PROBLEM TO BE SOLVED: To solve the problem, wherein it is impossible for an electronic content information provider to provide commercially secure and effective method, for a configurable general-purpose electronic commercial transaction/distribution control system. SOLUTION: In this system, having at least one protected processing environment for safely controlling at least one portion of decoding of digital information, a secure content distribution method comprises a process for encapsulating digital information in one or more digital containers; a process for encrypting at least a portion of digital information; a process for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container; a process for delivering one or more digital containers to a digital information user; and a process for using a protected processing environment, for safely controlling at least a portion of the decoding of the digital information. COPYRIGHT: (C)2006,JPO&NCIPI

https://apps.dtic.mil/dtic/tr/fulltext/u2/a423264.pdf

Systems and Methods for Secure Transaction Management and Electronic Rights Protection

Cryptosystem designers frequently assume that secrets will be manipulated in closed, reliable computing environments. Unfortunately, actual computers and microchips leak information about the operations they process. This paper examines specific methods for analyzing power consumption measurements to find secret keys from tamper resistant devices. We also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.

/pdf/differential-power-analysis-4t7fjmuc7b.pdf

Differential Power Analysis

A method of maintaining digital medical records, comprising a step of receiving a medical transaction record (102), encrypted with a key in accordance with a patient-file association. Also comprising a step of accessing the encrypted medical transaction record according to a patient association with the record (111). And further comprising a step of re-encryption of the encrypted accessed medical transaction record with a key associated with an intended recipient of the medical record. The system and method according to the present invention presents a new business model for creation, maintenance, transmission, and use of medical records. The invention also allows financial burdens to be reallocated optimally and equitably, resulting in decreased overall societal cost and providing a successful business model for a database proprietor. Secure entrusted medical records are held in trust by an independent third party on behalf of the patient (113), and serve the medical community at large. Separately encrypted record elements may be aggregated as an information polymer.

Information record infrastructure, system and method

This invention relates to methods for controlling and monitoring access to network servers. In particular, the process described in the invention includes client-server sessions over the Internet. In this environment, when the user attempts to access an access-controlled file, the server subjects the request to a secondary server which determines whether the client has an authorization or valid account. Upon such verification, the user is provided with a session identification which allows the user to access to the requested file as well as any other files within the present protection domain.

Internet server access control and monitoring systems

A system for controlling use and distribution of digital works, in which the owner
of a digital work (101) attaches usage rights (102) to that work. Usage rights are granted by the
"owner" of a digital work to "buyers" of the digital work. The usage rights define how a
digital work may be used and further distributed by the buyer. Each right has associated with it
certain optional specifications which outline the conditions and fees upon which the right may
be exercised. Digital works are stored in a repository. A repository will process each request
(103,104) to access a digital work by examining the corresponding usage rights (105). Digital
work playback devices, coupled to the repository containing the work, are used to play, display
or print the work. Access to digital works for the purposes of transporting between
repositories (e.g. copying, borrowing or transfer) is carried out using a digital work transport
protocol. Access to digital works for the purposes of replay by a digital work playback
device(e.g. printing, displaying or executing) is carried out using a digital work playback
protocol. Access is denied (106) or granted (107) depending whether the requesting repository
has the required usage rights.

System for controlling the distribution and use of digital works

In a system, such as a system utilizing a Kerberos protocol, system users each have an associated asymmetric crypto-key. The security of communications over the system is enhanced by a first user generating a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion. The second temporary key portion is encrypted by the first user with the first private key portion of the first user crypto-key to form a first encrypted message. Another user, preferably an authentication server, applies the second private key portion and the public key portion of the first user crypto-key to the first encrypted message to decrypt the second temporary key portion and thereby authenticate the first user to the security server. The authentication server then encrypts the first encrypted message with the second private key portion of the first user crypto-key to form a second encrypted message. The first user next applies the public key portion of the first user crypto-key to decrypt the second encrypted message and obtain the second temporary key portion, thereby authenticating the security server to the first user.

Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography

A encryption method and system using split key public encryption. A first and second user private encryption key and a corresponding first and second user public encryption key are generated. The first and second user private encryption keys are divided into a first and second private user key portion and a corresponding first and second central authority key portion. The first and second private user key portions are respectively disclosed to the first and second users. The central authority key portions and the user public encryption keys are maintained by a central authority (CA). The first user request a communications session with the second user through the CA. After receiving the request, the CA encrypts a session encryption key with (i) the central authority key portion and user public encryption key associated with a first user to form a first encrypted session key and (ii) the central authority key portion and user public encryption key associated with the second user to form a second encrypted session key. The first encrypted session key is provided to the first user and the second encrypted session key is provided to the second user. The first user applies the first user's private user key portion to decrypt the first encrypted session key and the second user applies the second user's private user key portion to decrypt the second encrypted session key. The first user and the second user apply the decrypted common session key to encrypt and decrypt messages exchanged during a communications session. The method and system also provide for authorized wiretapping, video and data distribution and private enhanced messaging (PEM).

System and method for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem

Cashless transactions are performed by transmitting information identifying a purchaser of a product without identifying a payment account for the purchaser. The transmitted identifying information is received at a central processing point and processed to determine if the purchaser is a registered purchaser. A notice confirming registration, which may take the form of a purchase authorization, is transmitted from the central processing point if the purchaser is determined to be registered. The transmitted notice is received at the point of purchase and a bill is generated for the purchased product responsive to receipt of the notice.

Cashless transactions without credit cards, debit cards or checks

A method is provided for securing stored files in a system having a plurality of system users with each system user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion. Each public key portion is accessible to the plurality of system users. Each private key portion has a first private key portion known only to the associated user and a corresponding second private key portion known only to a security server. Data to be stored is identified. A symmetric crypto-key is encrypted with only the second private key portion of a first user crypto-key to form an encrypted key message, thereby restricting access to the symmetric crypto-key to only the first user. The symmetric crypto-key is obtained by the first user by applying the first private key portion of the first user crypto-key to decrypt the encrypted key message. The first user encrypts the data with the symmetric crypto-key to form an encrypted file, and stores the encrypted file and the encrypted key message.

Securing E-mail communications and encrypted file storage using yaksha split private key asymmetric cryptography

A system, method, and article of manufacture for making payments on a network by a payment service provider. The service provider receives information identifying both a network user and the network user's bank account, and a request to make a payment on behalf of the network user. This information is processed for verification. A unique user identifier is also generated. The information and the unique user identifier are stored together. If the information is verified, a debit is made from the network user's bank account without the network user having to provide the unique user identifier to the payment service

Ravi Ganesan

Papers

Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography

System and method for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem

Cashless transactions without credit cards, debit cards or checks

Securing E-mail communications and encrypted file storage using yaksha split private key asymmetric cryptography

Technique of registration for and direction of electronic payments in real-time