Abstract: This paper presents a tutorial introduction to contemporary cryptography. The basic information theoretic and computational properties of classical and modern cryptographic systems are presented, followed by cryptanalytic examination of several important systems and an examination of the application of cryptography to the security of timesharing systems and computer networks. The paper concludes with a guide to the cryptographic literature.

Abstract: The invention comprises a method of providing a digital signature for purposes of authentication of a message, which utilizes an authentication tree function of a one-way function of a secret number.

Abstract: When typed objects migrate in virtual memory, onto off-ine storage, or among the nodes of a network, the type managers must relinguish control over the object representation and state. In this paper we present a mechanism which allows a type manager to authenticate and reinstantiate migrated objects. This mechanism also solves some problems stemming from the hierarchical structure of the system itself. The mechanism is based on a combination of cryptographic techniques using (nondistributable) centralized, secret keys, and data redundancy which characterizes the object representation and state.

Abstract: Signature verification and authentication systems are disclosed which include documents each of which bears a cryptographic representation of at least one property of a signature of an authorized user thereof modified in accordance with at least one of a set of indicia identifying the document with its authorized user. Apparatus are disclosed whereby said cryptographic representations can be decrypted and authenticated, using said indicia as a key. Apparatus are disclosed for producing such cryptographic representations on documents, which apparatus include cryptographic means for producing cryptographic representations of signatures and means for modifying the operation of these cryptographic means in accordance with one or more of said indicia. Methods of signature verification and authentication using documents bearing such cryptographic representations are disclosed. Both passive systems (48, figure 2) in which the decrypting of said cryptographic representations is performed by eye with the help of passive optical elements (50. figure 2), and active systems (210, figure 14) in which electronic means are used for the decrypting of said cryptographic representations are disclosed.

Abstract: A transaction terminal system includes a user accessible terminal coupled by a message transmission link to a remote controller and incorporates a potential user authentication combination based on an encryption check and arranged so that the crictical encryption key is not resident nor is transmitted overtly to the user accessible terminal. The potential user enters into the terminal a transaction identifier and a first message from a card together with a second memorized message. The two messages are combined in the terminal to provide a key which is used to encrypt the transaction identifier. The identifier is transmitted to the controller, with and without encryption by their particular key where the identifier is encrypted by a key stored in the controller and a compari- ! son is performed between the two encrypted forms to test for validity of the input and an acceptance signal is transmitted back to the terminal. Other tests can be performed as to the validity of the transaction and the status of the terminal and the transmission can be overlayed by levels of encryption and decryption. The controller may form part of a host computer or of an intermediate node or both and authentication may be performed at the node when the host computer is off-line.

Abstract: This invention relates to a method for authenticating the identity of a user of an information system. A data communication system operating in accordance with an embodiment of the invention includes one or more terminals operatively coupled to a host data processing system each having cryptographic apparatus for cryptographic data communications. In order to authenticate the identity of terminal users of the system, a host system initialization process is first performed to provide a table of test patterns for use during subsequent authentication processing. This is accomplished by providing terminal user identification numbers and passwords and a predetermined number at the host data processing system. A first initialization operation is performed at the host data processing system in accordance with the terminal user identification numbers and passwords to obtain terminal user authentication patterns. A second initialization operation is performed at the host data processing system in accordance with the predetermined number and the terminal user identification numbers to obtain terminal user first verification patterns. A third initialization operation is performed at the host data processing system in accordance with the terminal user authentication patterns and the terminal user first verification patterns to obtain the table of terminal user test patterns. During authentication processing, a terminal user identification number and password are provided by a user at a terminal of the system. An operation is performed at the terminal in accordance with the terminal user identification number and password to obtain a terminal user authentication pattern. The terminal user identification number and authentication pattern is then transferred to the host data processing system to carry out an authentication process. At the host data processing system, a first operation is performed in accordance with the predetermined number and the received terminal user identification number to obtain a terminal user first verification pattern. The table of terminal user test patterns is then accessed in accordance with the received terminal user identification number to provide the test pattern corresponding to the terminal user. A second operation is performed at the host data processing system in accordance with the accessed terminal user test pattern and terminal user authentication pattern to obtain a terminal user second verification pattern. The first verification pattern is then comparied with the second verification pattern to authenticate the identity of the terminal user.