrypts and/or decrypts and/or authenticates a message with the generated symmetric crypto-key.

Abstract: A server computer sends and receives secure data provided by authorized users. The data is secured by encrypting and decrypting the data with a key that is shared between the users and the server computer. As the server computer receives a user's encrypted data, the server computer decrypts the data using the user's shared key stored in a database on the server. The server computer can then process the data according to the user's instructions, this could include securely storing the data for retrieval by another user, processing the data, and/or securely sending the data to a second user by encrypting the data with the user's shared key.

Abstract: An optimized approach for arriving at a shared secret key in a dynamically changing multicast or broadcast group environment is disclosed. In one aspect of the invention, a method is provided for communicating through a secure channel between members of a dynamically changing multicast group connected over an insecure network. The method provides that a first shared secret key for establishing a first multicast group is computed that includes a set of one or more first members. Based on the first shared secret key, a first multicast group exchange key is also generated. Upon receiving a first user exchange key from a first user requesting entry into the first multicast group, a second secret key, based on the first user exchange key and the first shared secret key is computed. The first multicast group exchange key is sent to the first user and used by the first user to generate the same second shared secret key.

Abstract: A system in which a requesting entity seeking access to a controlled resource is authenticated by an access authentication component includes the requesting entity initially opening a security account with the access authentication component, the access authentication component establishing and maintaining a record including information pertaining to the account and being retrievable based on a unique identifier for the requesting entity, and associating a public key of a public-private key pair with record; the requesting entity originating an electronic message and generating a digital signature using a provide key of the key pair, and sending the digitally signed electronic message to the access authentication component with the unique identifier; authenticating the electronic message using the public key associated with the record identified by the unique identifier; and upon successful authentication, authenticating access to the controlled resource.

Abstract: This invention relates to a method for generating a shared secret value between entities in a data communication system, one or more of the entities having a plurality of members for participation in the communication system, each member having a long term private key and a corresponding long term public key. The method comprises the steps of generating a short term private and a corresponding short term public key for each of the members; exchanging short term public keys of the members within an entity. For each member then computing an intra-entity shared key by mathematically combining the short term public keys of each the members computing an intra-entity public key by mathematically combining its short-term private key, the long term private key and the intra-entity shared key.

Abstract: In a network having hierarchical domain names and a DNS server for managing the correspondence between the domain name and the address located at each hierarchy, each DNS server provides a module for managing a public key and a database for indicating correspondence between a public key and a domain name of the host belonging to the network. When two hosts start to do security communication with each other, one host operates to automatically acquire a public key of a target host from the function-expanded DNS. The packet for inquiring the public key contains the name of the DNS server trusted by the host. The DNS server specified by this host operates to add an electronic signature to the packet for answering the public key. The host enables to determine if the public key contained in the packet for answering the public key may be trusted on this electronic signature, thereby preventing a malignant host from feigning be a target host.

Abstract: The private and public keys of users, as encrypted with a symmetric algorithm by using individual user identifying keys are stored at a network server, indexed or addressable by user ID, and are sent to the user equipment only when needed. The user identifying keys are determined by hashing the users' respective passphrases or biometric information. After use, the private key and user identifying key are not retained at the user equipment. The encrypted private key is transmitted via the network to the user equipment along with a document to be approved by the user (in the case where the private key is used for digital signature) and, at the user equipment, the received encrypted private key is decrypted using a key determined at the user equipment by hashing either the user's passphrase, which is entered by the user, or the user's biometric information which is obtained by measurement or scanning the user.

Abstract: A client-forced authentication mechanism for network communication enables a client to choose to “force” the establishment of an authenticated connection with a server that supports both authenticated and non-authenticated connections, while allowing the client to communicate with older servers that do not support client-forced authentication. To establish an authenticated connection with a server, the client includes authentication request data in a communication packet to the server. The authentication request data are designed such that a server supporting forced authentication would recognize them and give a predefined response, while an older server that does not recognize such data would respond with a well-defined error message according to the underlying network communication protocols. The exact format, location, and contents of the authentication request data depend on the underlying communication protocols and may be implemented in various ways.

Abstract: Information of a device that generates digital signatures is reliably identified by (a) for each of a plurality of devices manufactured in an environment, (i) creating a public-private key pair within the environment, (ii) linking within the environment in a secure manner the public key with other information associated with the device, and (iii) before release of the device from the environment, storing the private key within the device for generating a digital signature for an electronic message, and (b) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the other information associated with said linked public key as pertaining to the device to which belongs the private key utilized in digitally signing the message. Manufacturing the devices includes creating a public-private key pair within the secure environment, and storing the private key within the device against the possibility of divulgement thereof by the device.

Abstract: A method of providing for reliably identifying a Security Profile of a device that generates digital signatures includes (a) for each of a plurality of devices manufactured in a secure environment, recording together the public key with a Security Profile of the manufactured device and generating a digital signature therefor to collectively define a Security Certificate, the public key and Security Profile thereby being securely linked together, and (b) before each manufactured device is released from the secure environment, incorporating its respective Security Certificate into the manufactured device such that the Security Certificate is sent with a digital signature that is generated by the manufactured device using the private key.

Abstract: A server architecture for a digital rights management system that distributes and protects rights in content. The server architecture includes a retail site which sells content items to consumers, a fulfillment site which provides to consumers the content items sold by the retail site, and an activation site which enables consumer reading devices to use content items having an enhanced level of copy protection. Each retail site is equipped with a URL encryption object, which encrypts, according to a secret symmetric key shared between the retail site and the fulfillment site, information that is needed by the fulfillment site to process an order for content sold by the retail site. Upon selling a content item, the retail site transmits to the purchaser a web page having a link to a URL comprising the address of the fulfillment site and a parameter having the encrypted information.

Abstract: Described herein is an audio watermarking technology for detecting watermarks in audio signals, such as a music clip. The watermark identifies the content producer, providing a signature that is embedded in the audio signal and cannot be removed. The watermark is designed to survive all typical kinds of processing and all types of malicious attacks that attempt to remove or modify the watermark from the signal. The implementations of the watermark detecting system, described herein, support quick, efficient, and accurate detection of watermarks by the specifically designed watermark detecting system. In one described implementation, a watermark detecting system employs an improved normalized covariance test to determine the presence of a watermark using less expensive materials (hardware), quicker calculations, and a more accurate test (than the original correlation test).

Abstract: A system and method for secure sharing of electronic information uses public key encryption in which a key generator algorithmically generates public-private key pairs without requiring storage, maintenance, tracking and management of keys or certificates. The algorithm uses one or more unique attributes of an individual to generate the public private key pair for that individual. In a preferred embodiment, the one or more unique attributes are input to a random number generator which outputs random numbers used to generate the public-private key pairs that are used for secure communication.

Abstract: A method or system is presented for coupling identities through the use of digital certificates, thereby allowing a client to be authenticated for a variety of services without those services having to modify their existing methods of authentication. The client generates a request for a digital certificate containing its host identity for a targeted host and secret data associated with its host identity. The secret data has been encrypted using the public key of the certifying authority that receives the request for the digital certificate. The certifying authority decrypts the secret data using its private key and encrypts the secret data using the public key of the targeted host. The digital certificate is then generated and returned to the client. At some point in time, a host receives the certificate from the client and obtains the client's host identity from the certificate, i.e. the host identity uniquely identifies the client or the user of the client to the host.

Abstract: One embodiment of the present invention provides a system that facilitates secure transmission of an email message to anonymous recipients without divulging the identities of the anonymous recipients. This system constructs an email message by identifying recipients of the email message. These recipients can include known recipients, who can be identified by examining the email message, and anonymous recipients, who cannot be identified by examining the email message. The system also generates a session key for the email message, and encrypts a body of the email message with the session key. The system also creates a recipient block for the email message that contains an entry for each recipient of the email message. Each entry in this recipient block contains the session key encrypted with a public key associated with the recipient to form an encrypted session key, so that only a corresponding private key held by the recipient can be used to decrypt the encrypted session key.

Abstract: An encryption key depositing apparatus comprising a unit that generates an encryption key for a user; and a unit that starts a process in response to the generation of the encryption key, the process allowing a depositary deposited with the generated encryption key to store the key in question in a subsequently recoverable manner.

Abstract: A cryptographic system for use in a data processing system. The system includes a security layer and a plurality of cryptographic routines, wherein the plurality of cryptographic routines are accessed through the security layer. Also included is a keystore and a keystore application program interface layer coupled to the security layer. The keystore application program interface layer receives a call from an application to perform a cryptographic operation, identifies a routine, calls the routine to perform the cryptographic operation, receives a result from the routine, and returns the result to the application.

Abstract: A method of securely providing data to a user's system over a broadcast infrastructure. The method comprising the steps of: encrypting the data using a first encrypting key; encrypting a first decrypting key using a second encrypting key; dividing at least part of the encrypted data into a series of logical packages; placing at least some of the logical packages into a broadcast carousel for cyclical broadcast over the broadcast infrastructure; broadcasting the packages in broadcast carousel so that they can be received by at least one user's system, wherein the broadcast is cyclical and repeats periodically; and transferring the encrypted first decrypting key, which has been encrypted with the second encrypting key, to the user's system. In another embodiment, a system is disclosed to carry out the above method in a broadcast infrastructure and an image overlaid on top of a primary image being displayed isused to denote that additional logical packages are available for receipt by broadcast.

Abstract: A key and lock device comprises a key and a standalone lock. The key has an electronic circuitry with a first memory and a contact. The lock has electronic circuitry with a memory, and a contact arranged to co-operate with the key's first contact. A blocking mechanism is adapted to block operation of the lock unless an authorized key is inserted in the lock. The memory of the key stores a public identification item of the key identifying a group of keys having identical mechanical codes. In the memory of the lock, there is provided a list of the public and secret identification items of authorized keys and a list of the public identification item of non-authorized keys. A key is authorized if the public and secret identification items are present in the list of authorized keys and the public identification item thereof is absent in the list of non-authorized keys.

Abstract: In a system for performing an action regarding an account in response to an electronic communication received from a sender by a receiver, wherein the electronic communication includes sender identity information associated with the account and a digital signature derived using a private key of a public-private key pair, and wherein the public key has been associated with the account by the receiver such that the public key is retrievable based on the sender identity information, a method of validating the identity of the sender for the electronic communication includes: (a) retrieving the public key based on the received sender identity information; and (b) comparing a function of the public key and the digital signature with a function of the electronic message. The digital signature is derived from an electronic message possessed first by the sender before the receiver. The sender identity information is different from the electronic message.

Abstract: Copyrighted electronic media are packaged in a secure electronic format, and registered on associated registration server, which serves to provide on-line licensing and copyright management for that media. Users are connected to the server, e.g., through a computer network or the Internet, to enable data transfers and to transact licenses to utilize the media. Packaged electronic media are typically created by an author or derivative user of the work. Once the packaged media is registered on the server, the media is made available for limited use and possible license through an authorization server. This limited use is specified within the minimum permissions data set assigned to each packaged media. Without a license, users are typically permitted to view the packaged media—through a system which unpackages the media—but cannot save or otherwise transfer the media without obtaining auxiliary permissions to do so from the authorization server.

Abstract: A Personal Video Recorder (PVR) in a subscriber television network receives service instances from a headend of the subscriber television network. The PVR is adapted to provide conditional access to recorded service instances.

Abstract: A method of managing accounts in a database in an ABDS system includes recording information pertaining to each of the accounts in the database, (b) assigning a respective unique identifier to each account such that information pertaining to each respective account is retrievable from the database based on its unique identifier, and associating the same public key of a public-private key pair with a plurality of unique identifiers.

Abstract: A method of securely transferring user data from a first communication device to a second communication device includes receiving with the first device a public encryption key transmitted by the second device over a first communication medium using a first communication protocol. The user data is encrypted with the first device using the received public key. The encrypted user data is transmitted from the first device to the second device over a second communication medium using a second communication protocol.

Abstract: A method and apparatus are provided for generating a cryptographic key from multiple data sets each related to a respective association of a trusted party and user identity. The cryptographic key is, for example, one of an encryption key, a decryption key, a signature key and a verification key, and is preferably generated by applying Tate or Weil bilinear mappings to the data sets. At least two of the data sets may relate to different user identities and/or different trusted authorities. Where multiple trusted authorities are involved, these authorities may be associated with different elements to which the bilinear mapping can be applied, each trusted authority having an associated public key formed from its associated element and a secret of that trusted authority.

Abstract: Method and apparatus for secure transmissions. Each user is provided a registration key. A long-time updated broadcast key is encrypted using the registration key and provided periodically to a user. A short-time updated key is encrypted using the broadcast key and provided periodically to a user. Broadcasts are then encrypted using the short-time key, wherein the user decrypts the broadcast message using the short-time key. One embodiment provides link layer content encryption. Another embodiment provides end-to-end encryption.

Abstract: A system and method for providing secure, on-demand printing of documents delivered to a networked printing device is disclosed. A user logs onto a networked document delivery system using a mobile device and selects a document to be printed along with a networked destination printing device. The document server encrypts and stores the selected document and creates a key. The key is sent to the mobile device. The document server sends a pointer, indicating the location of the document, to the destination printing device. When the user is physically at the printing device, a connection is established between the mobile device and the printing device. The mobile device identifies to the printing device the document to be printed and sends the key to the printing device. The printing device, using the pointer, retrieves the document from the network, uses the key to decrypt the document, and then prints the document.

Abstract: The invention relates to a method for the computer-assisted production of public keys for encoding information, whereby a piece of information can be encoded using a public key (14) and can be decoded using a private key (16) which is adapted to the public key (14). The public key (14) is composed of a first part and a second part (18,20). According to the invention, the first part (18) of the public key (14) is the same for all receivers (12, 12′, 12″) of encoded information, and the second part (20) of the public key (14) is calculated taking into account the data clearly indicating a receiver (12).

Abstract: A method for certifying the public key of a user wishing to communicate using a public key encryption system by a plurality of certifying authorities. A plurality of certifying stations and a user station exchange information and the user station derives a public key from the exchanged information. The certifying stations also publish related information and their public keys. A third party can derive the public key corresponding to the user's private key by operating on the published information with a summation of the certifying station keys.

Abstract: This invention provides a method of computing a multiple k of a point P on an elliptic curve defined over a field, the method including the steps of representing the number k as binary vector k1, forming an ordered pair of point P1 and P2, wherein the points P1 and P2 differ at most by P, and selecting each of the bits ki in sequence, and for each of the ki, upon ki being a 0, computing a new set of points P1′, P2′ by doubling the first point P1 to generate the point P1′ and adding the points P1 and P2 to generate the point P2′ or upon ki being a 1, computing a new set of points P1′, P2′ by doubling the second point P2 to generate the point P2′ and adding the points P1 and P2 to produce the point P1′, whereby the doubles or adds are always performed in the same order for each of the bits bi, thereby minimizing a timing attack on the method. An embodiment of the invention applies to both multiplicative and additive groups.

Abstract: A method of operating a split-key cryptographic system having two or more co-operating microprocessors, i, linked via a communications channel, involving the generation of a public modulus, N, being the multiple of two integers, P,Q, where P=p1+p2 . . . pn and Q=q1+q2 . . . pn in such a way that none of the microprocessors; individually has the ability to decrypt encrypted data. Microprocessor i selects a temporary public modulus and the integers pi, qi, a function of which is transmitted to the other microprocessors, j. Every microprocessor j uses the function to generate a set of numbers which are dependent on integers pj, qj, which are secret to each microprocessor j. Each Microprocessor i then uses these numbers to co-operate to generate the public modulus N. N is thus generated without any party having full knowledge of the integers P and Q.

Abstract: An information processor receives at a communication section thereof an encrypted content decryption key generated by encrypting, by a distribution encryption key, a content decryption key for decryption of a content encrypted by a content encryption key. The received encrypted content decryption key is sent to a content key decryption section where it is decrypted. The decrypted content decryption key and copy control code are sent to a content key encryption section where they are encrypted by an encryption key which can be decrypted at an external information processor, namely, a session key, to send an encrypted content decryption key with a copy control code to the external information processor via a communication section.