Abstract: An information processing system in which information transfers between communication devices through a network is limited within a prescribed range by registering unique information obtainable within the prescribed range into each device and permitting information transfer between devices which share common unique information, where the unique information is formed by a pair of public and secret unique information, a bridge device is controlled such that, upon receiving a proxy check request from a reception device, whether a transmission device is another bridge device or not is judged when the public unique information registered by the reception device is registered in the bridge device and one public unique information registered in the bridge device is registered by the transmission device. Then, the secret unique information registered by the reception device is transmitted to the transmission device when the transmission device is not another bridge device.

Abstract: A document authentication system and method combine digital and non-electronic (or visual) authentication methodologies in an integrated, unified manner. As well as providing indicia of digital authentication, the invention generates a physical artifact that can be validated by unaided human visual perception. The present invention thus provides an opportunity to improve the level of trust in authentication of documents, while preserving the advantages of both traditional and digital authentication mechanisms.

Abstract: The invention relates to a method for remotely controlling and/or regulating at least one system (1), in particular an industrial system using a communications device (2) which is assigned to the system (1), and at least one receiver device (3), information relating to the system being transmitted from the communications device (2) to the at least one receiver device (3), the information containing a validation code which is generated by the communications device (2), a message being received by the communications device (2), the communications device (2) extracting a check code and instruction information from the message according to a first extraction rule, the communications device (2) validating the message by means of the validation code and check code, and the instruction information being implemented by the system (1) only when the validation is successful.

Abstract: It is possible to control electronic documents for partial disclosures and non-disclosures and prove to the third party that information other than non-disclosure part thereof has not been altered and the originality of decrypted information is assured.

Abstract: A method of authentication between first (QNodeX) and second (QNodeY) network nodes within a network suitable for implementing quantum cryptography comprises steps in which the first and second nodes each generate a cryptographic hash ([MXY]AI, [MYX]AJ) of a message ([MXY], [MYX]) using respective authentication keys (AI, AJ) shared with a third network node (QNodeW). The messages may be those exchanged between the first and second nodes during agreement of a quantum key to be used between the nodes. An authentication key to be shared by the first and second nodes may be established using the quantum key. The invention therefore allows an authentication key to be established and shared between the first and second network nodes without direct physical intervention. Networks having large numbers of network nodes may be re-keyed following replacement or maintenance of a network node much more quickly and easily than is the case where re-keying is achieved by physically supplying shared authentication keys.

Abstract: Provided are methods, apparatus and computer programs for enhanced access to resources within a network, including for controlling use of bandwidth-sensitive connections within a network and/or for automated recovery. Hash values are used as ‘unique’ identifiers for resources distributed across a network, and each one of a set of pool servers store the hash values for a set of computers within a LAN. When a resource is required, a hash value representing the resource can be retrieved and compared with hash values stored at a pool server to determine whether the pool server holds a matching hash value. Any such matching hash value found on the pool server represents an identification of a local copy of the required resource, because of the uniqueness property of secure ash values. The information within the pool server can be used to access the required resource.

Abstract: A system for secure communication is provided. A random value generator is configured to generate a random value. A message validation code generator is coupled to the random value generator and configured to generate a message validation code based on a predetermined key, a message, and the random value. A one-time pad generator is coupled to the random number generator and configured to generate a one-time pad based on the random value and the predetermined key. And a masked message generator is coupled to the one-time pad generator and configured to generate a masked message based on the one-time pad and the message. A protected message envelope generator is coupled to the random value generator, the message validation code generator, and the masked message generator, and is configured to generate a protected message envelope based on the random value, the message validation code, and the masked message.

Abstract: A trusted read and write platform provides write-indisputability and read-undeniability for a distributed application. The platform is implemented at each node of the distributed application using a trusted platform module. To provide write-indisputability, the read and write platform of a node may generate a proof that is signed by the platform module and sent with a purportedly written result. The proof is decrypted using a public key associated with the platform module and includes indicators of the process taken by the read and write platform to write the result. To provide read-undeniability, the read and write platform may bind a key to a state of the platform module. A result to be read at the read and write platform is encrypted using the key and can only be decrypted when the read and write platform updates its state to the bound state.

Abstract: Issuing and disseminating a data about a credential includes having an entity issue authenticated data indicating that the credential has been revoked, causing the authenticated data to be stored in a first card of a first user, utilizing the first card for transferring the authenticated data to a first door, having the first door store information about the authenticated data, and having the first door rely on information about the authenticated data to deny access to the credential. The authenticated data may be authenticated by a digital signature and the first door may verify the digital signature. The digital signature may be a public-key digital signature. The public key for the digital signature may be associated with the credential. The digital signature may be a private-key digital signature. The credential and the first card may both belong to the first user.

Abstract: An efficient solution for secure implementation of indirect addressing (IA) is described. IA may be used, for example, in networks of which the routing algorithms are not capable of multicast but also contain very constrained devices that, although requiring multicast, are not capable of repeated unicast. This ID is useful in wireless networks containing low-power low-cost devices.

Abstract: A processing system (60) includes an input interface (62), a first processor (64), a second processor (66), and an output interface (68) arranged in a serial configuration. Each of the input interface (62), first processor (64), second processor (66), and output interface (68) computes a digest (92, 100, 110, and 114) using information, e.g., a unique parameter (94, 102, 112, 118), known only by that element (62, 64, 66, 68) and using information generated by that element (62, 64, 66, 68). The digests (92, 100, 110, and 114) are used to validate the integrity of payload data (86) processed by the system (60) to form processed data (104) and the system (60) only outputs the processed data (104) upon validation of data integrity. The serial configuration of system (60) may be implemented to provide high bit rate, redundant cryptographic services.

Abstract: The invention relates to overall optimization of an identification system (2) comprising a meshed wireless network of RF devices (17) on board an aircraft (1). Starting from an inventory (51) of components of the aircraft (1) that need to be identified, a list (50) is drawn up of “modeling” input parameters (34-39) and a series (27) is drawn up of functional constraints. A plurality of potential profiles (V1, Vn) is modeled for identification systems (2). Said plurality of potential profiles (V1-Vn) is sorted in order to define a restricted group (32) of acceptable versions, and then a target function (47) using automatic comparison (33) of multiple cases is applied to determine an eligible version (Vx) that is optimized, having decision and state variables (45, 46) with values that are of binary order for the aircraft (1) as a whole.

Abstract: A computer implemented method, apparatus, and computer program product for performing an automated task in a role-based access control environment. A set of roles is assigned to a user to form assigned roles, wherein the role-based access control environment allows the user to assume a subset of the assigned roles at a given time. Responsive to receiving a request to execute an automated task, an identity of the user creating the automated task is identified. Responsive to determining that the user creating the automated task is not logged in, a set of session roles are identified based on the identity of the user. A session is created for the automated task. The automated task is performed in the session using the set of session roles.

Abstract: A data migration system performs a tamper-resistant data migration for regulatory compliance systems. The system generates a secure hash for the data object, adds a timestamp to the hash, produces a signature for the data object using a private key, and includes the signature in a signature summary of data objects. Immediately prior to data migration, the system signs the signature summary of the set of data objects to be migrated. The signature of the data object maintains integrity of the data object by preventing undetectable modification to a data object during migration. The signed signature summary maintains completeness by preventing undetectable removal of a data object from or insertion of a data object into the set of data objects during migration.

Abstract: A method and apparatus for binding trusted platform module (TPM) keys to execution entities are described. In one embodiment, the method includes the receipt of an authorization request issued by an execution entity for authorization data. According to the authorization request, the execution entity may be measured to generate an entity digest value. Once the entity digest value is generated, a platform reference module may grant the authorization request if the entity digest value verifies that the execution entity is an owner of the key held by the TPM. Accordingly, in one embodiment, a platform reference module, rather than an execution entity, holds the authorization data required by a TPM to use a key owned by the execution entity and held within sealed storage by the TPM. Other embodiments are described and claimed.

Abstract: An authentication mechanism is provided for a web method platform that allows homogeneous access for different types of clients according to a bootstrapping procedure utilized to establish the session. Different clients can be assigned different levels of trust based in part on the bootstrapping procedure and/or information provided during the procedure. The bootstrapping procedure can produce a token that is used by the clients in subsequent requests to provide previous authentication or state information to the platform. The token can comprise a shared secret used to ensure integrity of communications in some cases, and the token can be opaque to the client. Tokens can expire and require a client to re-bootstrap to provide higher levels of authentication protection, and tokens can be shared among a plurality of application servers to facilitate effective handling of requests in a farmed environment.

Abstract: A method and an apparatus are disclosed for securing authentication, authorization and accounting (AAA) protocol messages. An encryption key, a device identifier value, and verification data are received and stored at a network device. The verification data comprises in part a copy the encryption key and the device identifier value, and has been encrypted using a private key of a server. A shared secret is generated by applying a computational function to the encryption key and the device identifier value. Based on the shared secret, a first message integrity check value for a message is generated. The message, the first integrity check value, and the verification data are sent to the server. The server decrypts the verification data using the private key, extracts the encryption key and the device identifier value, and generates the same shared secret by applying the same computational function to the extracted encryption key and device identifier value.

Abstract: A method of authenticating a message from a sending party to a receiving party. The sending party generates a digest of the message using a key, and sends the digest to the receiving party. The receiving party also generating the digest of the message using the key, and compares the digests to confirm the message was sent by the sending party. The key may be sent by the sending party to the receiving party by an authenticatable method; alternatively, the parties may use a secret previously agreed key.

Abstract: A subscription-based computing device has hardware and a subscription enforcer implemented in the hardware. The enforcer has an accumulator that accumulates a usage value as the computing device is being used and an expiration value register that stores an expiration value. The enforcer allows the computing device to operate in a subscription mode without hindrance and with full use when the usage value is less than the stored expiration value, and allows the computing device to operate in an expiration mode with hindrance and without full use when the usage value reaches the stored expiration value to signal that the subscription for the computing device has expired.

Abstract: The invention provides an establishment of a secret session key shared Between two network elements (NEa, NEb) belonging to different network domains (NDa, NDb). A first network element (NEa) of a first network domain (NDa) requests security parameters from an associated key management center (KMC) (AAAa). Upon reception of the request, the KMC (AAAa) generates a freshness token (FRESH) and calculates the session key (K) based on this token (FRESH) and a master key (KAB) shared with a second network domain (NDb). The security parameters are (securely) provided to the network element (NEa), which extracts the session key (K) and forwards the freshness token (FRESH) to the KMC (AAAb) of the second domain (NDb) through a second network element (NEb). Based on the token (FRESH) and the shared master key (KAB), the KMC (AAAb) generates a copy of the session key (K), which is (securely) provided to the second network element (NEb).

Abstract: A method for reducing overhead when transmitting an Internet Protocol (IP) packet begins by selecting a watermarking signature based on the IP address of the packet. The watermarking signature is applied to the packet and the IP address is removed from the packet. The packet is sent to a receiver, which looks up the IP address of the packet by using the watermarking signature. The watermarking signature can be a radio frequency watermarking signature or a digital watermarking signature. A similar method employing watermarking can be used to reduce medium access control header overhead.

Abstract: In the computer data security field, a cryptographic hash function process is embodied in a computer system or computer software or logic circuitry and is keyless, but highly secure. The process is based on (mathematical) quasi-group operations such as in the known “EDON-R” hash function. But here one or more blank rounds (iterations) of the quasi-group operation are concatenated to the EDON-R hash function operations, to overcome perceived security weaknesses in EDON-R.

Abstract: A method and system for automating customer slamming and cramming complaints includes an automated reporting system having one or more receiving devices and a complaint module. Customers who want to report a slam or cram access the automated reporting system and report the complaint without having to speak with a customer service representative. The complaint module obtains the customer telephone number and retrieves customer account information using the customer telephone number. Using the customer account information, the complaint module extrapolates a type of complaint for the customer complaint and prompts the customer for information regarding the customer complaint and the type of the complaint. The customer provides customer responses to the prompts and the complaint module provides an indication to the customer regarding each customer response.

Abstract: Embodiments of the invention provide systems and methods for detection of tampering with an audit record for a database. According to one embodiment, a method for detection of tampering with an audit record for a database can comprise reading one or more audit records for a time period from an audit table. The one or more audit records can each include a time stamp and reading the one or more audit records can comprise reading audit records having a timestamp within the time period. An encrypted record, such as a message digest record, for the time period can be generated based on the one or more audit records and including the time stamps. The message digest record can be stored in a message digest table. In some cases, the message digest table can be maintained in a trusted data store.

Abstract: A peripheral device having one or more functions comprises: an input unit letting a user input identification information; function selection buttons each of which is previously associated with one of the functions and can be operated for selecting the associated function; a usage permission information storing unit previously storing usage permission information (indicating whether the use of each function has been permitted or not) while associating it with the identification information on each user; and a notification unit notifying the user whether the user is permitted to use each function or not when the identification information is inputted, by displaying the function selection buttons regarding functions that the user has been permitted to use and the function selection buttons regarding functions that the user has not been permitted to use in different styles discriminable from each other based on the usage permission information associated with the inputted identification information.

Abstract: A relay apparatus comprises a frame relay processing unit for relaying a frame, a plurality of ports for sending and receiving the frame to and from the outside, and a cryptographic processing module corresponding to each of the ports. Each cryptographic processing module is connected to the corresponding port and to the frame relay processing unit by means of general-purpose interfaces such as MII. The cryptographic processing module performs the encryption process and decryption process so that the frame relay processing unit can concentrate on the relay process and the relay speed is not subject to degradation. Also, the cryptographic processing module can generate a different cryptographic key for each frame without requiring dynamic exchange of key information.

Abstract: In general, this disclosure relates to maintaining security between an optical network terminal (ONT) and an optical network aggregation device in an Active Ethernet network. An optical network aggregation device includes one or more optical Ethernet switches that can be adaptively configured to support authentication of one or more ONTs. For example, the optical network aggregation device may include a controller with an authentication unit for managing ONT authentication and an optical Ethernet interface for transmitting and receiving data over the optical network. The authentication unit may exchange authentication request messages via the optical Ethernet interface with an ONT and grant the ONT access to the provider network based on the exchange, thereby preventing rogue devices from gaining access to the provider network.

Abstract: A method of generating a self-authenticating document while utilizing document digest stored on a server for verification purposes. Authentication information for the document is encoded in barcode which is printed on the document. A document digest is calculated from the authentication information and transmitted to a server to be stored. When authenticating a scanned copy of the document, the barcode is read to extract the authentication information. A target document digest is calculated from the extracted authentication information and transmitted to the server for verification. The server compares the target document digest with the previously stored document digest. If they are not the same, the barcode has been altered. If they are the same, the extracted authentication information is used to authenticate the scanned copy. A document ID may be generated and transmitted to the server, and used by the server to index or search for the stored document digest.

Abstract: The invention is directed to a method for a software provider to enable a software-acquiring entity to arrive from an existent first signed piece of code at a second signed piece of code. Both pieces of code were generated at the software provider by use of a first software archive generator under use of generation instructions. The software provider provides to the software-acquiring entity a difference code that comprises the steps necessary to arrive from the first signed piece of code at the second signed piece of code. The difference code is combinable at the software-acquiring entity with the first signed piece of code by a second software archive generator to generate the second signed piece of code. The second software archive generator is therefor to be fed with those generation instructions that were used by the first software archive generator for the generation of both pieces of code.

Abstract: Exchanging information in a multi-site authentication system. A network server receives, from an authentication server, a request by a client computing device for a service provided by the network server along with an authentication ticket. The authentication ticket includes: a session key encrypted by a public key associated with the network server, message content encrypted by the session key, and a signature for the encrypted session key and the encrypted message content. The signature includes address information of the network server. The network server identifies its own address information in the signature to validate the signature included in the authentication ticket and verifies the authentication ticket content based on the signature included in the authentication ticket. The network server decrypts the encrypted session key via a private key associated with the second network server and decrypts the encrypted message content via the decrypted session key.

Abstract: One or more mobility token managers (101) track movement of files (105) within a network. A mobility token manager (101) on a source computer (113) detects an attempt to write a file (105) to a target computer (117). Responsive to the detection, the mobility token manager (101) writes a mobility token (103) containing data concerning at least the file (105) and the write operation to the target computer (117). A mobility token manager (101) on the target computer (117) detects that the mobility token (103) is being written to the target computer (117). The mobility token manager (101) on the target computer (117) reads the mobility token (103), and determines relevant information concerning the file (105) associated with the mobility token (103).

Abstract: An authentication system is disclosed. The authentication system includes a content provider configured to distribute encrypted content, wherein the encrypted content is generated using a content key, and a client having a symmetric key and configured to store the encrypted content received from the content provider and issue a request to the content provider, wherein the request includes a cryptographic function configured to have the symmetric key and the encrypted content as input, wherein the content provider is further configured to verify the client via the request to ensure that the client has received the encrypted content.

Abstract: One embodiment of the present method and apparatus for reducing spam in peer-to-peer networks includes forming a search message including at least one decoy word and sending the search request message, including the decoy word(s), to one or more nodes in the network. Embodiments of the present invention make it possible to weed out nodes in the network that send spam in response to every search message (e.g., regardless of the search message's content).

Abstract: A system and method securely establishes a shared secret among nodes of a security appliance. The shared secret is established by distributing private keys among the nodes in accordance with a node ring protocol that uses a predetermined encryption algorithm to generate messages containing the keys. Briefly, each node is initially notified as to the number of nodes participating in the shared secret establishment. Each node generates a public-private key-pair, as well as a first message that includes the generated public key and an indication of the source of the generated public key (hereinafter “source generated public key”). The node then sends the first message to an adjacent node of the appliance. Upon receiving the first message, each node extracts the source generated public key from the message and stores the extracted information into a data structure of “partner” public keys.

Abstract: A system for digitally signing electronic documents is disclosed. The system includes a mobile device, an application server and a database, the mobile device includes a requesting module and a digest encrypting module, the application server includes an obtaining module, a digest generating module and a merging module. The requesting module is configured for sending a request for a digital signature of an electronic document to the application server; the obtaining module is configured for obtaining the electronic document from the database; the digest generating module is configured for generating a digest of the electronic document, and sending the digest to the mobile device; the digest encrypting module is configured for encrypting the digest, generating an encrypted value, and sending the encrypted value to the application server; the merging module is configured for merging the encrypted value and the electronic document. A related computer-based method is also disclosed.

Abstract: Using a high order shared knowledge mechanism where multiple parties are given multiple shares of a shared ‘common’ secret data, dependent upon role and scenario. It is possible to distribute pre-generated, accountable, as well as escrowed key material to remote units. When the order of the shares and quantities are controlled properly, it is possible to compromise an entity distributing the knowledge shares allowing reconstruction of ‘common’ secret data without loss of the actual data, and compromise of any party receiving the knowledge shares only compromises the common secret data which have already been distributed to that party. Multiple common secret data may be distributed to remote units which are only required to store a single set of knowledge shares to enable reception of multiple common secret data.

Abstract: Network device testing equipment capable of testing network devices using small size packets and for a transferring ability and a filtering ability at a media speed is described. A configuration is adopted in which a Field Programmable Gate Array (FPGA) included in a transmitter or receiver on one or both of transmitting and receiving sides is connected directly to a physical layer chip of a network and computers on both the transmitting and receiving sides are connected thereto. Each of the FPGAs of the transmitter and receiver has a circuit which has an integrated function of transmitting a packet pattern generation function and a packet-receiving function, thereby enabling a test and an inspection in real time. When inspecting the filtering function, a hash table storing therein a hash value and a list of occurrence frequencies for hash values is utilized.

Abstract: A method is provided to facilitate the detection of file tampering, such as a computer virus, on a computer. In one example, a digital fingerprint is generated for each file on the computer using a substantially collision-free algorithm. The digital fingerprints of the computer files are compared with digital fingerprints of the computer files generated when the files were previously saved. If the digital fingerprint of that file differs from the digital fingerprint generated when that file was previously saved, a computer virus or other tampering may exist on the file.

Abstract: A mobile wireless communications device which may include a housing, an antenna carried by the housing, a wireless transceiver carried by the housing and connected to the antenna, and at least one memory for storing a compressed software file, a digest of an uncompressed version of the software file, and a digital signature of the compressed software file and the digest generated based upon a private key. The device may further include a processor carried by the housing and cooperating with the wireless transceiver for performing wireless communications. The processor may also cooperate with the at least one memory for authenticating the compressed software file based upon the digital signature and a public key corresponding to the private key. Upon authentication of the compressed software file, the processor uncompresses the compressed software file. The uncompressed software file may then be re-authenticated at a time after installation based upon the digest.

Abstract: The present invention relates to a method or system of generating a surrogate key using cryptographic hashing. One embodiment of the method of the present invention may have steps such as selecting a field or group of fields that is or are unique among all records in the database, for each record, extracting the data from the fields, concatenating the extracted data into an input message, running the input message through a hash generator, either in batches or one at a time, for testing purposes perhaps, and outputting a surrogate key.

Abstract: In one embodiment, there is provided a method for a media storage device to manage digital content. The method comprises determining if there is digital content to be categorized into one or more galleries; automatically categorizing said digital content into the one or more galleries; and for digital content categorized into a gallery with an auto-publish flag, sending at least one of said digital content and a derivative form of said digital content to a server.

Abstract: For use in a distributed system where a client computer is operable to communicate with a server computer and to receive a digital certificate associated with a remote external component, apparatus for securing a communications exchange between computers includes a hasher, responsive to the client computer receiving a digital certificate, for hashing data associated with the client computer and the server computer with data associated with the digital certificate to create a first message digest, and a first transmitter for transmitting the first message digest to the remote external component.

Abstract: A method for securing patient identity comprising accessing an electronic medical records database including patient data for a plurality of patients. Each patient in the electronic medical records database is assigned a unique patient identifier. Patient data for a first patient, including a first patient identifier, is retrieved from the electronic medical records database. The first patient is de-identified from the patient data. De-identifying includes the creation of a first encoded patient identifier responsive to the first patient identifier. The de-identifying results in de-identified first patient data and includes the replacement of the first patient identifier with the first encoded patient identifier. The de-identified first patient data is transmitted to a data warehouse system. The method further comprises identifying a second patient in response to receiving report data that includes a second encoded patient identifier from the data warehouse system.

Abstract: A method in which a test function is called in a system's internal authentication IC multiple times with a known incorrect value such that, if the internal IC is invalid, an expected invalid response is not generated and, otherwise, the internal IC generates a secret random number and its signature and encrypts these using a first secret key, an external authentication IC connected to the system calls a read function which decrypts the encrypted random number and signature using the first key, calculates the decrypted random number's signature, compares the signatures and upon a match encrypts the decrypted random number and a message of the external IC using a second secret key, the internal IC calls the test function which encrypts the random number and message using the second key, compares the encrypted random numbers and messages, validates the external IC if they match and invalidates the external IC otherwise.

Abstract: A device management (DM) system and a method of controlling the same, are discussed. According to an embodiment, the DM system comprises a DM server for transmitting a notification message in response to a device control request of a user, the notification message including unique authentication information having previously stored unique information of a device and basic authentication information having a setup value for setting up communication; and a device having a DM client, for receiving the notification message, performing authentications using the basic authentication information and the unique authentication information, and discarding the notification message if the authentications using the basic authentication information and the unique authentication information fail.

Abstract: A communication apparatus includes a storage device to store security associations to be exchanged between an opposite party's apparatus, an update device to update the security associations stored in the storage device, before starting a sleep mode for a power-saving operation, and a notification device to notify a message of updating of the security associations by the update device to the opposite party's communication apparatus.

Abstract: Certification of a key, which a Trusted Platform Module (TPM) has attested as being non-migratable, can be performed in a single round trip between the certificate authority (CA) and the client that requests the certificate. The client creates a certificate request, and then has the TPM create an attestation identity key (AIK) that is bound to the certificate request. The client then asks the TPM to sign the new key as an attestation of non-migratability. The client then sends the certificate request, along with the attestation of non-migratability to the CA. The CA examines the certificate request and attestation of non-migratability. However, since the CA does not know whether the attestation has been made by a trusted TPM, it certifies the key but includes, in the certificate, an encrypted signature that can only be decrypted using the endorsement key of the trusted TPM.

Abstract: Embodiments relate to systems, methods and devices for asymmetric cryptographic authentication. In an embodiment, a system includes an accessory comprising an authentication chip, the authentication chip comprising a public authentication key, a private authentication key and data signed by a private verification key; and a device comprising a public verification key forming a verification key pair with the private verification key, the device configured to read the data and public authentication key from the authentication chip, verify the data and the public authentication key using the public verification key, and authenticate the accessory for use with the device using the public authentication key if verified.

Abstract: A verification information generation system includes first and second data processing apparatuses. The first data processing apparatus has a unit holding first secret information, a unit receiving information associated with the second secret information from the second apparatus, a unit generating key information on the basis of the first secret information and the information associated with the second secret information, a unit generating key derivation auxiliary information allowing the key information to be derived from the second secret information, a unit generating verification information on the basis of information to be verified and the key information, and a unit outputting the information to be verified, the verification information, and the key derivation auxiliary information. The second secret information is information which is set in advance in the second data processing apparatus.

Abstract: A transmitting and receiving device share a secret which is split into first and second portions. A public function is used to generate a keystream. The length of the keystream is adjusted to equal the length of a message plus the length of the output of an MMH function. The MMH function is calculated as a function of the message and the adjusted keystream. Each L octets, L is the octet length of a MAC, of the output of the MMH function is accumulated into a summation value, which is concatenated with the second secret portion into a concatenation value. The output of the public function, now calculated as a function of the concatenation value, is used in place of a traditional one-time pad to generate the MAC which is sent along with the message to the receiving device.