Class / Patent application number | Description | Number of patent applications / Date published |
380281000 | Using master key (e.g., key-encrypting-key) | 25 |
20090136043 | METHOD AND APPARATUS FOR PERFORMING KEY MANAGEMENT AND KEY DISTRIBUTION IN WIRELESS NETWORKS - A method and apparatus are provided that enable a common key distribution and management system to be used for distributing and managing the keys that are used for authenticating, authorizing and ciphering exchanges between a wireless device and an ANP and that are used for authentication, authorizing and ciphering exchanges between wireless device and the SNP. | 05-28-2009 |
20090296941 | Methods and apparatus for protecting digital content - A processing system to serve as a source device for protected digital content comprises a processor and control logic. The processing system may generate and save a first master key, and may transmit that key to a first receiving device for use during a first session. During a second session, the processing system may obtain an identifier for a candidate receiving device. The processing system may use the identifier to determine whether the processing system contains a master key for the candidate receiving device. If the processing system such a master key, the processing system may send verification data concerning that key to the candidate receiving device, and may use that key to encrypt a session key for the second session. If not, a second master key may be generated and transmitted to the candidate receiving device for use during the second session. Other embodiments are described and claimed. | 12-03-2009 |
20090323969 | COMMUNICATION METHOD, COMMUNICATION APPARATUS, AND INTEGRATED CIRCUIT - An object of the present invention is to realize a communication apparatus, a communication method, and an integrated circuit, capable of performing a key updating operation, while having resistibility with respect to noises and DoS attacks without increasing a frequency bandwidth. The present invention is such a communication apparatus for transmitting key update information via a transmission line to another communication apparatus, comprising: a key update information producing unit which generates the key update information having a first time width; a code information producing unit which generates code information which is employed so as to code the key update information; a time width expanding unit | 12-31-2009 |
20090323970 | SYSTEM AND METHOD FOR PROTECTING DATA IN A SECURE SYSTEM - A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets. | 12-31-2009 |
20100150352 | SECURE SELF MANAGED DATA (SSMD) - A system, according to one embodiment, includes a master key for encryption of data; an encryption key site accessible by computer and storing a first piece of the master key; a configuration file resident in a computer file system, the configuration file storing a second piece of the master key; a computer database storing a third piece of the master key; a master-key seal key used to encrypt the master key, wherein a secure self managed data (SSMD) key is obtained by assembling and decrypting the first piece, the second piece and the third piece using the master-key seal key; a unique ID for the data; a classification level for the data; and an expiration time for the data, wherein the data, the unique ID, the classification level, and the expiration time are encrypted together using the SSMD key to form an SSMD encoded data. | 06-17-2010 |
20100272267 | METHOD TO SECURE ACCESS TO AUDIO/VIDEO CONTENT IN A DECODING UNIT - The present invention concerns the generation of a key necessary to decrypt audio/video contents by genuine decoding units. It concerns in particular a method to secure the reception of a broadcast content managed by a control center and encrypted by at least one content key, said content key or a data allowing to recover said content key being transmitted to the decoding units encrypted by a transmission key common to the decoding units, each decoding unit having at least one environment parameter known by the control center, said decoding unit receiving from the control center a first message common to all decoding units and comprising the encrypted transmission key and a second message, pertaining to said decoding unit and comprising correction data dedicated to said decoding unit, the decryption of the transmission key being made using the environment parameter and the correction data. | 10-28-2010 |
20100329465 | METHOD OF TRIGGERING A KEY DELIVERY FROM A MESH KEY DISTRIBUTOR - A mesh station applying for access to a network includes a list of peer stations in messages of an authenticated key establishment protocol. A mesh key distributor derives a key delivery key and generates a top level key, and then delivers the top level key to the mesh station. Following the key establishment protocol, the mesh key distributor also creates pairwise keys for use between the mesh station and the peer stations listed in its peer list. The list of peers permits the identifier for the peer to be bound into the derived key, which helps ensure that the key used between each pair of peers is unique. Once the mesh key distributor finishes creating a key for one of the stations on the peer list, the mesh key distributor sends a message to the peer to initiate a key push. | 12-30-2010 |
20110116636 | Intelligent File Encapsulation - An improved network-based system and network implemented method of distributing and controlling the release of an encapsulated content. The system comprising an archive creation tool configured to create a self-extractable archive comprising an encrypted content, distribution means adapted to distribute the archive to one or more users and a server arranged to remotely control a timed release of the content from each distributed archive by providing a decryption key in response to a key request received on or after a predetermined date and time. In this way, a publisher of the archive can control access to a content even after the archive has been distributed to one or more users. Due to executable functionality within the archive, an additional content, such as advertisements, multimedia files or other documents, can be presented to a user in response to extraction of the archive, without the need for client-based extraction software. | 05-19-2011 |
20110176681 | COMMUNICATION APPARATUS AND COMMUNICATION METHOD - A communication apparatus includes an encryption key generation unit that generates encryption key information at constant encryption key generation intervals, a common key generation unit that generates common key information uniquely with respect to a generation time at common key generation intervals set longer than the encryption key generation intervals, a common key application unit that performs encryption or decryption of the encryption key information by using the common key information, and an encryption key distribution unit that makes a request to a data transmitting/receiving unit to distribute the encryption key information to a plurality of communication apparatuses to be communicated simultaneously at encryption key distribution intervals set shorter than the encryption key generation intervals to perform communication with higher security. | 07-21-2011 |
20110243332 | DATA PROCESSING SYSTEM, DATA PROCESSING METHOD, SOURCE DATA PROCESSING DEVICE, DESTINATION DATA PROCESSING DEVICE, AND STORAGE MEDIUM - A data processing system comprises a plurality of key production modules each of which stores keys required to encrypt data and decrypt the encrypted data, produces a new key, encrypts the newly produced key by using one of the keys stored therein as a master key, and stores the encrypted key therein. The data processing system comprises a key replication unit that, upon producing a new key in one of the key production modules serving as a source key production module, urges the source key production module to encrypt the newly produced key by using one of the keys stored in another of the remaining key production modules serving as a destination key production module, and then stores the encrypted key in the destination key production module, thereby executing a key replication process. | 10-06-2011 |
20110249817 | METHOD OF MANAGING GROUP KEY FOR SECURE MULTICAST COMMUNICATION - A group key management method for secure multicast communication includes: creating a tree having a root node, internal nodes and leaf nodes to manage group keys of a receiver group by a group key management server; generating user keys of all nodes excluding the root node in the tree on the basis of Chinese Remainder Theorem; assigning the leaf nodes of the tree to users of the receiver group; and sending the user keys of the leaf nodes to the corresponding users for group key management. Further, the group key management method for secure multicast communication includes generating group keys of all non-leaf nodes; computing a solution of congruence equations based on the user key and group key by using Chinese Remainder Theorem for each non-leaf node; and multicasting a group key update message to each user of the respective leaf nodes. | 10-13-2011 |
20120045064 | Key Distribution Scheme for Networks of Information - A method for control ling information object ( | 02-23-2012 |
20120177202 | SECURE TRANSPORT OF DOMAIN-SPECIFIC CRYPTOGRAPHIC STRUCTURES OVER GENERAL PURPOSE APPLICATION PROGRAM INTERFACES - A method of distributing cryptographic keys includes determining functional keys of domain-specific cryptographic service provider (DCSP); providing the functional keys to a fused cryptographic API (FCAPI) provided on a first computing device; encoding the functional keys with key encoding keys to produced encoded keys, the encoded keys including wrap or unwrap restrictions; receiving the encoded keys at a second computing device; unwrapping each encoded key until a first functional key is discovered, the first functional key having not including a wrap template; and providing the first functional key to the DCSP on at the computing device. | 07-12-2012 |
20120257756 | Methods, Systems, and Apparatuses for Optimal Group Key Management for Secure Multicast Communication - Apparatuses, systems, and methods for optimal group key (OGK) management that may achieve non-colluding and/or the storage-communication optimality are disclosed. In some embodiments, a group controller (GC) is responsible for key generation and distribution and the group data are encrypted by a group key. When joining the group, in some embodiments, each group member (GM) is assigned a unique n-bit ID and a set of secrets, in which each bit is one-to-one mapped to a unique secret. Whenever GMs are revoked from the group, in some embodiments, the GC will multicast an encrypted key-update message. Only the remaining GMs may be able to recover the message and update GK as well as their private keys. The disclosed OGK scheme can achieve storage-communication optimality with constant message size and immune to collusion attack and also may outperform existing group key management schemes in terms of communication and storage efficiency. | 10-11-2012 |
20130230173 | COMMUNICATION APPARATUS FOR TRANSMITTING OR RECEIVING A SIGNAL INCLUDING PREDETERMIND INFORMATION - A storage stores a common key table containing a plurality of kinds of common keys usable for the communications with other communication apparatuses within the same system, its own identification information, and an update key associated with the identification information. The transmitter transmits the identification information to a system management apparatus for managing the common key table used in the system, the identification information on the communication apparatuses within the system, and the update key associated with the identification information. An acquiring unit acquires, from the system management apparatus that has received the identification information, a common key table for use in update (updating common key table) encrypted using the update key associated with the identification information. A decryption unit decrypts the encrypted updating common key table by use of the update key stored in the storage. | 09-05-2013 |
20130329890 | ELECTRONIC KEY REGISTRATION SYSTEM - An offline immobilizer ECU reads an encryption key generation code from an offline additional electronic key and generates an electronic key encryption key for the offline additional electronic key using the encryption key generation code and a communication subject key encryption key held by the immobilizer ECU. The immobilizer ECU stores, in a memory, the generated electronic key encryption key and a key ID code that is read from the offline additional electronic key. | 12-12-2013 |
20140140514 | Fully Homomorphic Encryption Method Based On A Bootstrappable Encryption Scheme, Computer Program And Apparatus - A method includes encrypting information in accordance with an encryption scheme that uses a public key; encrypting a plurality of instances of a secret key, each being encrypted using at least one additional instance of the public key; sending the encrypted information and the plurality of encrypted instances of the secret key to a destination; receiving an encrypted result from the destination; and decrypting the encrypted result. A further method includes receiving a plurality of encrypted secret keys and information descriptive of a function to be performed on data; converting the information to a circuit configured to perform the function on the data; and applying the data to inputs of the circuit and evaluating the data using, in turn, the plurality of encrypted secret keys. | 05-22-2014 |
20140211944 | SYSTEM AND METHOD OF PROTECTING, STORING AND DECRYPTING KEYS OVER A COMPUTERIZED NETWORK - A system and method of protecting, decrypting, and storing encryption keys. An encryption escrow module stores a library of indexed encryption algorithms. A keychain storage module includes a plurality of encrypted keys and/or keychains that are encrypted according to varying encryption algorithms of the encryption escrow module. Biometrics are used to index encrypted keychains to specific algorithms, but the two are kept separate. Since a naked key is never stored and only produced in cooperation with a specific user, the keychain storage module and the encryption escrow module, cracking attempts that compromise only two of the three groups are unable to generate any naked keys. | 07-31-2014 |
20140270178 | REMOTE KEY MANAGEMENT IN A CLOUD-BASED ENVIRONMENT - Systems and methods are disclosed for facilitating remote key management services in a collaborative cloud-based environment. In one embodiment, the remote key management architecture and techniques described herein provide for local key encryption and automatic generation of a reason code associated with content access. The reason code is used by a remote client device (e.g., an enterprise client) to control a second (remote) layer of key encryption. The remote client device provides client-side control and configurability of the second layer of key encryption. | 09-18-2014 |
20150016612 | SYSTEM AND METHOD FOR REMOTE RESET OF PASSWORD AND ENCRYPTION KEY - Data is secured on a device in communication with a remote location using a password and content protection key. The device stores data encrypted using a content protection key, which itself may be stored in encrypted form using the password and a key encryption key. The remote location receives a public key from the device. The remote location uses the public key and a stored private key to generate a further public key. The further public key is sent to the device. The device uses the further public key to generate a key encryption key, which is then used to decrypt the encrypted content protection key. A new content encryption key may then be created. | 01-15-2015 |
20150124969 | Method and Device for Obtaining a Security Key - A method comprises obtaining scan information by scanning a quick response QR code in a quick response key QRkey card, wherein the QR code includes a website link and a public key; opening a network platform page corresponding to the website link in the QR code; and obtaining a private key matching with the public key in the QR code and sending the private key to a user corresponding to the QRkey card, so that the user corresponding to the QRkey card can encrypt preset information by using the public key and decrypt the encrypted information by using the private key. A device comprises a first acquisition module, an open module and a second acquisition module. In the present invention a public key and a private key can be obtained by scanning a QR code in a QRkey card, thus a simple and convenient method for obtaining a key is provided. | 05-07-2015 |
20150318987 | Encryption Scheme in a Shared Data Store - An improved key encryption system is provided for encrypting sensitive data on a shared data store. Various embodiments contemplate a system where a plurality of data clients are connected to one or more shared data stores. A secure data storage facility is provided on one or more of the shared data stores by using an encryption scheme. Encryption keys for decrypting the sensitive data are stored on the same data store as sensitive data, which may be decrypted using the encryption keys. To provide another layer of security, the data encryption keys are themselves encrypted using a key encryption key (“KEK”), which is generated by, and stored in a local data store associated with the data clients. | 11-05-2015 |
20150341167 | SECURING A DIRECTED ACYCLIC GRAPH - A method and apparatus for securing a directed acyclic graph (DAG) is described. In one embodiment, an algorithm for encrypting a DAG is described that enables encryption of a DAG given a start node (an entrypoint), the node key for that node, and a path to traverse in the graph, where keys are stored on the edges of the DAG instead of on nodes of the DAG. Storing the keys on the edges of the DAG instead of on nodes of the DAG enables efficient querying of the DAG and the ability for a node to have multiple parents that may change without affecting the node's relationship with the non-changing parents. A unique and cryptographically random key is generated for each node created within the DAG (sometimes referred herein as a unique node key). The node key encrypts the node it is generated for and also any edges exiting the node. The node key is not stored with the node. Instead, the node key is stored on the incoming edge to the node (the edge from its parent node) encrypted with the node key of the parent node. In the case of the root node, there is an implicit edge from outside the DAG where the node key of the root node is stored. | 11-26-2015 |
20160065363 | ENHANCED REMOTE KEY MANAGEMENT FOR AN ENTERPRISE IN A CLOUD-BASED ENVIRONMENT - Systems and methods are disclosed for facilitating remote key management services in a collaborative cloud-based environment. In one embodiment, the remote key management architecture and techniques described herein provide for local key encryption and automatic generation of a reason code associated with content access. The reason code is logged by a hardware security module which is monitored by a remote client device (e.g., an enterprise client) to control a second (remote) layer of key encryption. The remote client device provides client-side control and configurability of the second layer of key encryption. | 03-03-2016 |
20160099806 | DISTRIBUTING SECRET KEYS FOR MANAGING ACCESS TO ECUS - A system and method of controlling access to electronic control units (ECUs) includes: receiving, at an ECU supplier computer, a supplier encryption key derived from a master encryption key using a supplier identifier that identifies an ECU supplier; issuing an ECU identifier that identifies an ECU and includes the supplier identifier; generating for the ECU an ECU unlock authorization key using the supplier encryption key and the ECU identifier; and storing the ECU unlock authorization key and the ECU identifier in the ECU. | 04-07-2016 |