Abstract: The invention relates to fiduciary documents and liquids requiring an authentication and a method of marking. The authentication is effected by producing a synthesis reaction of a fluorescent chelate in or on the materials to be authenticated.

Abstract: Specifications of encryption-based protocols using conventional and public-key encryption schemes are discussed for authentication of users or systems in a computer network environment. The protocols treat a sender and a receiver symmetrically and make no assumption about any specific time ordering of events. We apply state machine modeling and analysis techniques to determine important properties of these protocols including completeness, deadlock freeness, livelock or tempo-blocking freeness, termination, boundedness, and absence of non-executable interactions.

Abstract: A method for authenticating nodes/users and in protecting .data flow between nodes. This is facilitated by creating a dialogue involving authenticated encryption among the nodes. During each session, a key for use in cryptographic conversion is constructed among the node participants in order to permit symmetric authentication. The key is unique to the session. A different key is generated for each and every session. The building of the session key involves sharing of a minimal amount of information among the participants in the form of combining both a random number and authentication indicia.

Abstract: One of the most pervasive problems in military and in commercial communications-like systems is the need to authenticate digital messages; where authentication is interpreted broadly to mean verification both that a message was originated by the purported transmitter and that it has not been altered subsequently, which includes verifying that it is not a repetition of an earlier legitimate but already accepted message The terminology ttmessagetl is a carryover from the origins of the problem in communications systems, but as used here includes resident computer software, data bank information, access requests and passes or passwords, hand-shaking exchanges between terminals and central facilities or between card readers and teller machines, etc; ie, digital information exchange over a suspect channel or interface in general The need to authenticate information presupposes an opponent(s) — who may in some circumstances be either the transmitter or receiver — that desires to have unauthentic messages be accepted by the receiver, or by arbiters, as authentic or else to fraudulently attribute to the transmitter messages that he did not send

Abstract: Recently, Seberry proposed a method for subliminal message transmission over an insecure channel in the case where authentication but not secrecy is required. Here we examine her ideas in some detail, and propose certain changes to the method that would be necessary for implementation. Disciplines Physical Sciences and Mathematics Publication Details Jones, TC and Seberry, J, Authentication without secrecy, Ars Combinatoria, 21A, 1986, 115-121. This journal article is available at Research Online: http://ro.uow.edu.au/infopapers/1021 AUTHENTICATION WITHOUT SECRECY TERRY C. JONES AND JENNIFER SEBERRY ABSTRACT. Re~eDtly, ~berry proposed a method for Bubliminal meB~ tran~missioll over an insecure channel in the ease where a.uthentication but not secrecy is required. Here we examine her ide8.11 in some detail, and propose certain changes to the method that would be necessary for implementation. Re~eDtly, ~berry proposed a method for Bubliminal meB~ tran~missioll over an insecure channel in the ease where a.uthentication but not secrecy is required. Here we examine her ide8.11 in some detail, and propose certain changes to the method that would be necessary for implementation.

Abstract: A method of offline personal identification in and to a muftiterminal data processing system, the method using an authentication tree with a one-way authentication tree function, a stored global secret key, a stored global verification value of reference, a personal identification number entered directly by the potential user and a personal key and an index position number entered via a card previously issued to the potential user, the index position number representing the tree path for the user to whom the card was issued, by calculating an authentication parameter as a function of the personal key and the personal identification number; mapping the parameter to a verification value using the index position number in the one way function to the root of the tree; comparing the verification value obtained by the mapping with the stored global verification value of reference; and enabling the system in respect of transaction execution if the comparison meets predetermined criteria.

Abstract: A logical authentication test requires no special hardware. As a proof of identity, the accessor is required to know or to use secret information. In a generalized model of logical authentication, the user learns an encryption algorithm whose functional description is secret. This model includes new tests of secret knowledge which induce larger forgery costs in certain environments than methods currently in wide-spread use.

Abstract: Fault-tolerance is an important requirement in distributed computing systems. However, designing applications for distributed systems is a difficult task, particularly when components of the system can fail. The difficulty of this task increases with the severity of failures encountered. Arbitrary process failures are generally much harder to overcome than failures that are restricted, e.g., where processes only fail by halting. Thus, techniques that restrict the disruptive behavior of faulty processes can greatly simplify the design of fault-tolerant algorithms. Such techniques effectively provide reduction mechanisms from one class of failures to a more benign class. Message authentication is an example of a technique that imposes restrictions on the externally visible behavior of faulty processes. This technique has been used to derive simple solutions to many problems of fault-tolerance for systems with arbitary faults. To exploit the simplicity provided by authentication, we present communication primitives that provide properties of authentication without using digital signatures. These primitives can also be extended to provide properties beyond those of authentication, thereby further restricting the types of faults that have to be overcome. These communication primitives lead to a general methodology for designing fault-tolerant algorithms. We first design an algorithm assuming that messages are signed. Then, replacing signed communication in this algorithm with our broadcast primitive automatically results in an equivalent non-authenticated algorithm. We illustrate this methodology by deriving new solutions to the problems of distributed agreement and clock synchronization in the presence of faults. Our solutions to the problems of Byzantine Agreement, early-stopping Byzantine Agreement, Byzantine Elections, and clock synchronization are simpler and more efficient than those previously known. Furthermore, the clock synchronization algorithm that we propose is the first one that achieves optimal accuracy with respect to real time.

Abstract: The invention relates to security documents and liquids applicant authentication and a marking method. The authentication is performed by performing a synthesis of a fluorescent chelate reaction in or on the materials to be authenticated.

Abstract: The problem of designing key management schemes for establishing end-to-end encrypted sessions between source-destinationpairs when the source and the destination are on different networks interconnected via Gateways and intermediate networks is considered. In such an internet environment, the key management problem attains a high degree of complexity due to the differences in the key distribution mechanisms used in the constituent networks and the infeasibility of effecting extensive hardware and software changes to the existing networks. In this paper, a hierarchical approach for key management is presented which utilizes the existing network specific protocols at the lower levels and protocols between Authentication Servers and/or Control Centers of different networks at the higher levels. Details of this approach are discussed for specific illustrative scenarios to demonstrate the implementational simplicity. A formal verification of the security of the resulting system is also conducted by an automatic procedure utilizing certain combinatory logic principles. This approach is general and can be used for verifying the security of any existing key management scheme.

Abstract: The Open System Interconnection standard (ref1) describes a model for communication among application processes at different computer installations (formalised as “open systems”). Possible ancilliary services provide security such as: user authentication , data privacy, data authentication, access control, protection against forgery and repudiation. Work is going on at present in standards committees to produce a security appendix to the OSI model. OSI security services and protocols should then follow.

Abstract: For identification of smart cards a terminal using a secret code, which is stored in the terminal and on the map, and will be checked before every use of the card. According to the invention, several such codes are stored on the card that allow a change of secret data used for identification or authentication. This code data is activated by means of the contents of a control memory (13) or deactivated. The activation is protected by a second secret code, which is applied only in a gur secured against misuse environment.

Abstract: A method for authenticating nodes/users and in protecting data flow between nodes This is facilitated by creating a dialogue involving authenticated encryption among the nodes During each session, a key for use in cryptographic conversion is constructed among the node participants in order to permit symmetric authentication The key is unique to the session A different key is generated for each and every session The building of the session key involves sharing of a minimal amount of information among the participants in the form of combining both a random number and authentication indicia

Abstract: This paper describes a design for an authentication service for a very large scale, very long lifetime, distributed system. The paper introduces a methodology for describing authentication protocols that makes explicit the trust relationships amongst the participants. The authentication protocol is based on the primitive notion of composition of secure channels. The authentication model offered provides for the authentication of "roles", where a principal might exercise differing roles at differing times, whilst having only a single "identity". Roles are suitable for inclusion in access control lists. The naming of a role implies what entities are being trusted to authenticate the role. We provide a UID scheme that gives clients control over the time at which a name gets bound to a principal, thus controlling the effects of mutability of the name space.

Abstract: The problem of authentication of mutually suspicious parties is one that is becoming more and more important with the proliferation of distributed systems. In this paper we construct a protocol in which users can verify whether they have matching credentials without revealing their credentials to each other unless there is a match. Thk protocol requires a trusted third party, but does not require it to be available to the users except when they sign up for the system. Thus it is useful in situations in which a trusted third party exists, but is not available to all users at all times.