Abstract: Combinable computational puzzles are used as a challenge mechanism for a computer to challenge network entities to determine whether the ostensibly separate network entities are in fact distinct computers. The combinable computational puzzles are constructed such that multiple puzzles can be combined into a single puzzle, which can be solved with approximately the same effort as that required to solve each of the individual original puzzles, and solutions to the individual original puzzles can be derived easily from the solution to the combined puzzle. A computer that is challenged by multiple computers with separate combinable puzzles at the same time is able to respond to the challenges by combining the puzzles into one combined puzzle that it is able to solve in a allotted time period.

Abstract: Machine instructions comprising a bootstrap code are buried within a critical component of an electronic game console where they cannot readily be accessed or modified. A preloader portion in a read only memory (ROM) is hashed by the bootstrap code and the result is compared to an expected hash value maintained in the bootstrap code. Further verification of the boot-up process is carried out by the preloader, which hashes the code in ROM to obtain a hash value for the code. The result is verified against a digital signature value that defines an expected value for this hash. Failure to obtain any expected result terminates the boot-up process. Since the bootstrap code confirms the preloader, and the preloader confirms the remainder of the code in ROM, this technique is useful for ensuring that the code used for booting up the device has not been modified or replaced.

Abstract: A secure key exchange with mutual authentication allows devices on a network to perform, in a single roundtrip over the network, the exchange. A key exchange initiator packet that does not include a key to be established is sent from an initiating device to another device via a network. The key exchange initiator packet is validated and the other device generates the key without requiring any additional packets to be received from the initiating device in order to generate the key. A key exchange response packet that does not include the key is returned to the initiating device, which validates the key exchange response packet and generates the key without requiring any additional packets to be sent to the other device or received from the other device.

Abstract: The invention described herein utilizes a universally known and accepted unique item that is independently identifiable and valuable so as to be constituted for difficulty of counterfeiting as an authenticator item. The identity of this item is included in an authorization calculation which can only be accomplished by an authorizing issuing authority. In a preferred embodiment of the invention, the authenticator is a serial numbered item such as a currency bill or note. The document may be created in a decentralized fashion using ordinary plain paper and the document may even take electronic or other forms. The issuing authority must have the critical or important details of the document and must authorize the creation of the document before it can be created. Further the document's authenticity may be verified without communication back to the issuing authority.

Abstract: A process for comparing data, such as signatures in a data packet, includes retrieving, from a first hash table, a target value that corresponds to a segment of the data, processing the data in accordance with the target value to produce a checksum, locating an entry in a second hash table using the checksum, and comparing the data to the entry.

Abstract: Methods and systems for digital rights management are disclosed. Exemplary embodiments of the invention provide a system and method that allows the author of a design file to encrypt the file's contents, so that only authorized users can view the file, and that allows the author to identify specific users for authorization. The author selects the users that are allowed to open the encrypted file. Selected users are called “recipients”. The author then designates the rights granted to the recipients. Preferably, the author identifies users and users are authenticated by means of the user's digital certificates. The author may also have the ability to specify what operations a given user can perform, including view, print/plot, export, copy to clipboard, access history, and edit. An author can also digitally sign a document or file using their digital certificate. A hash value is created for the item to be signed.

Abstract: Enhanced security in controlling access to data files stored in a read/write storage device is achieved in that the storage device may be specifically linked to a specific computer system, and linked in such a way that access will be granted only when a series of exchanges exemplary of that linkage occurs. Access to data stored in a read/write storage device is to be granted only when the device is associated with a specific computer system and further only when appropriate password entry is verified by the storage device.

Abstract: A method includes generating data with an imaging system in response to a request from an information source and decrypting encrypted information received from the information source, using the imaging system and at least part of the data, to form decrypted information. In addition, the method includes forming a second hash from the decrypted information using the imaging system. Furthermore, the method includes forming an image on media using the decrypted information if the second hash equals a first hash received from the information source.

Abstract: Various systems and methods, as well as programs embodied in a computer readable medium are provided for secure transmission of an application for installation on a computer system. To accomplish the secure transmission, an application identifier is provided that is associated with the application. A secure request is transmitted to a installation server for a uniform resource identifier associated with the application to be installed on the computer system. The secure request includes the application identifier. A secure response is received from the installation server that includes the uniform resource identifier. A request is transmitted to an application server to download the application stored thereon and the application is received from the application server.

Abstract: A group of devices are fabricated based on a common design, each device having a corresponding plurality of measurable characteristics that is unique in the group to that device, each device having a measurement module for measuring the measurable characteristics. Authentication of one of the group of devices is enabled by selective measurement of one or more of the plurality of measurable characteristics of the device.

Abstract: The present invention provides a method, system and program product for modifying content usage conditions during broadcast content distribution. Specifically, the present invention allows protected (e.g., encrypted, secured, etc.) content to be received along with content usage conditions, an encrypted combination of the content usage conditions and a title key (e.g., a MAC), and a key management block. Using the key management block, a key encrypting key can be determined for decrypting the combination. Once the combination is decrypted, the content usage conditions can be modified (e.g., edited, added to, etc.).

Abstract: A method, system and computer program product for detecting denial-of-service attacks. The randomness in the Internet Protocol (IP) source addresses of transmitted IP packets may be detected by performing a hash function on the IP source addresses thereby generating one or more different hash values. If a high number of different hash values were generated for a small number of IP packets evaluated, then random IP source addresses may be detected. By detecting random source IP addresses, a denial-of-service attack may be detected.

Abstract: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with another aspect, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The data is decrypted using public key decryption and returned to the calling program only if the calling program is allowed to access the data.

Abstract: Disclosed herein are methods and systems for transmitting streams of data. In one embodiment, a method comprises the steps of: receiving a stream of data; organizing the stream of data into a plurality of packets; generating a packet watermark associated with the stream of data; combining the packet watermark with each of the plurality of packets to form watermarked packets; and transmitting at least one of the watermarked packets across a network. The present invention also relates to: receiving at least one packet that has been transmitted across a network; analyzing at least one packet for a watermark; and authenticating the at least one packet using at least a portion of the watermark. The present invention also relates to generating packet watermarks and packet watermark keys.

Abstract: A method of authenticating electronic data is disclosed. In the preferred embodiment, when a Receiver makes a request to a Signer (e.g., a bank customer asks the bank to issue E-Coin), the Receiver includes a “hint generation value” in the request, and from the hint generation value, a “hint value” is derived and recorded on a signing transcript. The hint generation value is essentially an encrypted version of the request submitted from the Receiver to the Signer. When a merchant/Verifier transmits deposit signatures corresponding to spent E-Coin to be deposited, the transmitted signature is decrypted and blinded by the Signer in the same manner as that used to create the hint value. Thus, the encrypted incoming deposit signature from the merchant/Verifier should match the hint value stored on the signing transcript, confirming that the E-Coin is valid without revealing any identifying information about who spent the E-Coin, i.e., anonymity is preserved.

Abstract: A method, system and computer program product for detecting the dissemination of malicious programs. The degree of randomness in the Internet Protocol (IP) destination addresses of received IP packets to be forwarded to an external network may be detected by performing a hash function on the IP destination addresses thereby generating one or more different hash values. If a high number of different hash values were generated for a small number of IP packets examined, then random IP destination addresses may be detected. By detecting random destination IP addresses, the dissemination of a malicious program, e.g., virus, worm program, may be detected.

Abstract: A system includes an associated tamperproof circuit that contains a cryptography unit and one or more keys. The system receives software having one or more portions of code that have been digitally signed prior to receipt of the code by the system. The cryptography unit and one of the keys contained in the tamperproof circuit are used to decrypt a signature file for a portion of the code. The validity of the portion of code is determined by using the decrypted signature file, and if the portion of code is invalid, operation of the system is prevented. One or more portions of the code received by the system, such as a communications protocol, may also be encrypted prior to receipt of the code by the system. The system obtains a key from a remote server via a secure communications channel and uses the key and the cryptography unit contained in the tamperproof circuit to decrypt the communications protocol.

Abstract: Microcode patches are encoded before delivery to a target processor that is to install the microcode patches. The target processor validates the microcode patches before installation. The security of the process may be enhanced by one or more of: 1) performing the validation in a secure memory, 2) using a public/private key pair for encryption and decryption of the microcode patch, 3) using at least one key that is embedded in the target processor and that cannot be read by non-secure software, and 4) using a hash value that is embedded in the target processor to validate at least one non-embedded key.

Abstract: Methods and arrangements to register code are described. Many embodiments may comprise determining an identity such as a hashed identity, digest value, digital signature, or the like, and registering resident code that defines a secure environment, to provide a basis for a system trustworthiness evaluation by another secure environment within the system, a secure environment within another system, a remote system, or the like. Some embodiments comprise transmitting an instruction to store the identity in a repository or memory inaccessible to insecure or untrustworthy hardware and/or software. Several embodiments may comprise verifying a request to access the identity. Other embodiments may comprise storing the identity in a temporary register, such as a register in a hub and/or in memory coupled with an input/output (I/O) hub or within a memory controller hub.

Abstract: Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device involved in the authentication/logon process. The resulting audit log file can then be audited along with similar audit log files from other devices to track a user across multiple platforms.

Abstract: An implementation of a technology, described herein, for facilitating the protection computer-executable instructions, such as software. At least one implementation, described herein, may generate integrity signatures of multiple sets of computer-executable instructions based upon the output trace and/or an execution trace of such sets. With at least one implementation, described herein, a determination may be made about whether two or more of such sets are unaltered duplicates by comparing integrity signatures of such sets. This abstract itself is not intended to limit the scope of this patent. The scope of the present invention is pointed out in the appending claims.

Abstract: An information providing system for highly secure transactions includes an information providing apparatus that provides content data and provided information describing data, which describes the content of the content data, and an information receiving apparatus that is connected to the information providing apparatus via a communication network, receives the content data and the provided information describing data, and transmits a receipt for the received content data to the information providing apparatus. The information receiving apparatus confirms whether the content data is authentic based on the content data and the provided information describing data, and transmits the receipt to the information providing apparatus only when the content of the content data matches the provided information describing data.

Abstract: A system. apparatus and method for providing access security for a subject device. The apparatus includes a security check unit (SCU) configured to be coupled to a transmission medium. The SCU is configured to monitor signals on the transmission medium and to detect an attempt by a first device coupled to the transmission medium to access a second device coupled to the transmission medium based upon the signals. The SCU is also configured to determine an identity of the first device based upon the signals and to control access to the second device by the first device dependent upon the identity of the first device. The method includes monitoring signals and detecting an attempt by an additional device to access the subject device based upon the signals. The method also includes using the signals to determine an identity of the additional device and controlling access to the subject device dependent upon the identity of the additional device.

Abstract: The invention includes a markup language according to the SGML standard in which document type definitions are created under which electronic documents are divided into blocks that are associated with logical fields that are specific to the type of block. Each of many different types of electronic documents can have a record mapping to a particular environment, such as a legacy environment of a banking network, a hospital's computer environment for electronic record keeping, a lending institution's computer environment for processing loan applications, or a court or arbitrator's computer system. Semantic document type definitions for various electronic document types (including, for example, electronic checks, mortgage applications, medical records, prescriptions, contracts, and the like) can be formed using mapping techniques between the logical content of the document and the block that is defined to include such content.

Abstract: In an electronic filing system over a computer network, a central server sets the requirements for making submissions. These requirements include a time limit after the expiry of which, submissions will no longer be accepted. A gateway server polls the central server for the submission requirements, and establishes a directory in its own file system to which all potential submitters have write access until expiry of the time limit. On completion of its submission, a submitter generates evidence of the complete submission. The evidence can be in the form of a digitally signed message digest. The submitter may encrypt the evidence using the gateway server's public encryption key and then forwards the evidence to the gateway server. If the evidence is filed before expiry of the time limit, the gateway server permits the evidence to be written to the directory established for the submission requirements.

Abstract: Multiple hash computations are processed in parallel to effect a synchronization between source and destination hashing processes. A plurality of dynamic hash computation processes operate in parallel, each at a particular phase, or delay, relative to the received sequence of data. If the hash result of one of the processes matches a given hash value that is associated with a sequence of data at the source, the data set at the destination that produced the hash result is assured to correspond to the data set at the source than produced the given hash value.

Abstract: A user support system for cryptographic communication includes a key storage unit for storing keys used for deciphering, a deciphering unit for deciphering an enciphered communication text into a deciphered communication text using a key, and a controller for starting the deciphering unit. only when an input communication text is the enciphered communication text, and for supplying the keys that is necessary for the deciphering in the deciphering unit, by retrieving the key from the key storage.

Abstract: Systems and methods and computer programs for verifying the authenticity and integrity of hyperlink addresses and files that are accessible by means of these hyperlink addresses. A system and a method are disclosed for authenticating a file such as an HTML document hyperlinked to a graphic object such as a digital image or to a graphic icon. The hyperlink network address (e.g., the URL of the hyperlink on the Internet) is encoded on a first portion of the graphic object. Checking information such as a MAC digital signature and the hyperlinked file are encoded into a second portion of the same graphic object. In accordance with another aspect of the invention, a system and a method are disclosed for verifying the authenticity and integrity of a hyperlink and a file when this hyperlink is activated.

Abstract: This invention is a method and apparatus which provide a solution to the problem of constructing efficient and secure digital signature schemes. It presents a signature scheme that can be proven to be existentially unforgeable under a chosen message attack, assuming a variant of the RSA conjecture. This scheme is not based on “signature trees”, but instead it uses a “hash-and-sign” paradigm, while maintaining provable security. The security proof is based on well-defined and reasonable assumptions made on the cryptographic hash function in use. In particular, it does not model this function as a random oracle. The signature scheme which is described in this invention is efficient. Further, it is “stateless”, in the sense that the signer does not need to keep any state, other than the secret key, for the purpose of generating signatures.

Abstract: A process for establishing secure communication between particular communicating units via a channel of a telecommunication network encodes data embodying information to be selectively transmitted from a transmitter unit to one or more particular receiver units prior to transmission using an error detecting code enabling reliable recovery of the information on reception. For security reasons, the error detecting code used to encode the information is encrypted using an enciphering key defined by application of a time dependent variation law. Alternatively, the error detecting code used to transmit information can be selected by application of a time dependent variation law.

Abstract: A method and system for authentication of a user (302, 402) by an authenticating entity (304, 404). The method including the authenticating entity (304, 404) sending a challenge (310, 410) to the user (302, 402). The user (302, 402) adds a spoiler to the challenge (312, 412) and encrypts (316, 416) the combined spoiler and challenge (314, 414) using a private key of an asymmetric key pair. The user (302, 402) sends the encrypted combined spoiler and challenge to the authenticating entity (304, 404). The authenticating entity (304, 404) ascertains that the returned challenge is the same the original challenge (310, 410) and approves the user (302, 402).

Abstract: A method and apparatus for maintaining control of a record which may have transferable value wherein the system provides for digitally signing a record in a partially-trusted distributed environment and allows a single unique authoritative copy to be held at a repository. The system meets the uniqueness and retainability requirements of current legislation relating to electronic transactions and allows electronic records to receive the same legal enforceability as paper documents. One or more secure servers along with maintenance control software provide the secure environment for parties wishing to complete electronic transactions to form legally enforceable agreements.

Abstract: A method and system for generating a unique security access key value for a radio frequency (RF) card are provided so that different kinds of RF cards issued by different companies can be read using a single card terminal in order to collect charge for the use of the RF cards.

Abstract: Disclosed is a system for detecting falsification, the system having: a confirmation information preparing unit preparing confirmation information of source data of published content published on the Internet; a confirmation information holding unit holding the confirmation information of the source data at a predetermined point in time; a source data alteration detecting unit detecting an alteration in the source data; a reflecting unit reflecting the altered source data in the confirmation information of the confirmation information holding unit and in the published content; a published content alteration detecting unit performing alteration detection on the published content; a published content alteration notifying unit notifying a predetermined terminal of information relating to altered published content; and a controlling unit controlling detection of inappropriately altered published content, based on the confirmation information of the source data and on the confirmation information of the published

Abstract: The Spread Spectrum Image Steganography (SSIS) of the present invention is a data hiding/secret communication steganographic system which uses digital imagery as a cover signal. SSIS provides the ability to hide a significant quantity of information bits within digital images while avoiding detection by an observer. The message is recovered with low error probability due the use of error control coding. SSIS payload is, at a minimum, an order of magnitude greater than of existing watermarking methods. Furthermore, the original image is not needed to extract the hidden information. The proposed recipient need only possess a key in order to reveal the secret message. The very existence of the hidden information is virtually undetectable by human or computer analysis. Finally, SSIS provides resiliency to transmission noise, like that found in a wireless environment and low levels of compression.

Abstract: This invention presents a method or system for the secure distribution and use of electronic media. The method can be used to enforce a distributor's license and copyrights with any form of electronic media including music, software and books but is particularly suited to large media formats such as digital movies. The invention as presented can also be used to ensure that distributed files are not tampered with and are secure to give users peace of mind against viruses, trojans and the like.

Abstract: A method and apparatus for broadcasting newsgroup information to a plurality of users uses a news server, which is in communication with the Internet, a newscast transmitter, a satellite gateway, and a subscriber station. The news server gathers newsgroup information from Internet newsgroups, and the newscast transmitter, in conjunction with the satellite gateway and a satellite, distributes all of the information to a plurality of subscriber stations. The subscriber stations preferably include personal computers equipped to receive broadcast newsgroup information. The subscriber stations each include a personal news server, storage media and a newsreader. The personal news server filters newsgroup information received based on subscription information stored only local to the receiver. The filtered newsgroup information is stored on the storage media for use at a later time when a user desires to read the newsgroup information.

Abstract: An optical disc recorder/reproducer, a personal computer, a television receiver, an IRD and so forth are connected mutually via a 1394 serial bus. When data transmitted from the personal computer to the optical disc recorder/reproducer via the 1394 serial bus are to be recorded, an isochronous packet is sent to the recorder/reproducer inclusive of the data to indicate whether the personal computer is a device capable of cognizing copy control information. And depending on whether the source of the transmitted data is a copy control information cognizant device or not, the optical disc recorder/reproducer updates the copy control information with reference to a selected table, and then the updated copy control information is recorded on the optical disc. This system can distinguish between a prerecorded disc and a user-recorded disc, hence achieving exact management of copy control information.

Abstract: In a cryptography system, plaintext storage unit 101 stores a plaintext. Encryption unit 102 encrypts the plaintext to generate a ciphertext. First verification data generating unit 104 generates first verification data, and second verification data generating unit 106 generates second verification data. Decryption unit 114 decrypts the ciphertext to generate a decrypted plaintext. First verification unit 116 performs verification using the decrypted plaintext and the first verification data. Second verification unit 117 performs verification using the first verification data, the ciphertext, and the second verification data. Display unit 112 displays the results of the verifications.

Abstract: Techniques are provided which can prevent secret data or falsified data in a data providing system from being presented to a data requesting system. A data verifying system is installed in a network interconnecting the data requesting system and data providing system. The data verifying system checks whether verification data for supplied data matches the supplied data. In accordance with this check, data to be transmitted from the data verifying system to the data requesting system is altered.

Abstract: The present invention provides an architecture and method for a gaming-specific platform that features secure storage (354) and verification (366) of game code and other data, provides the ability to securely exchange data with a computerized wagering gaming system, and does so in a manner that is straightforward and easy to manage. Some embodiments of the invention provide the ability to identify game program code as certified or approved, such as by the Nevada Gaming Regulations Commission or other regulatory agency. The invention provides these and other functions by use of encryption (216), including digital signatures (220) and hash functions (210) as well as other encryption methods.

Abstract: A method and apparatus are described for data synchronization between a client and a repository. According to one embodiment, data synchronization between a client and a repository is performed based on the results of a comparison between message digests associated with files stored on the client and a database of message digests stored on the repository. The message digests generated on the client uniquely identify the content of files stored on the client. This unique identification of the contents of the files on the client is accomplished by performing a cryptographic hash of the contents of the individual files. The database of message digests stored on the repository contains message digests from clients that are stored in the database at the time of data synchronization. By comparing message digests generated on the client with those stored on the repository, the need for data synchronization may be efficiently determined.

Abstract: This invention provides a method for identifying a purchaser who purchased content from which an illegal copy was produced. A provider system encrypts purchased by the purchaser using a public key of a purchaser system and sends the encrypted content to the purchaser system. The purchaser system creates a digital signature of the content with the use of a private key of its own and embeds the created digital signature into the received content. When an illegal copy is found, the provider system verifies the digital signature, embedded in the illegal copy as a digital watermark, to identify the purchaser who purchased the content from which the illegal copy was produced.

Abstract: A system and method for regenerating secret keys that have been used to encrypt communications between two parties are disclosed. The system and method involve securely escrowing only one of the private values that the parties use in a Diffie-Hellman exchange to establish secure communications between the parties. The public value for each communication session is controlled after the escrow of the private value, and the secret keys are regenerated from the escrowed private value and the controlled public values. The escrowed private value is transmitted to the escrow center with full proof of security and authenticity, and the escrowed private value can be changed and re-sent to the escrow center.

Abstract: A method and apparatus for providing a customizable digital certificate. In one embodiment, a method includes providing a digital certificate that includes a certificate public key, one or more public keys corresponding to one or more respective items of information, and at least one encrypted item of information each encrypted with a private key corresponding to a respective one of the one or more public keys. In another embodiment, the method includes providing digital data representing a certificate having a certificate public key and one or more encrypted items of information each encrypted with the certificate public key. The method further includes decrypting at least one encrypted item of information with a certificate private key corresponding to the certificate public key to provide at least one item of information, and including the at least one item of information in the certificate. The certificate or components thereof may be compiled by a certification authority and transmitted to a subscriber.

Abstract: A message to be transmitted through a network is encrypted such that the resulting encrypted message has associated therewith a proof of correctness indicating that the message is of a type that allows decryption by one or more escrow authorities. Each of at least a subset of the servers of the network includes a module for checking the proof of correctness if the corresponding encrypted message passes through the corresponding server in being transmitted from a sender to a recipient through the network. The encrypted message is therefore transmitted through the network to the recipient such that in traversing the network the proof of correctness associated with the encrypted message is checked by a designated check module of at least one server of the network. If the check of the proof of correctness indicates that the proof is invalid, the module of the server performing the check may direct that the encrypted message be discarded.

Abstract: A control system provides secure transmission of programs, including at least one of video, audio, and data, between a service provider and a customer's set top unit over a digital network. Program bearing data packets are received in a first network protocol over a first data link and removed from the first network protocol. Packets representing a particular program requested by a customer having a set top unit are selected. Conditional access is provided to the selected program. In particular, program bearing packets are encrypted according to a first encryption algorithm using a first key, which is then encrypted according to a second encryption algorithm using a second key. The first keys are transported in packets to the customer's set top units along with the program packets. A public key cryptographic technique encrypts the second key such that the public key used in the encryption corresponds to the private key of the customer's set top unit.

Abstract: A method of signing digital data, comprising the steps of subjecting the data to be signed to a message digest function to produce a digest of the data to be signed, transmitting the message digest to a small, mobile transaction device which contains a secret key and a user's PIN code, determining whether a user's PIN code is correct and, if it is, hashing the digest as a function of said secret key, returning the transformed message digest to a service provider, digesting and hashing the original data at the service provider using the same message digest function and secret key, and determining whether the hashed message digest at the service provider matches the hashed message digest received from the transaction device.

Abstract: The secure messaging system of the invention encrypts an electronic document using a symmetric key and transmits the encrypted document and related message parameters to a recipient whose identity is then authenticated by a web server. The web server dynamically regenerates the symmetric key from a hidden key and from the message parameters accompanying the encrypted document, and thus avoids having to maintain a central repository of encrypted documents as required by typical “post and pick-up” encrypted messaging systems. Further, an audit trail produced while practicing the invention provides timestamped message digest data for a plurality of time intervals, where the message digests for adjacent time intervals are computationally linked together. The audit trail effectively enables timestamped message digest data to verify not only the existence of a document during a first time interval, but also to verify the existence of documents encountered in a prior time interval.

Abstract: A method of authenticating a video image created by a camera (V) or similar video device. The image is formed into a first 2-dimensional pixel array (A1) with each pixel (pm,n) represented by a data word of a predetermined length. Additional data words including event information are added to this 2-dimensional array (A1). The formatted array is converted into a second 2-dimensional array (A2) which may be made smaller than the first array by eliminating rows and columns from the formatted array. A first linear vector (A3) is created using the data words in the second array, and a second linear vector (A4) is created by repositioning the data words from the first linear vector in a random pattern. A checksum is created by summing the contents of all of the data words in the second linear vector beginning at a location established by a pre-established formula. A header (H) is formed using the resulting checksum, information identifying the device used to create the image, and the time the image is formed.