Abstract: A document printer includes an authenticity verifier for examining an electronic document to verify predetermined authentication information in the electronic document. The authentication information may be an electronic signature, or a digital watermark. The authenticity verifier may be included in the printer controller, and examines the authentication information of the document to verify that the document is unchanged from when it was transmitted by the source computer, and for authenticating the source of the document. If the authenticity verifier confirms the authentication information, the printer automatically performs one print function, such as printing the document with an authentication mark. If the authenticity verifier does not confirm the authentication information, the printer automatically performs a different print function, such as not printing the document, or printing the document with an authenticity warning.

Abstract: An apparatus, method, and computer program product for high-availability multi-agent cryptographic key recovery. The present invention defines a key recovery block that specifies allowable subsets of the total set of key recovery agents that can participate in a key recovery. For each subset, key recovery information is computed and stored after the subset is specified. This key recovery information is only useable by that subset because it is computed using that subset of public keys of the agents. When key recovery is initiated, a trusted processor (a key recovery coordinator) validates the contents of the key recovery block and it uses and is allowed to use any of the subsets of the agents to process the key recovery request. Since many subsets could be specified, the likelihood of key recovery failure is greatly diminished.

Abstract: A method and system for performing digital message encryption and signature encoding for use in, for example, communications and digital information storage systems, For secure communication of digital messages it is necessary to both encrypt the message and sign the message with a digital signature scheme to allow for authentication by the receiver. In order to the computational efficiency and reduce communications overhead in secure communications, a method and system, referred to as “signcryption”, are provided in which the processes of encryption and authentication are combined. The principles of public key cryptography are utilised, although any suitable keyed encryption algorithm can be employed for the message encoding. Examples of signature schemes which can be easily implemented by signcryption include the ElGamal, Schnorr and Digital Signature Standard.

Abstract: A system and method for providing assurance to a host executing a piece of software that the software possesses a particular property. A certifier determines if a piece of software possesses a particular property, and if it does, it cryptographically signs the software, producing a signature. The software and a certificate that includes the signature is then distributed to a host. The host checks the signature. If the signature is valid, then the host is provided with assurance that the software possesses the particular property. If the signature is not valid, then the host is provided with no such assurance.

Abstract: A RSA encryption scheme includes a modulus in which at least one set of bits is of a predetermined configuration. The configuration may be selected to replicate the identity of the recipient or other information normally transmitted between the parties or may be information stored by the sender to allow only the balance of the modulus to be transmitted with the sender subsequently reconstructing the modulus.

Abstract: An RSA-based signing scheme that combines essentially optimal efficiency with attractive security properties. One preferred signing routine requires one RSA decryption plus some hashing, verifications requires one RSA encryption plus some hashing, and the size of the signature preferably is the size of the modulus. Given an ideal underlying hash function, the scheme is not only provably secure, but has security tightly related to the security of RSA. An alternative embodiment maintains all of the above features and, in addition, provides message recovery. The techniques can be extended to provide schemes for Rabin-based signatures or signatures using other trapdoor functions.

Abstract: A hash function and a service key are stored in advance in an EEPROM of a DVD player serving as a source. In an EEPROM of a personal computer (PC) serving as a sink, on the other hand, its ID and a license key are stored beforehand. The DVD player requests the PC to transmit the ID. The DVD player then applies the hash function to data resulting from concatenation of the ID with the service key to generate a license key(=hash(ID∥service13 key)). Subsequently, the DVD player generates a source side session key and encrypts the session key by using the generated license key. Then, the DVD player transmits the encrypted source side session key to the PC. The PC decrypts the encrypted source side session key by using the license key stored in its EEPROM to produce a sink side session key which has a value equal to that of the source side session key.

Abstract: A method and system is provided whereby after specialized original native format files have been signatured and “wrapped” into industry standard byte stream text files for transmission over the Internet (or for use of other computer platforms), then subsequently, said wrapped files with signature can be accessed by the proprietary computer platform which will then use the signature to verify the integrity of the files and will unwrap or re-create these files back into the original specialized native format for use by the proprietary computer platform.

Abstract: A system and method to encrypt and decrypt data into highly secure forms, which uses common error correction hardware or algorithms to encipher data, with little or no impact on system cost or performance. The data encryption/decryption system allows a nearly limitless number of encryption keys to be used without compromising security, rather than encryption methods such as Data Encryption Standard (DES), which rely upon the difficulty in the factorization of keys based upon large prime numbers.

Abstract: A method of generating a digital signature within a computer chip includes receiving data representing a message, and generating a digital signature for the message by modifying the message data with additional data, calculating a hash value of the modified message, and encrypting the hash value using a private key of a public-private key pair. The additional data includes data prestored within content searchable memory of the computer chip and a verification status of the computer chip. The verification status is identified out of a plurality of predefined verification statuses as a function of verification data input into the computer chip and data prestored within the computer chip. An identified verification status is used by one entity in determining risk regarding an electronic communication from another entity, especially where the electronic communication comprises a request and a digital signature generated by the computer chip.

Abstract: A method using a Non-Volatile Memory circuit which operates as an interface between a key loader and an encryption device in a missile's telemetry system. The method includes a step for storing a crypto key and an associated check word and a backup crypto key and check word in the EEPROM of a microcontroller, and a step for indicating the status of a load of the crypto key in the microcontroller as well as a step for indicating the status of an erase of the crypto key from the microcontroller. The method also includes a step for turning off the missile's transmitter when a key load occurs to prevents transmission of the crypto key and its corresponding check word. The method further includes a step for erasing the crypto key and its associated check word from an EEPROM within the microcontroller upon a missile launch.

Abstract: A method for simultaneously generating one time pads and an apparatus which implements the method to produce a secure encryption system. The method and apparatus use the Diffie-Hellman key exchange algorithm to produce a one time pad rather than exchange keys. This makes it practical to generate one time pads for use in secure transmissions.

Abstract: Method and apparatus for synchronizing the transmitting side and the receiving side in an IP network that uses a stream encryption algorithm are disclosed. A sequence number is introduced into the payload of each packet at the transmitting side and transmitted with the packets. Upon receipt at the receiving side, the sequence number is extracted from the payload and used to synchronize the receiving side to the transmitting side. An error detection mechanism is used to detect when the synchronization is lost and a recovery procedure is initiated. The length of the sequence number is made sufficiently long to cope with any jitter variations in the IP network. This sequence number length is dynamically adjustable based on the amount of jitter detected in the network.

Abstract: Improved techniques for facilitating secure data transfer over one-way data channels or narrowband channels are disclosed. Often, these channels are wireless channels provided by wireless data networks. The techniques enable cryptographic handshake operations for a one-way data channel to be performed over a companion two-way data channel so that the one-way data channel is able to effectively satisfy security protocols that require two-way communications for the cryptographic handshake operations. Once the cryptographic handshake operations are complete, data can be transmitted over the one-way data channel in a secure manner. Additionally, the techniques also enable the cryptographic handshake operations to be performed more rapidly because the two-way channel is typically a wideband channel.

Abstract: In an improved election process, a voter constructs his or her vote message (potentially padded with a random string) and encrypts it. The voter then signs the encrypted vote and posts the signed, encrypted, vote on a bulletin board. After the voting booths have closed, a set of talliers decrypt the encrypted votes with the aid of the mix network, to obtain the final tally, but without revealing or being able to notice the relationship between votes cast and votes in the tally.

Abstract: A method of signing digital streams so that a receiver of the stream can authenticate and consume the stream at the same rate which the stream is being sent to the receiver. More specifically, this invention involves computing and verifying a single digital signature on at least a portion of the stream. The properties of this single signature will propagate to the rest of the stream through ancillary information embedded in the rest of the stream.

Abstract: Authentication of image from digital cameras with GPS-derived time and location data is disclosed. With the wide-spread availability of today's desktop tools and imaging devices, unethical manipulation of digital image data is common, such that digital images are not ordinarily reliable and can be subject to trickery and forgery. In the past, imagery such as photographs and digital images were reliable enough to serve as documentary evidence in most cases, since a skilled craftsman was needed to modify the images and commit fraud. However, skilled craftsmen are no longer needed, and digital images can be modified by even a casual user. Moreover, time data and location data are not ordinarily included in digital images. According to the invention, a digital camera system documents the time, date and location where a digital image was taken, using GPS-derived data from a secure connection.

Abstract: An RSA-based signing scheme that combines essentially optimal efficiency with attractive security properties. One preferred signing routine requires one RSA decryption plus some hashing, verifications requires one RSA encryption plus some hashing, and the size of the signature preferably is the size of the modulus. Given an ideal underlying hash function, the scheme is not only provably secure, but has security tightly related to the security of RSA. An alternative embodiment maintains all of the above features and, in addition, provides message recovery. The techniques can be extended to provide schemes for Rabin-based signatures or signatures using other trapdoor functions.

Abstract: A method and apparatus for providing message authentication between a first device (such as a provisioning server) and a plurality of other devices (such as cable modems) without need to share a secret key between the first device and the plurality of second devices.

Abstract: A complete system for the purchasing of goods or information over a computer network is presented. Merchant computers on the network maintain databases of digital advertisements that are accessed by buyer computers. In response to user inquiries, buyer computers retrieve and display digital advertisements from merchant computers. A digital advertisement can further include a program that is interpreted by a buyer's computer. The buyer computers include a means for a user to purchase the product described by a digital advertisement. If a user has not specified a means of payment at the time of purchase, it can be requested after a purchase transaction is initiated. A network payment system performs payment order authorization in a network with untrusted switching, transmission, and host components. Payment orders are backed by accounts in an external financial system network, and the payment system obtains account authorizations from this external network in real-time.

Abstract: A complete system for the purchasing of goods or information over a computer network is presented. Merchant computers on the network maintain databases of digital advertisements that are accessed by buyer computers. In response to user inquiries, buyer computers retrieve and display digital advertisements from merchant computers. A digital advertisement can further include a program that is interpreted by a buyer's computer. The buyer computers include a means for a user to purchase the product described by a digital advertisement. If a user has not specified a means of payment at the time of purchase, it can be requested after a purchase transaction is initiated. A network payment system performs payment order authorization in a network with untrusted switching, transmission, and host components. Payment orders are backed by accounts in an external financial system network, and the payment system obtains account authorizations from this external network in real-time.

Abstract: A complete system for the purchasing of goods or information over a computer network is presented. Merchant computers on the network maintain databases of digital advertisements that are accessed by buyer computers. In response to user inquiries, buyer computers retrieve and display digital advertisements from merchant computers. A digital advertisement can further include a program that is interpreted by a buyer's computer. The buyer computers include a means for a user to purchase the product described by a digital advertisement. If a user has not specified a means of payment at the time of purchase, it can be requested after a purchase transaction is initiated. A network payment system performs payment order authorization in a network with untrusted switching, transmission, and host components. Payment orders are backed by accounts in an external financial system network, and the payment system obtains account authorizations from this external network in real-time.

Abstract: A method, computer system, and program product provides for authentication of user messages using PKI technology in environments where limited capacity prevents direct PKI technology use, and strong security is provided using magnetic swipe cards or the like, and a pass phrase is used for enhanced security and to avoid the need for special purpose devices. The invention is advantageous where there are limitations on the space available for PKI credentials, such as in the userid and password fields of a remote access protocol. PKI techniques are used without transferring lengthy keys or certificates once an initial registration process is complete. A secret key is used. A digest is computed of the secret key, the user's certificate serial number, and a time stamp. The digest, together with the user's certificate serial number and the time stamp, forms a compact message that may be transmitted. Private keys and secret keys are not sent during authentication. Replay attacks are prevented.

Abstract: This invention provides a method for identifying a purchaser who purchased content from which an illegal copy was produced. A provider system encrypts a content purchased by the purchaser using a public key of a purchaser system and sends the encrypted content to the purchaser system. The purchaser system creates a digital signature of the content with the use of a private key of its own and embeds the created digital signature into the received content. When an illegal copy is found, the provider system verifies the digital signature, embedded in the illegal copy as a digital watermark, to identify the purchaser who purchased the content from which the illegal copy was produced.

Abstract: A cryptographic technique that not only provides fast and extremely secure encryption and decryption but also assures integrity of a ciphertext message. This technique involves, during message encryption: generating, in response to an incoming plaintext message, an intermediate stream--such as by chaining the message, wherein a predefined portion of the intermediate stream defines a message authentication code (MAC); inserting an encrypted version of the MAC into a predefined portion of a ciphertext message; and generating, in response to the intermediate stream and the encrypted MAC, a remainder of the ciphertext message such that the remainder exhibits a predefined variation, e.g., a pseudo-random sequence, also contained within the encrypted MAC. Decryption proceeds in essentially a reverse fashion.

Abstract: A message guaranty system for having a reliable third party (evidence preparing server) prepare evidence information attesting to the transmission and reception of a message by a transmitting and a receiving terminal. When the transmitting terminal furnishes the target message with evidence information before transmitting them to the destination, the system attests to the transmission and reception of that message once they are completed. When a message is to be sent illustratively from a workstation (WS) 1 to a workstation (WS) 2, the third-party evidence preparing server on the network first prepares transmission evidence based on a request from the WS 1 and sends it to the WS 1. The WS 1 sends the message along with the evidence to the WS 2. The evidence preparing server then prepares reception evidence based on a request from an evidence verifying server (a third party) acting for the WS 2.

Abstract: The present invention provides a process for managing data copyright in the case when a primary user produces new data by editing a plurality of original data which have been supplied from data broadcasting, a recording medium or a database, and supplies the new data to a secondary user. A public-key and a private-key of the primary user, and a first secret-key and a second secret-key of the original data, each of which is controlled by a copyright management center, and an edit program are used. The primary user, who is supplied a plurality of original data encrypted by each first secret-key thereof, decrypts the plurality of original data by each of the secret-keys and produces new data using the edit program. The primary user re-encrypts the new data by the second secret-key of each original data, respectively. The re-encrypted data is supplied to the secondary-user, together with editing process data which includes a digital signature generated using the private-key.

Abstract: A packet authentication and packet encryption/decryption scheme for a security gateway suitable for a hierarchically organized network system and a mobile computing environment. For the packet authentication, in addition to the end-to-end authentication at the destination side packet processing device, the link-by-link authentication at each intermediate packet processing device in the packet transfer route is used. The link-to-link authentication data being inspected by intermediate nodes and end-to-end data (different from link-to-link data) being inspected by destination node but not being inspected by intermediate nodes.

Abstract: A system includes an accounting register; structure for creating and attaching a digital signature to a message; a memory having stored therein a plurality of different indemnification provisions and a plurality of different service rates each associated with a corresponding one of the plurality of different indemnification provisions; apparatus for selecting and associating a specific one of the plurality of different indemnification provisions to the digital signature; and a device for adjusting the accounting register, wherein at times when the specific one of the plurality of different indemnification provisions has been selected and associated with the digital signature the adjusting device accounts for a one of the plurality of different service rates that corresponds to the specific one of the plurality of different indemnification provisions.