Edward M Scheidt, 851048 Dead Run Dr, Mc Lean, VA 22101

6490680, Dec 3, 2002

Dec 4, 1998

09/205221

Edward M. Scheidt - McLean VA
Ersin L. Domangue - Woodbine MA

TecSec Incorporated - Vienna VA

H04L 900

713166, 713176, 713185, 380286

A process of encrypting an object includes applying a hash algorithm to the object, generating a random number, combining a first plurality of splits including the random number to form a working split, encrypting the object using the working split, combining a second plurality of splits not including the random number to form a value, encrypting the random number using the value, encrypting the hashed object according to a signature algorithm using a user private key, encrypting the hashed object according to a selected algorithm using the working split as a key, forming a header including information that can be used to decrypt the object, encrypting the header, and adding the encrypted header to the encrypted object. The pluralities of splits include a fixed split, a variable split, and a label split corresponding to a selected label. The header includes the encrypted random number, a label, and a digital signature.

6542608, Apr 1, 2003

Jul 31, 2001

09/917795

Edward M. Scheidt - McLean VA
C. Jay Wack - Clarksburg MD

TecSec Incorporated - Vienna VA

H04L 912

380 44, 380 46, 380 47, 380262, 380264, 380280, 713162

A cryptographic key split combiner, which includes a number of key split generators for generating cryptographic key splits and a key split randomizer for randomizing the cryptographic key splits to produce a cryptographic key, and a process for forming cryptographic keys. Each of the key split generators generates key splits from seed data. The key split generators may include a random split generator for generating a random key split based on reference data. Other key split generators may include a token split generator for generating a token key split based on label data, a console split generator for generating a console key split based on maintenance data, and a biometric split generator for generating a biometric key split based on biometric data. All splits may further be based on static data, which may be updated, for example by modifying a prime number divisor of the static data. The label data may be read from a storage medium, and may include user authorization data.

6549623, Apr 15, 2003

Feb 4, 2002

09/917802

Edward M. Scheidt - McLean VA
C. Jay Wack - Clarksburg MD

TecSec, Incorporated - Vienna VA

H04L 922

380 44, 380 46, 380 47, 380262, 380264, 713185, 713186

A cryptographic key split combiner, which includes a number of key split generators for generating cryptographic key splits and a key split randomizer for randomizing the cryptographic key splits to produce a cryptographic key, and a process for forming cryptographic keys. Each of the key split generators generates key splits from seed data. The key split generators may include a random split generator for generating a random key split based on reference data. Other key split generators may include a token split generator for generating a token key split based on label data, a console split generator for generating a console key split based on maintenance data, and a biometric split generator for generating a biometric key split based on biometric data. All splits may further be based on static data, which may be updated, for example by modifying a prime number divisor of the static data. The label data may be read from a storage medium, and may include user authorization data.

6606386, Aug 12, 2003

Jul 31, 2001

09/917807

Edward M. Scheidt - McLean VA
C. Jay Wack - Clarksburg MD

TecSec INC - Vienna VA

H04L 922

380 44, 380 46, 380 47, 380262, 380264, 713185, 713186

A cryptographic key split combiner, which includes a number of key split generators for generating cryptographic key splits and a key split randomizer for randomizing the cryptographic key splits to produce a cryptographic key, and a process for forming cryptographic keys. Each of the key split generators generates key splits from seed data. The key split generators may include a random split generator for generating a random key split based on reference data. Other key split generators may include a token split generator for generating a token key split based on label data, a console split generator for generating a console key split based on maintenance data, and a biometric split generator for generating a biometric key split based on biometric data. All splits may further be based on static data, which may be updated, for example by modifying a prime number divisor of the static data. The label data may be read from a storage medium, and may include user authorization data.

6608901, Aug 19, 2003

Jul 31, 2001

09/917794

Edward M. Scheidt - McLean VA
C. Jay Wack - Clarksburg MD

TecSec, Inc. - Vienna VA

H04L 922

380 44, 380 46, 380 47, 380262, 380264

A cryptographic key split combiner, which includes a number of key split generators for generating cryptographic key splits and a key split randomizer for randomizing the cryptographic key splits to produce a cryptographic key, and a process for forming cryptographic keys. Each of the key split generators generates key splits from seed data. The key split generators may include a random split generator for generating a random key split based on reference data. Other key split generators may include a token split generator for generating a token key split based on label data, a console split generator for generating a console key split based on maintenance data, and a biometric split generator for generating a biometric key split based on biometric data. All splits may further be based on static data, which may be updated, for example by modifying a prime number divisor of the static data. The label data may be read from a storage medium, and may include user authorization data.

6684330, Jan 27, 2004

Oct 15, 1999

09/418806

C. Jay Wack - Clarksburg MD
Edward M. Scheidt - McLean VA
Jeffrey K. Morris - Arlington VA

Tecsec, Inc. - Vienna VA

H04L 914

713162, 713153, 713155, 380 44, 380278

A method of providing cryptographic information and flow control includes first determining a target domain from an IP address. An organization policy is looked up from a credential store, and an algorithm and credentials specified for the target domain are looked up in a domain-credential map. Any further credentials that are provided and that are permitted by the organizational policy are added. A working key is then generated, and information is received in the form of a receive packet. Any packet header is stripped from the receive packet and the remaining data is encrypted. Key splits are retrieved from the credential store, and are combined to form a key-encrypting key. The working key is the encrypted with the key-encrypting key, and a CKM header is encrypted. The encrypted CKM header is concatenated to the beginning of the encrypted data to form transmit data, and the packet header and the transmit data are concatenated to form a transmit packet. The transmit packet is then provided to a network interface card for transmission on a network.

6754820, Jun 22, 2004

Jan 30, 2002

10/060011

Edward M. Scheidt - McLean VA
Ersin Domangue - Woodbine MD

Tecsec, Inc. - Vienna VA

G06F 1130

713166, 713184, 713187, 713201, 713202, 380 30, 380277, 380286

A method of securing an object at an access level includes selecting a profile for a user, including a credential having an encrypted credential public key, an encrypted credential public key encryption key, and a multiple-level access identifier. A working key is generated by binding a domain value with a random value. The object is encrypted with the working key. A random value encryption key is generated based on the shared value by decrypting the credential public key encryption key with the profile key encryption key, decrypting the credential public key with the credential public key encryption key, generating an ephemeral key pair, and generating a shared value based on the ephemeral private key and the credential public key. The random value is encrypted with the random value encryption key, and the encrypted object, the ephemeral public key, and the encrypted random value are provided for an authorized recipient.

6845453, Jan 18, 2005

Jan 30, 2002

10/060039

Edward M. Scheidt - McLean VA, US
Ersin Domangue - Woodbine MD, US

Tecsec, Inc. - Vienna VA

G01F 1760
G06F 1130

713202, 713166, 713183, 713184, 713185, 713186, 705 50

A method of authenticating the identity of a user to determine access to a system includes providing a plurality of factor-based data instances corresponding to a user, evaluating the factor-based data instances to determine if the user's identity is authenticated, and granting or restricting the user's access to the system if the user's identity is authenticated. More particularly, the method includes providing a modified data instance based on a second data instance, generating a key based on a first data instance, applying the key to the a modified data instance to generate a recovered data instance, interrogating the recovered data instance against the second data instance to generate an authentication value as a result of a correspondence evaluation, and granting or restricting the user's access to the system based at least in part on the validity of the authentication value.