Entries |
Document | Title | Date |
20080199005 | SIGNAL PROCESSOR - Original data to be a source for an encryption key is read from a memory cell array and stored in a buffer region. An encryption key generation unit generates a plurality of encryption keys by variously modifying the original data read from the buffer region based on a predetermined generation rule. The encryption unit generates an encrypted command by encrypting commands individually with an encryption key different for each command, out of the plurality of encryption keys generated by the encryption key generation unit. | 08-21-2008 |
20080212770 | Key Information Generating Method and Device, Key Information Updating Method, Tempering Detecting Method and Device, and Data Structure of Key Information - A domain key is used to perform chaining decryption with respect to encrypted content key information (ST | 09-04-2008 |
20080212771 | Method and Devices For User Authentication - For authenticating a user using a communication terminal ( | 09-04-2008 |
20080219439 | Image processing apparatus, encryption communications device, encryption communications system, and computer readable medium - An image processing apparatus includes: a first value generation unit that generates a first value changing in time sequence; a second value generation unit that generates a second value changing in time sequence identical with the time sequence of the first value; a synchronization unit that synchronizes the first and the second value generation unit; a value output unit that causes the first and second value generation unit to simultaneously output the first and second values; a first key generation unit that generates a first key in accordance with the output first value output; an encryption unit that encrypts information in accordance with the generated first key; a second key generation unit that generates a second key in accordance with the output second value; and a decryption unit that decrypts the information encrypted by the encryption unit, in accordance with the generated second key. | 09-11-2008 |
20080232582 | Method for Dynamically Authenticating Programmes with an Electronic Portable Object - A method for dynamically authenticating an executable program, that is the continuation of the instructions defined thereby, is performed repeatedly during the very execution of the program. The method for making secure an electronic portable object through execution of a program supplied by another insecure electronic object uses, inter alia, a secret key protocol. | 09-25-2008 |
20080232583 | Vehicle Segment Certificate Management Using Shared Certificate Schemes - The present invention advantageously provides techniques to solve problems with combinatorial anonymous certificate management by addressing critical issues concerning its feasibility, scalability, and performance. Methods and procedures to manage IEEE 1609.2 anonymous and identifying cryptographic keys and certificates in the Vehicle Infrastructure Integration (VII) system are presented, along with methods for management of identifying and anonymous certificates in a partitioned Certificate Authority architecture designed to enhance vehicle privacy. Novel methods for vehicles to dynamically change an anonymous certificate for use while maintaining vehicle privacy are given. Refinements to basic combinatorial schemes are presented including probabilistic key replacement, rekey counter decrement, dynamic rekey threshold, geographic attack isolation and proofs of geographic position. | 09-25-2008 |
20080240426 | Flexible architecture and instruction for advanced encryption standard (AES) - A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a “one round” pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers. | 10-02-2008 |
20080240427 | Key Management - The present invention relates to arrangements and methods for generating keys for cryptographic processing of communication between a first communication unit ( | 10-02-2008 |
20080247540 | METHOD AND APPARATUS FOR PROTECTING DIGITAL CONTENTS STORED IN USB MASS STORAGE DEVICE - A method and apparatus for protecting digital content stored in a universal serial bus (USB) mass storage (UMS) device from unlimited distribution are provided. According to the method and apparatus, a UMS device generates a random key according to a request from a user and shows the generated random key to the user, and then, by using the random key, registration data is encrypted. Accordingly, only a USB host that registers the UMS device after the user connects the USB host directly to the UMS device, can freely use digital content of the UMS device, and even if encrypted registration data of the UMS is leaked out, unauthorized devices cannot register the UMS device. | 10-09-2008 |
20080260144 | IMAGE FORMING APPARATUS - An image forming apparatus is supplied capable of preventing data stored in a non-volatility memory from being read out when the non-volatility memory is stolen. In the image forming apparatus, an encryption function section of encryption/decryption function section encrypts print job received from an information processing apparatus or print data made in the image forming apparatus, and stores it to a non-volatility memory; and a decryption function section of the encryption/decryption function section decrypts the print job or the print data encrypted by the encryption function section and stored in the non-volatility memory, and outputs it. | 10-23-2008 |
20080267394 | Identity-Based Key Generating Methods and Devices - The present invention discloses a method and device of generating asymmetrical key pair (public key and private key) based on user identity. Key Management Center (KMC) generates public/private key calculating base, and publish the public key calculating base. Based on identity provided by a user, a private key is calculated and provided to the user. Any user can calculate other user's public key based on other user's identity and the published public key calculating base. Thus, when obtaining the public key of the communicating party, no third party CA certificate is needed, and no maintenance of mass parameters associated with users are needed. | 10-30-2008 |
20080267395 | APPARATUS AND METHOD FOR ENCRYPTED COMMUNICATION PROCESSING - To provide an apparatus and a method for encrypted communication processing in inter-node communication on a network capable of performing effective encrypted communication with improved security. In the inter-node multicast communication on the network, by first setting one or more of encryption keys, it can be avoided to deteriorate, by the procedure for an encrypted communication, the condition where the multicast communication is possible. Therefore, the multicast by the effective encrypted communication with improved security becomes possible. | 10-30-2008 |
20080273696 | Use of Indirect Data Keys for Encrypted Tape Cartridges - A method, system and program are provided for enabling selective access to multiple users' encrypted data in a single storage cartridge. A unique, derived key is generated for each user's data by performing cryptographic operations on a combination of a common base key and metadata related to the data to be encrypted (e.g. its total block count). The base data key is wrapped with one or more encryption keys to form one or more encryption encapsulated data keys (EEDKs). The base key and the derived key are wrapped to create a session encrypted data key (SEDK), which along with the EEDKs, are conveyed to the tape drive, where the SEDK is decrypted. The EEDKs are then stored in one or more places on the storage cartridge. The base key and the derived key are used to encrypt a predetermined user's data, with the derived key stored on the cartridge with the encrypted data. The encrypted data may be subsequently decrypted by retrieving the EEDK and decrypting it with a decryption key to extract the base data key. The extracted base data key can then be used with other information to calculate the derived key. Once calculated, the derived key is used to decrypt its associated encrypted data. | 11-06-2008 |
20080273697 | Use of Indirect Data Keys for Encrypted Tape Cartridges - A method, system and program are provided for enabling selective access to multiple users' encrypted data in a single storage cartridge. A unique, derived key is generated for each user's data by performing cryptographic operations on a combination of a common base key and metadata related to the data to be encrypted (e.g. its total block count). The base data key is wrapped with one or more encryption keys to form one or more encryption encapsulated data keys (EEDKs). The base key and the derived key are wrapped to create a session encrypted data key (SEDK), which along with the EEDKs, are conveyed to the tape drive, where the SEDK is decrypted. The EEDKs are then stored in one or more places on the storage cartridge. The base key and the derived key are used to encrypt a predetermined user's data, with the derived key stored on the cartridge with the encrypted data. The encrypted data may be subsequently decrypted by retrieving the EEDK and decrypting it with a decryption key to extract the base data key. The extracted base data key can then be used with other information to calculate the derived key. Once calculated, the derived key is used to decrypt its associated encrypted data. | 11-06-2008 |
20080285747 | ENCRYPTION-BASED SECURITY PROTECTION METHOD FOR PROCESSOR AND APPARATUS THEREOF - An encryption-based security protection method and apparatus are provided. The method includes generating a random key pattern table in order to allocate a plurality of random key patterns of original data to be transmitted; generating an address pattern table in order to allocate a plurality of address patterns of addresses in which the original data is stored; and generating a mapping table in order to map the plurality of random key patterns and the plurality of address patterns. The apparatus includes an address pattern table generation unit; a random key pattern table generation unit; a mapping table generation unit; and an internal memory unit which stores the address pattern table, the random key pattern table, and the mapping table. | 11-20-2008 |
20080285748 | Method for generating secret key in computer device and obtaining the encrypting and decrypting key - The invention relates to a method for generating an secret key in a computer device and using the secret key. The method includes the step of receiving an inputted password first, then processing the inputted password with a device key to generate a user certificate, wherein the device key is established according to the information which is dependent on the computer device and is stored in the non-volatile storage device. | 11-20-2008 |
20080298581 | Application-Specific Secret Generation - A method, computer program product, and data processing system for protecting sensitive program code and data (including persistently stored data) from unauthorized access are disclosed. Dedicated hardware decrypts an encrypted kernel into memory for execution. When an application is to be executed, the kernel computes one or more secrets by cryptographically combining information contained in the application with secret information contained in the kernel itself. The kernel then deletes its secret information and passes the computed secrets to the application. To store data persistently in memory, the application uses one of the computed secrets to encrypt the data prior to storage. If the kernel starts another instance of the same application, the kernel (which will have been re-decrypted to restore the kernel's secrets) will compute the same one or more secrets, thus allowing the second application instance to access the data encrypted by the first application instance. | 12-04-2008 |
20080298582 | Broadcast Cryptosystem, Crypto-Communication Method, Decryption Device, and Decryption Program - A client's secret key is Ki=(s+Ii) | 12-04-2008 |
20080304658 | Wireless Communication Apparatus and Wireless Communication Method - An inventive wireless communication apparatus that, in a wireless communication system to which a secret key scheme is applied, can generate a secret key, which is different from a secret key generated by a third party, even if a wireless signal is intercepted by the third part having an approximate propagation path environment to a receiving wireless communication apparatus. In the inventive apparatus, an eigenvalue selecting part ( | 12-11-2008 |
20080304659 | METHOD AND APPARATUS FOR EXPANSION KEY GENERATION FOR BLOCK CIPHERS - A key scheduler performs a key-expansion to generate round keys for AES encryption and decryption just-in-time for each AES round. The key scheduler pre-computes slow operations in a current clock cycle to reduce the critical delay path for computing the round key for a next AES round. | 12-11-2008 |
20080304660 | IMAGE FORMING APPARATUS ALLOWING EASY MANAGEMENT RELATING TO USER'S USAGE | 12-11-2008 |
20080304661 | CONTENT DISTRIBUTION/BROWSING SYSTEM, CONTENT DISTRIBUTION APPARATUS, CONTENT BROWSING APPARATUS AND PROGRAM - A content distribution/browsing system is disclosed. First to (m−1)th encrypted content items E(K | 12-11-2008 |
20080304662 | GROUP KEY EXCHANGES WITH FAILURES - A method for generating a session key on demand in a network among participating network devices, including choosing a private and public key according to a public key encryption scheme, and broadcasting the public key to each other participating network device; choosing a local contribution value from a multiplicative group of size q; encrypting the local contribution value under the received public key to an encrypted contribution value and sending the encrypted contribution value; receiving encrypted contribution values and deriving decrypted contribution values by applying the private key; deriving a blinded session key from the decrypted contribution values and the local contribution value; agreeing on one of the blinded session keys by using an agreement protocol; and deriving the session key from the agreed-on blinded session key by applying one of the decrypted contribution values and the contribution value A corresponding computer program element, computer program product, and computer device. | 12-11-2008 |
20080317247 | Apparatus and Method for Processing Eap-Aka Authentication in the Non-Usim Terminal - Disclosed are an apparatus and a method for processing authentication using Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA) in a non-Universal Subscriber Identity Module (USIM) terminal without a USIM card. | 12-25-2008 |
20090003597 | Small Public-Key Based Digital Signatures for Authentication - Embodiments disclosed allow authentication between two entities having agreed on the use of a common modulus N. The authentication includes generating a pseudorandom string value; generating a public key value based on the modulus N and the pseudorandom string value; generating a private key value corresponding to the public key value; receiving a verifier's public key value; generating a shared secret value based on the modulus N, the private key value and the verifier's public key value; calculating an authentication signature value using the shared secret value; and transmitting the authentication signature value for authentication. When the authentication signature is received, the public key value and the shared value are generated to calculate an authentication signature value. Thereafter, the authentication signature values are compared and authenticated. | 01-01-2009 |
20090016524 | PEER TO PEER IDENTIFIERS - In an ad hoc peer-to-peer type network during peer discovery, information relating to users of various devices is broadcast to other devices in the network, which can compromise privacy of the users. Instead of announcing a public identifier that might be known by a multitude of individuals, the user device announces a private identifier that might be known to, or determined by, a select few individuals. The individuals selected can be given a key to determine the private identifier associated with a public identifier, or vice versa, wherein that key can have a validity range or a period of time, after which the key expires. Prior to the expiration of the key, the selected individuals, through their respective devices, can detect a corresponding user and/or device by the current private identifier being announced, thus mitigating the number of people that are aware of the user's presence. | 01-15-2009 |
20090034722 | METHOD OF ENCRYPTING AND DECRYPTING DATA STORED ON A STORAGE DEVICE USING AN EMBEDDED ENCRYPTION/DECRYPTION MEANS - A method of encrypting data is provided that uses a medium key retrieved from a storage medium. The medium key is combined with another key to generate a combination key. Content is encrypted according to the combination key and written to the storage medium. | 02-05-2009 |
20090041237 | INFORMATION PROCESSING APPARATUS, INFORMATION RECORDING MEDIUM MANUFACTURING APPARATUS, INFORMATION RECORDING MEDIUM, METHOD, AND COMPUTER PROGRAM - To provide a configuration in which a unit classification number corresponding to a content playback path is set based on various units. A unit classification number defining a playback path of content including encrypted data having different variations generated by encrypting a segment portion which forms the content by using a plurality of segment keys and encrypted content generated by encrypting a non-segment portion by a unit key is set based on various units, such as a content management unit and an index. In a CPS unit key file storing key generating information concerning CPS units as content management units, settings of unit classification numbers are indicated. Based on the CPS unit key file, a unit classification number to which content to be played back belongs can be obtained. | 02-12-2009 |
20090041238 | IMPLICIT CERTIFICATE SCHEME - A method of generating a public key in a secure digital communication system, having at least one trusted entity CA and subscriber entities A. For each entity A, the trusted entity selects a unique identity distinguishing the entity A. The trusted entity then generates a public key reconstruction public data of the entity A by mathematically combining public values obtained from respective private values of the trusted entity and the entity A. The unique identity and public key reconstruction public data of the entity A serve as A's implicit certificate. The trusted entity combines the implicit certificate information with a mathematical function to derive an entity information f and generates a value k | 02-12-2009 |
20090046853 | Method and system for generating a pair of public key and secret key - A method of generating a pair of public key and secret key, includes the steps of selecting a public key; selecting a secret key; computing a heavy prime number in responsive to the public key and the secret key; factoring the heavy prime number by selecting first and second prime numbers in condition that a sum of said first and second prime numbers equals to the heavy prime number; and pairing the secret key with the public key in term of the heavy prime number as a bridge to generate a unique combination between the secret key with the public key. Therefore, the secret key is definitively undetermined by conjecturing the public key even though the public key is known. | 02-19-2009 |
20090046854 | Method for a Public-Key Infrastructure Providing Communication Integrity and Anonymity While Detecting Malicious Communication - An inventive scheme for detecting parties responsible for repeated malicious activities in secure and anonymous communication is presented. The scheme comprises generating a pool of keys, distributing to and associating with each party a small number of keys chosen randomly from the pool, revoking a key when it is detected as used in a malicious activity, creating a set of parties associated with the revoked key, revoking additional keys randomly chosen among the keys not currently revoked, selecting new keys, and when a party requests an updated key, sending the updated key selected from among the new keys to the requesting party, wherein if an other malicious activity is detected, creating another set of the parties associated with the other malicious activity and identifying the parties in both sets. The steps of the inventive scheme are repeated until only one party is in the intersection set. | 02-19-2009 |
20090052663 | METHODS FOR CREATING SECRET KEYS BASED UPON ONE OR MORE SHARED CHARACTERISTICS AND SYSTEMS THEREOF - A method and system for generating one or more keys includes obtaining at two or more devices data based on movement of at least one of the devices with the respect to the other device. At least one key is generated based on the obtained data at each of the devices for use in securing communications between the devices. The key at each of the devices is substantially the same. | 02-26-2009 |
20090052664 | Bulk Data Erase Utilizing An Encryption Technique - Disclosed is a method for eliminating access to data on removable storage media of a removable storage media cartridge. A key is stored on the removable storage media cartridge, such that data on the removable storage media is accessible with the key. Upon receiving a command to eliminate access to data on the removable storage media the key is shredded such that access to data on the removable storage media is eliminated. | 02-26-2009 |
20090052665 | Bulk Data Erase Utilizing An Encryption Technique - A system and a computer program product are disclosed for eliminating access to data on removable storage media of a removable storage media cartridge. The system comprises a data storage drive that stores a key on the removable storage media cartridge, such that data on the removable storage media is accessible with the key. Upon receiving a command to eliminate access to data on the removable storage media the data storage drive shreds the key such that access to data on the removable storage media is eliminated. | 02-26-2009 |
20090060178 | Management system for web service developer keys - Various technologies and techniques are disclosed for managing web service developer keys. A generic key identifier can be generated based on an original web service key. The generic key identifier is used within source code of an application being developed. Upon receiving a request to run the application, the generic key identifier is transformed back into the original web service key prior to calling an associated web service. Multiple users can securely share the same application that uses the web service. When one user who does not have his own original web service key accesses the application, that user can be prompted to obtain and enter the original web service key once the key has been obtained from a provider of the web service. | 03-05-2009 |
20090067622 | METHOD AND APPARATUS FOR PROTECTING CONTENT CONSUMER'S PRIVACY - Provided is a method of protecting a content consumer's privacy. The method includes classifying contents into content groups, encrypting the contents using different encryption keys, generating a plurality of decryption keys each of which can decrypt all contents in each of the content groups, and provides the generated decryption keys to authorized clients, wherein each client is provided with a different decryption key. | 03-12-2009 |
20090067623 | Method and apparatus for performing fast authentication for vertical handover - A method and apparatus for performing fast authentication for a vertical handover are provided. The method includes requesting a handover from a serving network to a target network and generating a derivative Master Session Key (MSK) for key generation, and transmitting the derivative MSK to the target network. Accordingly, a key negotiation process can start by skipping an access authentication process. Therefore, there is an advantage in that a fast authentication process can be achieved. | 03-12-2009 |
20090074182 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, RECORDING MEDIUM, AND PROGRAM - The present invention relates to an information processing apparatus, an information processing method, a recording medium, and a program for importing and exporting a content with information missing controlled. A CPU extracts a sound track contained in the content in step S | 03-19-2009 |
20090074183 | INFORMATION PROCESSING APPARATUS, ELECTRONIC DEVICE, INFORMATION PROCESSING METHOD AND INFORMATION PROCESSING MEDIUM - The usage restriction of a first content which has already been distributed is made to efficiently function when processing in which a second content refers to the first content is performed. A secret key and a public key are generated for a first content, the public key is added to the first content to transmit the first content, and when a second content which wants to refer to the first content is generated, a signature from a administrator of the first content by the secret key generated at the time of broadcasting the first content is requested on a predetermined data added to the second content. When the signature is given, the second content to which the signed predetermined data is added is transmitted. On the receiving side, by employing the public key added to the first content, processing that collates the signature on the predetermined data added to the second content is performed, and when the collation succeeds, a predetermined processing is given to the stored first content to output the first content based upon the instruction of the second content. | 03-19-2009 |
20090080649 | METHOD AND SYSTEM FOR PROTECTING DATA - Methods and systems for protecting data may include controlling encryption and/or decryption and identifying a destination of corresponding encrypted and/or decrypted data, utilizing rules based on a source location of the data prior to the encryption or decryption and an algorithm that may have been previously utilized for encrypting and/or decrypting the data prior to the data being stored in the source location. The source location and/or destination of the data may comprise protected or unprotected memory. One or more of a plurality of algorithms may be utilized for the encryption and/or decryption. The rules may be stored in a key table, which may be stored on-chip, and may be reprogrammable. One or more keys for the encryption and/or decryption may be generated within the chip. | 03-26-2009 |
20090080650 | SECURE EMAIL COMMUNICATION SYSTEM - The present invention provides a method and system for securing a digital data stream. A first key of a first asymmetric key pair from a key store remote from a host node is received at the host node. A dynamically generated key is received at the host node, which is used to encipher the digital data stream. The dynamically generated key is enciphered with the first key of the first asymmetric key pair. The enciphered digital data stream and the enciphered dynamically generated key are stored remotely from the host node and the key store. | 03-26-2009 |
20090086964 | PROVIDING LOCAL STORAGE SERVICE TO APPLICATIONS THAT RUN IN AN APPLICATION EXECUTION ENVIRONMENT - Methods, systems, and apparatus, including medium-encoded computer program products, for providing local storage service to applications that run in an application execution environment. In one aspect, a method includes receiving a request from one of the applications, wherein the request triggers local storage of information; obtaining an encryption key based on identifiers including a first identifier corresponding to the application execution environment, a second identifier corresponding to the one application, and a third identifier corresponding to the computing apparatus; encrypting the information using the encryption key; and storing the encrypted information in the computing apparatus. | 04-02-2009 |
20090086965 | SECURE, TWO-STAGE STORAGE SYSTEM - A two-stage storage security system comprising an address translator and a cryptographic engine for a mobile computing platform is provided. In response to a write operation, the address translator receives unencrypted data blocks, from an initiator, and associates the blocks with corresponding scrambled data storage addresses. The cryptographic engine encrypts the unencrypted data blocks to be stored on the platform storage component at the corresponding scrambled data storage addresses. The address translator applies a predetermined reversible translation function to reversibly remap addresses, and the cryptographic engine applies a predetermined cryptographic technique to encrypt and decrypt the data blocks. In a read operation, encrypted data blocks retrieved from the storage component are decrypted and restored to an original logical order. Decryption of storage component data is allowed when storage component is coupled to the corresponding platform. | 04-02-2009 |
20090086966 | REPRODUCTION APPARATUS, REPRODUCTION METHOD AND INFORMATION RECORDING MEDIUM - According to one embodiment, an information storage medium comprises a content encrypted by a content encryption key; a content encryption key file encrypted by a first encryption key or third encryption key; an encryption key block from which a third encryption key prime providing a source of the first encryption key or third encryption key by being processed by using a second encryption key of a player; and a program configured to make the player calculate the third encryption key from the third encryption key prime. The content encryption key file comprises a flag indicating whether the key file is encrypted by the third encryption key or first encryption key. | 04-02-2009 |
20090086967 | Image Forming Apparatus - An image forming apparatus is supplied capable of preventing an information leakage even if encrypted print data outflows from the image forming apparatus. In the image forming apparatus, a first encryption key storing section stores a first part encryption key generated by a part of an encryption key; a second encryption key storing section stores a second part encryption key generated by other part of the encryption key; an encryption key generating section reads out the second part encryption key when the second encryption key storing section is attached, reads out the first part encryption key, generates the encryption key, and stores it into a volatility memory; an encryption processing section encrypts print information through using the encryption key, and makes encryption print information; a nonvolatility storing section stores the encryption print information; a decryption processing section reads out the encryption print information and the encryption key, and decrypts the print information; and an image forming section forms an image of the decrypted print information. | 04-02-2009 |
20090086968 | A METHOD FOR THE APPLICATION OF IMPLICIT SIGNATURE SCHEMES - A method of verifying a transaction over a data communication system between a first and second correspondent through the use of a certifying authority. The certifying authority has control of a certificate's validity, which is used by at least the first correspondent. The method comprises the following steps. One of the first and second correspondents advising the certifying authority that the certificate is to be validated. The certifying authority verifies the validity of the certificate attributed to the first correspondent. The certifying authority generates implicit signature components including specific authorization information. At least one of the implicit signature components is forwarded to the first correspondent for permitting the first correspondent to generate an ephemeral private key. At least one of the implicit signature components is forwarded to the second correspondent for permitting recovery of an ephemeral public key corresponding to the ephemeral private key. The first correspondent signs a message with the ephemeral private key and forwards the message to the second correspondent. The second correspondent attempts to verify the signature using the ephemeral public key and proceeds with the transaction upon verification. | 04-02-2009 |
20090097640 | DEVICE AND METHOD FOR DETERMINING AN INVERSE OF A VALUE RELATED TO A MODULUS - A device for determining an inverse of an initial value related to a modulus, comprising a unit configured to process an iterative algorithm in a plurality of iterations, wherein an iteration includes two modular reductions and has, as an iteration loop result, values obtained by an iteration loop of an extended Euclidean algorithm. | 04-16-2009 |
20090097641 | MANAGEMENT-APPARATUS CARD, MEASURING APPARATUS, HEALTH CARE SYSTEM, AND METHOD FOR COMMUNICATING VITAL SIGN DATA - The management-apparatus card capable of being attached to a management apparatus receives, from the measuring apparatus, first unique information indicating the measuring apparatus, and identification information indentifying a user of the measuring apparatus; stores second unique information indicating the management-apparatus card; generates a decryption key corresponding to an encryption key, using the first unique information, the second unique information, and the identification information; stores the generated decryption key; receives encrypted vital sign data from the measuring apparatus; decrypts the received vital sign data using the stored decryption key; and obtains the decrypted vital sign data. | 04-16-2009 |
20090103722 | APPARATUS AND METHOD TO PROVIDE SECURE COMMUNICATION OVER AN INSECURE COMMUNICATION CHANNEL FOR LOCATION INFORMATION USING TRACKING DEVICES - A system for securing information. The system includes a first tracking device associated with an object or an individual. In one embodiment, the first tracking device generates independently a synchronous secret key and a server generates independently the synchronous secret key. Over an insecure communication channel, the server communicates an asynchronous vector pair encrypted with the synchronous secret key with the tracking device. To securely communicate information, messages are encrypted and decrypted using the asynchronous vector pair between the tracking device and the server. To further secure message information, a set of random numbers may be further utilized with the asynchronous vector pair to further encrypt and decrypt the messages communicated between the tracking device and the server. | 04-23-2009 |
20090103723 | System And Method For Secure Storage Of Data - A method of securely storing a data item including obtaining the data item; translating the data item into a first plurality of data blocks using an erasure code associated with a rate; and storing at least a subset of the first plurality of data blocks, where a size of the subset exceeds a product of the rate and a size of the first plurality of data blocks. | 04-23-2009 |
20090103724 | COMMUNICATION DEVICE AND REKEYING CONTROL METHOD IN SECURED COMMUNICATION - A communication device which performs automatic rekeying in a secured communication system, includes: a rekeying time manager for generating a rekeying request at a previously designated rekeying time; and a rekeying controller for controlling the automatic rekeying to forcefully perform rekeying based on the rekeying request. | 04-23-2009 |
20090110191 | Techniques For Encrypting Data On Storage Devices Using An Intermediate Key - A data storage device encrypts data stored in non-volatile memory using a bulk encryption key. The data storage device uses a key derivation function to generate an initial encryption key. The data storage device then wraps an intermediate encryption key with the initial encryption key and stores the wrapped intermediate key in the non-volatile memory. The data storage device wraps the bulk encryption key with the intermediate encryption key and stores the wrapped bulk encryption key in the non-volatile memory. The data storage device can unwrap the wrapped intermediate key to generate the intermediate encryption key using the initial encryption key. The data storage device can unwrap the wrapped bulk encryption key to generate the bulk encryption key using the intermediate encryption key. The data storage device decrypts data stored in the non-volatile memory using the bulk encryption key. | 04-30-2009 |
20090110192 | SYSTEMS AND METHODS FOR ENCRYPTING PATIENT DATA - Certain embodiments of the present invention provide a method for protecting electronic patient data in a healthcare environment. The method includes selecting the patient data to be protected, selecting a biometric identifier from a patient, generating an encryption key based on the biometric identifier, and encrypting the patient data. The method may also include authenticating the encrypted patient data. The biometric identifier may be a DNA sequence. The method may also include applying a hash function to the DNA sequences to obtain a hash value. The encryption key may be based at least in part on the hash value. | 04-30-2009 |
20090116641 | ACCESS CONTROL KEY MANAGEMENT IN A VIRTUAL WORLD - Access control key management in a virtual world that includes generating a key for access to a virtual space, a service, an event, or an item in a virtual world, assigning one or more parameters to the key, providing the key to an avatar in the virtual world, and accessing the virtual space, the service, or the item by the avatar using the key in accordance with the one or more parameters. The one or more parameters may include a type parameter, a frequency parameter, a duration parameter, or a value parameter. The avatar may be denied access if the duration parameter has expired and may be allowed access while the duration parameter has not expired. The one or more parameters may be determined responsive to rules associated with the virtual space, the service, the event or the item. | 05-07-2009 |
20090116642 | METHOD AND DEVICE FOR GENERATING LOCAL INTERFACE KEY - A method for generating a local interface key includes: generating a variable parameter; and deriving the local interface key, according to the variable parameter generated and related parameters for calculating the local interface key. The method simplifies the process in which the terminal obtains the local interface key and the system resources are saved. Moreover, the local interface key is derived through the variable parameter and the valid key information. Thus, the security level between the UICC and the terminal is ensured. | 05-07-2009 |
20090129590 | COMMON KEY GENERATION SYSTEM, COMMON KEY GENERATION METHOD AND NODE USING THE SAME - First and second nodes generate numeric string elements from time interval by their physical changes. The first node generates a basic numeric string from the numeric string elements and similar numeric strings, encrypts the generated basic numeric string and the similar numeric strings, and generates a cipher value list that stores the numeric strings with corresponding cipher values. The second node generates a basic numeric string based on the numeric string elements generated by the second node, encrypts the generated basic numeric string in accordance with the same encryption rule as that for the first node, and transmits the generated cipher value to the first node. The first node receives a cipher value from the second node, and compares the received cipher value with the cipher values in the cipher value list to find a match, and transmits a match signal if a match is found. | 05-21-2009 |
20090141889 | DATA PROCESSING APPARATUS - To improve encryption technology for a data processing apparatus in order to reduce a possibility of having communication broken by a third party. The data processing apparatus encrypts subject data and renders it as encrypted data to record it on a predetermined recording medium, and decrypts the encrypted data recorded on the recording medium to change it back to the subject data. The encryption is performed in units of plain text cut data generated by cutting the subject data by a predetermined number of bits, where the number of bits of the plain text cut data is varied and dummy data of a size having the number of bits matching with a piece of the plain text cut data of the largest number of bits is mixed with pieces of the plain text cut data other than that of the largest number of bits out of the plain text cut data. | 06-04-2009 |
20090141890 | DIGITAL AUTHENTICATION OVER ACOUSTIC CHANNEL - Apparatus and method are disclosed for digital authentication and verification. In one embodiment, authentication involves storing a cryptographic key and a look up table (LUT), generating an access code using the cryptographic key; generating multiple parallel BPSK symbols based upon the access code; converting the BPSK symbols into multiple tones encoded with the access code using the LUT; and outputting the multiple tones encoded with the access code for authentication. In another embodiment, verification involves receiving multiple tones encoded with an access code; generating multiple parallel BPSK symbols from the multiple tones; converting the BPSK symbols into an encoded interleaved bit stream of the access code; de-interleaving the encoded interleaved bit stream; and recovering the access code from the encoded de-interleaved bit stream. | 06-04-2009 |
20090141891 | DISTRIBUTED SCALABLE CRYPTOGRAPHIC ACCESS CONTROL - Published resources are made available in an encrypted form, using corresponding resource keys, published through resource key files, with the publications effectively restricted to authorized peer systems only by encrypting the resource keys in a manner only the authorized peer systems are able to recover them. In one embodiment, the resource keys are encrypted using encryption public keys of the authorized peer systems or the groups to which the authorized peer system are members. In one embodiment, the encryption public keys of individual or groups of authorized peer systems are published for resource publishing peer systems through client and group key files respectively. Group encryption private keys are made available to the group members through published group key files. Further, advanced features including but not limited to resource key file inheritance, password protected publication, obfuscated publication, content signing, secured access via gateways, and secured resource search are supported. | 06-04-2009 |
20090147949 | UTILIZING CRYPTOGRAPHIC KEYS AND ONLINE SERVICES TO SECURE DEVICES - The claimed subject matter in accordance with an aspect provides systems and/or methods that generates, allocates, or utilizes strong symmetric cryptographic keys to secure storage devices. The system can include components that determine whether a storage device with an associated credential cache has been affiliated with the system. The system extracts authentication information included within the credential cache and establishes communications with a web service that utilizes the authentication information to generate and return a set strong symmetric cryptographic keys to the system. The system employs one of the set of strong symmetric cryptographic keys to encrypt or decrypt the storage device to make content persisted on the storage device available and thereafter removes the distributed set of strong symmetric cryptographic keys from the system. | 06-11-2009 |
20090147950 | CRYPTOGRAPHIC DEVICE FOR FAST SESSION SWITCHING - Provided is a cryptographic device for fast session switching, and more particularly, a cryptographic device using a block cipher algorithm and capable of rapidly performing session switching. The cryptographic device includes: a block cipher algorithm executer for performing encryption or decryption on input data using an initialization vector and a round key corresponding to a current session; an initialization vector manager for storing an initialization vector input from outside of the cryptographic device and an initialization vector received from the block cipher algorithm executer, and providing the initialization vector corresponding to the current session to the block cipher algorithm executer; and a session round key generator for storing a session key input from outside of the cryptographic device, generating the round key based on a session key corresponding to the current session, and providing the round key to the block cipher algorithm executer. The device has a structure capable of performing minimum operation to store and manage an initialization vector and a session key, and thus can minimize delay time caused by session switching. | 06-11-2009 |
20090147951 | METHOD OF HANDLING SECURITY KEY CHANGE AND RELATED COMMUNICATION DEVICE - A method of handling security key change for a user equipment in a wireless communication system includes applying a radio resource control procedure to activate key change, where the radio resource control procedure covers two conditions where the key change is accompanied with an authentication and key agreement run and without an authentication and key agreement run. | 06-11-2009 |
20090154694 | CONTENTS MANAGEMENT SYSTEM, AND CONTENTS MANAGEMENT DEVICE - Provided is a content management device, which is connected with a plurality of terminal devices for performing a content moving operation while considering the conveniences of the users of the individual terminal devices. The content management device comprises a content storage unit stored with one or more contents, a move information management unit stored with first range information indicating the partial or entire range of the content to be moved, a range information receiving unit for accepting second range information indicating the range requiring the move, from one terminal device, a judgement unit for deciding whether or not the range indicated by the first range information and the range indicated by the second range information overlap at least partially, and a control unit for permitting the required range to be moved to the terminal device, in case the decision by the judgement unit is NO. | 06-18-2009 |
20090154695 | MANAGING A PLURALITY OF CACHED KEYS - In a method of managing a plurality of cached keys, a determination is made as to whether to generate an additional key for the plurality of cached keys. If it is determined to generate the additional key, control of a central processing unit is acquired and a first current time is recorded. While a difference between a second current time and the first current time is not greater than a predefined time slice, one or more operational units of a plurality of operational units for generating the additional key are executed on the central processing unit. If the additional key is completed, the additional key is saved as a cached key with the plurality of cached keys. | 06-18-2009 |
20090161866 | SECURE COMMUNICATION METHOD AND SYSTEM - A system for providing secure communication of a message between parties is provided. The system includes first and second communication devices. The first communication device includes a first list of numbers and a first number selector for periodically selecting a different number in the first list. The first communication device further includes a first encryption key generator for generating a first encryption key at a certain time. The first encryption key generator uses the number selected by the first number selector at a certain time to generate the first encryption key from the first list of numbers. The first communication device also includes an encryptor, for encrypting a message using the first encryption key, and a transmitter for transmitting the encrypted message. The second communication device includes a receiver for receiving the encrypted message and a second list of numbers, the second list of numbers being identical to the first list of numbers. A second number selector is provided for periodically selecting a different number in the second list. The second number selector is synchronised with the first number selector such that, at any given time, the second number selector selects the same number as the first number selector. The second communication device also includes a second encryption key generator for generating a second encryption key, wherein the second encryption generator uses the number selected by the second number selector at the certain time to generate the second encryption key from the second list of numbers; the second encryption key being identical to the first encryption key. The second communication device further includes a decryptor for decrypting the encrypted message using the second encryption key. An associated method for providing secure communication of a message between parties is also provided. | 06-25-2009 |
20090168998 | EXECUTING AN ENCRYPTION INSTRUCTION USING STORED ROUND KEYS - Embodiments of an invention for executing an encryption instruction using stored round keys are disclosed. In one embodiment, an apparatus includes instruction logic, encryption logic, a storage region, and control logic. The instruction logic is to receive an encryption instruction. The encryption logic is to perform, in response to the instruction logic receiving the encryption instruction, an encryption operation including a plurality of rounds, each round using a corresponding round key from a plurality of round keys. The storage region is to store the plurality of round keys. The control logic is to fetch, for use during each of the plurality of rounds, the corresponding round key from the storage region. | 07-02-2009 |
20090168999 | Method and apparatus for performing cryptographic operations - In one embodiment, the present invention includes a processor having logic to perform a round of a cryptographic algorithm responsive to first and second round micro-operations to perform the round on first and second pairs of columns, where the logic includes dual datapaths that are half the width of the cryptographic algorithm width (or smaller). Additional logic may be used to combine the results of the first and second round micro-operations to obtain a round result. Other embodiments are described and claimed. | 07-02-2009 |
20090175443 | Secure function evaluation techniques for circuits containing XOR gates with applications to universal circuits - An embodiment of the present invention provides a method that minimizes the number of entries required in a garbled circuit associated with secure function evaluation of a given circuit. Exclusive OR (XOR) gates are evaluated in accordance with an embodiment of the present invention without the need of associated entries in the garbled table to yield minimal computational and communication effort. This improves the performance of SFE evaluation. Another embodiment of the present invention provides a method that replaces regular gates with more efficient constructions containing XOR gates in an implementation of a Universal Circuit, and circuits for integer addition and multiplication, thereby maximizing the performance improvement provided by the above. | 07-09-2009 |
20090185681 | CIRCUIT ARRANGEMENT AND METHOD FOR RSA KEY GENERATION - In order to further develop a circuit arrangement for as well as a method of performing at least one operation, in particular at least one cryptographic calculation, wherein the problem of creating at least one key, in particular the R[ivest-]S[hamir-] A[dleman] key, satisfying at least one defined digital signature laws, in particular satisfying the German Digital Signature Law, is solved it is proposed that at least one, preferably two, prime numbers (p; q) for key generation, in particular for R[ivest-]S[hamir-]A[dleman] key generation, are searched in compliance with at least one defined digital signature law, in particular with the German Digital Signature Law. | 07-23-2009 |
20090190753 | RECORDING APPARATUS AND RECORDING METHOD - A recording apparatus having a unit to receive content data and information related to a copying of the content data; a separation/extraction unit to separate and extract the content data and the information; a writing unit to divide the content data extracted by the separation/extraction unit into plural data and write them in a first recording medium; an encryption key generation unit to generate an encryption key for encrypting each of the plural data; and a copy control information processing unit to generate, from the information related to the copying and the generated encryption key, a plurality of pieces of content protection management information for the plurality of pieces of data, wherein when the content data written into the first recording media is recorded into a second recording media, the plurality of pieces of data are recorded before the plurality of pieces of content protection management information are recorded. | 07-30-2009 |
20090190754 | System and methods for permitting open access to data objects and for securing data within the data objects - A system and methods for permitting open access to data objects and for securing data within the data objects is disclosed. According to one embodiment of the present invention, a method for securing a data object is disclosed. According to one embodiment of the present invention, a method for securing a data object is disclosed. The method includes the steps of (1) providing a data object comprising digital data and file format information; (2) embedding independent data into a data object; and (3) scrambling the data object to degrade the data object to a predetermined signal quality level. The steps of embedding and scrambling may be performed until a predetermined condition is met. The method may also include the steps of descrambling the data object to upgrade the data object to a predetermined signal quality level, and decoding the embedded independent data. The additional steps of descrambling and decoding may be performed until a predetermined condition is met. The predetermined condition may include, for example, reaching a desired signal quality of the data object. | 07-30-2009 |
20090202068 | MEDIA SECURITY THROUGH HARDWARE-RESIDENT PROPRIETARY KEY GENERATION - A method, system and apparatus of an author website in a commerce environment are disclosed. In one embodiment, a system includes a host processor; a first security circuit to re-encrypt a work of authorship protected by an encryption standard using a proprietary key after an authorization module uses an algorithm of the encryption standard to verify that the system has permission to playback the work of authorship; a system memory to store a proprietary encrypted content generated through the re-encryption process of the first security circuit; and a second security circuit of a display module to independently generate the proprietary key using an index pointer provided from the first security circuit to the second security circuit through the host processor and to decrypt the proprietary encrypted content of the system memory using the independently generated proprietary key. | 08-13-2009 |
20090202069 | METHOD AND SYSTEM FOR GENERATING A SECURE KEY - A method, system on a chip, and computer system for generating more robust keys which utilize data occupying relatively small die areas is disclosed. Embodiments provide a convenient and effective mechanism for generating a key for use in securing data on a portable electronic device, where the key is generated from repurposed data and a relatively small amount. A multi-stage encryption algorithm may be performed to generate the key, where the first stage may include encrypting the secure data, and the second stage may include encrypting the result of a logical operation on the encrypted secure data with a unique identifier of the portable electronic device. A secret key may be used as the encryption key for each stage. The result of the second encryption stage may include the generated key which may be used to perform subsequent operations on the portable electronic device. | 08-13-2009 |
20090202070 | Robust Cipher Design - In an iterated block cipher, a method for round key encryption and key generation, the method including providing a first function Fi and a second function Fj, providing a round key generation function, the round key generation function being operative to utilize, in any given round, exactly one of the first function Fi, and the second function Fj, providing a round mixing function, the round mixing function being operative to utilize, in any given round, exactly one of the first function Fi, and the second function Fj, utilizing the round key generation function in at least a first round to generate a second round key for use in a second round, and utilizing the round mixing function in at least the first round to mix a first round key with a cipher state, wherein one of the following is performed in the first round the round key generation function utilizes the first function Fi to generate the second round key for use in the second round, substantially simultaneously with the round key mixing function utilizing the second function Fj to mix the first round key with the cipher state, and the round key generation function utilizes the second function Fj to generate the second round key for use in the second round, substantially simultaneously with the round key mixing function utilizing the first function Fi to mix the first round key with the cipher state. Related apparatus and methods are also described. | 08-13-2009 |
20090208002 | PREVENTING REPLAY ATTACKS IN ENCRYPTED FILE SYSTEMS - Replay attacks in an encrypted file system are prevented by generating a session key and providing the session key to one or more drive managers and an encrypted file system process. When a drive request is received by the encrypted file system process the drive request is encrypted using the generated session key. The encrypted drive request is sent to a drive manager. The drive manager attempts to decrypt the drive request using the session key. If the encrypted drive request is successfully decrypted, then the drive manager performs the requested operation. On the other hand, if the request is not decrypted successfully, then the request is not performed by the drive manager. Drive managers can include both disk device drivers and a logical volume managers. | 08-20-2009 |
20090208003 | Authentication Method, Host Computer and Recording Medium - According to one embodiment, a host computer updates the media key block MKB in a first updatable memory device in the case where the version number of the media key block MKB read from a recording medium is newer than that of the media key block MKB in the first updatable memory device. The host computer generates a medium unique key Kmu based on a media key Km calculated from the media key block MKB read from the recording medium and a media ID read from the recording medium. The host computer executes the authentication and key exchange AKE process with the recording medium based on the medium unique key Kmu. | 08-20-2009 |
20090214028 | Generating Session Keys - A method and apparatus for generating shared session keys. The method and apparatus does not rely on strong random number generation. The first node sends a timestamp and random sequence to the second node. The second node generates a message authentication code (MAC) using this data and a shared secret key. The MAC is then used to encrypt a reply containing a second timestamp and second random sequence from the second node. The first node receives this message and decrypts it by generating the same MAC. Both nodes then generate a session key using the shared set of timestamps and random sequences. | 08-27-2009 |
20090214029 | Unified Broadcast Encryption System - A system and method is disclosed for performing unified broadcast encryption and traitor tracing for digital content. In one embodiment a media key tree is divided into S subtrees, the media key tree including media keys and initial values, which may be random values. The digital content is divided into a plurality of segments and at least some of the segments are converted into a plurality of variations. The random values are transformed into media key variations and a separate media key variant is assigned to each of the subdivided subtrees. A unified media key block including the media key tree is stored on the media. | 08-27-2009 |
20090214030 | Apparatus and Method for Processing Fragmented Cryptographic Keys - A system includes a set of private key fragments distributed across a set of networked resources. Each private key fragment independently produces a fractional cryptographic result. A combination module on a designated networked resource combines a sufficient number of fractional cryptographic results to produce an operable cryptographic result. A method includes generating a set of private key fragments. The set of private key fragments is located across a set of networked resources. Fractional cryptographic results are produced at the set of networked resources. The fractional cryptographic results are combined to produce an operable cryptographic result. | 08-27-2009 |
20090232301 | METHOD AND SYSTEM FOR GENERATING SESSION KEY, AND COMMUNICATION DEVICE - A method for generating a session key, a system, and a communication device are disclosed. The method includes: selecting, by a communication party, a temporary private key, and operating at least the temporary private key according to the parameters of the cryptosystem to generate a first message, and sending the first message to the opposite party; and after receiving the second message, operating, by the communication party, at least the second message and the temporary private key according to the parameters of the cryptosystem to generate a session key. The system includes a key management center and a communication device. The communication device includes: a temporary private key selecting unit, a message generating and sending unit, and a session key generating unit. In the disclosure, the session key generated after the communication party selects a temporary private key is variable, thus avoiding too much dependence on the key management center and improving the practicability and security of the key. | 09-17-2009 |
20090232302 | Derivation method for cached keys in wireless communication system - A method and apparatus for providing improved security and improved roaming transition times in wireless networks. The same pairwise master key (PMK) from an authentication server can be used across multiple access points and a new pairwise transition key (PTK) is derived for each association of a station to any of the access points. A plurality of access points are organized in functional hierarchical levels and are operable to advertise an indicator of the PMK cache depth supported by a group of access points (N) and an ordered list of the identifiers for the derivation path. Access points in each level in the cache hierarchy compute the derived pairwise master keys (DPMKs) for devices in the next lower level in the hierarchy and then deliver the DPMKs to those devices. An access point calculates the PTK as part of the security exchange process when the station wishes to associate to the access point. The station also computes the PTK as part of the security exchange process. The station calculates all the DMPKs in the hierarchy as part of computing the PTK. The method and apparatus allow the cache depth to vary per station, but it remains constant for a given station within a key circle. | 09-17-2009 |
20090238362 | DISC MANUFACTURING METHOD, DATA RECORDING APPARATUS, INFORMATION RECORDING MEDIUM, INFORMATION PROCESSING APPARATUS AND METHOD, AND COMPUTER PROGRAM - A product mark including a public key certificate issued with respect to an information-recording-medium manufacturing entity or information-recording-medium manufacturing equipment, and an encrypted volume ID calculated by computation based on a product-mark-associated value such as a hash value generated on the basis of the product mark, and a volume ID as an identifier set with respect to a given set of discs to be manufactured, are generated. The product mark and the encrypted volume ID are set as information for generating a key used for decryption of encrypted content, and recorded onto a disc by a reflective-film-removal recording method. Due to this configuration, the product mark and the encrypted volume ID as key generating information cannot be read from a pirated disc produced by physically copying a pit pattern on the basis of a legitimate commercial disc, thereby making it possible to prevent unauthorized reproduction or use of content. | 09-24-2009 |
20090252322 | Method, medium, and system for encrypting and/or decrypting information of microarray - Provided is a method of encrypting information of a microarray. The method includes: acquiring genetic information of a person by scanning the microarray; generating a secret key for identifying the unique property of the person from the acquired genetic information; and encrypting the acquired genetic information by using the generated secret key. Accordingly, the method can prevent the leakage of the genetic information of the person and protect the person's privacy. | 10-08-2009 |
20090257585 | ORGANIC KEYED ENCRYPTION - An encryption technique that creates a unique encryption key or fingerprint based on unique physical and electrical characteristics of a target electronic assembly to be protected. The encryption key can be constructed by exploiting the manufacturing variances present in all electronic elements including active elements and passive elements. Active elements include, for example: oscillators/clocks, internal I/O controllers, external I/O controllers, memory, processors, and digital power converters. Passive elements include, for example: internal I/O interconnects, external I/O interconnects, memory buses, and power buses. The encryption key can also include one or more environmental condition thresholds. | 10-15-2009 |
20090262926 | METHOD AND APPARATUS FOR GENERATING A CRYPTOGRAPHIC KEY - In embodiments methods and circuits for generating a cryptographic key, for encrypting and decrypting data with the generated key, for storing and reading the encrypted data using a filename unknown to a running application of a mobile computer application are provided. | 10-22-2009 |
20090268902 | SYSTEM FOR AND METHOD OF CRYPTOGRAPHIC PROVISIONING - A system for and method of securely provisioning a module with cryptographic parameters, such as cryptographic keys and key tables, is presented. Such modules may be used to enable encrypted communications between mobile phones to which they are coupled. The system and method prevent a malevolent individual involved in manufacturing the modules from compromising the security of the module. In particular, the modules are provisioned by an entity different from the manufacturer. | 10-29-2009 |
20090274296 | DIGITAL CONTENT DECRYPTING APPARATUS AND OPERATING METHOD THEREOF - A device and method for decrypting digital contents are discussed. According to an embodiment, a method for decrypting digital content at a target device, includes receiving the digital content without a source encryption key from a source device connected to the target device, the digital content having been encrypted with the source encryption key in the source device; performing an addition operation by using a first target internal key and an identifier (ID), the first target internal key being associated with the target device, and the ID being associated with at least one of the target device and a storage medium of the target device; generating a target encryption key based on an output of the addition operation and a second target internal key by using a predetermined encryption algorithm, the second target internal key being associated with the target device; and decrypting the encrypted digital content using the target encryption key. | 11-05-2009 |
20090274297 | DIGITAL CONTENT DECRYPTING APPARATUS AND OPERATING METHOD THEREOF - A device and method for decrypting re-encrypted digital contents are discussed. According to an embodiment, the method includes receiving the re-encrypted digital content without a source encryption key from a source device connected to the target device, wherein the re-encrypted digital content is generated at the source device by: 1) decrypting an encrypted digital content which is previously encrypted in an external device, and 2) re-encrypting the decrypted digital content with the source encryption key; performing an addition operation by using a first target internal key and an identifier (ID); generating a target encryption key based on an output of the addition operation and a second target internal key by using a predetermined encryption algorithm, the second target internal key being associated with the target device; and decrypting the re-encrypted digital content using the target encryption key. | 11-05-2009 |
20090285390 | INTEGRATED CIRCUIT WITH SECURED SOFTWARE IMAGE AND METHOD THEREFOR - The various embodiments herein disclosed include a method wherein an integrated circuit ( | 11-19-2009 |
20090296926 | KEY MANAGEMENT USING DERIVED KEYS - Some embodiments of the present invention provide a system that generates and retrieves a key derived from a master key. During operation, the system receives a request at a key manager to generate a new key, or to retrieve an existing key. To generate a new key, the system generates a key identifier and then derives the new key by cryptographically combining the generated key identifier with the master key. To retrieve an existing key, the system obtains a key identifier for the existing key from the request and then cryptographically combines the obtained key identifier with the master key to produce the existing key. | 12-03-2009 |
20090296927 | PASSWORD SELF ENCRYPTION METHOD AND SYSTEM AND ENCRYPTION BY KEYS GENERATED FROM PERSONAL SECRET INFORMATION - A public key cryptographic system and method is provided for a password or any other predefined personal secret information that defeats key factoring and spoofing attacks. The method adopts a new technique of encrypting a password or any predefined secret information by a numeric function of itself, replacing the fixed public key of the conventional RSA encryption. The whole process involving key generation, encryption, decryption and password handling is discussed in detail. Mathematical and cryptanalytical proofs of defeating factoring and spoofing attacks are furnished. | 12-03-2009 |
20090304180 | KEY EVOLUTION METHOD AND SYSTEM OF BLOCK CIPHERING - A system and associated method for block ciphering. The method generates a key that is specific to a text block being encrypted and later being decrypted. The text block is encrypted by a block cipher encryption with the key. The encrypted text block is decrypted by a block cipher decryption with the key back to the text block. Altering a single bit in either the encrypted text block or the key results in unsuccessful decryption such that a decrypted text block is completely different from the before encryption. | 12-10-2009 |
20090310777 | Trust Anchor Key Cryptogram and Cryptoperiod Management Method - In the field of public key cryptography, e.g. a public key infrastructure, the distribution of trust anchor keys to end-user systems is difficult when the time comes to change the public key, either because a compromise of the private key counterpart is suspected, or as a cryptoperiod policy enforcement. With the present invention, the central organization (from which the trust anchor key originates) is given the opportunity to distribute at once a number of trust anchor keys, in advance of their respective intended period of use, and without exposing the individual public keys to brute force attacks before their actual period of use. At a later time, the central organization distributes unlocking information that enables the use of a public key distributed according to the present invention. The preferred embodiment makes use of an hidden selection of a cryptographic function among a function family. | 12-17-2009 |
20090310778 | VARIABLE-LENGTH CIPHER SYSTEM AND METHOD - Systems and methods for enciphering data are provided. In one embodiment, information is enciphered using a variable block length cipher that returns the encrypted symbol set in the same format as the plaintext symbol set. The cipher can be based on DES, AES or other block ciphers. In one example implementation a method for enciphering token information the invention provides for enciphering token information by constructing a tweak of a defined length using token information; converting the tweak to a bit string of a defined size to form a first parameter; converting a number of digits of plaintext to a byte string of a defined size to form a second parameter, wherein the number of digits converted varies; defining a data encryption standard key; applying the data encryption standard key to the first and second parameters; computing a specified number of encryption rounds; and receiving enciphered token information. | 12-17-2009 |
20090316886 | FINE-GRAINED FORWARD-SECURE SIGNATURE SCHEME - The presented methods form the basis of a forward-secure signature scheme that is provably secure. Moreover, the presented methods form also the basis of a fine-grained forward-secure signature scheme that is secure and efficient. The scheme allows to react immediately on hacker break-ins such that signatures from the past still remain valid without re-issuing them and future signature values based on an exposed key can be identified accordingly. In general, each prepared signature carries an ascending index such that once an index is used, no lower index can be used to sign. Then, whenever an adversary breaks in, an honest signer can just announce the current index, e.g., by signing some special message with respect to the current index, as part of the revocation message for the current time period. It is then understood that all signatures made in prior time periods as well as all signatures make in the revoked period up to the announced index are valid, i.e., non-reputable. | 12-24-2009 |
20090316887 | DATABASE ENCRYPTION AND QUERY METHOD KEEPING ORDER WITHIN BUCKET PARTIALLY - A database encryption and query method keeping an order within a bucket partially, which encrypts and stores numeric data in a database, includes calculating a relative value of a plaintext within a bucket to which the plaintext is allocated; generating a first key value by producing a random number within the bucket; generating a second key value for defining a function having a bucket range of the bucket as an input; and changing the relative value based on the first and the second key value with keeping an order of the relative value partially to store the changed relative value. The first key value may be a value of separating order informations on the relative value. Further, the second key value may be a resultant value obtained by applying a mod 2 operation to the bucket size of the bucket. | 12-24-2009 |
20090316888 | PLAYING METHOD AND DEVICE OF DIGITAL RIGHT MANAGING MULTIMEDIA - A playing method of digital right managing multimedia is disclosed, in which the files of DRM multimedia to be played take a Page as a playing basic unit, when the operation of fast-forward/fast-reverse is triggered, the method comprises: determining time of fast-forward/fast-reverse; determining number of Pages of fast-forward/fast-reverse based on the time of fast-forward/fast-reverse; determining Page of target playing position based on the number of Pages of fast-forward/fast-reverse; calculating key stream of the Page of the target playing position based on prestored key data of the first Page; decrypting ciphertext of the Page of the target playing position based on the calculated key stream of the Page of the target playing position; and decoding the decrypted Page of the target playing position and playing the decrypted Page of the target playing position. A playing device is also provided. Therefore, the playing effect can be improved. | 12-24-2009 |
20090323940 | METHOD AND SYSTEM FOR MAKING INFORMATION IN A DATA SET OF A COPY-ON-WRITE FILE SYSTEM INACCESSIBLE - Information in a data set of a copy-on-write file system may be made inaccessible. A first key for encrypting a data set of a copy-on-write file system is generated and wrapped with a second key. An encrypted data set is created with the first key. The wrapped first key is stored with the encrypted data set. A command to delete the encrypted data set is received and the second key is altered or changed to make information in the encrypted data set of the copy-on-write file system inaccessible. | 12-31-2009 |
20090323941 | SOFTWARE COPY PROTECTION VIA PROTECTED EXECUTION OF APPLICATIONS - Methods and apparatus to provide a tamper-resistant environment for software are described. In some embodiments, procedures for verifying whether a software container is utilizing protected memory and is associated with a specific platform are described. Other embodiments are also described. | 12-31-2009 |
20090323942 | METHOD FOR PAGE- AND BLOCK BASED SCRAMBLING IN NON-VOLATILE MEMORY - A method and system for programming and reading data with reduced read errors in a memory device. In one approach, date to be written to the memory device is scrambled using a first pseudo random number which is generated based on a page of the memory device to which the data is to be written, to provide first scrambled data, which is scrambled using a second pseudo random number which is generated based on a block of the memory device to which the data is to be written. This avoids bit line-to-bit line and block-to-block redundancies which can result in read errors. The data may also be scrambled using a third pseudo random number that depends on a section within a page. Scrambling may also be based on one or more previous pages which were written. | 12-31-2009 |
20090323943 | DATA TRANSMISSION SYSTEM - A cipher key is generated by first information shared in secrete between a data transmitting unit | 12-31-2009 |
20100008498 | ENCRYPTION PROCESSING APPARATUS, ENCRYPTION METHOD, AND COMPUTER PROGRAM - A common-key blockcipher processing structure that makes analysis of key more difficult and enhances security and implementation efficiency is realized. In a key scheduling part in an encryption processing apparatus that performs common-key blockcipher processing, a secret key is input to an encryption function including a round function employed in an encryption processing part to generate an intermediate key, and the result of performing bijective transformation based on the intermediate key, the secret key, and the like and the result of performing an exclusive-OR operation on the bijective-transformed data are applied to round keys. With this structure, generation of round keys based on the intermediate key generated using the encryption function whose security has been ensured is performed, thereby making it possible to make analysis of the keys more difficult. The structure of the key scheduling part can be simplified, thereby making it possible to improve the implementation efficiency. | 01-14-2010 |
20100014662 | METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT FOR PROVIDING TRUSTED STORAGE OF TEMPORARY SUBSCRIBER DATA - A method for providing trusted storage of temporary subscriber data may include receiving a value indicative of a temporary identity associated with a device, encrypting the value with a randomly generated encryption key to generate an encrypted value, storing the encrypted value in an identity module in removable communication with the device, and storing the encryption key in the device. | 01-21-2010 |
20100014663 | Strengthened public key protocol - A method of determining the integrity of a message exchanged between a pair of correspondents. The message is secured by embodying the message in a function of a public key derived from a private key selected by one of the correspondents. The method comprises first obtaining the public key. The public key is then subjected to at least one mathematical test to determine whether the public key satisfies predefined mathematical characteristics. Messages utilizing the public key are accepted if the public key satisfies the predefined mathematical characteristics. | 01-21-2010 |
20100014664 | Cryptographic Processing Apparatus, Cryptographic Processing Method, and Computer Program - To realize a common-key block cipher process configuration with increased difficulty of key analysis and improved security. In a configuration for storing in a register an intermediate key generated by using a secret key transformation process and performing a transformation process on the register-stored data to generate a round key, a process of swapping (permuting) data segments constituting the register-stored data is executed to generate a round key. For example, four data segments are produced so that two sets of data segments having an equal number of bits are set, and a process of swapping the individual data segments is repeatedly executed to generate a plurality of different round keys. With this configuration, the bit array of each round key can be effectively permuted, and round keys with low relevance can be generated. A high-security cryptographic process with increased difficulty of key analysis can be realized. | 01-21-2010 |
20100020964 | KEY GENERATION METHOD USING QUADRATIC-HYPERBOLIC CURVE GROUP - Disclosed is a key generation apparatus which uses a finite commutative group defined by a number-theoretical (or arithmetical) function that can be substituted for the elliptic curve, thereby enabling the computational difficulty equivalent to that of breaking the elliptic curve cryptography. The key generation apparatus comprises a key setting part and a key generator. The key setting part sets a secret key α, and selects an element of the finite commutative group as a public key G. The key generator performs an addition operation defined for the finite commutative group on the public key G, thereby to multiply the public key G by the secret key α representing a scalar coefficient to generate a public key Y. The finite commutative group is a set of pairs (x,y) of a dependent variable y of a quadratic-hyperbolic function defined on a finite ring and an independent variable x of the quadratic-hyperbolic function. | 01-28-2010 |
20100020965 | METHOD FOR SPEEDING UP THE COMPUTATIONS FOR CHARACTERISTIC 2 ELLIPTIC CURVE CRYPTOGRAPHIC SYSTEMS - In some embodiments, an apparatus and method for speeding up the computations for characteristic 2 elliptic curve cryptographic systems are described. In one embodiment, a multiplication routine may be pre-computed using a one iteration graph-based multiplication according to an input operand length. Once pre-computed, the multiplication routine may be followed to compute the products of the coefficients of the polynomials representing a carry-less product of two input operands using a carry-less multiplication instruction. In one embodiment, the pre-computed multiplication routines may be used to extend a carry-less multiplication instruction available from an architecture according to an input operand length of the two input operands. Once computed, the carry-less product polynomial produces a remainder when the product is computed modulo a programmable polynomial that defines the elliptic cryptographic system to form a cryptographic key. Other embodiments are described and claimed. | 01-28-2010 |
20100020966 | METHOD FOR GENERATING ENCRYPTION KEY - The present invention relates to an encryption key generating method ensuring resistance to collusion attacks and achieving reduction in a key length of encryption keys corresponding to respective hierarchies of each scalability. In the encryption key generating method, an encryption key (K | 01-28-2010 |
20100027783 | Precalculated encryption key - An authenticated encryption method includes receiving, by an Advanced Encryption Standard (AES) engine, a cipher key and computing a hash key using the received cipher key. The computed hash key is stored in a storage memory. The AES engine then receives a packet of data and encrypts the packet of data using the received cipher key. The hash key from the storage memory is sent to a GHASH engine which is used to authenticate the packet of data. Encrypting the packet of data is performed after the hash key is stored in the storage memory. Input flow of the packet of data is enabled after the hash key is stored in the storage memory. | 02-04-2010 |
20100027784 | KEY GENERATION USING BIOMETRIC DATA AND SECRET EXTRACTION CODES - There is provided a method of generating a key for encrypting Communications between first and second terminals comprising obtaining a measurement of characteristics of a physical identifier of a user; and extracting a key from the physical identifier using a code selected from a collection of codes, each code in the collection defining an ordered mapping from a set of values of the characteristics to a set of keys; wherein the collection of codes comprises at least one code in which the ordered mapping is a permutation of the ordered mapping of one of the other codes in the collection. | 02-04-2010 |
20100027785 | DEVICE AND METHOD FOR SECURITY HANDSHAKING USING MIXED MEDIA - A method and device for private/public key encryption using optical media. A key pair is generated, and the public key pair is stored on the optical media. The media is scanned and the optical media characteristics are used to hash stored information with the private key. The hashed version of the private key is then stored on the optical media. A read/write unit may subsequently de-hash the private key for encryption of data files. | 02-04-2010 |
20100027786 | DYNAMIC ENCRYPTION AUTHENTICATION - A method is disclosed. The method includes generating a uniquely derived data string using personalized information and a first encryption algorithm, generating at least one uniquely derived key using the uniquely derived data string, and creating a dynamic verification value using a second encryption algorithm using the at least one uniquely derived key, wherein the first encryption algorithm is different than the second encryption algorithm. | 02-04-2010 |
20100034376 | INFORMATION MANAGING SYSTEM, ANONYMIZING METHOD AND STORAGE MEDIUM - After anonymization of individual information such as clinical data, only the owner of a specimen data or the owner of a browsing right can identify data stored or related to it after the anonymization. Therefore, in an unlinkable anonymizing method, a uni-directional function such as a hash value calculation is applied to a combination data of related information such as an individual identifiable ID number or data, ID information and a key symbol in case of the anonymization, or a relational data such as a specimen number from only which an individual cannot be identified. A correspondence table of the anonymization number and the individual information is deleted. An estimation of an original individual or a specimen number from the anonymization number is prevented by use of uni-directional function. The access to the data after the anonymization is limited only to the owner who knows anonymization key data or the mandatory of the information. | 02-11-2010 |
20100046749 | CONTENT PROTECTION APPARATUS, AND CONTENT UTILIZATION APPARATUS - Content is divided into a plurality of partial contents. Next, each of the partial contents is encrypted using a browsing-control-use secret key. Also, an editing-control-use secret key and a partial-content validation key are generated, then generating the feature value for each of the partial content. Moreover, key-encrypted data is generated by encrypting the browsing-control-use secret key and the editing-control-use secret key corresponding to each of the browsable and editable partial contents, using the public key of a user. Finally, encrypted content is generated from the key-encrypted data, encrypted partial contents, and the partial-content validation key. | 02-25-2010 |
20100054463 | COMMUNICATION SYSTEM AND METHOD FOR PROTECTING MESSAGES BETWEEN TWO MOBILE PHONES - A communication system and method for protecting messages between two mobile phones are provided. The method sets protective parameters in a first mobile phone, generates an encryption key and a decryption key according to the protective parameters, stores the decryption key into a storage device of the first mobile phone, and registers the encryption key to a second mobile phone through a wireless network. The method further encrypts a short message into an encrypted message in the second mobile phone according to the encryption key, and sends the encrypted message to the first mobile phone through the wireless network. In addition, the method decrypts the encrypted message to a readable message when the first mobile phone receives the encrypted message, and displays the readable message on a display screen of the first mobile phone. | 03-04-2010 |
20100061550 | DATA PROCESSING APPARATUS - To improve a technology of encryption for a data processing apparatus in order to reduce a possibility of having communication broken by a third party. The data processing apparatus encrypts subject data to render it as encrypted data and records it on a predetermined recording medium, and also decrypts the encrypted data recorded on the recording medium to change it back to the subject data. When performing the encryption, an algorithm and a key to be used for the encryption are generated by using solutions which are sequentially generated by assigning past solutions to a solution generating algorithm. The solutions are erased at a stage where it is no longer necessary to assign them to the solution generating algorithm anew. | 03-11-2010 |
20100061551 | ENCRYPTION/DECRYPTION APPARATUS AND METHOD USING AES RIJNDAEL ALGORITHM - An encryption/decryption apparatus and method using an advanced encryption standard (AES) Rijndael algorithm are provided. The apparatus includes a round key operator that performs arithmetic operations on a round key for a first round and first partial round keys of round keys for second to last rounds and generates the round keys for the second to last rounds, and a round executor that performs an encryption or decryption operation using the round key for the first round and the round keys for the second to last rounds. | 03-11-2010 |
20100061552 | SECURE STORAGE IN FILE SYSTEM - A node may contain a secure store agent. A process executing on the node may request connection information from the secure store agent. An encryption key phrase may be accessed, responsive to the request for connection information, to decrypt the requested connection information. The requested connection information may be obtained from a secure storage file in a file system. | 03-11-2010 |
20100067689 | COMPUTING PLATFORM WITH SYSTEM KEY - A method for installing a system key onto a computing platform is disclosed. A system key generator is installed on the computing platform. The system key generator is activated and generates a system key within the computing platform. The system key is also stored within the computing platform. | 03-18-2010 |
20100067690 | SPA-RESISTANT LEFT-TO-RIGHT RECODING AND UNIFIED SCALAR MULTIPLICATION METHODS - Provided is a scalar multiplication method unified with a simple power analysis (SPA) resistant left-to-right recording in a crypto system based on an elliptic curve and a pairing. The scalar multiplication method includes: recording an L-digit secret key k′ from a radix-r n-digit secret key k by comparing two successive elements with each other from the most significant digit with duplication allowed in order to generate the L-digit secret key k′; and performing scalar multiplication between the secret key k and a point P on an elliptic curve to output a scalar multiplication value Q=kP using the secret key k′. | 03-18-2010 |
20100074438 | SYSTEMS AND METHODS FOR KEY MANAGEMENT - A method for key management for a broadcasting system includes generating a receiver group key (RGK) seed and a plurality of parameters for a receiver group provided by the broadcasting system; and calculating an RGK for the receiver group based on the RGK seed and the plurality of parameters. | 03-25-2010 |
20100074439 | METHOD AND APPARATUS FOR THE GENERATION OF CODE FROM PATTERN FEATURES - A method is provided for deriving a single code from a biometric sample in a way which enables different samples of a user to provide the same code whilst also distinguishing between samples of different users. Different features are analysed to obtain mean and variance values, and these are used to control how the different feature values are interpreted. In addition, features are combined and a sub-set of bits of the combination is used as the code. This enables bits which are common to all user samples to be dropped as well as bits which may differ between different samples of the same user. | 03-25-2010 |
20100074440 | HIGH-SPEED PIPELINED ARIA ENCRYPTION APPARATUS - There is provided a high-speed pipelined ARIA encryption apparatus. The high-speed pipelined ARIA encryption apparatus includes a round key generator for generating a plurality of round keys required for performing an encryption operation using a master key formed to have uniform bits, a plurality of round units whose number is in proportion to the number of times of round operations corresponding to the number of bit of an input value to receive the round keys and the input value and to perform the round operations, and a plurality of pipelined register provided between the round units to transmit the output value of a previous round unit as the input value of the next round unit. A plurality of round units are provided and pipelined registers are inserted between the round units so that it is possible to improve the performance of processing a large amount of data and to perform ARIA encryption at high speed. | 03-25-2010 |
20100080383 | SECURE PROVISIONING OF A PORTABLE DEVICE USING A REPRESENTATION OF A KEY - A portable device initially accesses a secure server and requests a certificate. The secure server generates a random key and encodes the generated key to generate a representation of the key, such as a two-dimensional bar code or an audio signal, and communicated to a local device, such as a laptop or desktop computer, using a web interface. The local device is used to present the representation of the key to a mobile device. The mobile device then captures the representation of the key from the local device, for example using an image capture device or audio capture device, and extracts the key by decoding the representation of the key. The key is then stored by the mobile device and used to securely communicate with the secure server without manually entering the key. | 04-01-2010 |
20100091986 | Information Management System and Encryption System - A system capable of surely preventing a theft or leak of information which comprises: an information registration destination decision unit deciding registration destinations of information; a distribution unit information generation unit generating distribution unit information pieces; and a plurality of storage grids connectable to the distribution unit information generation unit. The distribution unit information generation unit multiplies original data and divides the multiplied data into a plurality of distribution unit information pieces such that each distribution unit information piece does not include all the elements contained in the original data and the same element occurs repeatedly in the same piece for generation of the distribution unit information pieces, and registers the distribution unit information pieces in the respective storage grids based on the management information about the correlation between the distribution unit information pieces and the storage grids as their registration destinations generated by the information registration destination decision unit. | 04-15-2010 |
20100091987 | MANAGEMENT SYSTEM INCLUDING DISPLAY APPARATUS AND DATA MANAGEMENT APPARATUS FOR DISPLAYING DATA ON THE DISPLAY APPARATUS, AND DATA ACQUISITION METHOD - In order to restrict a destination of data for security and facilitate acquisition of the data at the destination, a conference system includes an MFP and a projector, wherein the MFP prestores data for display in an HDD and includes an access key generating portion to generate an access key for an access to the display data and a data transmitting portion to transmit the display data on the condition that the access key is received from a PC, and the projector includes a wireless communication portion to wirelessly communicate with PCs within a predetermined distance, a projecting control portion to display the data stored in the HDD in the MFP, an access key acquiring portion to acquire the access key, and an access key transmitting portion to cause the wireless communication portion to transmit the access key when receiving a request from the PC via the wireless communication portion. | 04-15-2010 |
20100098246 | SMART CARD BASED ENCRYPTION KEY AND PASSWORD GENERATION AND MANAGEMENT - An apparatus can include a smart card based encryption key management system used to generate an encryption key using encryption key seed material, and an encryption key data store to store the encryption key seed material. An apparatus can include a smart card based password management system used to generate a password using password seed material, and a password data store to store the password seed material. | 04-22-2010 |
20100098247 | Method, Apparatus And Computer Program Product For Generating An Encryption Key And An Authentication Code Key Utilizing A Generic Key Counter - A method, apparatus and computer program product are provided that relate to encryption and authentication techniques. An apparatus may include a processor configured to define a generic key counter. The processor may also be configured to generate an encryption key at least partially based upon the generic key counter. The processor may also be configured to generate an authentication code key that is at least partially based upon the same generic key counter. The processor may further be configured to update the encryption key and the authentication code in accordance with a common time schedule. A corresponding method and computer program product may also be provided. | 04-22-2010 |
20100098248 | DEVICE AND METHOD OF GENERATING AND DISTRIBUTING ACCESS PERMISSION TO DIGITAL OBJECT - A system is provided, which includes at least one digital object owner client computing device, a trusted server computing device and at least one digital object consumer client computing device. Each of said at least one digital object owner client computing device is configured to transmit a created or amended access permission message to the trusted server computing device. The trusted server computing device is configured to generate, from the created or amended access permission message, at least one personalized access permission message, each of which is uniquely addressed to one of the at least one digital object consumer client computing device. The at least one digital object consumer client computing device is configured to enforce a download, from the trusted server computing device, of the at least one personalized access permission message uniquely addressed to the at least one digital object consumer client computing device. | 04-22-2010 |
20100098249 | METHOD AND APPARATUS FOR ENCRYPTING DATA AND METHOD AND APPARATUS FOR DECRYPTING DATA - Provided are a method and apparatus for encrypting data, and a method and apparatus for decrypting data. The method of encrypting data includes generating an encryption key by using current time information indicating a current time, encrypting data by using the generated encryption key, and transmitting the encrypted data. | 04-22-2010 |
20100119061 | GENERATING SECURE PRIVATE KEYS FOR USE IN A PUBLIC KEY COMMUNICATIONS ENVIRONMENT - A private key is generated for use in a public key communications environment, and the private key includes a partial private key and processed biometric data. The partial private key is known to the user, but the processed biometric data is not. The processed biometric data is generated on the fly and is not provided to the user. This enables a more secure and robust private key to be created and used in encryption/decryption. | 05-13-2010 |
20100119062 | DEVICE TO GENERATE A MACHINE SPECIFIC IDENTIFICATION KEY - An integrated circuit assembly having monitoring circuitry for observing the internal signals of the system so that its properties are captured. The system properties are manipulated so that they can be used as a pseudo random number and or as the basis number for an encryption key. The monitoring circuitry having: manipulation circuitry to transform monitored data and combine it with previously manipulated values; and registers to store previously manipulated values; and counters to count events; and condition detection circuitry for detecting when a signal is at a specific value or range of values. Optionally the monitoring circuitry which has the functionality for capturing system properties may be combined with other monitoring circuitry, which has the functionality required by a debug support circuit. The monitoring circuitry avoids replication of resources by sharing parts of specific monitoring circuits like counters. | 05-13-2010 |
20100119063 | Establishing Relative Identity - There are disclosed a method, computing device, and storage medium for establishing relative identity between a first agent on a first computing device and a second agent on a second computing device. An absolute key and a partial relative key may be generated for the first agent, wherein the absolute key and the partial relative key define a relative identity of the first agent, wherein the relative identity is unique for a relationship between the first agent and the second agent. | 05-13-2010 |
20100119064 | SERVICE DISTRIBUTION APPARATUS AND METHOD - A service distribution apparatus and method are provided. The service distribution apparatus includes a service module that provides a plurality of separable services; a storage module that stores group information of service reproduction apparatuses which reproduce the services, and a service control module that distributes requested services to different service reproduction apparatuses, respectively, based on the group information. | 05-13-2010 |
20100119065 | METHOD AND SYSTEM FOR SECURING DATA UTILIZING REDUNDANT SECURE KEY STORAGE - A system and method which protects a data processing system against encryption key errors by providing redundant encryption keys stored in different locations, and providing the software with the ability to select an alternate redundant key if there is any possibility that the encryption key being used may be corrupted. In the preferred embodiment, a memory control module in the data processing device is configured to accommodate the storage of multiple (for example up to four or more) independent password/key pairs, and the control module duplicates a password key at the time of creation. The redundant passwords and encryption keys are forced into different memory slots for later retrieval if necessary. The probability of redundant keys being corrupted simultaneously is infinitesimal, so the system and method of the invention ensures that there is always an uncorrupted encryption key available. | 05-13-2010 |
20100119066 | METHOD AND SYSTEM FOR SECURING DATA UTILIZING REDUNDANT SECURE KEY STORAGE - A system and method which protects a data processing system against encryption key errors by providing redundant encryption keys stored in different locations, and providing the software with the ability to select an alternate redundant key if there is any possibility that the encryption key being used may be corrupted. In the preferred embodiment, a memory control module in the data processing device is configured to accommodate the storage of multiple (for example up to four or more) independent password/key pairs, and the control module duplicates a password key at the time of creation. The redundant passwords and encryption keys are forced into different memory slots for later retrieval if necessary. The probability of redundant keys being corrupted simultaneously is infinitesimal, so the system and method of the invention ensures that there is always an uncorrupted encryption key available. | 05-13-2010 |
20100128869 | METHOD AND DEVICE FOR EXECUTING A CRYPTOGRAPHIC CALCULATION - The invention concerns a method which consists in operating a key generation in an electronic component for a specific cryptographic algorithm; storing in the electronic component a prime number P and generating at least a secret prime number. In one step (a) randomly selecting ( | 05-27-2010 |
20100142704 | CRYPTOGRAPHIC ENCODING AND DECODING OF SECRET DATA - Methods and apparatus are provided for cryptographically encoding secret data in a data processing system. The secret data is encoded in accordance with a verifiable encryption process to produce a cryptographic construction (θ) having a decryption constraint dependent on the occurrence of a predetermined event. An event-dependent decryption constraint is thereby built into the cryptography, so that there is an intrinsic restriction on the ability to decrypt the encoded secret data which is dependent on occurrence of the predetermined event. Decoding apparatus for such a cryptographic construction is also provided, as well as distributed trust data processing systems providing accountable privacy based on use of such cryptographic constructions. | 06-10-2010 |
20100150343 | SYSTEM AND METHOD FOR ENCRYPTING DATA BASED ON CYCLIC GROUPS - A technique for performing data encryption for a cryptographic system that utilizes a cyclic group having an order is disclosed. The technique involves encoding a secret key into an encoded secret key using an encoding key, where the secret key and the product of the encoding key and the encoded secret key are congruent modulo the order of the cyclic group, serially encrypting a message into an encrypted message using the encoded secret key and the encoding key, and transmitting the encrypted message to a destination. | 06-17-2010 |
20100158245 | IMPLICIT ITERATION OF KEYED ARRAY SYMBOL - The use of a data structure that is a symbolic representation of a keyed array that has an array variable and an associated key variable. There is a correlation maintained between the variable type of the array variable and the corresponding keying set that is to be bound to the associated key variable. The keyed array may remain unbound thereby being simply symbolically represented, or the keying set may be bound to the key variable more immediately. In one embodiment, once the keying set is bound to the key variable, data may be bound to the array variable itself. This may be repeated for multiple keyed arrays. The data from multiple keyed arrays may be operated upon to about another array of values, which may then be aggregated in some way. | 06-24-2010 |
20100158246 | METHOD FOR AUTHENTICATION AND ELECTRONIC DEVICE FOR PERFORMING THE AUTHENTICATION - An authentication method ( | 06-24-2010 |
20100158247 | METHOD AND SYSTEM FOR SECURE STORAGE, TRANSMISSION AND CONTROL OF CRYPTOGRAPHIC KEYS - A system and method are described supporting secure implementations of 3DES and other strong cryptographic algorithms. A secure key block having control, key, and hash fields safely stores or transmits keys in insecure or hostile environments. The control field provides attribute information such as the manner of using a key, the algorithm to be implemented, the mode of use, and the exportability of the key. A hash algorithm is applied across the key and control for generating a hash field that cryptographically ties the control and key fields together. Improved security is provided because tampering with any portion of the key block results in an invalid key block. The work factor associated with any manner of attack is sufficient to maintain a high level of security consistent with the large keys and strong cryptographic algorithms supported. | 06-24-2010 |
20100183148 | RECORDING KEYS IN A BROADCAST-ENCRYPTION-BASED SYSTEM - According to one embodiment of the present invention, a method for protecting content in a broadcast-encryption-based system, where the devices in the system receive a recording key table. Each device generates a set of recording keys from the recording key table using a media key variant calculated from the broadcast encryption system's media key block. The digital content is encrypted in a title key picked by the recorder. The selected title key is also encrypted in each one of the recorder's generated recording keys. To play back the content, a player uses one of its generated recording keys to decrypt the title key and the decrypt the content. The recording key table is designed so that any two devices are guaranteed to have at least one key in common during normal operation, although during a forensic situation, this rule can be abandoned. | 07-22-2010 |
20100195824 | Method and Apparatus for Dynamic Generation of Symmetric Encryption Keys and Exchange of Dynamic Symmetric Key Infrastructure - A method and apparatus for dynamically generating data encryption keys for encrypting data files and for decrypting encrypted data files via a key exchange method is provided. A dynamically generated an encryption key is generated for each encryption event, so that the key cannot be produced or reproduced. A key exchange component of the invention ensures that only an intended recipient has the means to decrypt a file encrypted with the dynamically generated symmetric encryption keys. | 08-05-2010 |
20100202608 | ENCRYPTION DEVICE, DECRYPTION DEVICE, AND STORAGE DEVICE - According to one embodiment, an encryption device uses N extended keys (N: a natural number not less than 2) obtained by extending one encryption key, and includes a first memory, a comparison circuit, a second memory, a selector, and an extension calculator. The first memory stores a flag corresponding to an initial value of a key. The comparison circuit outputs a signal indicating comparison matching when a command and the key are related to encryption. The selector loads the key in the first memory into the second memory upon receiving the signal. The extension calculator calculates the extended keys based on the key in the second memory and inputs them to the selector. Except when loading the initial value of the key into the second memory, the selector loads the extended keys into the second memory to extend the encryption key to from the first to N-th extended keys. | 08-12-2010 |
20100202609 | SECURING MULTIFACTOR SPLIT KEY ASYMMETRIC CRYPTO KEYS - Techniques for securing an asymmetric crypto-key having a public key and a split private key with multiple private portions are provided. A first one of multiple factors is stored. All of the factors are under the control of a user and all are required to generate a first private portion of the split private key. The first private portion not stored in a persistent state. A second private portion of the split private key under control of an entity other than the user is also stored. The first private portion and the second private portion are combinable to form a complete private portion. | 08-12-2010 |
20100208888 | PASSWORD KEY DERIVATION SYSTEM AND METHOD - A password-based key derivation function includes a sub-function that gets executed multiple times based on an iteration count. A key derivation module computes the iteration count dynamically with each entered password. The iteration count is computed as a function of the password strength. Specifically, the weaker the password, the higher the iteration count; but the stronger the password, the smaller the interaction count. This helps strengthen weaker passwords without penalizing stronger passwords. | 08-19-2010 |
20100208889 | TWO-PARTY STORAGE OF ENCRYPTED SENSITIVE INFORMATION - A secure storage system secures information of a client by first encrypting the information with a first key to generate first-key encrypted data. The secure storage system then encrypts with a second key the first-key encrypted data and the first key to generate second-key encrypted data. The system provides the client with a first portion of the second-key encrypted data. The system stores a second portion of the second-key encrypted data and the second key. When the confidential information is needed, the client provides the first portion. The system retrieves the second portion. The system then decrypts with the second key the first portion and the second portion to generate the first-key encrypted data and the first key. The system then decrypts with the first key the first-key encrypted data to generate the unsecure confidential information. | 08-19-2010 |
20100208890 | CONTENT DISTRIBUTION APPARATUS, CONTENT USE APPARATUS, CONTENT DISTRIBUTION SYSTEM, CONTENT DISTRIBUTION METHOD AND PROGRAM - There is provided a content distribution apparatus which includes an encrypting part for encrypting data of each of a plurality of segments divided in content data with a segment key generated from information unique to the segment, and a license generator for generating a license that allows generation of the segment key for one or more segments to which the data contained in a certain data area in the content data belongs. | 08-19-2010 |
20100215175 | METHODS AND SYSTEMS FOR STRIPE BLIND ENCRYPTION - Methods and systems are disclosed that relate to encrypting data of a data item for storing in a data storage system comprising a plurality of disks having stripes. A blinding factor is constructed based on a stripe blind that is assigned to a stripe with which the data item is associated and a unique identifier associated with the data item. A first logic operation is performed between the blinding factor and an encryption key to create a blinded encryption key for the data item. The data item is decrypted by identifying the stripe blind with the unique identifier and recreating the data item's blinding factor based on the stripe blind and the unique identifier. A second logic operation, which is selected based on the first logic operation, is performed between the blinding factor and the blinded encryption key to recreate the encryption key. | 08-26-2010 |
20100220856 | PRIVATE PAIRWISE KEY MANAGEMENT FOR GROUPS - In an example embodiment, a key generation system (KGS) is used to generate private pairwise keys between peers belonging to a group. Each member of the group is provisioned with a set of parameters which allows each member to generate a key with any other member of the group; however, no group member can derive a key for pairings involving other group members. The private pairwise keys may be used to derive session keys between peers belonging to the group. Optionally, an epoch value may be employed to derive the private pairwise keys. | 09-02-2010 |
20100220857 | SYSTEM AND METHOD FOR REGISTERING SECRET KEY - A secret key registration system which registers a secret key in a portable key device and vehicle. A first transformation equation is stored in a writer and the vehicle. A second transformation equation is stored in the portable key device and the vehicle. The writer transmits a registration code to the portable key device and generates intermediate data with the first transformation equation of the writer. The intermediate data is transmitted to the portable key device, which generates the secret key from the intermediate data with the second transformation equation. The portable key device transmits the registration code to the vehicle. The vehicle generates intermediate data from the registration code with the first transformation equation of the vehicle, and then generates the secret key from the intermediate data with the second transformation equation. | 09-02-2010 |
20100239087 | ENCRYPTING VARIABLE-LENGTH PASSWORDS TO YIELD FIXED-LENGTH ENCRYPTED PASSWORDS - According to one embodiment, encrypting passwords includes performing the following for each input password of a plurality of input passwords to yield encrypted passwords, where at least two input passwords have different lengths and the encrypted passwords have the same length. An input password and a random number are received at logic configured to perform a key derivation operation comprising a pseudorandom function. An encryption key is derived from the input password and the random number according to the key derivation operation. The encryption key and a user identifier are received at logic configured to perform a cipher-based message authentication code (CMAC) function. An encrypted password is generated from the encryption key and the user identifier according to the CMAC function. | 09-23-2010 |
20100246817 | SYSTEM FOR DATA SECURITY USING USER SELECTABLE ONE-TIME PAD - A method of generating a key, a method of encrypting a message and an encryption/decryption system. In one embodiment, the method of generating the key includes: (1) selecting a common document to serve as a one-time pad, (2) generating a pointer, (3) searching the common document based on the pointer and (4) retrieving a key from the common document. | 09-30-2010 |
20100246818 | METHODS AND APPARATUSES FOR GENERATING DYNAMIC PAIRWISE MASTER KEYS - A method to generate a pairwise master key for use in establishing a wireless connection is presented. In one embodiment, the method comprises determining a region in an image. The method further comprises generating the pairwise master key based at least on contents of the region in the image. | 09-30-2010 |
20100254533 | SIMPLIFIED SECURE SYMMETRICAL KEY MANAGEMENT - Nodes of a network are each provided with a seed value and a seed identifier. Each seed value has a corresponding unique seed identifier which is maintained within the system. Within each authorized node, the seed value is combined with a local node identifier, such as a serial number or other unique identifier, to form a cryptographic key that is then used by the node to encrypt and/or decrypt data transmitted and received by that node. The cryptographic key is never transmitted over the network, and each node is able to create a different cryptographic key for use in communicating with other nodes. | 10-07-2010 |
20100254534 | METHOD AND APPARATUS FOR ESTABLISHING A KEY AGREEMENT PROTOCOL - A system and method for generating a secret key to facilitate secure communications between users. A first and second and a function between the two monoids are selected, the function being a monoid homomorphism. A group and a group action of the group on the first monoid is selected. Each user is assigned a submonoid of the first monoid so that these submonoids satisfy a special symmetry property determined by the function, a structure of the first and second monoids, and the action of the group. A multiplication of an element in the second monoid and an element in the first monoid is obtained by combining the group action and the monoid homomorphism. First and second users choose private keys which are sequences of elements in their respective submonoids. A first result is obtained by multiplying an identity element by the first element of the sequence in a respective submonoid. Starting with the first result, each element of the user's private key may be iteratively multiplied by the previous result to produce a public key. Public keys are exchanged between first and second users. Each user's private key may be iteratively multiplied by the other user's public key to produce a secret key. Secure communication may then occur between the first and second user using the secret key. | 10-07-2010 |
20100272255 | SECURELY FIELD CONFIGURABLE DEVICE - A field configurable device, such as an FPGA, supports secure field configuration without using non-volatile storage for cryptographic keys on the device and without requiring a continuous or ongoing power source to maintain a volatile storage on the device. The approach can be used to secure the configuration data such that it can in general be used on a single or a selected set of devices and/or encryption of the configuration data so that the encrypted configuration data can be exposed without compromising information encoded in the configuration data. | 10-28-2010 |
20100284534 | PACKET CIPHER ALGORITHM BASED ENCRYPTION PROCESSING DEVICE - A packet cipher algorithm based encryption processing device includes a key expand unit and an encryption unit. The key expand unit comprises a key expand unit data registration component and at least one key expand unit data conversion component. The encryption unit comprises an encryption unit data registration component and at least one encryption unit data conversion component, and the number of the encryption unit data conversion component is the same as that of the key expand unit data conversion component, and besides, they are one to one. A sub-key output of each key expand unit data conversion component connects the corresponding sub-key input of each encryption unit data conversion component to solve the technical problems that the encryption efficiency of the prior packet cipher algorithm based encryption processing device is low and the cost is high. The advantage of the present invention is reducing the resource consumption and further reducing the achievement cost of the device under the premise of keeping the high efficiency of the prior art. | 11-11-2010 |
20100290618 | Method and Apparatus for Authenticating a User - A method of generating a private key for use in an authentication protocol comprises, at a client: receiving a user specific identifier; converting the identifier through a one-way function to a string of a pre-determined length; and mapping said string to a permutation π | 11-18-2010 |
20100296651 | ENCRYPTION APPARATUS AND METHOD THEREFOR - An encryption apparatus ( | 11-25-2010 |
20100310069 | System and method for secure communication of components inside self-service automats - Method to secure the communication of components within self-service automats that are linked to each other by a bus system, having a transmitter and a receiver, characterized in that data are exchanged as tuples (C,A,R,N,Z) on the transport layer of the bus system where
| 12-09-2010 |
20100310070 | Generation and Use of a Biometric Key - In a control system comprising control device adapted for, on the one hand, receiving signal indicating a first biometric datum (W), and, on the other hand, obtaining a second biometric datum captured (w′), at the level of the control device, the first and second biometric date are compared. Next, it is decided whether the first and second biometric data correspond on the basis of the comparison. Thereafter, at least a secret cryptographic key part (H(w)) is generated by applying cryptographic function to the first biometric datum. | 12-09-2010 |
20100316217 | GENERATING A SESSION KEY FOR AUTHENTICATION AND SECURE DATA TRANSFER - A device for generating a session key which is known to a first communication partner and a second communication partner, for the first communication partner, from secret information which may be determined by the first and second communication partners, includes a first module operable to calculate the session key using a concatenation of at least a part of a random number and a part of the secret information. The device also includes a second module operable to use the session key for communication with the second communication partner. | 12-16-2010 |
20100322416 | SYSTEM, APPARATUS AND METHOD FOR LICENSE KEY PERMUTATION - A system and method of dynamically altering the encoding, structure or other attribute of a cryptographic key, typically a license activation key, to render useless keys that have been created by illegal key generation “cracks”. An encoding/decoding engine provides a plurality of key obfuscation algorithms that may alter the structure, encoding or any other attribute of a given key. A changeable combination code is supplied to the encoding/decoding engine that specifies a subset of the algorithms to apply during the encoding or decoding phase. The encoding engine is used during key generation and the decoding engine used during key usage. The same combination code must be used during decoding as was used during encoding to recover the original key or a valid key will not be recovered. Thus, a system can be rapidly re-keyed by selecting a new combination of encoding/decoding algorithms. The selection of algorithms comprises a combination code. The new combination code will result in keys that are incompatible with any existing illegal key generators. | 12-23-2010 |
20100329452 | Generation of key streams in wireless communication systems - Security key stream generation in a communication apparatus. The method includes using a count parameter and a bearer parameter as input, value of said count parameter being incremented as security key streams are generated and value of the count parameter having a finite maximum value; detecting value of the count parameter reaching a predetermined value; and responsive to the detecting, changing value of the bearer parameter into a new value, and resetting value of the count parameter to a value below the maximum value. | 12-30-2010 |
20100329453 | ROUNDING FOR SECURITY - A system may generate from a first value, based on rounding information, a first security key that matches a second security key whenever the first value and a second value from which the second security key is generated differ by less than a non-zero predetermined amount. The second security key may be generated from the second value rounded to a multiple of a rounding interval that is nearest to the second value. The rounding information may include a rounding direction indication. The rounding direction indication may indicate the direction in which the second value is rounded to the multiple of the rounding interval nearest to the second value. | 12-30-2010 |
20100329454 | ENCRYPTION PARAMETER SETTING APPARATUS, KEY GENERATION APPARATUS, CRYPTOGRAPHIC SYSTEM, PROGRAM, ENCRYPTION PARAMETER SETTING METHOD, AND KEY GENERATION METHOD - A sophisticated cryptographic system is realized without using a pairing operation on a composite order. A random matrix selection unit | 12-30-2010 |
20110002461 | Method and System for Electronically Securing an Electronic Biometric Device Using Physically Unclonable Functions - A system for securing an integrated circuit chip used for biometric sensors, or other electronic devices, by utilizing a physically unclonable function (PUF) circuit. These PUF functions are in turn used to generate security words and keys, such as an RSA public or private key. Such a system can be used to protect biometric security sensors and IC chips, such as fingerprint sensors and sensor driver chips, from attack or spoofing. The system may also be used in an efficient method to produce unique device set-up or power-up authentication security keys. These keys can be generated on a low frequency basis, and then frequently reused for later security verification purposes. In operation, the stored keys can be used to efficiently authenticate the device without the need to frequently run burdensome security key generation processes each time, while maintaining good device security. | 01-06-2011 |
20110019818 | SYSTEM FOR LOCKING ELECTRONIC DEVICE AND METHOD THEREOF - A system for locking an electronic device is provided. The system includes an electronic device, and electronic keys electrically connected to the electronic device. The electronic key includes a plurality of resistors which are connected in series, the resistance value of the electronic key is changeable by coupling different resistors of the electronic key. The electronic device comprises of a processing unit and a function key. When the function key produces locking command in response to user operation, the processing unit obtains the resistance value of the electronic key and produce encryption key according to the obtained resistance value to unlock the electronic device. When the function key produces unlocking command, the processing unit decodes the encryption key and unlocks the electronic device when determining the obtained value matches the decoded encryption key. | 01-27-2011 |
20110033045 | COUNTERMEASURE METHOD FOR PROTECTING STORED DATA - A method of read or write access by an electronic component of data, including generating a first secret key for a first data of an ordered list of data to access, and for each data of the list, following the first data, generating a distinct secret key by means of a deterministic function applied to a secret key generated for a previous data of the list, and the application of a cryptographic operation to each data to be read or to be written of the list, carried out by using the secret key generated for the data. | 02-10-2011 |
20110038477 | RE-KEYING DATA IN PLACE - A system comprises an encryption engine and a host processor coupled to the encryption engine. The host processor determines when a time period has expired for a unit of data. Upon determining that the time period has expired, the host processor causes the encryption engine to re-key the unit of data in place. | 02-17-2011 |
20110038478 | Digital signature generation apparatus, digital signature verification apparatus, and key generation apparatus - A digital signature generation apparatus includes memory to store finite field F | 02-17-2011 |
20110051929 | IMAGE PROCESSING APPARATUS, ELECTRONIC CERTIFICATE CREATION METHOD THEREOF AND RECORDING MEDIUM - An image processing apparatus includes: a key creator that creates one set of a secret key and a public key for each user; a reader that reads out an electronic certificate to certify a user, created by a certificate authority, and the user's own secret key, from a portable recording medium having this electronic certificate and the user's own secret key recorded therein; and a certificate creator that creates an electronic certificate including the public key created by the key creator, by giving a signature using the user's own secret key read out by the reader. | 03-03-2011 |
20110058668 | Secure group key management approach based upon N-dimensional hypersphere - This invention publishes a secure group key management approach based upon N-dimensional hypersphere. After initialization, the GC admits the new members and assigns identifiers to them when there are new members joining the group, and deletes the leaving members' private information when there are members leaving the group. If a lot of members join and other members leave the group at the same time, the GC deletes the leaving members' private information, admits the new members, assigns indemnifiers to the new members, and then chooses mapping parameters, mapping each member's and its private information to the points in a multi-dimensional space. The GC calculates the central point of the hypersphere, and publishes the central point, the mapping parameter and the identifiers of leaving members if there are members leave. The group members calculate the mapping points, and then calculate the group keys. The invention can effectively reduce user storage, user computation, and amount of update information while re-keying. The independence of the group keys can be kept. | 03-10-2011 |
20110064216 | CRYPTOGRAPHIC MESSAGE SIGNATURE METHOD HAVING STRENGTHENED SECURITY, SIGNATURE VERIFICATION METHOD, AND CORRESPONDING DEVICES AND COMPUTER PROGRAM PRODUCTS - A cryptographic message signature method are provided, which have strengthened security. The method implements two sets of signature algorithms SA | 03-17-2011 |
20110075838 | Technique for Distributing Software - A computer program product and method for installing downloaded software on a client system over a network is described. The product and method include generating an access key by receiving an installation key produced using a random number generated from a seed that is the value of a client system internal clock at the exact moment in time to the millisecond at which a software installation program was run on the client produce the access code by modulo combining the installation key and user name received by the client system. | 03-31-2011 |
20110075839 | SYSTEM AND METHOD FOR QUANTUM CRYPTOGRAPHY - Provided are a system and a method for quantum cryptography. The method includes generating the same quantum cryptography key in a transmitter and a receiver by measuring a composite-quantum-system made of a plurality of sub-quantum-systems in each of the transmitter and the receiver connected to each other through a quantum channel, wherein a part of the sub-quantum-systems is confined within the transmitter in order not to expose the entire composite-quantum-system to an outside of the transmitter and the composite-quantum-system cannot be determined without disturbing the composite-quantum-system at the outside of the transmitter. | 03-31-2011 |
20110085659 | Method and apparatus for generating a signature for a message and method and apparatus for verifying such a signature - A method of generating a signature σ for a message m, the method enabling online/offline signatures. Two random primes p and q are generated, with N=pq; two random quadratic residues g and x are chosen in Z* | 04-14-2011 |
20110085660 | AES ALGORITHM-BASED ENCRYPTION APPARATUS AND METHOD FOR MOBILE COMMUNICATION SYSTEM - A method and apparatus for improving hardware flexibility for encrypting data based on the Advanced Encryption Standard (AES) block algorithm is provided. An encryption apparatus is equipped with a shared logic including a mode detector which detects a current AES mode performed by an AES block algorithm, a shared hardware for use in the detected AES mode, and a key controller which generates a key for performing encryption/decryption in the AES mode. | 04-14-2011 |
20110091036 | Cryptographic Key Generation - A technique for generating a cryptographic key ( | 04-21-2011 |
20110103581 | METHOD AND APPARATUS FOR GENERATING NON-INTERACTIVE KEY AND METHOD FOR COMMUNICATION SECURITY USING THE SAME - A method and apparatus for generating a non-interactive key, and a method for communication security using the same. A event is detected, and keys are generated based on the detected event. Thus, keys are generated using a small number of calculating operations with a simple interface and thus a user may easily generate the keys, and the performance of an apparatus using the keys is improved. In addition, the keys are generated without wireless interaction between nodes, thereby improving communication security. | 05-05-2011 |
20110116627 | Fast Key-changing Hardware Apparatus for AES Block Cipher - A fast key-changing hardware apparatus, which generates one sub-key each clock cycle, which is used by advanced encryption system (AES) algorithm block cipher, is independent from the AES algorithm block cipher. The invented apparatus automatically generate expanded keys from the input cipher key, store them in the key expanded RAM and ready to be used by the AES algorithm block cipher. If the key changing and the key expanding speed in the fast key-changing device is as fast as the data block (i.e. 128, 192, or 256 bits) processing speed in the AES algorithm block cipher, the cipher system has the characteristic of one-time pad perfect cryptography. When using this device with a fixed key cipher system, the original input cipher key can be detached or destroyed from the system and guarantees the safety of the cipher key. | 05-19-2011 |
20110116628 | Cryptographic key split binder for use with tagged data elements - A process of cryptographically securing a data object including one or more respectively tagged data elements includes selecting a tagged data element from among a plurality of tagged data elements, based on an associated data tag. A plurality of cryptographic key splits is generated from seed data. The cryptographic key splits are bound together to produce a first cryptographic key. A second cryptographic key is generated based on security requirements of the data object. The tagged data element is encrypted using the first cryptographic key. The data object encrypting using the second cryptographic key. At least one of the cryptographic key splits is based on the associated data tag. | 05-19-2011 |
20110116629 | METHODS, APPARATUSES AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING MULTI-HOP CRYPTOGRAPHIC SEPARATION FOR HANDOVERS - A method, apparatus and computer program product are provided to provide cryptographical key separation for handovers. A method is provided which includes calculating a key based at least in part upon a previously stored first intermediary value. The method also includes calculating a second intermediary value based at least in part upon the calculated key. The method additionally includes sending a path switch acknowledgement including the second intermediary value to a target access point. The method may further include receiving a path switch message including an indication of a cell identification and calculating the encryption key based upon the indication of the cell identification. The method may further include storing the second intermediary value. The calculation of the key may further comprise calculating the key following a radio link handover. Corresponding apparatuses and computer program products are also provided. | 05-19-2011 |
20110123021 | SURROGATE KEY GENERATION USING CRYPTOGRAPHIC HASHING - The present invention relates to a method or system of generating a surrogate key using cryptographic hashing. One embodiment of the method of the present invention may have steps such as selecting a field or group of fields that is or are unique among all records in the database, for each record, extracting the data from the fields, concatenating the extracted data into an input message, running the input message through a hash generator, either in batches or one at a time, for testing purposes perhaps, and outputting a surrogate key. | 05-26-2011 |
20110129087 | System and Method for Encrypting and Decrypting Data - A method is provided for creating an encrypted data file from a data file having a sample entry box and a media data box. The sample entry box has description information therein. The media data box includes media data therein. The method includes: receiving the data file; encrypting the media data within the media data box with an encryption key; replacing the sample entry box with an encoded box; creating a sinf box within the encoded box; creating a form a box within the sinf box; and creating an schm box within the sinf box. The schm box indicates the type of formatting of the encrypted media data. The encoded box does not include an initial counter that may be used to decrypt the encrypted media data. | 06-02-2011 |
20110129088 | METHOD AND SYSTEM FOR AUTHENTICATING A MOBILE TERMINAL IN A WIRELESS COMMUNICATION SYSTEM - A method and system for authenticating in a wireless communication system. The system includes a Mobile Terminal (MT), an authenticator, and an Authentication, Authorization, Accounting (AAA) server. When the authenticator requests NAI information for authentication, the MT adds an authentication code to the NAI, and sends a response message including the NAI information to the authenticator. The authenticator relays the NAI to which the authentication code is added, to the AAA server. The AAA server extracts the authentication code from the NAI information, verifies the authentication of the MT, generates a new authentication key, and transmits the new authentication key to the authenticator. | 06-02-2011 |
20110150212 | COMPUTER IMPLEMENTED METHOD FOR GENERATING A SET OF IDENTIFIERS FROM A PRIVATE KEY, COMPUTER IMPLEMENTED METHOD AND COMPUTING DEVICE - The invention relates to a computer implemented method for generating a set of identifiers from a private key, the method comprising the steps of: calculating a set of public keys, wherein the private key and each public key of the set of public keys form an asymmetric cryptographic key pair; and outputting the identifiers comprising the public keys. | 06-23-2011 |
20110150213 | WHITE-BOX IMPLEMENTATION - A system for enabling a device to compute an outcome of an exponentiation C | 06-23-2011 |
20110158403 | ON-THE-FLY KEY GENERATION FOR ENCRYPTION AND DECRYPTION - Methods and apparatus to provide on-the-fly key computation for Galois Field (also referred to Finite Field) encryption and/or decryption are described. In one embodiment, logic generates a cipher key, in a second cycle, based on a previous cipher key, generated in a first cycle that immediately precedes the second cycle. Other embodiments are also described. | 06-30-2011 |
20110158404 | REBINDING OF CONTENT TITLE KEYS IN CLUSTERS OF DEVICES WITH DISTINCT SECURITY LEVELS - According to one embodiment of the present invention, a system, method, and computer program product is provided for rebinding title keys in clusters of devices with distinct security levels in broadcast encryption systems. The method includes receiving a new management key and unbinding an encrypted title key with a previously used management key, the title key having a security class and residing in a title key block for a device having a security class, the device being in a cluster of devices including devices having a plurality of security classes. If the device security class is lower that the title key security class, the unbound title key is partially rebound with the new management key. the partially rebound title key is then saved in the title key block for the device. | 06-30-2011 |
20110158405 | KEY MANAGEMENT METHOD FOR SCADA SYSTEM - Disclosed is a shared key management method for SCADA system in which a master terminal unit (MTU), a plurality of sub-master terminal units (sub-MTUs), and a plurality of remote terminal units (RTUs) are sequentially and hierarchically structured, comprising the steps of: generating shared keys of a group key in a tree structure by the MTU, the tree structure including a binary tree ranging from a root node corresponding to the MTU to intermediate nodes corresponding to the sub-MTUs; storing shared keys of descendant nodes and ancestor nodes of an intermediate node of a sub-MTU by the sub-MTU; and updating, upon updating of a shared key of an intermediate node, all shared keys of on-path nodes from the updated intermediate node to the root node, the shared keys of the on-path nodes being updated using their own shared keys and shared keys of off-path child nodes. | 06-30-2011 |
20110170686 | COMMUNICATION APPARATUS, CONTROL METHOD OF COMMUNICATION APPARATUS, COMPUTER PROGRAM, AND STORAGE MEDIUM - The security level is enhanced without impairing user operability when executing an automatic communication parameter setting processing. A communication apparatus which configures a network serves as a providing apparatus which provides communication parameters to a receiving apparatus which receives the provided communication parameters. At this time, whether or not an encryption key, which is included in the communication parameters, is generated randomly is determined based on the participation status of the communication apparatus in the network. | 07-14-2011 |
20110176675 | Method and system for protecting keys - A method of protecting a media key including obtaining the media key, obtaining an auxiliary key, calculating a split key using the media key and the auxiliary key, encrypting the split key using a wrap key to generate an encrypted split key, assembling the encrypted split key and a communication key to obtain a data bundle, and sending the data bundle to a token, where the media key is extracted from the data bundle on the token to protect data on a storage device. | 07-21-2011 |
20110176676 | METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT FOR EFFICIENT ELLIPTIC CURVE CRYPTOGRAPHY - A method, apparatus and computer program product are provided to more efficiently perform aspects of elliptic curve cryptography such as by more efficiently multiplying an integer k by a point P on an elliptic curve by decomposing the integer into integers k | 07-21-2011 |
20110188651 | KEY ROTATION FOR ENCRYPTED STORAGE MEDIA USING A MIRRORED VOLUME REVIVE OPERATION - Encryption key rotation is performed in computing environments having mirrored volumes by initializing a target storage media with a new key, performing a mirror revive operation from a first storage media to the target storage media, and configuring the first storage media and the target storage media to comprise a mirrored volume. | 08-04-2011 |
20110194687 | DATA-CONDITIONED ENCRYPTION METHOD - A system and method for encryption of data is disclosed. At least one block of the data is received. The at least one block of data is modified to cause each unique data element within the at least one block to appear with a respective predetermined frequency ratio. The block of data is encrypted into ciphertext based at least on an encryption key. | 08-11-2011 |
20110200189 | ENCODER AND DECODER APPARATUS AND METHODS WITH KEY GENERATION - Embodiments provide remote control encoders and decoders, encryption algorithms, key generation, systems and methods, singularly and in combination, and not limited thereto. | 08-18-2011 |
20110206201 | METHOD OF GENERATING A CRYPTOGRAPHIC KEY, NETWORK AND COMPUTER PROGRAM THEREFOR - The present invention relates to security systems for communication networks. More precisely, the invention relates to a method for generating a shared key between a first node (D | 08-25-2011 |
20110211690 | PROTOCOL FOR PROTECTING CONTENT PROTECTION DATA - Through the use of a one-time-use nonce, the transfer of cryptographic data over a potentially insecure link in a two-factor content protection system is avoided. The nonce may be stored encrypted with a public key from a smart card. A random key may be used to produce a storage key, which is used to encrypt a content protection key. The random key may be stored, encrypted with a key derived from the nonce. Instead of receiving a raw content protection key over the potentially insecure link, the raw nonce is received and, once used, replaced with a new nonce. | 09-01-2011 |
20110222685 | Storage devices having a security function and methods of securing data stored in the storage device - A storage device may include a storage unit that stores data transmitted via a plurality of first wires; and a security control unit that controls connection between each of a plurality of second wires connected to an external device and each of the plurality of first wires by programming a plurality of switching devices according to an encryption key. | 09-15-2011 |
20110222686 | METHOD FOR ISSUING IC CARD STORING ENCRYPTION KEY INFORMATION - It is possible to issue an. IC card storing unique encryption key information in such a manner that re-issuing is enabled and sufficient security can be assured. An IC card provider X delivers an IC card having a group code G(A) to a company A and an IC card having a group code G(B) to a company B. When a company staff α inputs a unique personal code P(α) and performs initialization, in the IC card, calculation is performed according to a predetermined algorithm using the P(α) and G(A). Data uniquely determined by the calculation is stored as encryption key information K(α) in the IC card. Even if the company staff α loses the IC card, it is possible to obtain the IC card having the same encryption key information K(α) as before by performing initialization again by using the IC card delivered by the IC card provider X. | 09-15-2011 |
20110268269 | COMPUTER IMPLEMENTED METHOD FOR GENERATING A PSEUDONYM, COMPUTER READABLE STORAGE MEDIUM AND COMPUTER SYSTEM - The invention relates to a computer implemented method for generating a pseudonym for a user comprising entering a user-selected secret, storing the user-selected secret in memory, computing a private key by applying an embedding and randomizing function onto the secret, storing the private key in the memory, computing a public key using the private key, the public key and the private key forming an asymmetric cryptographic key, erasing the secret and the private key from the memory, and outputting the public key for providing the pseudonym. | 11-03-2011 |
20110274272 | DATA TRANSMISSION SYSTEM - A cipher key is generated by first information shared in secrete between a data transmitting unit | 11-10-2011 |
20110280397 | Method and System for Secret Key Exchange Using Wireless Link Characteristics and Random Device Movement - A new methodology to exchange a random secret key between two parties. The diverse physical characteristics of the wireless medium and device mobility are exploited for secure key exchange. Unique physical characteristics of wireless channels between the two devices are measured at different random locations. A function of these unique characteristics determines the shared secret key between the two devices. | 11-17-2011 |
20110299679 | CONTROLLER, CONTROL METHOD, COMPUTER PROGRAM, RECORDING MEDIUM FOR COMPUTER PROGRAM, RECORDING APPARATUS, AND MANUFACTURING METHOD FOR RECORDING APPARATUS - A controller for embedding in a recording medium apparatus in order to control memory access comprises a unique key generation unit that generates a unique key assigned to the controller, a decryption unit that acquires encrypted key information generated by encrypting a private key for the recording medium apparatus with the unique key, and that decrypts the encrypted key information so acquired with the unique key to generate decrypted information; a private key verification unit that verifies whether or not the decrypted information is the private key, and an encrypted key information write unit that writes the encrypted key information so acquired to memory when the decrypted information is verified to be the private key. | 12-08-2011 |
20110305333 | Method and Apparatus for Virtual Pairing with a Group of Semi-Connected Devices - One feature provides a method for a client node to establish a session key with a group node by obtaining an epoch identity value associated with a current epoch, wherein obtaining the epoch identity value includes one of computing the epoch identity value based on a node real time or negotiating the epoch identity value with the group node, computing a restricted key using a shared secret key, the epoch identity value, and a group node identity associated with the group node, and executing a session key establishment protocol with the group node to derive the session key using the restricted key as a master key in the session key establishment protocol. The session key may be established between the group node and the client node even though communications between the group node and the central node is only intermittently available during the current epoch. | 12-15-2011 |
20120002808 | Interleaving and deinterleaving method for preventing periodic position interference - A method for implementing volatile cipher key and separate verification module by collecting physical features includes: physical features sensor is set on the handset, and control module can be set separately; physical features sensor can collect physical features information of every user in advance, and the physical features can be transmitted to control module, and stored in user database; after physical features sensor went away the user's body or cipher sent successfully, cipher temporary storage unit reset; when registered user is operating again by using handset, control unit can retrieve cipher data in said user database, and check whether same records exist or not; if same record exist, control unit give a instruction to lower-stage controlled object; if not, control unit delivers a warning information, and store an error record. | 01-05-2012 |
20120008769 | Method and System For Managing A Distributed Identity - A method for managing a distributed identity, including retrieving identification data of a user, wherein the identification data includes a username, a password, and metadata; receiving, from a general-use device, a unique physical identifier of the user; combining the unique physical identifier and the identification data to create a unique identity record of the user; encrypting at least a component of the unique identity record; creating a hash of an identifying token of the unique identity record; passing the hash of the identity token of the unique identity record to be parsed into a hierarchy; organizing the unique identity record in a distributed database of a plurality of unique identity records; and storing the unique identity record, containing the encrypted component, in the distributed database of the plurality of unique identity records. | 01-12-2012 |
20120008770 | DATA PROCESSING DEVICE AND DATA PROCESSING METHOD - A data encryption device is connected between an HDD and an HDD controller that controls the HDD. The data encryption device encrypts data that is stored from the HDD controller to the HDD, and decrypts data that is read from the HDD. A CPU of the data encryption device receives a command issued from the HDD controller to the HDD, and determines whether the command is executable at the HDD. When it is determined that the command is executable, the command is issued to the HDD. On the other hand, when it is determined that the command is unexecutable, the CPU prohibits issuance of the command to the HDD. Furthermore, when a command issued to the HDD is a specific command, the CPU bypasses data transferred between the HDD controller and the HDD without encryption or decryption. | 01-12-2012 |
20120014520 | BIOMETRIC ENCRYPTION AND KEY GENERATION - A system, method and program product for generating a private key. A system is disclosed that includes a signal acquisition system for obtaining biometric input from a user and encoding the biometric input into an acquired biometric; a recognition system for determining an identity based on the acquired biometric and outputting an absolute biometric associated with the identity; an input device for accepting a knowledge input from the user; and a key generator that generates a private key based on the knowledge input and the absolute biometric. | 01-19-2012 |
20120014521 | MOBILE PHONE AIDED OPERATIONS SYSTEM AND METHOD - The present system and method uses multiple digital devices with possibly different users operating in concert, for performing authentication and other cryptographic operations. The multiple digital devices include, for example, a mobile device such as a cellular phone, as a central building block. | 01-19-2012 |
20120020476 | Method for Performing a Cryptographic Task in an Electronic Hardware Component - A method and apparatus are provided to perform a cryptographic task on at least one numerical datum in an electronic hardware component. The method includes a step of at least partial use of an encryption function. This encryption function includes a basic encryption function obtained by the addition between an intermediate function arising from composition of a coding function with a first function, and a second function. This method can be applied to the encryption of a datum or to the decryption of a datum. Also, a method is provided for generating a public key and a device able to implement one of these methods. | 01-26-2012 |
20120027205 | IDENTITY AUTHENTICATION AND SHARED KEY GENERATION METHOD - The invention relates to an identity authentication and key negotiation method. In order to overcome the defects in the prior art that security of authentication methods is not high, the invention discloses an identity authentication and shared key generation method. In the technical solution of the invention, a key authority issues a pair of public key | 02-02-2012 |
20120027206 | INFORMATION GENERATION APPARATUS,METHOD, PROGRAM, AND RECORDING MEDIUM THEREFOR - Hierarchical cryptography expressed in a general semiordered structure other than a tree structure is implemented. In information generation, random numbers σ | 02-02-2012 |
20120033807 | DEVICE AND USER AUTHENTICATION - A method of authenticating a device and a user comprises obtaining a device ID for the device, performing a biometric measurement of the user, obtaining helper data for the user, and generating a key from the biometric measurement and helper data. There is then generated a message comprising the key or a component derived from the key, which transmitted to a remote service, and at the service there is carried out the step of authenticating the device and the user with the message. In a preferred embodiment, the generating of the key further comprises generating the key from the device ID. | 02-09-2012 |
20120033808 | Method and Apparatus for Generating a Public Key in a Manner That Counters Power Analysis Attacks - A public key for an Elliptic Curve Cryptosystem is generated in a manner that acts as a countermeasure to power analysis attacks. In particular, a known scalar multiplication method is enhanced by, in one aspect, performing a right shift on the private key. The fixed-sequence window method includes creation and handling of a translated private key. Conveniently, as a result of the right shift, the handling of the translated private key is made easier and more efficient. | 02-09-2012 |
20120039465 | Fast Computation Of A Single Coefficient In An Inverse Polynomial - In one exemplary embodiment of the invention, a method for computing a resultant and a free term of a scaled inverse of a first polynomial v(x) modulo a second polynomial f | 02-16-2012 |
20120039466 | Method of Compressing a Cryptographic Value - A computer implemented method of compressing a digitally represented cryptographic value. The method comprising the steps of: (a) selecting a secret value; (b) performing a cryptographic operation on the secret value to generate the cryptographic value; (c) determining whether the cryptographic value satisfies the pre-determined criteria; and (d) repeating the sequence of steps starting at step (a) until the cryptographic value satisfies the pre-determined criteria. | 02-16-2012 |
20120057698 | ORGANIC KEYED ENCRYPTION - An encryption technique that creates a unique encryption key or fingerprint based on unique physical and electrical characteristics of a target electronic assembly to be protected. The encryption key can be constructed by exploiting the manufacturing variances present in all electronic elements including active elements and passive elements. Active elements include, for example: oscillators/clocks, internal I/O controllers, external I/O controllers, memory, processors, and digital power converters. Passive elements include, for example: internal I/O interconnects, external I/O interconnects, memory buses, and power buses. The encryption key can also include one or more environmental condition thresholds. | 03-08-2012 |
20120057699 | METHOD AND APPARATUS FOR ESTABLISHING A KEY AGREEMENT PROTOCOL - A system and method for generating a secret key to facilitate secure communications between users. A first and second and a function between the two monoids are selected, the function being a monoid homomorphism. A group and a group action of the group on the first monoid is selected. Each user is assigned a submonoid of the first monoid so that these submonoids satisfy a special symmetry property determined by the function, a structure of the first and second monoids, and the action of the group. A multiplication of an element in the second monoid and an element in the first monoid is obtained by combining the group action and the monoid homomorphism. First and second users choose private keys which are sequences of elements in their respective submonoids. A first result is obtained by multiplying an identity element by the first element of the sequence in a respective submonoid. Starting with the first result, each element of the user's private key may be iteratively multiplied by the previous result to produce a public key. Public keys are exchanged between first and second users. Each user's private key may be iteratively multiplied by the other user's public key to produce a secret key. Secure communication may then occur between the first and second user using the secret key. | 03-08-2012 |
20120063593 | OBLIVIOUS TRANSFER WITH HIDDEN ACCESS CONTROL LISTS - A method, apparatus, and a computer readable storage medium having computer readable instructions to carry out the steps of the method for anonymous access to a database. Each record of the database has different access control permissions (e.g. attributes, roles, or rights). The method allows users to access the database record while the database does not learn who queries a record. The database does not know which record is being queried: (i) the access control list of that record or (ii) whether a user's attempt to access a record had been successful. The user can only obtain a single record per query and only those records for which he has the correct permissions. The user does not learn any other information about the database structure and the access control lists other than whether he was granted access to the queried record, and if so, the content of the record. | 03-15-2012 |
20120063594 | METHOD FOR CREATING ASYMMETRICAL CRYPTOGRAPHIC KEY PAIRS - The invention relates to a method for creating a set of asymmetrical cryptographic key pairs, wherein the set of key pairs has a first key pair (K | 03-15-2012 |
20120069995 | CONTROLLER CHIP WITH ZEROIZABLE ROOT KEY - The present invention is a data storage device that includes a control chip with a zeroizable root key. In one embodiment, the control chip comprises a digital memory, the zeroizable root key being a derived root key obtained by applying a firmware root key to a different root key stored within the digital memory such that the setting of each bit of the different root key is locked. | 03-22-2012 |
20120069996 | SYSTEM AND METHOD FOR ENCRYPTING TRAFFIC ON A NETWORK - According to embodiments of the present invention a system and method for encrypting traffic on a network is disclosed. Encrypted data is transmitted between a first network element and a second network element by: acquiring an encryption seed at the first network element, the encryption seed being substantially similar to a decryption seed at the second network element; generating at least one encryption key from the encryption seed; receiving data; encrypting the data using the encryption key to generate encrypted data; transmitting the encrypted data from the first network element to the second network element via a network; and updating the encryption seed at the first network element in response to an event trigger | 03-22-2012 |
20120076294 | ARITHMETIC METHOD AND APPARATUS FOR SUPPORTING AES AND ARIA ENCRYPTION/DECRYPTION FUNCTIONS - Provided are an arithmetic method and apparatus for supporting Advanced Encryption Standard (AES) and Academy, Research Institute and Agency (ARIA) encryption/decryption functions. The apparatus includes: a key scheduler for generating a round key using an input key; and a round function calculator for generating encrypted/decrypted data using input data and the round key. Here, the round function calculator includes an integrated substitution layer and an integrated diffusion layer capable of performing both AES and ARIA algorithms. | 03-29-2012 |
20120082308 | Methods and Apparatus For Configuring Multiple Logical Networks of Devices on a Single Physical Network - Methods and apparatus for configuring multiple logical networks that share a common transmission medium are presented. According to an exemplary embodiment, an apparatus for configuring multiple logical networks of devices on a single physical network includes a transceiver configured to exchange information with devices connected to a shared bus of the physical network. The apparatus includes logic configured to assign a network number to a new logical network when the apparatus is first activated on the shared bus, the assigned network number being different from network numbers associated with other logical networks using the shared bus. | 04-05-2012 |
20120087493 | METHOD FOR SECURING CREDENTIALS IN A REMOTE REPOSITORY - A method of securing user credentials in a remote repository is provided. In accordance with one embodiment, there is provided a method comprising generating a first private key and a first public key pair from a registered password; generating a second private key and a second public key pair; generating a storage key from the second private key and the first public key; encrypting a set of credentials using the storage key; creating a encrypted credential signature from the encrypted set of credentials and the first private key; and storing the encrypted set of credentials, the encrypted credential signature, and the second public key in the remote repository. | 04-12-2012 |
20120099726 | CONTENT PROTECTION APPARATUS AND METHOD USING BINDING OF ADDITIONAL INFORMATION TO ENCRYPTION KEY - The present invention relates to a content protection apparatus and method using binding of additional information to an encryption key. The content protection apparatus includes an encryption unit for creating an encryption key required to encrypt data requested by a user terminal and then generating encrypted data in which the data is encrypted. An additional information management unit manages additional information including authority information about the encrypted data. A White-Box Cryptography (WBC) processing unit generates a WBC table required to bind the encryption key corresponding to the encrypted data to the additional information. A bound data generation unit generates bound data in which the encrypted key is bound to the additional information, using a cipher included in the WBC table. | 04-26-2012 |
20120114119 | SYSTEM AND METHOD FOR PROTECTING SPECIFIED DATA COMBINATIONS - A method in one example implementation includes extracting a plurality of data elements from a record of a data file, tokenizing the data elements into tokens, and storing the tokens in a first tuple of a registration list. The method further includes selecting one of the tokens as a token key for the first tuple, where the token is selected because it occurs less frequently in the registration list than each of the other tokens in the first tuple. In specific embodiments, at least one data element is an expression element having a character pattern matching a predefined expression pattern that represents at least two words and a separator between the words. In other embodiments, at least one data element is a word defined by a character pattern of one or more consecutive essential characters. Other specific embodiments include determining an end of the record by recognizing a predefined delimiter. | 05-10-2012 |
20120114120 | STORAGE DEVICE, ACCESS DEVICE, AND PROGRAM PRODUCT - In general, according to one embodiment, a storage device includes a data storage, a key storage, a receiver, an acquisition unit, a first computing unit, and a second computing unit. The data storage stores therein data. The key storage stores therein a plurality of device keys. The receiver receives identification information on an access device that accesses the data. The acquisition unit acquires an index specifying one of the device keys stored in the key storage. The first computing unit computes a second key based on the device key specified by the index and the identification information, the second key being used to perform an operation on key information acquired by performing an operation on a first key shared with the access device. The second computing unit computes the first key by performing an operation on the key information using the second key. | 05-10-2012 |
20120128152 | BROADCAST ENCRYPTION BASED MEDIA KEY BLOCK SECURITY CLASS-BASED SIGNING - Provided are techniques for verifying, by a first device, that a management key block of a second device is valid. A management key block that includes a plurality of verification data, each of the plurality associated with a plurality of security classes ranked from a high to low, is generated. The first device, which is associated with a security class that is higher than a security class associated with the second device, verifies a management key block of the second device by calculating a management key precursor associated with the higher security class and verifying verification data associated with the higher security class. In this manner, the second device is unable to pass an unauthorized, or “spoofed,” management key block. | 05-24-2012 |
20120134494 | Data Control Method of Cloud Storage - The present application relates to the field of technology of cloud storage data security, and in particular, relates to a data control method of cloud storage. The method comprises: converting the original data by a preset method into irreversible data blocks to form a physical part of the original data, and storing it in the cloud storage data center; outputting information necessary for data restoration of the process of converting the original data to the physical part, as a logical part of the original data, and storing the logical part of the original data in an original data owner controlled storage media. In this invention, the original data to be stored is converted into the physical part, which is then stored in a cloud storage data center. The logical part of the original data required for restoring the physical part to the original data is controlled by owners of the original data. Therefore, the original data owners can control the physical part of data, which physically occupies a large space by controlling the logical part, which physically occupies a small space and therefore, control their data in a cloud storage data center. | 05-31-2012 |
20120140921 | RSA-ANALOGOUS XZ-ELLIPTIC CURVE CRYPTOGRAPHY SYSTEM AND METHOD - The RSA-analogous XZ-elliptic curve cryptography system and method provides a computerized system and method that allows for the encryption of messages through elliptic polynomial cryptography and, particularly, in a manner which is analogous to RSA cryptography but which does not require multiple private keys, as in the RSA scheme. The RSA-analogous XZ-elliptic curve cryptography method is based on the integer factorization problem. It is well known that the integer factorization problem is a computationally “difficult” or “hard” problem. | 06-07-2012 |
20120140922 | Method for Generating Private Keys in Wireless Networks - The first and second nodes in a wireless network estimate first and second channel response. The first node quantizes the first channel response to produce a first bit sequence, and a feed-forward message, which is transmit as a feed-forward message to the second node. The second node quantizes the second channel response using the feed-forward message to produce and an estimate of the first bit sequence, a second bit sequence and a feed-back message, which is transmitted to the first node. Then, the first and second nodes delete bits in the respective bit sequences using the feed-back and feed-forward message to generate first and second private keys with low bit mismatch rate. | 06-07-2012 |
20120155635 | ATTRIBUTE BASED ENCRYPTION USING LATTICES - A master public key is generated as a first set of lattices based on a set of attributes, along with a random vector. A master secret key is generated as a set of trap door lattices corresponding to the first set of lattices. A user secret key is generated for a user's particular set of attributes using the master secret key. The user secret key is a set of values in a vector that are chosen to satisfy a reconstruction function for reconstructing the random vector using the first set of lattices. Information is encrypted to a given set of attributes using the user secret key, the given set of attributes and the user secret key. The information is decrypted by a second user having the given set of attributes using the second user's secret key. | 06-21-2012 |
20120155636 | On-Demand Secure Key Generation - A method is provided for generating on-demand cryptographic keys in a vehicle-to-vehicle communication system. At least one unique identifier is obtained relating to a user of the vehicle. The host vehicle generates cryptographic keys for encrypting, decrypting, and authenticating secured messages between the host vehicle and at least one remote vehicle in the vehicle-to-vehicle communication system. The cryptographic keys are generated as a function of the at least one unique identifier. A respective cryptographic key used to decrypt or encrypt messages communicated between the host vehicle and the at least one remote entity is temporarily stored in a memory device of the host vehicle. The host vehicle utilizes the respective cryptographic key to decrypt or encrypt a secure message transmitted between the host vehicle and the remote vehicle. The respective cryptographic key temporarily stored in the memory device of the host vehicle is deleted after the vehicle-to-vehicle communications of the host vehicle is disabled. | 06-21-2012 |
20120155637 | SYSTEM AND METHOD FOR HARDWARE STRENGTHENED PASSWORDS - A cryptographic module and a computing device implemented method for securing data using a cryptographic module is provided. The cryptographic module may include an input component for receiving a password, an output component for outputting data to the computing device, a random number generator for generating a random number and a module processor operative to generate at least one cryptographic key using the generated random number, and to record an association between the received password linking the received password with the at least one cryptographic key in a data store accessible to the cryptographic module. | 06-21-2012 |
20120163590 | CRYPTOGRAPHY MODULE FOR USE WITH FRAGMENTED KEY AND METHODS FOR USE THEREWITH - A cryptography module includes a key store having a plurality of storage locations for storing a key as k key fragments including a plurality of random key fragments and a remainder key fragment. One or more crypto-processing segments each operate based on corresponding ones of the k key fragments to process an input signal to produce an output signal. | 06-28-2012 |
20120163591 | KEY DERIVATION FUNCTIONS TO ENHANCE SECURITY - A data input is divided into two segments. The second segment is raised to a power of a function of the first segment, the power being relatively prime to a function of a predefined modulus. The modulus is then applied to the result. The transformed data is assembled from the first segment and the remainder modulo the modulus. This data transformation can be applied in combination with a key derivation algorithm, a key wrapping algorithm, or an encryption algorithm to enhance the security of these other applications. | 06-28-2012 |
20120163592 | SYSTEMS AND METHODS FOR DISTRIBUTING AND SECURING DATA - A robust computational secret sharing scheme that provides for the efficient distribution and subsequent recovery of a private data is disclosed. A cryptographic key may be randomly generated and then shared using a secret sharing algorithm to generate a collection of key shares. The private data may be encrypted using the key, resulting in a ciphertext. The ciphertext may then be broken into ciphertext fragments using an Information Dispersal Algorithm. Each key share and a corresponding ciphertext fragment are provided as input to a committal method of a probabilistic commitment scheme, resulting in a committal value and a decommittal value. The share for the robust computational secret sharing scheme may be obtained by combining the key share, the ciphertext fragment, the decommittal value, and the vector of committal values. | 06-28-2012 |
20120170740 | CONTENT PROTECTION APPARATUS AND CONTENT ENCRYPTION AND DECRYPTION APPARATUS USING WHITE-BOX ENCRYPTION TABLE - A content protection apparatus using a white-box encryption table includes: a random number generation unit for generating a random number; a white-box encryption table for encrypting the random number and user information provided from a user to generate an encrypted output value; and an operation unit for performing an operation between the encrypted output value and data inputted from an outside to encrypt or decrypt the data. | 07-05-2012 |
20120183135 | RELIABLE PUF VALUE GENERATION BY PATTERN MATCHING - A method is used to reliably provision and re-generate a finite and exact sequence of bits, for use with cryptographic applications, e.g., as a key, by employing one or more challengeable Physical Unclonable Function (PUF) circuit elements. The method reverses the conventional paradigm of using public challenges to generate secret PUF responses; it exposes the response and keeps the particular challenges that generate the response secret. | 07-19-2012 |
20120183136 | APPARATUS AND METHOD FOR GENERATING A KEY FOR BROADCAST ENCRYPTION - An apparatus and method for generating a key for a broadcast encryption. The apparatus includes a node secret generator for managing a user that receives broadcast data in a tree structure and for generating a unique node secret for each node in the tree structure. The apparatus also includes an instant key generator for temporarily generating an instant key used at all nodes in common in the tree structure, and a node key generator for generating a node key for each node by operating the node secret generated at the node secret generator and the instant key generated at the instant key generator. Thus, key update can be efficiently achieved. | 07-19-2012 |
20120189119 | Method and Apparatus for Increasing the Speed of Cryptographic Processing - Encrypting data in as cascaded block cipher system may be accomplished by applying a first encryption algorithm using a secret shared between first and second parties as a key to generate a secret inner key; applying a second encryption algorithm for a predetermined number of rounds using the secret inner key to generate a plurality of blocks of ciphertext data from a plurality of blocks of plaintext data; and repeating the applying the first encryption algorithm and the applying the second encryption algorithm steps. | 07-26-2012 |
20120201376 | COMMUNICATION DEVICE AND KEY CALCULATING DEVICE - According to one embodiment, a communication device, which is connected to an external device, includes a key storage unit, an acquiring unit, a key selecting unit, and a calculating unit. The key storage unit stores therein a plurality of first information items obtained by twisting a plurality of device keys with first identification information for identifying the communication device. The acquiring unit acquires second identification information for identifying the external device. The key selecting unit selects one of the plurality of first information items using a media key block process. The calculating unit calculates a shared key, which is shared with the external device, using second information item obtained by twisting the selected first information item with the second identification information. | 08-09-2012 |
20120201377 | Authenticated Mode Control - Methods and systems for authenticated mode control in controlled devices are disclosed. A method for changing a mode in a controlled device from a current mode includes selecting one of several available key derivation functions based on a target mode, generating a target mode specific root key using a global root key and the selected key derivation function, and the use of that root key to affect a change of the controlled device to a target mode. Corresponding devices and systems are also disclosed. In one embodiment, the methods are applicable to a cable television distribution system and the changing of the operating mode of a set top box from one conditional access provider to another. | 08-09-2012 |
20120207300 | Method and Device for Generating Control Words - The present invention relates to the generation of n control words for encryption of a content item. A device obtains a first key K | 08-16-2012 |
20120207301 | SYSTEMS AND METHODS FOR ENCRYPTING DATA - Data encryption techniques are presented. According to an embodiment of a method, a cryptographic hash of unencrypted data for data block X−1 is generated, and a hash of an encryption key is generated. An initialization vector for data block X is generated using the cryptographic hash and the hash of the encryption key. Data block X−1 and data block X are logically contiguous and data block X−1 logically precedes data block X. Encryption data for data block X is generated from unencrypted data for data block X using the initialization vector. | 08-16-2012 |
20120213361 | SYSTEMS AND METHODS FOR DEVICE AND DATA AUTHENTICATION - Embodiments relate to systems and methods for authenticating devices and securing data. In embodiments, a session key for securing data between two devices can be derived as a byproduct of a challenge-response protocol for authenticating one or both of the devices. | 08-23-2012 |
20120213362 | Distribution Of Lock Access Data For Electromechanical Locks In An Access Control System - A method of updating lock access data for an electromechanical lock is disclosed. The lock is of a type capable of being actuated by a user desiring to open the lock with a key having electronic key data stored therein. Updated lock access data for the lock may be configured by an administrator from a remote site and communicated to the lock using public networks. According to the method, updated lock access data from the remote site for the lock is transmitted over a telecommunication channel to a mobile terminal. The updated lock access data is transmitted from the mobile terminal to the key using short-range wireless communication. When the user attempts to open the lock with the key, the updated lock access data as received from the mobile terminal is forwarded from the key to the lock. The lock verifies that the user is trusted and then accepts the updated lock access data as received from the key. | 08-23-2012 |
20120237023 | Secure Key Management - A system for implementing computer security is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method that includes creating a token and populating a payload section of the token with key material and selecting a wrapping method that specifies how the key material is securely bound to key control information. A structure of the key control information in the token is independent of the wrapping method. Implementing computer security also includes wrapping the key material and binding key control information to the key material in the token. The key control information includes information relating to usage and management of the key material. | 09-20-2012 |
20120237024 | Security System Using Physical Key for Cryptographic Processes - One embodiment of the invention is based on the recognition that by keeping the encryption key (DEK) in a key device, and using the key device to perform all encryption and decryption, where the DEK is not supplied to the computing system, the above noted security problems can be overcome. The encrypted information is stored in the computing system and not in the key device. However, without the key device, it is not possible to access the encrypted information stored in the computing system. Thus, the function of the key device is similar to that of a physical key used in daily life for unlocking a door or drawer, except that the user gains access to protected information instead of access to a building, drawer or car. | 09-20-2012 |
20120237025 | DEVICE AND METHOD FOR DETERMINING AN INVERSE OF A VALUE RELATED TO A MODULUS - A device for determining an inverse of an initial value related to a modulus, comprising a unit configured to process an iterative algorithm in a plurality of iterations, wherein an iteration includes two modular reductions and has, as an iteration loop result, values obtained by an iteration loop of an extended Euclidean algorithm. | 09-20-2012 |
20120243681 | SECURE COMMUNICATION SYSTEM - A method of encrypting data to be accessed only by a group of users comprises a user in the group receiving a user secret s | 09-27-2012 |
20120250857 | METHOD AND APPARATUS OF SECURELY PROCESSING DATA FOR FILE BACKUP, DE-DUPLICATION, AND RESTORATION - Disclosed are an apparatus and methods of performing a secure backup of at least one data file via an agent application. According to one example, the method may include determining the at least one data file requires a mirror backup file, and determining that the at least one data file is a candidate for de-duplication based on at least one data file characteristic. The method may also include creating a filekey based on at least a portion of the content of the at least one data file, and transmitting the filekey to a database query handler associated with a database to determine if the file has been de-duplicated. | 10-04-2012 |
20120250858 | APPLICATION USAGE CONTINUUM ACROSS PLATFORMS - A system for application usage continuum across client devices and platforms includes a first client device configured to execute a first instance of an application and a second client device configured to execute a second instance of the application. The first client device is configured to receive an indication to transfer operation of the first instance of the application running on the first client device to the second instance of the application on the second client device. The first client device is further configured to generate state information and data associated with execution of the first instance of the application on the first client device and cause the state information to be sent to the second client device to enable the second instance of the application on the second client device to continue operation of the application on the second client device using the state information from the first client device. | 10-04-2012 |
20120250859 | DATA ENCRYPTION METHOD AND SYSTEM AND DATA DECRYPTION METHOD - An embodiment of the invention provides a data encryption method for an electrical device. The method comprises: generating an identification code corresponding to the electrical device; generating a temporary key according to the identification code; encrypting first data to generate a first secret key according to the temporary key and a first encryption mechanism; and encrypting the first secret key by a second encryption mechanism to generate an encrypted key. | 10-04-2012 |
20120257743 | MULTIPLE INDEPENDENT ENCRYPTION DOMAINS - A stored object may be encrypted with an “object” cryptographic key. The object cryptographic key may be stored in metadata for the object and the metadata for the object may be encrypted using an “internal” cryptographic key associated with a particular encryption domain. The internal cryptographic key may be stored in a filesystem memory block associated with the particular encryption domain. A “domain” cryptographic key may be generated and stored associated with the particular encryption domain. The domain cryptographic key may be used to encrypt the filesystem memory block. Conveniently, below the domain cryptographic key, the filesystem has a unique, totally unknown, internal cryptographic key for actual data encryption. | 10-11-2012 |
20120257744 | ENCIPHERING APPARATUS AND METHOD, DECIPHERING APPARATUS AND METHOD AS WELL AS INFORMATION PROCESSING APPARATUS AND METHOD - The invention provides an enciphering apparatus and method, a deciphering apparatus and method and an information processing apparatus and method by which illegal copying can be prevented with certainty. Data enciphered by a 1394 interface of a DVD player is transmitted to a personal computer and a magneto-optical disk apparatus through a 1394 bus. In the magneto-optical disk apparatus with which a change to a function is open to a user, the received data is deciphered by a 1394 interface. In contrast, in the personal computer with which a change to a function is open to a user, the enciphered data is deciphered using a time variable key by a 1394 interface, and a result of the decipherment is further deciphered using a session key by an application section. | 10-11-2012 |
20120257745 | Split-Key Key-Agreement Protocol - There is provided a method of one member of a first entity generating an intra-entity public key. The first entity has a plurality of members and the one member has a long-term private key and a corresponding long-term public key. The method includes generating a short-term private key and a corresponding short-term public key, computing an intra-entity shared key by mathematically combining the short-term public key of the one member and respective short-term public keys of each other member of the first entity and computing the intra-entity public key by mathematically combining the short-term private key, the long-term private key and the intra-entity shared key. | 10-11-2012 |
20120257746 | Systems and Methods to Securely Generate Shared Keys - A method for secure bidirectional communication between two systems is described. A first key pair and a second key pair are generated, the latter including a second public key that is generated based upon a shared secret. First and second public keys are sent to a second system, and third and fourth public keys are received from the second system. The fourth public key is generated based upon the shared secret. A master key for encrypting messages is calculated based upon a first private key, a second private key, the third public key and the fourth public key. For re-keying, a new second key pair having a new second public key and a new second private key is generated, and a new fourth public key is received. A new master key is calculated using elliptic curve calculations using the new second private key and the new fourth public key. | 10-11-2012 |
20120263296 | PRIVATE KEY COMPRESSION - Apparatus for ciphering, including a non-volatile memory, which stores a number from which a private cryptographic key, having a complementary public cryptographic key, is derivable, wherein the number is shorter than the private cryptographic key, and a processor, which is configured to receive an instruction indicating that the private cryptographic key is to be applied to data and, responsively to the instruction, to compute the private cryptographic key using the stored number and to perform a cryptographic operation on the data using the private cryptographic key. Related apparatus and methods are also described. | 10-18-2012 |
20120269342 | BLOCK ENCRYPTION DEVICE AND METHOD AND COMPUTER PROGRAM - In block cipher based on generalized Feistel network, pseudorandomness and strong-pseudorandomness may be fulfilled efficiently. In encrypting a plaintext of kn-bit blocks, Feistel permutation is applied in terms of 2n bits as a unit, and then block-based permutation based on a binary de Bruijn graph with symmetrical type 2 branch coloring is applied. The Feistel permutation and the block-based permutation are grouped together to form a round. The round is repeatedly performed a preset number of times to output a ciphertext. | 10-25-2012 |
20120275595 | CRYPTOGRAPHICALLY SECURE AUTHENTICATION DEVICE, SYSTEM AND METHOD - An electronic device generates identifying values which are used in authenticating the electronic device. The device comprises an interface, a private key generator for generating a private key, a non-volatile memory for storing at least the private key, an index source, a hash engine, and a logical interconnection between the private key generator, the non-volatile memory, the index source, the hash engine and the interface. The hash engine generates identifying values provided to the interface via the logical interconnection. The identifying values are provided to a verifying device for use in authenticating the electronic device. Alternatively or in addition, devices may be paired to share a root key to cryptographically communicate between each other and/or to authenticate each other. | 11-01-2012 |
20120288089 | SYSTEM AND METHOD FOR DEVICE DEPENDENT AND RATE LIMITED KEY GENERATION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for generating a device dependent cryptographic key in a rate-limited way. A system configured to practice the method first receives data associated with a user. The data associated with the user can be a password, a personal identification number (PIN), or a hash of the password. Then the system performs a first encryption operation on the user data based on a device-specific value to yield first intermediate data and performs a second encryption operation on the first intermediate data based on the device-specific value to yield second intermediate data. Then the system iteratively repeats the second encryption operation until a threshold is met, wherein each second encryption operation is performed on the second intermediate data from a previous second encryption operation. The iterations produce a final cryptographic key which the system can then output or use for a cryptographic operation. | 11-15-2012 |
20120294440 | Key Agreement and Re-keying over a Bidirectional Communication Path - A key agreement method is carried out by a first system in conjunction with a second system over a bidirectional communication path, including generating a first key pair having a first public key and a first private key, sending the first public key to the second system, receiving a second public key generated by the second system, and calculating a master key based upon the first private key, the second public key, a long-term private key, and a long-term public key. The long-term private key was generated by the first system during a previous key-agreement method as part of a long-term key pair. The long-term public key was generated by the second system and received during the previous key-agreement method. The previous key-agreement method required a secret to be known to the first system and the second system, thus conferring authentication based on the secret to the long-term public key. | 11-22-2012 |
20120300923 | ENCRYPTION USING REAL-WORLD OBJECTS - Technologies are generally described for providing an encryption method using real-world objects. In some examples, a method may include capturing, by a first electronic device, an external object, generating an object signal associated with the external object, generating an encryption key based on the object signal, and transmitting data encrypted by the encryption key to a second electronic device. | 11-29-2012 |
20120300924 | Implicit Certificate Scheme - A method of generating a public key in a secure digital communication system, having at least one trusted entity CA and subscriber entities A. The trusted entity selects a unique identity distinguishing each entity A. The trusted entity then generates a public key reconstruction public data of the entity A by mathematically combining public values obtained from respective private values of the trusted entity and the entity A. The unique identity and public key reconstruction public data of the entity A serve as A's implicit certificate. The trusted entity combines the implicit certificate information with a mathematical function to derive an entity information f and generates a value k | 11-29-2012 |
20120307998 | BUILDING OPTIONAL BLOCKS - A computer program product is provided and includes a tangible storage medium readable by a processing circuit and on which instructions are stored for execution by the processing circuit for verifying conditions for iterative building of optional blocks in a standardized key block, parsing optional block data to validate the optional block data and to determine a length of the optional block data and a number of optional blocks contained in the optional block data, validating an optional block identification to be added, determining a storage location, inserting the optional block into the storage location, updating a value of the optional block data and returning the updated value of the optional block data. | 12-06-2012 |
20120307999 | PROTECTING A CONTROL VECTOR IN AN OPTIONAL BLOCK OF A STANDARD KEY BLOCK - A computer program product is provided and includes a tangible storage medium readable by a processing circuit and on which instructions are stored for execution by the processing circuit for validating parameters passed to a parameter database, computing a length required for control vector CV data, preparing an optional block in accordance with a result of the computation, converting the CV to a format for a standardized key block while copying the converted CV into the optional block and updating optional block data in the standardized key block. | 12-06-2012 |
20120308000 | Combining Key Control Information in Common Cryptographic Architecture Services - A system includes a processor configured to perform a method, the method comprising receiving a first key token, second key token and a request to combine the first key token with the second key token, identifying a key type of the first key token and a key type of the second key token, determining whether the key type of the first key token may be combined with the key type of the second key token, combining the first key token with the second key token to create a third key token responsive to determining that the key type of the first key token may be combined with the key type of the second key token, and outputting the third key token. | 12-06-2012 |
20120308001 | SECURE KEY CREATION - Key creation includes sending a first public key part from a first system to a second system, receiving a second public key part sent by the second system to the first system and establishing a first secret material in the first system using the first and second public key parts, wherein the first secret material is identical to a second secret material established on the second system using the first and second key parts. Key creation also includes binding key control information to the first secret material in the first system, wherein the key control information includes information relating to key type and key management and deriving a first key material from the combination of the key control information and the first secret material, wherein the first key material is identical to a second key material derived by the second system. | 12-06-2012 |
20120308002 | DEVICE ARCHIVING OF PAST CLUSTER BINDING INFORMATION ON A BROADCAST ENCRYPTION-BASED NETWORK - Provided are techniques for the creation and storage of an archive for binding IDs corresponding to a cluster of devices that render content protected by a broadcast encryption scheme. When two or more clusters are merged, a binding ID corresponding to one of the clusters is selected and a new management key is generated. Binding IDs associated with the clusters other than the cluster associated with the selected binding ID are encrypted using the new management key and stored on a cluster-authorized device in a binding ID archive. Content stored in conformity with an outdated binding ID is retrieved by decrypting the binding ID archive with the management key, recalculating an old management key and decrypting the stored content. | 12-06-2012 |
20120314856 | IMPLICITLY CERTIFIED PUBLIC KEYS - Methods, systems, and computer programs for using an implicit certificate are described. In some aspects, an implicit certificate is accessed. The implicit certificate is associated with an entity and generated by a certificate authority. The implicit certificate includes a public key reconstruction value of the entity. Certificate authority public key information is accessed. The certificate authority public key information is associated with the certificate authority that issued the implicit certificate. A first value is generated based on evaluating a hash function. The hash function is evaluated based on the certificate authority public key information and the public key reconstruction value of the entity. A public key value of the entity can be generated or otherwise used based on the first value. | 12-13-2012 |
20120314857 | BLOCK ENCRYPTION DEVICE, BLOCK DECRYPTION DEVICE, BLOCK ENCRYPTION METHOD, BLOCK DECRYPTION METHOD AND PROGRAM - A block encryption device receives b-bit tweak T and generates, by keyed hash function employing key K | 12-13-2012 |
20120314858 | ENCODING/DECODING CIRCUIT - An encoding/decoding operation portion includes an encoding/decoding operation circuit and an avoiding path for detouring the encoding decoding operation circuit and can select between encoding or decoding input data in the encoding/decoding operation circuit and detouring the encoding/decoding operation circuit to output the input data without change. Only one wire has to be provided from a selector to a key storage portion and an initialization-vector storage portion. With this construction, it is possible to realize an encoding/decoding circuit which can suppress an increase in the number of wires used to transmit a content of key data to the key storage portion and the initialization-vector storage portion and does not cause complication of circuit layout. | 12-13-2012 |
20120321076 | Cryptographic ignition key system - A cryptographic ignition key system and method for managing access to sensitive or protected information using an unclassified, block-cipher-based cryptographic combiner for storing non-private information on a physical token and storing private information on another device having anti-tamper protections and safeguards. | 12-20-2012 |
20120321077 | CRYPTOGRAPHIC COMMUNICATION SYSTEM AND CRYPTOGRAPHIC COMMUNICATION METHOD - Provided is a cryptographic communication system including a first semiconductor device and a second semiconductor device. The first semiconductor device includes a common key generation unit that generates a common key CK(a) by using a unique code UC(a) and correction data CD(a), and an encryption unit that encrypts the common key CK(a) generated in the common key generation unit by using a public key PK(b) of the second semiconductor device. The second semiconductor device includes a secret key generation unit that generates a secret key SK(b) by using a unique code UC(b) and correction data CD(b), and a decryption unit that decrypts the common key CK(a) encrypted in the encryption unit by using the secret key SK(b). | 12-20-2012 |
20120321078 | KEY ROTATION AND SELECTIVE RE-ENCRYPTION FOR DATA SECURITY - Systems and methods for maintaining data security through encryption key retirement and selective re-encryption are presented. A method of selectively re-encrypting a subset of encrypted values includes storing each encrypted value together with the key profile number for the encryption key that was used to generate that encrypted value. When a key is compromised, its associated key profile number allows the efficient identification of all the encrypted values that were created using the now-compromised key. Once identified, the encrypted values may be decrypted using the compromised key and re-encrypted using a new key, without changing other related data such as the token associated with the encrypted value. | 12-20-2012 |
20120328097 | APPARATUS AND METHOD FOR SKEIN HASHING - Described herein are an apparatus and method for Skein hashing. The apparatus comprises a block cipher operable to receive an input data and to generate a hashed output data by applying Unique Block Iteration (UBI) modes, the block cipher comprising at least two mix and permute logic units which are pipelined by registers; and a counter, coupled to the block cipher, to determine a sequence of the UBI modes and to cause the block cipher to process at least two input data simultaneously for generating the hashed output data. | 12-27-2012 |
20130003965 | SURROGATE KEY GENERATION - A method for surrogate key generation performed by a physical computing system includes creating a lookup record for a production key of an input record, a key of the lookup record including the production key and a value of the lookup record including both a record identifier for the input record and a unique identifier of the production key within the input record. The method further includes sending the lookup record to a first node of a distributed computing system, the first node determined by hashing the production key with a first hash function, and with the first node, determining a surrogate key for the production key. | 01-03-2013 |
20130003966 | Cryptographic hardware module and method for updating a cryptographic key - A cryptographic hardware module has an arithmetic unit, a memory storing at least one first key, a logic and a cryptographic device. The hardware module loads at least one second encrypted key into the hardware module and decrypts the at least one second encrypted key via the cryptographic device using the at least one first key. | 01-03-2013 |
20130003967 | Enhanced Key Management For SRNS Relocation - A method comprises maintaining, in a first node serving a mobile terminal over a connection protected by at least one first key, said first key and information about the key management capabilities of the mobile terminal. Upon relocation of the mobile terminal to a second node the method includes: if, and only if, said key management capabilities indicate an enhanced key management capability supported by the mobile terminal, modifying, by said first node, the first key, thereby creating a second key, sending, from the first node to the second node, the second key, and transmitting to the second node the information about the key management capabilities of the mobile terminal. | 01-03-2013 |
20130016832 | SECURITY DEVICEAANM YAMASHITA; SusumuAACI AkirunoAACO JPAAGP YAMASHITA; Susumu Akiruno JP - A security device connected to a host device which includes a processor performing a scramble operation and a storage unit, the security device comprising: a storage unit in which the first authentication code is stored; a random number generation unit; an encryption unit; and a controller which performs a scramble operation, wherein the controller generates a first scramble key by performing the scramble operation on the random number and the first authentication code and transmits the first scramble key to the host device, and the controller receives, from the host device, scramble data generated by performing the scramble operation on encryption target data according to the random number, generates the encryption target data by performing the scramble operation on the scramble data and the random number, generates encryption data, and transmits the encrypted data to the host device. | 01-17-2013 |
20130016833 | SECURELY USING A DISPLAY TO EXCHANGE INFORMATION - A first device has a display that is able to show information. The information is to be exchanged with a second device. The information is cleared from the display following receipt of an indication from the second device that the information has been successfully inputted at the second device. | 01-17-2013 |
20130016834 | SECURITY COUNTERMEASURES FOR POWER ANALYSIS ATTACKS - A countermeasure for differential power analysis attacks on computing devices. The countermeasure includes the definition of a set of split mask values. The split mask values are applied to a key value used in conjunction with a masked table defined with reference to a table mask value. The set of n split mask values are defined by randomly generating n−1 split mask values and defining an nth split mask value by exclusive or'ing the table mask value with the n−1 randomly generated split mask values. | 01-17-2013 |
20130022196 | INFORMATION PROCESSING APPARATUS, SERVER APPARATUS, AND COMPUTER PROGRAM PRODUCT - In an embodiment, an information processing apparatus is connected to external apparatuses. The information processing apparatus includes:
| 01-24-2013 |
20130022197 | RANDOM NUMBER GENERATOR, ENCRYPTION DEVICE, AND AUTHENTICATION DEVICE - A random number generator includes an exclusive-OR circuit, a random number determiner, and a random number generation instruction inhibitor. The exclusive-OR circuit obtains an exclusive-OR of outputs from a number of digital circuits. The random number determiner determines whether or not an output generated according to an instruction to generate random numbers is a random number for each of the digital circuits. The random number generation instruction inhibitor inhibits an instruction to generate random numbers to be provided to the digital circuits whose output generated according to the instruction is determined to be not a random number by the random number determiner. | 01-24-2013 |
20130028414 | METHOD AND SYSTEM FOR SECURING DATA UTILIZING REDUNDANT SECURE KEY STORAGE - A system and method which protects a data processing system against encryption key errors by providing redundant encryption keys stored in different locations, and providing the software with the ability to select an alternate redundant key if there is any possibility that the encryption key being used may be corrupted. In the preferred embodiment, a memory control module in the data processing device is configured to accommodate the storage of multiple (for example up to four or more) independent password/key pairs, and the control module duplicates a password key at the time of creation. The redundant passwords and encryption keys are forced into different memory slots for later retrieval if necessary. The probability of redundant keys being corrupted simultaneously is infinitesimal, so the system and method of the invention ensures that there is always an uncorrupted encryption key available. | 01-31-2013 |
20130028415 | CRYPTOGRAPHIC PROCESSING SYSTEM, KEY GENERATION DEVICE, ENCRYPTION DEVICE, DECRYPTION DEVICE, SIGNATURE PROCESSING SYSTEM, SIGNATURE DEVICE, AND VERIFICATION DEVICE - The object is to provide a secure functional encryption scheme having a large number of cryptographic functions. An access structure is constituted by applying the inner-product of attribute vectors to a span program. The access structure has a degree of freedom in design of the span program and design of the attribute vectors, thus having a large degree of freedom in design of access control. A secure functional encryption process having a large number of cryptographic functions is implemented by employing the concept of secret sharing for the access structure. | 01-31-2013 |
20130034227 | SECURE PROVISIONING OF A PORTABLE DEVICE USING A REPRESENTATION OF A KEY - A portable device initially accesses a secure server and requests a certificate. The secure server generates a random key and encodes the generated key to generate a representation of the key, such as a two-dimensional bar code or an audio signal, and communicated to a local device, such as a laptop or desktop computer, using a web interface. The local device is used to present the representation of the key to a mobile device. The mobile device then captures the representation of the key from the local device, for example using an image capture device or audio capture device, and extracts the key by decoding the representation of the key. The key is then stored by the mobile device and used to securely communicate with the secure server without manually entering the key. | 02-07-2013 |
20130034228 | SECURE KEY CREATION - Creating a secure key includes creating a token and populating a key control information section of the token with a value to indicate a minimum number of key parts used to form a key. Creating the secure key also includes populating a payload section of the token with a first key part, binding the key control information section to the payload section, adding a second key part to the first key part and iterating the value and binding the key control information section to the payload section after the second key part has been added. Creating the secure key further includes indicating the key is complete, wherein the key comprises a combination of the first and second key parts. | 02-07-2013 |
20130039487 | Coordinating compression information for unreliable encrypted streams through key establishment protocols - In one embodiment, a method includes transmitting compression information from a sender node to a receiver node in a key establishment protocol exchange and transmitting an encrypted compressed packet from the sender node to the receiver node using an unreliable transport. The compression information is used by the receiver node in decompressing the packet received from the sender node. An apparatus is also disclosed. | 02-14-2013 |
20130039488 | Device and method for providing portable and secure internet-based IT services - The increase in popularity of Internet-based computing services for delivery of their information technology (IT) capability has also created dependences for the user to access their IT facilities and be able to work. The current invention provides solutions to these dependences using a system with a convenient, highly portable data storage device that when connected to a general purpose computer that has access to the internet, provides the user the ability to access and work on large, complex tasks and files on their internet-based IT facilities while simultaneously maintaining the security and integrity of the information and data transmitted over the internet between the user and their IT facilities. | 02-14-2013 |
20130039489 | CRYPTOGRAPHIC PROCESSING SYSTEM, KEY GENERATION DEVICE, KEY DELEGATION DEVICE, ENCRYPTION DEVICE, DECRYPTION DEVICE, CRYPTOGRAPHIC PROCESSING METHOD, AND CRYPTOGRAPHIC PROCESSING PROGRAM - It is an object of this invention to implement a predicate encryption scheme with delegation capability. A cryptographic process is performed using dual vector spaces (dual distortion vector spaces) of a space V and a space V* paired through a pairing operation. An encryption device generates as a cipher vector a vector of the space V, the cipher vector being a vector in which transmission information is embedded. Using a predetermined vector of the space V* as a key vector, a decryption device performs the pairing operation on the cipher vector generated by the encryption device and the key vector to decrypt the cipher vector and to extract information concerning the transmission information. In particular, the encryption device and the decryption device perform the cryptographic process without using some dimensions of the space V and the space V*. | 02-14-2013 |
20130039490 | INFORMATION PROCESSING APPARATUS, INFORMATION RECORDING MEDIUM, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM - A configuration in which use management for each piece of content, which is divided in units, can be performed strictly and efficiently is provided. CPS units such that content stored on an information recording medium is divided into units are set, a unit key is assigned to each CPS unit, and data forming each unit is encrypted and recorded. For reproduction, a unit key is generated, and data processing using the unit key is performed. As information for generating the unit key, copy/play control information (CCI) that is set so as to correspond to the CPS unit and a content hash that is a hash value based on data forming the CPS unit are used. With this configuration, tampering of CCI and data forming the CPS unit can be prevented, and authorized content use can be realized. | 02-14-2013 |
20130039491 | TAMPERING MONITORING SYSTEM, MANAGEMENT DEVICE, PROTECTION CONTROL MODULE, AND DETECTION MODULE - A management device | 02-14-2013 |
20130044874 | CRYPTOGRAPHIC CIRCUIT AND METHOD THEREFOR - Data security is facilitated. In accordance with one or more embodiments, a target circuit is used to generate encryption information specific to the target circuit. The encryption information is used for generating data corresponding to a key, such as for decrypting media content. In some implementations, encryption information is used together with key data to generate a key offset. The key offset is subsequently used, together with newly-generated encryption information, to obtain the key. | 02-21-2013 |
20130044875 | COMBINING KEY CONTROL INFORMATION IN COMMON CRYPTOGRAPHIC ARCHITECTURE SERVICES - A method for creating a key token includes receiving a first key token, second key token and a request to combine the first key token with the second key token, identifying a key type of the first key token and a key type of the second key token, determining whether the key type of the first key token may be combined with the key type of the second key token, combining the first key token with the second key token to create a third key token responsive to determining that the key type of the first key token may be combined with the key type of the second key token, and outputting the third key token. | 02-21-2013 |
20130058478 | VIRTUALIZATION OF CRYPTOGRAPHIC KEYS - A cryptographic key is virtualized to provide a virtual cryptographic key. To virtualize the key, an operation, such as an exclusive OR operation, is used with the key and a mask. The virtual key is usable by a guest of a virtual environment in cryptographic operations. | 03-07-2013 |
20130064365 | Data Destruction - In one embodiment, receive a first request in connection with accessing a set of encrypted data, wherein the set of encrypted data has an expiration date; the first request comprises a first key associated with the expiration date; and the set of encrypted data has been encrypted using the first key. Validate the first key by comparing the expiration date against a current time. Generate a second key for decrypting the set of encrypted data using the first key only if the expiration date has not passed. | 03-14-2013 |
20130064366 | Method for Generating Cryptographic Half-Keys, and Associated System - A method for generating cryptographic half-keys makes it possible to generate n pairs (K | 03-14-2013 |
20130064367 | ACCELERATED VERIFICATION OF DIGITAL SIGNATURES AND PUBLIC KEYS - Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and so that v=w/z. The verification equality R=uG+vQ may then be computed as −zR+(uz mod n) G+wQ=O with z and w of reduced bit length. This is beneficial in digital signature verification where increased verification can be attained. | 03-14-2013 |
20130077781 | METHOD OF KEY DERIVATION IN AN INTEGRATED CIRCUIT - A method of derivation, by an electronic circuit, of a first key from a second key, wherein: at least one third key is derived from the second key and is used to derive the first key; and a value of a counter, representative of the number of first keys, conditions the derivation of a new value of the third key. | 03-28-2013 |
20130077782 | Method and Apparatus for Security Over Multiple Interfaces - A secure digital system including a number of ICs that exchange data among each other. Each of the ICs includes a key generator for generating a cipher key; a memory for securely storing the generated cipher key; an authenticating module for authenticating neighboring ICs of a respective IC; an encryption module for encrypting data communicated from the respective IC to the neighboring ICs; and a decryption module for decrypting data received from the neighboring ICs. | 03-28-2013 |
20130077783 | METHOD AND APPARATUS FOR ESTABLISHING A KEY AGREEMENT PROTOCOL - A system and method for generating a secret key to facilitate secure communications between users. A first and second and a function between the two monoids are selected, the function being a monoid homomorphism. A group and a group action of the group on the first monoid is selected. Each user is assigned a submonoid of the first monoid so that these submonoids satisfy a special symmetry property determined by the function, a structure of the first and second monoids, and the action of the group. A multiplication of an element in the second monoid and an element in the first monoid is obtained by combining the group action and the monoid homomorphism. First and second users choose private keys which are sequences of elements in their respective submonoids. A first result is obtained by multiplying an identity element by the first element of the sequence in a respective submonoid. Starting with the first result, each element of the user's private key may be iteratively multiplied by the previous result to produce a public key. Public keys are exchanged between first and second users. Each user's private key may be iteratively multiplied by the other user's public key to produce a secret key. Secure communication may then occur between the first and second user using the secret key. | 03-28-2013 |
20130077784 | MACHINE, MACHINE MANAGEMENT APPARATUS, SYSTEM, AND METHOD, AND RECORDING MEDIUM - A machine management method includes installing software in a machine including a security device that holds a secret key unextractable from the security device and a public key extractable from the security device, encrypts input data with the public key, and decrypts the input data with the secret key; storing machine identification information of the machine in association with software identification information of the software installed in the machine in an external management apparatus; creating a device-encryption key to encrypt data stored on a first storage device of the machine; storing a device-encryption-key BLOB obtained by encrypting the device-encryption key with the public key on a second storage device of the machine; and storing the device-encryption key in association with the machine identification information in the external management apparatus. | 03-28-2013 |
20130077785 | Method for Updating Air Interface Key, Core Network Node and Radio Access System - The disclosure discloses a method for updating an air interface key, a core network node and a radio access system, wherein the method for updating an air interface key comprises: a core network node receives a relocation complete indication message from a target RNC (S | 03-28-2013 |
20130083921 | ENCRYPTION DEVICE, DECRYPTION DEVICE, ENCRYPTION METHOD, DECRYPTION METHOD, PROGRAM, AND RECORDING MEDIUM - In encryption, a random number r is generated to generate a ciphertext C | 04-04-2013 |
20130089200 | SECURE DATA TRANSFER ON A HANDHELD COMMUNICATIONS DEVICE - A handheld communications device for transmitting an encryption key is provided. The device comprises a display device, and a data processor. The data processor of the handheld communications device is in communication with the display device. The data processor is configured to generate an encryption key, and to vary a visual output of the display device over time in accordance with a bit sequence of the encryption key. The varying visual output comprises a sequence of colours and/or brightness levels output by the display device. | 04-11-2013 |
20130089201 | AUTHENTICATION DEVICE, AUTHENTICATION METHOD, AND PROGRAM - Provided is an authentication device including a key holding unit for holding L (L≧2) secret keys s | 04-11-2013 |
20130101113 | ENCRYPTING DATA OBJECTS TO BACK-UP - Provided are a computer program product, system, and method for encrypting data objects to back-up to a server. A client private key is intended to be maintained only by the client. A data object of chunks to store at the server is generated. A first portion of the chunks in the data object is encrypted with the client private key and the first portion of the chunks in the data object encrypted with the client private key are sent to the server to store. A second portion of the chunks in the data object not encrypted with the client private key are sent to the server to store. | 04-25-2013 |
20130101114 | APPARATUS AND METHOD FOR GENERATING IDENTIFICATION KEY - Provided is an apparatus for generating an identification key by a probabilistic determination of a short occurring between nodes constituting a circuit, by violating a design rule provided during a semiconductor manufacturing process. The identification key generating apparatus may include an identification key generator to generate an identification key based on whether a contact or a via used to electrically connect conductive layers in a semiconductor chip shorts the conductive layers, and an identification key reader to read the identification key by reading whether the contact or the via shorts the conductive layers. | 04-25-2013 |
20130108041 | METHODS AND SYSTEMS FOR PERSONAL AUTHENTICATION | 05-02-2013 |
20130114808 | SYSTEM AND METHOD FOR PROVIDING AN INDICATION OF RANDOMNESS QUALITY OF RANDOM NUMBER DATA GENERATED BY A RANDOM DATA SERVICE - A system and method for providing an indication of randomness quality of random number data generated by a random data service. The random data service may provide random number data to one or more applications adapted to generate key pairs used in code signing applications, for example. In one aspect, the method comprises the steps of: retrieving random number data from the random data service; applying one or more randomness tests to the retrieved random number data to compute at least one indicator of the randomness quality of the random number data; associating the at least one indicator with at least one state represented by a color; and displaying the color associated with the at least one indicator to a user. The color may be displayed in a traffic light icon, for example. | 05-09-2013 |
20130114809 | UNIQUE SURROGATE KEY GENERATION USING CRYPTOGRAPHIC HASHING - The present invention relates to a method or system of generating a surrogate key using cryptographic hashing. One embodiment of the method of the present invention may have steps such as selecting a field or group of fields that is or are unique among all records in the database and for each record, extracting the data from the fields; concatenating the extracted data into an input message; running the input message through a hash generator, either in batches or one at a time, for testing purposes perhaps; and outputting a surrogate key. | 05-09-2013 |
20130121487 | System And Method For Deterministic Generation Of A Common Content Encryption Key On Distinct Encryption Units - Various embodiments of a system and method for deterministic generation of a common content encryption key on distinct encryption units are described. Embodiments may include, for each given content item of multiple content items that represent one or more portions of a common media object, controlling a different encryption unit of multiple distinct encryption units to i) generate a content encryption key for the given content item based on: a common base secret shared by the multiple distinct encryption units, and an identifier specific to the media object, and ii) encrypt the given content item with the respective content encryption key generated for that content item in order to generate a respective encrypted content item. Each content encryption key generated for a given content item may be equivalent to each other content encryption key such that decryption of each encrypted content item requires a common decryption key. | 05-16-2013 |
20130121488 | METHOD AND STORAGE DEVICE FOR PROTECTING CONTENT - A method for protecting content of a storage device including a memory for storing data and a controller for managing data input and output of the memory is provided, in which a Data Encryption Key (DEK) for encrypting the data stored in the memory is generated, an IDentifier (ID) of the memory is acquired, the DEK is encrypted using user secret information and the ID of the memory, and the encrypted DEK is stored in the memory. | 05-16-2013 |
20130129086 | Downloading of Data to Secure Devices - An encryption key may be generated based on personalized unit data associated with a software download recipient, for example, a secure processor. In some aspects, the secure processor may generate a decryption key based on its personalized unit data, and a software download may be performed between the software provider and the secure processor using the generated encryption keys. The secure processor may then decrypt and load the software for execution. The encryption and decryption key generation may also be based on a sequence number or other data indicating one or more previous software downloads at the secure processor. Using the sequence number or other data, sequences of multiple encryption and/or decryption keys may be generated to support multiple software downloads to a secure processor. | 05-23-2013 |
20130129087 | Secure Key Generation - Methods and systems for secure key generation are provided. In embodiments, during the manufacturing process, a device generates a primary seed for the device and stores the seed within the device. The device exports the device primary key to a secure manufacturer server. The secure manufacturer server generates a public/private root key for the device and requests a certificate for the public root key of the device from a certificate authority. The device, having the stored primary seed, is integrated into an end-user system. Upon occurrence of a condition, the device after integration into the end-user system generates the public/private root key in the field. The system also receives and installs the certificate for the public root key. | 05-23-2013 |
20130136258 | Encrypting Data for Storage in a Dispersed Storage Network - A method begins by a dispersed storage (DS) processing module encrypting a plurality of data segments of the data using a plurality of encryption keys to produce a plurality of encrypted data segments and generating a plurality of deterministic values from the plurality of encrypted data segments. The method continues with the DS processing module establishing a data intermingling pattern and generating a plurality of masked keys by selecting one or more of the plurality of deterministic values in accordance with the data intermingling pattern and performing a masking function on the plurality of encryption keys and the selected one or more of the plurality of deterministic values. The method continues with the DS processing module appending the plurality of masked keys to the plurality of encrypted data segments to produce a plurality of secure data packages and outputting the plurality of secure data packages. | 05-30-2013 |
20130142329 | UTILIZING PHYSICALLY UNCLONABLE FUNCTIONS TO DERIVE DEVICE SPECIFIC KEYING MATERIAL FOR PROTECTION OF INFORMATION - A device specific key is generated within an electronic device by providing a challenge to a physically unclonable function (PUF) structure integrated within the electronic device, where the PUF structure outputs a specific response based upon a specific challenge provided to the PUF structure. The PUF response is provided to a cryptographic module integrated within the electronic device, and a device specific key is generated by the cryptographic module utilizing a cryptographic key generation algorithm. The device specific key is generated based upon a combination of input data including the PUF response and data that is specific to the electronic device. | 06-06-2013 |
20130148803 | MULTI-USER SEARCHABLE ENCRYPTION SYSTEM AND METHOD WITH INDEX VALIDATION AND TRACING - A multi-user searchable encryption system includes a key generation center to issue a private secret key to a user and trace information regarding a user who has generated an index, and a user terminal device to generate an index for searching for a database using the private secret key. The multi-user searchable encryption system includes a database (DB) server that verifies the index generated by the user terminal device and searches for corresponding data to the verified index. | 06-13-2013 |
20130156181 | APPARATUS AND METHOD FOR GENERATING SECRET KEY USING CHANGE IN WIRELESS CHANNEL ON WIRELESS COMMUNICATION NETWORK - A secret key generation apparatus and method are provided. The secret key generation apparatus includes at least one antenna, amplification/phase controllers, a transceiver, and a random sign& controller. The antenna receives a wireless signal from a counterpart terminal that performs wireless communication. The amplification/phase controllers control the amplification gain and phase of the wireless signal that is received via at least one antenna. The transceiver measures the status of a wireless channel using the wireless signal having the controlled amplification gain and phase, determines parameters based on results of the measurement, and generates a secret key based on results of the determination. The random signal controller controls the amplification/phase controllers so that the amplification gain and phase are adjusted whenever the transceiver generates a secret key. | 06-20-2013 |
20130156182 | Cryptographic Key Generation - A technique for generating a cryptographic key is provided. The technique is particularly useful for protecting the communication between two entities cooperatively running a distributed security operation. The technique comprises providing at least two parameters, the first parameter comprising or deriving from some cryptographic keys which have been computed by the first entity by running the security operation; and the second parameter comprising or deriving from a token, where the token comprises an exclusive OR of a sequence number (SQN) and an Anonymity Key (AK). A key derivation function is applied to the provided parameters to generate the desired cryptographic key. | 06-20-2013 |
20130156183 | ENCRYPTION KEY GENERATING APPARATUS AND COMPUTER PROGRAM PRODUCT - According to an embodiment, an encryption key generating apparatus includes a converting unit to convert input data using a physically unclonable function and outputs output data; a memory to store a plurality of pattern data, each of which is a partial data in the output data indicated by one of a plurality of index data; a generating unit to generates an encryption key on the basis of the plural of index data; and a comparing unit to compare the output data with the plural of pattern data to detect plural of locations in the output data at which partial data similar to the plural of pattern data is present. The generating unit reproduces, as the plural of index data, the plural of locations detected by the comparing unit and reproduces the encryption key on the basis of the plural of index data that have been reproduced. | 06-20-2013 |
20130156184 | SECURE EMAIL COMMUNICATION SYSTEM - The present invention provides a method and system for securing a digital data stream. A first key of a first asymmetric key pair from a key store remote from a host node is received at the host node. A dynamically generated key is received at the host node, which is used to encipher the digital data stream. The dynamically generated key is enciphered with the first key of the first asymmetric key pair. The enciphered digital data stream and the enciphered dynamically generated key are stored remotely from the host node and the key store. | 06-20-2013 |
20130163752 | APPARATUS AND METHOD FOR GENERATING GROUP KEY USING STATUS OF WIRELESS CHANNEL - An apparatus and method for generating a group key using the status of a wireless channel are provided. The apparatus includes a representative channel response selection unit for selecting a representative channel response signal from among pilot signals received from slave terminals. A key generation unit generates a group key based on a representative channel response value of the representative channel response signal. A hash value generation unit generates a hash value corresponding to the group key. A transmission pilot control unit adjusts power intensities of transmission pilots of the respective slave terminals using the channel response value of the representative channel response signal and channel response values and transmission power intensities of the slave terminals. A communication unit is individually connected to the slave terminals and configured to transmit pilot signals, power intensities of which have been adjusted, and the hash value to the slave terminals. | 06-27-2013 |
20130163753 | KEY CREATION AND ROTATION FOR DATA ENCRYPTION - Embodiments are directed towards enabling cryptographic key rotation without disrupting cryptographic operations. If key rotation is initiated, a transitional key may be generated by encrypting the current key with a built-in system key. A new key may be generated based one at least one determined key parameter. Next, the new key may be activated by the one or more key holders. If the new key is activated, it may be designated as the new current key. The new current key may be employed to encrypt the transitional key and store it in a key array. Each additional rotated key may be stored in the key array after it is encrypted by the current cryptographic key. Further, in response to a submission of an unencrypted query value, one or more encrypted values that correspond to a determined number of rotated cryptographic keys are generated. | 06-27-2013 |
20130163754 | INFORMATION DISTRIBUTION SYSTEM AND PROGRAM FOR THE SAME - An information distribution system described herein is capable of securely storing digitized personal information in an encrypted state in a storage section and securely transferring/disclosing the stored digitized information only to a particular third person via a network. Communication of the information is securely performed in the encrypted state between information terminals connected to the communication network. An information terminal which has created information encrypts the original information by a common key generated upon communication and stores the information in a secure storage of one of the information terminals connected to the communication network while maintaining the encrypted state. Further, the system creates a mechanism for authenticating a person having a particular authority for viewing the encrypted information and index information having an encrypted common key and link information indicating the location of the information for supply to a user. | 06-27-2013 |
20130163755 | PROTECTION METHOD, DECRYPTION METHOD, PLAYER, STORAGE MEDIUM, AND ENCRYPTION APPARATUS OF DIGITAL CONTENT - A digital content protection method includes distributing, together with an encrypted content, an encrypted protected program key, a protected content key, and a protected code including an individual instruction code, at least some elements of which are designed according to a unique operation code specification for each content player or for each content player group. | 06-27-2013 |
20130170641 | Generator of Chaotic Sequences and Corresponding Generating System - A generator of chaotic sequences of integer values is provided. The generator includes at least two discrete recursive filters at least of first-order, generating an output chaotic sequence of integer values, each recursive filter comprising means for implementing a nonlinear function connected via an exclusive-or gate to means for generating a perturbation sequence of integer values. The two filters are mounted in parallel. The chaotic sequence output from the generator is equal to an exclusive-or of the chaotic sequences output from the recursive filters, and in the means for implementing the nonlinear function includes a chaotic map. | 07-04-2013 |
20130177152 | Cryptographic Key Spilt Combiner - A cryptographic key split combiner includes a plurality of key split generators adapted to generate cryptographic key splits, a key split randomizer adapted to randomize the cryptographic key splits to produce a cryptographic key, and a digital signature generator. Each of the key split generators is adapted to generate key splits from seed data. The digital signature generator is adapted to generate a digital signature based on the cryptographic key. The digital signature generator can also be adapted to generate the digital signature based on a credential value. A process for forming cryptographic keys includes generating a plurality of cryptographic key splits from seed data. The cryptographic key splits are randomized to produce a cryptographic key. A digital signature is generated based on the cryptographic key. Generating a digital signature based on the cryptographic key can include generating the digital signature based on a credential value. | 07-11-2013 |
20130177153 | USING FILE METADATA FOR DATA OBFUSCATION - A system and method may assist in securing data for transmission to a receiving entity. Received data may include metadata associated therewith. The data may be encrypted using an encryption key encoded within selected portions of the metadata, where the selection of the selected portions is based on a scheme shared with the receiving entity. The encrypted data including the metadata may be transferred to the receiving entity. The receiving entity may decrypt the encrypted data using the selected portions of the metadata. | 07-11-2013 |
20130177154 | METHOD AND SYSTEM FOR DECRYPTING A TRANSPORT STREAM - A module configured in operation to connect to a host, the module including: a decryptor operable to decrypt an encrypted transport stream received from the host, the transport stream including content data and a decryption seed; a decryption key generator operable to extract the decryption seed from the transport stream and to generate a decryption key from the decryption key seed; and a secure channel generator operable to generate a secure channel between the module and the host, whereby the secure channel generator is further operable to provide the generated decryption key to the host over the secure channel. | 07-11-2013 |
20130182838 | Method and apparatus for generating a privilege-based key - Disclosed is a method for generating a privilege-based key using a computer. In the method, a privilege is received from an application, and verified as being associated with the application. The computer cryptographically generates a second key using a first key and the privilege. The second key is provided to the application. | 07-18-2013 |
20130182839 | SEMICONDUCTOR DEVICE AND IC CARD - In power residue calculation in a primality determination, in addition to the conventional randomization of an exponent, a modulus is also randomized. A random number generated by a random number generator is set to a randomizing number, and is input to a modulus generator and an exponent generator. The modulus generator and the exponent generator randomize a prime number candidate P using the randomizing number to generate a randomized modulus R | 07-18-2013 |
20130182840 | System and Method of Lawful Access to Secure Communications - The present disclosure relates to systems and methods for secure communications. In some aspects, a method of signalling an interception time period is described. At least one keying information used by a KMF to regenerate a key is stored. A start_interception message is signaled from an ADMF to a CSCF. A halt_message is signaled from the ADMF to the CSCF. | 07-18-2013 |
20130182841 | System and Method of Lawful Access to Secure Communications - The present disclosure relates to systems and methods for secure communications. In some aspects, an initiator KMS receives, from an initiator UE, one or more values used in generation of an encryption key, which includes obtaining at least one value associated with a RANDRi. The initiator KMS sends the at least one value associated with the RANDRi to a responder KMS. The responder KMS generates the encryption key using the one or more values. | 07-18-2013 |
20130188790 | CRYPTOGRAPHIC KEY - A technique to facilitate cryptographic key management is provided. In one aspect, multiple strings or components are sorted and concatenated in the order in which they were sorted. | 07-25-2013 |
20130195266 | Apparatus and Method for Producing a Message Authentication Code - An apparatus for producing a message authentication code based on a first message and an original key is provided. The apparatus includes a key generator configured to produce a generated key based on the original key and the first message. Furthermore, the apparatus includes a message authentication code generator configured to produce the message authentication code based on the generated key and the first message. | 08-01-2013 |
20130202107 | Integrated Silicon Circuit Comprising a Physicallly Non-Reproducible Function, and Method and System for Testing Such a Circuit - A silicon integrated circuit comprises a physically non-copyable function LPUF allowing the generation of a signature specific to said circuit. Said function comprises a ring oscillator composed of a loop traversed by a signal, being formed of N topologically identical chains of lags, connected in series and of an inversion gate, a chain of lags being composed of M delay elements connected in series. The function also comprises a control module generating N control words being used to configure the value of the delays introduced by the chains of lags on the signal traversing them. A measurement module measures the frequency of the signal at the output of the last chain of lags after the updating of the control words, and means can deduce from the frequency measurements the bits making up the signature of the circuit. A method and a system for testing such circuits are also provided. | 08-08-2013 |
20130202108 | METHOD AND DEVICE FOR GENERATION OF SECRET KEY - A method and a device for generation of a secret key are provided. In one exemplary embodiment, the disclosure is directed to a device for generation of a secret key. The device for generation of a secret key includes a motion sensor, a storage unit and a control unit. The motion sensor is configured to sense a motion of the device in a three-dimensional space and generate a motion sensing signal. The storage unit is configured to store the motion sensing signal. The control unit is electrically coupled to the motion sensor and the storage unit, and configured to generate a secret key by the motion sensing signal. | 08-08-2013 |
20130223623 | PORTABLE SECURE ELEMENT - Transferring control of a secure element between TSMs comprises a zone master key established between the TSMs that facilitates encryption of a temporary key. The TSMs create the zone master key prior to initiation of transfer of control. Once transfer of control is initiated, the first TSM establishes a communication channel and deletes its key from the secure element. The first TSM creates a temporary key that is encrypted with the zone master key established between the first TSM and the second TSM. The encrypted temporary key is communicated to the second TSM with a device identifier. The second TSM decrypts the temporary key using the zone master key and identifies the user device using the device identifier. The new TSM establishes a communication channel and deletes the temporary key from the secure element. The new TSM then inputs and saves its key into the secure element. | 08-29-2013 |
20130223624 | ENCRYPTION PROCESSING DEVICE AND ENCRYPTION PROCESSING METHOD - A transposition processing unit having a k-partition generalized Feistel structure transposes Y | 08-29-2013 |
20130230165 | Scalable and Secure Key Management for Cryptographic Data Processing - A method and system for secure and scalable key management for cryptographic processing of data is described herein. In the method, a General Purpose Cryptographic Engine (GPE) receives key material via a secure channel from a key server and stores the received Key encryption keys (KEKs) and/or plain text keys in a secure key cache. When a request is received from a host to cryptographically process a block of data, the requesting entity is authenticated using an authentication tag included in the request. The GPE retrieves a plaintext key or generate a plaintext using a KEK if the authentication is successful, cryptographically processes the data using the plaintext key and transmits the processed data. The system includes a key server that securely provides encrypted keys and/or key handles to a host and key encryption keys and/or plaintext keys to the GPE. | 09-05-2013 |
20130230166 | USING IDENTIFIER TAGS AND AUTHENTICITY CERTIFICATES FOR DETECTING COUNTERFEITED OR STOLEN BRAND OBJECTS - A method and system for generating data for use in generating an authenticity certificate. A request is received for a step certificate that authenticates an involvement of the requester entity about an object. The request includes a media identifier, a media key block, an object identifier, a requester entity type of the requester entity, and a requester identity certificate of the requester entity. The object identifier is hashed. A signature is created. A hashing result is generated by hashing a concatenation of the object identifier, the requester entity type, the certifier entity certificate, the requester identity certificate, and the signature. The step certificate is generated and includes the hashing result. The step certificate is encrypted using a random key. The encrypted step certificate and an encrypted random key are sent to the requester entity for subsequent writing the step certificate and the encrypted random key on a media. | 09-05-2013 |
20130230167 | USING IDENTIFIER TAGS AND AUTHENTICITY CERTIFICATES FOR DETECTING COUNTERFEITED OR STOLEN BRAND OBJECTS - A method and system for ascertaining an object status of an object associated to an authenticity certificate. A first hashing result of an object identifier encoded within a decrypted first encrypted step certificate is extracted. A second hashing result is obtained from hashing the object to be authenticated. A third hashing result of an object identifier encoded within a decrypted second encrypted step certificate is extracted. A fourth hashing result is obtained from hashing the object to be authenticated. It is determining that the first hashing result is equal to the second hashing result and that the third hashing result is equal to the fourth hashing result, from which it is ascertained the object status of the object is that the object is an authentic object, a counterfeited object, or a stolen object. The ascertained object status is displayed on a screen of an authenticity verification equipment. | 09-05-2013 |
20130236007 | METHODS FOR CREATING SECRET KEYS USING RADIO AND DEVICE MOTION AND DEVICES THEREOF - A method and system for generating one or more keys includes obtaining at two or more devices data based on movement of at least one of the devices with the respect to the other device. An RF signal sent from each of the one or more of the devices to the other devices is used to generate data that changes in accordance with the movement of the one or more devices. At least one key is generated based on the obtained data at each of the devices for use in securing communications between the devices. The key at each of the devices is substantially the same. | 09-12-2013 |
20130236008 | DATA TRANSMISSION SYSTEM - A cipher key is generated by first information shared in secrete between a data transmitting unit | 09-12-2013 |
20130243189 | METHOD AND APPARATUS FOR PROVIDING INFORMATION AUTHENTICATION FROM EXTERNAL SENSORS TO SECURE ENVIRONMENTS - An approach is provided for providing information authentication from external sensors to secure environments. An authentication support platform causes, at least in part, a generation of at least one cryptographic key for use by (a) at least one secure environment, (b) one or more sensors that are associated with at least one device and that are external to the at least one secure environment, or (c) a combination thereof. The authentication support platform further causes, at least in part, an authentication of sensor information transmitted by the one or more sensors to the at least one secure environment based, at least in part, on the cryptographic key. | 09-19-2013 |
20130243190 | OPTIMIZING SIGNATURE COMPUTATION AND SAMPLING FOR FAST ADAPTIVE SIMILARITY DETECTION BASED ON ALGORITHM-SPECIFIC PERFORMANCE - A set of similarity detection algorithms and techniques for determining which signature calculation, sampling, and generation algorithms may be most beneficially applied to application related data are described herein. These algorithms work well with SSD caching software to product high speed, high accuracy, and low false-positive detections. Because the different algorithms may show different performance depending on data sets and different applications, to achieve optimal performance, a calibration process may be applied to each application and associated data set to select the best combination of signature computation and sampling technique. The new algorithms are also very fast with execution times an order of magnitude smaller than existing techniques. While some of the algorithms are presented using examples for the purpose of easy readability, these algorithms are very general and can be easily applied to broad range of cases. | 09-19-2013 |
20130243191 | ENCRYPTION KEY GENERATING APPARATUS - According to an embodiment, an encryption key generating apparatus includes first to third calculators. The first calculator executes a first round operation to a first portion of first data. The second calculator executes the first round to a second portion of second data pieces. Each second data piece includes the first portion of the first data to which the first round operation has been completed and the second portion obtained by changing at least a part of the first data other than the first portion. At least a part of the second portion is different from that of each of the other second portions. The second calculator executes the first round operation to each second portion. The third calculator unit executes operations of the second and subsequent rounds to the second data pieces. | 09-19-2013 |
20130251145 | QUANTUM KEY DISTRIBUTION - Methods and apparatus for quantum key distribution are described, in particular including methods and networks | 09-26-2013 |
20130259226 | METHODS AND APPARATUS FOR CORRELATION PROTECTED PROCESSING OF CRYPTOGRAPHIC OPERATIONS - A method and an apparatus that generate a plurality of elements randomly as a split representation of an input used to provide an output data cryptographically representing an input data are described. The input may correspond to a result of a combination operation on the elements. Cryptographic operations may be performed on the input data and the elements to generate a plurality of data elements without providing data correlated with the key. The combination operation may be performed on the data elements for the output data. | 10-03-2013 |
20130259227 | INFORMATION PROCESSING DEVICE AND COMPUTER PROGRAM PRODUCT - According to an embodiment, an information-processing device is coupled to an external device and a server. The information-processing device includes a device key storage configured to store a device key; and an MKB processor configured to generate a media key from the device key and a media key block. The information-processing device also includes a shared key generator configured to generate a shared key from the media key and secret information transmitted from the server. The shared key is shared by the information-processing device and the external device. | 10-03-2013 |
20130266137 | Digital rights managment system, devices, and methods for binding content to an intelligent storage device - The present invention relates to digital rights management (DRM) for content that may be downloaded and bound to a storage device. The storage device may be an intelligent storage device, such as a disk drive, or network attached storage. In addition, the storage device is capable of performing cryptographic operations and providing a root of trust. In one embodiment, the DRM employs a binding key, a content key, and an access key. The binding key binds the content to a specific storage and is based on a key that is concealed on the storage. However, the binding key is not stored on the storage with the content. The content key is a key that has been assigned to the content, for example, by a trusted third party. The access key is determined based on a cryptographic combination of the content key and the binding key. In one embodiment, the content is encrypted based on the access key and stored in encrypted form in the storage device. | 10-10-2013 |
20130266138 | CONTENT ENCRYPTION KEY MANAGEMENT - Systems and methods for managing a content encryption key and a seed to generate the content encryption key are provided. In one example, a method may include receiving a request for a content encryption key at a content encryption key service. The request includes a requesting entity fingerprint that corresponds to a requesting entity and a seed identifier that corresponds to a seed. The seed identifier is mapped to the seed and the requesting entity fingerprint mapped to a corresponding seed permission. If the seed permission entitles the requesting entity to receive the content encryption key, the key is derived using the seed and provided to the requesting entity. | 10-10-2013 |
20130272518 | SPEECH ENCRYPTION METHOD AND DEVICE, SPEECH DECRYPTION METHOD AND DEVICE - A speech encryption method for encrypting a digital speech signal includes the steps of generating an encryption key, deriving a plurality of voice feature data from the digital speech signal, determining a corresponding shift parameter according to the encryption key and converting the voice feature data derived therefrom into converted speech data based on the shift parameter, and determining corresponding dual-tone multi-frequency (DTMF) data according to the encryption key and interleaving the DTMF data with the converted speech data so as to obtain a scrambled speech signal. | 10-17-2013 |
20130272519 | SYSTEM FOR SCRAMBLING AND METHODS FOR USE THEREWITH - A system includes a key path generator that generates a key path based on a plurality of encryption keys. A block coding unit generates a plurality of codewords based on a plurality of data blocks. A block scrambling unit scrambles the plurality of codewords to generate a plurality of encrypted blocks by entropy processing, chaos processing and permutation processing each of the plurality of codewords, based on the plurality of encryption keys. | 10-17-2013 |
20130272520 | METHOD OF GENERATING KEY - According to a method of generating a key of the present invention, a first device and a second device are first brought into contact with one vibrator. In this state, the vibrator generates vibration. A first acceleration sensor provided in the first device and a second acceleration sensor provided in the second device detect the vibration. Subsequently, the first device notifies the second device of a first feature value based upon the detection result of the first acceleration sensor. The second device notifies the first device of a second feature value based upon the detection result of the second acceleration sensor. Then the first device compares the notified second feature value with the first feature value and generates a key based upon the comparison result. The second device compares the notified first feature value with the second feature value and generates a key based upon the comparison result. | 10-17-2013 |
20130272521 | Key Generation Using Multiple Sets of Secret Shares - A cryptographic method, including generating, using a meta-secret, a first plurality of cryptographic keys, each cryptographic key associated with a respective key identifier, creating, using the meta-secret, a second plurality of sets of secret-shares, which are capable, by combining all the secrets-shares in any one of the sets together with the respective key identifier, of generating the associated cryptographic key, and performing cryptographic operations using the cryptographic keys. Related methods and apparatus are also included. | 10-17-2013 |
20130279691 | Secure Key Authentication and Ladder System - Method and system for secure key authentication and key ladder are provided herein. Aspects of the method for secure key authentication may include generating a digital signature of a secure key in order to obtain a digitally signed secure key and transmitting the digitally signed secure key from a first location to a second location. The digital signature may be generated by utilizing an asymmetric encryption algorithm and/or a symmetric encryption algorithm. The digitally signed secure key may be encrypted prior to transmission. The secure key may be a master key, a work key and/or a scrambling key. The digitally signed secure key may be received at the second location and the digitally signed secure key may be decrypted to obtain a decrypted digitally signed secure key. | 10-24-2013 |
20130287207 | MULTIPLE HASHING IN A CRYPTOGRAPHIC SCHEME - Methods, systems, and computer programs for producing hash values are disclosed. A first hash value is obtained by applying a first hash function to a first input. The first input can be based on an implicit certificate, a message to be signed, a message to be verified, or other suitable information. A second hash value is obtained by applying a second hash function to a second input. The second input is based on the first hash value. The second hash value is used in a cryptographic scheme. In some instances, a public key or a private key is generated based on the second hash value. In some instances, a digital signature is generated based on the second hash value, or a digital signature is verified based on the second hash value, as appropriate. | 10-31-2013 |
20130287208 | SYSTEMS AND METHODS FOR CONTROLLING FILE EXECUTION FOR INDUSTRIAL CONTROL SYSTEMS - A system includes a build system processor configured to generate a private encryption key and configured to add the private encryption key to at least one of a plurality of source files. Each of the plurality of source files includes instructions configured to be executed by an industrial controller processor. The processor is also configured to generate a plurality of binary files from the plurality of source files. The processor is further configured to construct a whitelist file including first hash key values determined for the plurality of binary files and configured to encrypt the whitelist file using the private key to provide an encrypted whitelist file. | 10-31-2013 |
20130287209 | ENCRYPTION PROCESSING DEVICE AND METHOD - A constant multiplier inputs a base and a modulo n, performs modular exponentiation modulo n with a prescribed constant as the exponent and with base a, and outputs the result of this calculation as base b. A personal key converter inputs a personal key d and calculates a personal key d′ as the quotient when d is divided by the prescribed constant. A correction key generator generates a correction key d″ as the remainder of the aforementioned division. A first modular exponentiation unit performs modular exponentiation base b with d′ as the exponent. A second modular exponentiation unit performs modular exponentiation base a with d″ as the exponent, and outputs a correction value. A correction calculation unit multiplies the outputs of the first and second modular exponentiation units and outputs the result as the encryption processing result. | 10-31-2013 |
20130287210 | DATA PROCESSING APPARATUS AND DATA STORAGE APPARATUS - An access terminal apparatus provides a group determination key being a decryption key to a data center apparatus previously, and then transmits grouping information generated from a keyword of storage target data and having been encrypted to the data center apparatus, with encrypted data of the storage target data and tag data of the encrypted data of the storage target data. The data center apparatus stores the encrypted data relating it to the tag data, decrypts a part of the grouping information with the group determination key, derives an index value from a bit value obtained by the decryption, and stores the derived index value and the tag data relating them with each other. | 10-31-2013 |
20130301828 | METHOD FOR ESTABLISHING A SECURE COMMUNICATION CHANNEL - The present invention provides a method for establishing a secure communication channel between a client (C) and a remote server (S), said client (C) and remote server (S) exchanging data through an intermediate entity (G), said client (C) having a long-term key pair (sk | 11-14-2013 |
20130301829 | ELECTRONIC KEY REGISTRATION SYSTEM - An electronic key registration system includes a controller of a communication subject, an initial electronic key that communicates with the communication subject and has an initial encryption key generation code, an additional electronic key that communicates with the communication subject, and an information center including an additional encryption key. The initial electronic key holds an initial encryption key generated from the initial encryption key generation code and a logic. The controller holds the logic and identification information of the communication subject. The controller acquires the initial encryption key generation code from the initial electronic key, generates an initial encryption key from the initial encryption key generation code and the logic held by the controller, and stores the initial encryption key. The information center sends the additional encryption key to the additional electronic key or the controller through a network. | 11-14-2013 |
20130315390 | Fast Computation Of A Single Coefficient In An Inverse Polynomial - In one exemplary embodiment of the invention, a method for computing a resultant and a free term of a scaled inverse of a first polynomial v(x) modulo a second polynomial f | 11-28-2013 |
20130322618 | SYSTEM AND METHOD FOR SECURING MULTIPLE DATA SEGMENTS HAVING DIFFERENT LENGTHS USING PATTERN KEYS HAVING MULTIPLE DIFFERENT STRENGTHS - A system and method for securing data and information is disclosed. Multiple cryptographic paradigms may be applied to multiple length data segments to encrypt such data to prevent unauthorized use. The system and method uses pattern keys. At least one pattern key uses a cryptographic paradigm different from the other pattern keys. Furthermore, each pattern key has a given key strength and at least one pattern keys key strength differs from the one or more other pattern keys used in the process. The pattern keys are applied to the data in accordance with a key pattern which defines the sequence that each pattern key is applied to the data. The length of each data segment may vary one from the other and such segment length is determined in accordance with the pattern key applied. In addition, the initial plaintext data may first be encrypted using a first password before the disclosed process is implemented | 12-05-2013 |
20130322619 | INFORMATION PROCESSING APPARATUS, IC CHIP, AND INFORMATION PROCESSING METHOD - There is provided an information processing apparatus including an encrypted-ID generation section which encrypts a unique ID to generate an encrypted ID, the unique ID being set as an ID unique to the information processing apparatus, a communication section which sends the encrypted ID as ID information to be sent to another apparatus, an individualization code holding section which holds, in advance, an individualization code capable of being generated by decrypting the ID information in the other apparatus, and an access key generation section which generates an access key used for authentication with the other apparatus based on the individualization code held by the individualization code holding section. | 12-05-2013 |
20130322620 | APPARATUS AND METHOD FOR GENERATING SECRET KEY FOR ID-BASED ENCRYPTION SYSTEM AND RECORDING MEDIUM HAVING PROGRAM RECORDED THEREON FOR CAUSING COMPUTER TO EXECUTE THE METHOD - A private key generation apparatus for generating a private key corresponding to a user ID using the user ID as a public key is disclosed. When a user ID is input, an ID conversion unit outputs a specific element value of a discrete logarithm cyclic group having a one-to-one correspondence relationship with an input user ID. A private key calculation unit calculates a discrete logarithm result value based on the output specific element value of the discrete logarithm cyclic group and calculates a private key having a one-to-one correspondence relationship with the user ID. According to the present invention, it is possible to concretely propose a method of calculating a secret key, capable of guaranteeing a one-to-one correspondence relationship between the ID and the private key by applying a method of calculating a discrete logarithm using the pre-computation table in an ID-based encryption system. | 12-05-2013 |
20130322621 | PRIVATE KEY GENERATION APPARATUS AND METHOD, AND STORAGE MEDIA STORING PROGRAMS FOR EXECUTING THE METHODS - Disclosed herein are a private key generation apparatus and method, and storage media storing programs for executing the methods on a computer. The private key generation apparatus includes a root private key generation unit and a sub-private key generation unit. The root private key generation unit sets a root master key and predetermined parameters capable of generating private keys, and generates a first sub-master key set capable of generating a number of private keys equal to or smaller than a preset limited number. The sub-private key generation unit generates private keys with the root private key generation unit by receiving the first sub-master key set from the root private key generation unit, to generate a private key corresponding to a user ID using the first sub-master key set, and issues the private key to a user. | 12-05-2013 |
20130322622 | AUTHENTICATION METHODS AND APPARATUS USING BASE POINTS ON AN ELLIPTIC CURVE AND OTHER TECHNIQUES - In one aspect, a method comprises the steps of deriving a base point on an elliptic curve in a first processing device, generating authentication information in the first processing device utilizing the base point and a private key of the first processing device, and transmitting the authentication information from the first processing device to a second processing device. The base point on the elliptic curve may be derived, for example, by applying a one-way function to a current time value, or by computation based on a message to be signed. | 12-05-2013 |
20130322623 | Quarantine method for sellable virtual goods - A method is disclosed for quarantining digital content data for a service in a terminal device. In an embodiment, the method includes creating a digital content data item, e.g. a digital still image or a video stream, in the memory of the terminal device, generating a symmetric encryption key for encrypting the created digital content data item, encrypting the digital content data item using the generated symmetric encryption key, encrypting the generated symmetric encryption key using public key of the service, deleting the unencrypted version of the digital content data item and of the symmetric encryption key from the memory of the terminal device, sending the encrypted version of the digital content data item and of the symmetric encryption key to a server of the service, and receiving from the server of the service at least one of the following: instruction to delete the encrypted digital content data item from the memory of the terminal device, and decrypted version of the symmetric encryption key for decrypting the encrypted digital content data item in the memory of the terminal device. | 12-05-2013 |
20130322624 | ENCRYPTION DEVICE AND METHOD FOR DEFENDING A PHYSICAL ATTACK - Provided are a security device and a method for operating same. The security device may conceal an encryption key used for an encryption algorithm in an encryption module in correspondence to security attacks such as reading information on where the encryption key is stored in a memory by disassembling an IC chip, or extracting said information through microprobing. The encryption key may be included as a physical encryption key module in an encryption module, and a certain storage medium for storing the encryption key may be included in the encryption module. Accordingly, the encryption key is not transmitted via a bus in a security device for encryption. | 12-05-2013 |
20130336475 | DEVICE - A device includes a first memory area being used to store a first key and secret identification information unique to the device; a second memory area being used to store encrypted secret identification information generated by encrypting the secret identification information; a first data generator configured to generate a second key by encrypting a host constant with the first key in AES operation; a second data generator configured to generate a session key by encrypting a random number with the second key in AES operation; a one-way function processor configured to generate an authentication information by processing the secret identification information with the session key in one-way function operation; and a data output interface configured to output the encrypted secret identification information and the authentication information to outside of the device. | 12-19-2013 |
20130336476 | DEVICE - According to one embodiment, a device includes a memory area being used to store a first key (NKey), unique secret identification information (SecretID), and encrypted secret identification information (E-SecretID), the encrypted secret identification information (E-SecretID) being generated by encrypting the secret identification information (SecretID), the first key (NKey) and the secret identification information (SecretID) being prohibited from being read from outside, the encrypted secret identification information (E-SecretID) being readable from outside; a data generator configured to generate a session key (SKey) by using a second key (HKey), the second key (HKey) being generated based on the first key (NKey); and a one-way function processor configured to generate an authentication information by processing the secret identification information (SecretID) with the session key (SKey) in one-way function operation. | 12-19-2013 |
20130336477 | MEDIUM - the medium being manufactured by a medium manufacturer, the medium manufacturer being supplied with the controller from a controller manufacturer, the medium manufacturer being supplied with the first encrypted medium device key Enc(Kc, Kmd_i) and the medium device key certificate (Certmedia) from a key manager, and being operative to record the second encrypted medium device key ENc(Kcu, Kmd_i) and the medium device key certificate (Certmedia) in the memory, wherein the memory is configured to store medium devide key certificate ID (IDm_cert). | 12-19-2013 |
20130336478 | AUTHENTICATION METHOD - According to one embodiment, an authentication method comprising: generating a second key by the first key, the first key being stored in a memory and being prohibited from being read from outside; generating a session key by the second key; generating first authentication information, the secret identification information stored in a memory and being prohibited from being read from outside; transmitting encrypted secret identification information to an external device and receiving second authentication information from the external device, the encrypted secret identification information stored in a memory and readable, the second authentication information generated based on the encrypted secret identification information; and determining whether the first authentication information and the second authentication information match. | 12-19-2013 |
20130336479 | INFORMATION RECORDING DEVICE - The data storage portion stores an encrypted medium device key Enc (Kcu, Kmd_i) generated by encrypting a medium device key (Kmd_i), a medium device key certificate (Certmedia), and encrypted content data generated by encrypting content data, the controller stores a controller key (Kc) and first controller identification information (IDcu), the information recording device being configured to execute, after being connected to an external host device, an one-way function calculation based on the controller key (Kc) and the first controller identification information (IDcu) to generate a controller unique key (Kcu) used when decrypting the encrypted medium device key Enc (Kcu, Kmd_i), and second controller identification information (IDcntr) used when decrypting the encrypted content data. | 12-19-2013 |
20130336480 | LOW-POWER ENCRYPTION APPARATUS AND METHOD - An encryption apparatus and method that provide a mobile fast block cipher algorithm that supports low-power encryption. The encryption apparatus includes a user interface unit, a key scheduler unit, an initial conversion unit, a round function processing unit, and a final conversion unit. The user interface unit receives plain text to be encrypted and a master key. The key scheduler unit generates a round key from the master key. The initial conversion unit generates initial round function values from the plain text. The round function processing unit repeatedly processes a round function using the round key and the initial round function values. The final conversion unit generates ciphertext from the resulting values of the round function processed in a final round by the round function processing unit. | 12-19-2013 |
20140003602 | Flexible Architecture and Instruction for Advanced Encryption Standard (AES) | 01-02-2014 |
20140023192 | COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMMUNICATION SYSTEM - According to an embodiment, a communication device is connected to a key generating device which generates an encryption key. The communication device includes an obtaining unit and a calculator. The obtaining unit is configured to obtain key resource information which indicates a resource of the encryption key that can be provided by the key generating device. The calculator is configured to, based on the obtained key resource information, calculate the key resource information of the encryption key that can be provided to an application which makes use of the encryption key. | 01-23-2014 |
20140037086 | MEMORY SYSTEM GENERATING RANDOM NUMBER AND METHOD GENERATING RANDOM NUMBER - In a memory of non-volatile memory cells, a random number is generated by programming non-volatile memory cells, reading the programmed non-volatile memory cells using a random number read voltage selected in accordance with a characteristic of the non-volatile memory cells to generate random read data, and generating the random number from the random read data. | 02-06-2014 |
20140037087 | COMMUNICATION DEVICE AND CRYPTOGRAPHIC KEY CREATION METHOD IN CRYPTOGRAPHIC KEY SHARING SYSTEM - A communication device and a cryptographic key creation method are provided that enable efficient creation of cryptographic keys of which different error rates are required. A communication device ( | 02-06-2014 |
20140037088 | CRYPTOGRAPHIC METHOD, CRYPTOGRAPHIC DEVICE, AND CRYPTOGRAPHIC PROGRAM - K-sequence-data randomizing processing is performed a predetermined number of times. One round of the processing includes steps of: performing conversion processing on k pieces (k is an even number of 6 or more) of n-bit sequence data obtained by dividing n×k bit block data so that i-th sequence data and (i+1)th sequence data (i=1, 2, . . . , k−1) interacts with each other and outputting k pieces of data W | 02-06-2014 |
20140050317 | Cloud Key Management System - This invention uses a cloud-based key management system to store, retrieve, generate, and perform other key operations. The cloud-based system ensures security of the keys while preventing their loss or destruction. Using this invention, a company can now manage, audit, and maintain control and security around their keys. Security event auditing permits evaluation of the operations to ensure that each step is completely securely. | 02-20-2014 |
20140056424 | MANUFACTURING METHOD - According to one embodiment, a manufacturing method of a device to be authenticated, wherein the device includes a first memory area which is prohibited from data-reading and data-writing after shipping from a memory vendor; a second memory area which is allowed to data-read from outside after shipping from the memory vendor; and a third memory area which is allowed to data-read and data-write from outside after sipping from the memory vendor. | 02-27-2014 |
20140064482 | Industrial Protocol System Authentication and Firewall - Aspects of the present invention provide machines, systems, and methods in which industrial control systems may be secured from compromise and/or disruption via authentication and firewall. In particular, an industrial controller may: randomly generate an exchange key and send the exchange key to a client device in response to a transaction request originating from the client device; combine the exchange key with a locally stored pass key to produce an authentication code; and compare a challenge key received from the client device to the authentication code to determine a match between the challenge key and the authentication code. A successful match between the challenge key and the authentication code may allow the client device to further access the industrial controller using a common industrial protocol (CIP), and a failed match between the challenge key and the authentication code may prevent the client device from further access to the industrial controller. | 03-06-2014 |
20140064483 | COMPUTER PROGRAM PRODUCT AND METHOD FOR PROCESSING INFORMATION TO OBTAIN AN HMAC - One embodiment is a computer program product for processing information to obtain an HMAC, comprising: by using a padding circuit, generating first key data by adding 0 with respect to secret key data, setting the secret key data as second key data, or generating third key data by adding 0 with respect to a first digest value, according to comparison result of a second key length and a block length of the hash function, and performing an exclusive OR operation with a second constant with respect to one of the first key data, the second key data, and the third key data to calculate first data; by using a hash calculation circuit, obtaining the first digest value, and obtaining a second digest value, by using a holding circuit, storing the secret key data or the first digest value; and by using a control unit, managing a processing state for calculating the HMAC. | 03-06-2014 |
20140086406 | Key Management Using Security Enclave Processor - An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory. | 03-27-2014 |
20140093072 | SECURITY KEY GENERATION IN LINK AGGREGATION GROUP TOPOLOGIES - A method, system and computer readable medium for security key generation in link aggregation group topologies. The method can include performing, using one or more processors, authentication on each port of a plurality of ports in a link aggregation group. The method can also include deriving, using the one or more processors, a connectivity association key for the link aggregation group. The method can further include computing, using the one or more processors, a security association key for each port in the plurality of ports, the security association key being based on the connectivity association key for the link aggregation group. | 04-03-2014 |
20140093073 | Method and System for a Hardware-Efficient Universal Hash Function - Disclosed method, system and computer readable storage medium embodiments for providing hardware-efficient universal hashing functions include performing a first hash function on a received input key or a bit sequence derived from the received input key to generate a hashed input key, selecting a plurality of input key portions from the hashed input key, accessing, a respective permutation table for each of the input key portions from a group of permutation tables to generate a permuted key portion, and combining at least the generated permuted key portions to form a hash value. | 04-03-2014 |
20140098953 | Key Derivation System - A device generates a content key that depends upon device security state information. For example, the device may retrieve a first content key and a security state, and then derive a content key using the first content key and the security state. Accordingly, if the security state is incorrect, then the generated content key is incorrect, and the device cannot decrypt content provided to the device. | 04-10-2014 |
20140105386 | COMPUTING GENUS-2 CURVES USING GENERAL ISOGENIES - An Igusa class polynomial over rational numbers is computed from a set of Igusa class polynomials modulo a set of small primes. The set of Igusa class polynomials modulo a set of small primes is computed by finding all of the maximal curves in the isogeny class for each of the small primes. In particular, for each prime number in a set of prime numbers, a curve in the isogeny class for the prime number is identified, for example through a random search. Given a curve in this isogeny class, isogenies of general degree are applied to the identified curve, until an initial maximal curve, i.e., a curve with a maximal endomorphism ring, is found in this isogeny class. After an initial maximal curve in the isogeny class is found, all other maximal curves in this isogeny class are found by applying isogenies of general degree to the initial maximal curve. This set of maximal curves for the set of prime numbers defines set of Igusa class polynomials modulo the small primes. A Chinese remainder approach is then applied to construct an Igusa class polynomial over the rational numbers from the computed set of Igusa class polynomials modulo the small primes. | 04-17-2014 |
20140105387 | LEVEL-TWO DECRYPTION ASSOCIATED WITH INDIVIDUAL PRIVACY AND PUBLIC SAFETY PROTECTION VIA DOUBLE ENCRYPTED LOCK BOX - A method substantially as shown and described the detailed description and/or drawings and/or elsewhere herein. A device substantially as shown and described the detailed description and/or drawings and/or elsewhere herein. | 04-17-2014 |
20140112469 | Novel encryption processes based upon irrational numbers and devices to accomplish the same - Encrypting a clear text by: providing a computer; using the computer to provide: a True Random Number table (TRN table); a Hyper-Key Identification table (Hyper-Key ID table); and a Key Identification position number (Key ID position number); using the Key ID position number to choose a Hyper-Key Identification (HKID) number; using the HKID to generate Hyper Keys; providing a clear text message to be encrypted; using a Hyper Key, Xor Hyper Encrypting the clear text file and the Hyper Key to produce a first level Crypt text file; using a second Hyper Key, Bit Scrambling the first level Crypt text file and the second Hyper Key to produce a second level Crypt text file; and using the second level Crypt text file, Null Bit Padding the second level Crypt text file to produce a third level Crypt text file. | 04-24-2014 |
20140119539 | ELECTRONIC DEVICE AND DECRYPTING METHOD - According to one embodiment, an electronic apparatus includes an acquisition module, a first generator, a second generator, and an encrypting processor. The acquisition module acquires a first data file which is encrypted and a first character string corresponding to the first data file. The first generator generates first handwriting information includes a plurality of stroke data corresponding to a plurality of strokes. The first handwriting information is obtainable by inputting the first character string by handwriting. The second generator generates a first key using the first handwriting information. The encrypting processor decrypts the first data file using the first key. | 05-01-2014 |
20140119540 | POLICY-BASED DATA MANAGEMENT - Compliance to a policy about how to treat data in a computer network environment is ensured by checking that conditions in the policy are satisfied by the entity before access to the data is provided. | 05-01-2014 |
20140119541 | INFORMATION RECORDING DEVICE - A data storage unit may store an encrypted medium device key Enc (Kcu, Kmd_i), and a medium device key certificate (Certmedia). | 05-01-2014 |
20140126719 | ELECTRONIC KEY REGISTRATION METHOD, ELECTRONIC KEY REGISTRATION SYSTEM, AND CONTROLLER - A method for registering first and second electronic keys to a controller of a communication subject through communication with a data center includes acquiring first and second key identification information from the first and second electronic keys with the controller, transmitting communication subject identification information together with both of the first and second key identification information from the controller to the data center, acquiring a first encryption key generation code corresponding to the first electronic key together with a second encryption key generation code corresponding to the second electronic key from the data center with the controller, generating a first key encryption key based on the first encryption key generation code with the controller, generating a second key encryption key based on the second encryption key generation code with the controller, and storing the first and second key encryption keys in the controller. | 05-08-2014 |
20140133650 | License Administration Device and License Administration Method - A license administration device manages grant or denial of each optional function in a plurality of licensee devices. The licensee device stores key information encrypted with a cipher key so as to issue a license change request activating or restricting the predetermined optional function. Upon receiving a license change request restricting the predetermined optional function, the license administration device overwrites the key information of the licensee device with a default key. Subsequently, upon receiving a license change request activating the predetermined optional function, the license administration device applies an upgrade key to the key information of the licensee device. The default key or the upgrade key can be decrypted using a cipher key unique to the licensee device. The license administration device manages the licensed maximum for the predetermined optional function and reflects an increment or decrement to the licensing maximum by applying the default key or the upgrade key. | 05-15-2014 |
20140133651 | ENCRYPTION DEVICE, CIPHER-TEXT COMPARISON SYSTEM, CIPHER-TEXT COMPARISON METHOD, AND CIPHER-TEXT COMPARISON PROGRAM - An encryption device calculates a derived key by taking a document as a numerical value and corresponding identifier as input values and generates a cipher-text-by-identifier acquired by encrypting the document through a calculation taking the documents as input values, and a comparison unit generates relative values used for a greater-than-and-less-than comparison assessment between the plain text and another plain text through a calculation using a second hash function taking the derived key and plain text as input values; generates a relative value cipher-text through a calculation taking the derived key, the identifier, and the relative value as input values; generates a character string constituted with the cipher-text-by-identifier and the relative value cipher-text as a cipher-text; restores the relative values corresponding to the different cipher-texts through calculations using the second hash function; and performs a greater-than-and-less-than assessment on the encrypted different plain texts through a greater-than-and-less-than comparison on the relative values. | 05-15-2014 |
20140140504 | SYSTEM, DEVICES AND METHODS FOR COLLABORATIVE EXECUTION OF A SOFTWARE APPLICATION COMPRISING AT LEAST ONE ENCRYPTED INSTRUCTION - Collaborative execution by a first device and a second device of a software application comprising at least one encrypted instruction. The first device obtains a first encrypted instruction; generates a session key; encrypts the first encrypted instruction; encrypts the session key using a symmetric algorithm and a first key; and transfers the encrypted first encrypted instruction and the encrypted session key to the second device. The second device decrypts the encrypted session key using the first key; decrypts the encrypted first encrypted instruction to obtain the first encrypted instruction; decrypts the first encrypted instruction using a third key to obtain an instruction; encrypts the instruction using the symmetric encryption algorithm and the session key to obtain a second encrypted instruction; and transfers the second encrypted instruction to the first device. The first device decrypts the second encrypted instruction using the session key to obtain the instruction; and executes the instruction. | 05-22-2014 |
20140140505 | SYSTEM AND METHODS FOR GENERATING UNCLONABLE SECURITY KEYS IN INTEGRATED CIRCUITS - A system and methods that generates a physical unclonable function (“PUF”) security key for an integrated circuit (“IC”) through use of equivalent resistance variations in the power distribution system (“PDS”) to mitigate the vulnerability of security keys to threats including cloning, misappropriation and unauthorized use. | 05-22-2014 |
20140146965 | METHOD TO VERIFY THAT A USER HAS MADE AN EXTERNAL COPY OF A CRYPTOGRAPHIC KEY - A cryptographic key for a client is generated at a server. The cryptographic key has a key identification and a corresponding key value. The key identification and the corresponding key value are presented to the client. A query of a portion less than the key value for the client is generated after the key identification and the corresponding key value are presented to the client. Entries from the client are received in response to the query. The cryptographic key is activated after the entries are validated. | 05-29-2014 |
20140146966 | METHOD, SYSTEM AND DEVICE FOR SECURELY TRANSFERRING CONTENT BETWEEN DEVICES WITHIN A NETWORK - A method is disclosed for securely transferring a content CT between devices within a network managed by a management center. The method includes an activation of the network; a keys recovering phase; and a transfer of a content CT. | 05-29-2014 |
20140153717 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, PROGRAM, AND RECORDING MEDIUM - Provided an information processing apparatus including a message generation unit that generates a message based on a pair of multi-order multivariate polynomials F=(f | 06-05-2014 |
20140161251 | KEY MANAGEMENT SYSTEM - According to one embodiment, a master key management device generates, by using a first secret key stored in a first storage unit and a third public key, a re-encryption key used to re-encrypt a second secret key which is stored in a second storage unit and which is encrypted with a first public key to the second secret key encrypted with the third public key. A key management server device receives the generated re-encryption key from the master key management device while the master key management device and the key management server device are connected to each other, and stores the received re-encryption key in a third storage unit. The master key management device and the key management server device are disconnected after the re-encryption key is stored in the third storage unit. | 06-12-2014 |
20140161252 | One-Way Key Fob and Vehicle Pairing Verification, Retention, and Revocation - Embodiments of the invention provide methods for key fob to control unit verification, retention, and revocation. After an initial pairing between a key fob and a control unit, the devices share a secret operation key (OpKey). For verification, the key fob sends the 8 lowest-order bits of a 128-bit counter and some bits of an AES-128, OpKey encrypted value of the counter to the control unit. For key revocation and retention, the control unit is prompted to enter an OpKey retention and revocation mode. Subsequently, each of the remaining or new key fobs is prompted by the user to send a verification message to the control unit. When the control unit is prompted to exit the OpKey retention and revocation mode, it retains the OpKeys of only the key fobs that sent a valid verification message immediately before entering and exiting the OpKey retention and revocation mode. | 06-12-2014 |
20140161253 | HIGH PERFORMANCE HARDWARE-BASED EXECUTION UNIT FOR PERFORMING C2 BLOCK CIPHER ENCRYPTION/DECRYPTION - A system and method for encrypting and/or decrypting data with a Cryptomeria (C2) cipher may be provided that generates C2 round keys in parallel. Accordingly, data may be encrypted or decrypted at least twice as fast as without the system. A storage device may encrypt data written to the storage device and/or decrypt data read from the storage device with such a system. | 06-12-2014 |
20140161254 | MESSAGE KEY GENERATION - The disclosure relates to message encoding. One claim recites an apparatus comprising: electronic memory for storing a plural-bit message; an electronic processor programmed for: obtaining a multi-bit seed; transforming the multi-bit seed by applying randomizing process; and encoding the transformed multi-bit seed with convolutional encoding, the encoded seed comprising a key for transforming the plural-bit message, the key providing security for the plural-bit message. Of course, other claims and combinations are provided too. | 06-12-2014 |
20140169557 | Generating a Session Key for Authentication and Secure Data Transfer - A key-generating apparatus is provided for generating a session key which is known to a first communication apparatus and a second communication apparatus, for the first communication apparatus, from secret information which may be determined by the first and second communication apparatuses. The key-generating apparatus includes a first module operable to calculate the session key using a concatenation of at least a part of a random number and a part of the secret information, and a second module operable to use the session key for communication with the second communication apparatus. | 06-19-2014 |
20140169558 | SECURE NODE ADMISSION IN A COMMUNICATION NETWORK - A system and method for node admission in a communication network having a NC and a plurality of associated network nodes. According to various embodiments of the disclosed method and apparatus, key determination in a communication network includes an NN sending to the NC a request for a SALT; the NN receiving the SALT from the NC, combining the SALT with its network password to calculate a static key, and submitting an admission request to the network coordinator to request a dynamic key. The SALT can be a random number generated by the NC, and the admission request can be encrypted by the NN using the static key. | 06-19-2014 |
20140177828 | MANAGED SECURE COMPUTATIONS ON ENCRYPTED DATA - The subject disclosure is directed towards secure computations of encrypted data over a network. In response to user desired security settings with respect to the encrypted data, software/hardware library components automatically select parameter data for configuring a fully homomorphic encryption scheme to secure the encrypted data items while executing a set of computational operations. A client initiates the set of computational operations via the library components and if requested, receives secure computation results in return. | 06-26-2014 |
20140177829 | KEY CREATION AND ROTATION FOR DATA ENCRYPTION - Embodiments are directed towards enabling cryptographic key rotation without disrupting cryptographic operations. If key rotation is initiated, a transitional key may be generated by encrypting the current key with a built-in system key. A new key may be generated based one at least one determined key parameter. Next, the new key may be activated by the one or more key holders. If the new key is activated, it may be designated as the new current key. The new current key may be employed to encrypt the transitional key and store it in a key array. Each additional rotated key may be stored in the key array after it is encrypted by the current cryptographic key. Further, in response to a submission of an unencrypted query value, one or more encrypted values that correspond to a determined number of rotated cryptographic keys are generated. | 06-26-2014 |
20140177830 | Method and system for providing a public key/secret key pair for encrypting and decrypting data - A method for providing a public key/secret key pair for encrypting and decrypting data, wherein the public key of the public key/secret key pair and a master secret key are generated based on predefined policy information, and wherein the secret key of the public key/secret key pair is generated based on the generated master secret key and predefined attribute information. A method for accessing a system in an untrusted environment and a system for providing a public key/secret key pair for encrypting and decrypting data as well as a use for access control are also described. | 06-26-2014 |
20140177831 | KEY PROTECTING METHOD AND A COMPUTING APPARATUS - A key protecting method includes the steps of: in response to receipt of an access request, configuring a control application program to generate a key confirmation request; in response to receipt of the key confirmation request, configuring a key protecting device to generate a key input request to prompt a user for a key input; upon receipt of the key input, the key protecting device determining if the key input matches a predefined key preset therein; the key protecting device entering an execution mode if it is determined that the key input matches the predefined key; and the key protecting device entering a failure mode if it is determined that the key input does not match the predefined key. | 06-26-2014 |
20140185795 | FUSE ATTESTATION TO SECURE THE PROVISIONING OF SECRET KEYS DURING INTEGRATED CIRCUIT MANUFACTURING - Embodiments of an invention for fuse attestation to secure the provisioning of secret keys during integrated circuit manufacturing are disclosed. In one embodiment, an apparatus includes a storage location, a physically unclonable function (PUF) circuit, a PUF key generator, an encryption unit, and a plurality of fuses. The storage location is to store a configuration fuse value. The PUF circuit is to provide a PUF value. The PUF key generator is to generate a PUF key based on the PUF value. The encryption unit is to encrypt the configuration fuse value using the PUF key. The PUF key and the configuration fuse value are to be provided to a key server. The key server is to determine that the configuration fuse value indicates that the apparatus is a production component, and, in response, provide a fuse key to be stored in the plurality of fuses. | 07-03-2014 |
20140185796 | Geographical Passwords - An access credential based on geographical information. Users can select geographical locations (such as favorite places, mountains, trees, rivers or others) as their access credential to different systems. Selecting a geographical area can be done using different ways and shapes, a user—for example—can place a circle around his favorite mountain, or a triangle around his favorite set of trees. No matter how geographical areas are selected, the geographical information that can be driven from these areas form the access credential. | 07-03-2014 |
20140185797 | CRYPTOGRAPHY PROCESSING DEVICE AND CRYPTOGRAPHY PROCESSING METHOD - A device that uses homomorphic encryption is disclosed. The device includes a public key data generator configured to generate public key data, and a secret key data generator configured to generate secret key data that includes, as a secret key, an integer that is an element of a matrix obtained as a product of the first public key matrix element and an inverse matrix of the secret key matrix and that is not a multiple of the plain text space size. | 07-03-2014 |
20140185798 | METHOD AND APPARATUS FOR ENCRYPTING AND DECRYPTING DATA - A method and system is disclosed for encrypting and decrypting data, with decryption contingent upon user-defined conditions being met. The encryption process comprises a method for using pointers to indicate the locations and sizes of encryption components, utilizing randomly determined patterns to be used for a random number of characters of text data being encrypted. For each randomly determined block of text, a randomly determined pattern is selected, which specifies how to combine the encryption components, including the shuffled and encrypted text, and references to that block's seed key, the size and composition of which are randomly determined. Decryption comprises of a methodology for reversing the process to decode encrypted text, iteratively extracting the decryption components in accordance with the pattern indicator identified for each block of encrypted text, as determined by the pointers, and dependent upon satisfying all user-defined conditions necessary to enable decryption. | 07-03-2014 |
20140192976 | METHOD AND SYSTEM FOR ID-BASED ENCRYPTION AND DECRYPTION - Provided are identifier (ID)-based encryption and decryption methods and apparatuses for the methods. The ID-based encryption method includes having, at a transmitting terminal, a transmitting-side private key corresponding to a transmitting-side ID issued by a key issuing server, generating, at the transmitting terminal, a session key using the transmitting-side ID, a receiving-side ID, and the transmitting-side private key, extracting, at the transmitting terminal, a secret key from at least a part of the session key, and encrypting, at the transmitting terminal, a message using a previously set encryption algorithm and the secret key. | 07-10-2014 |
20140192977 | MUTIPLICATION METHOD AND MODULAR MULTIPLIER USING REDUNDANT FORM RECODING - A multiplication method and a modular multiplier are provided. The multiplication method includes transforming a redundant-form multiplier by adding a recoding constant to the multiplier, performing recoding by using the transformed multiplier, and performing partial multiplication between the multiplier and a multiplicand using result values of the recoding. | 07-10-2014 |
20140192978 | SYSTEM AND METHOD FOR SECURE COMMUNICATION OF COMPONENTS INSIDE SELF-SERVICE AUTOMATS - Method to secure the communication of components within self-service automats that are linked to each other by a bus system, having a transmitter and a receiver, characterized in that data are exchanged as tupels (C,A,R,N,Z) on the transport layer of the bus system where
| 07-10-2014 |
20140198913 | Method and Apparatus for a Computable, Large, Variable and Secure Substitution Box - One feature pertains to methods for generating cryptographic values associated with substitution boxes (S-box). The methods includes first obtaining an input value and a first value. One method includes generating an S-box output value by performing an exclusive OR (XOR) operation on the input value and the first value to generate an intermediate value, and performing a bitwise rotation on the intermediate value by a number of bits equal to the Hamming Weight of the intermediate value. In one aspect, the output of this bitwise rotation is further XOR-ed with a second value. Another method includes generating the S-box output value by performing a bitwise rotation on the input value by a number of bits equal to the Hamming Weight of the input value to generate an intermediate value, and performing an XOR operation on the intermediate value and the first value. | 07-17-2014 |
20140205089 | SYSTEM AND METHOD FOR DIFFERENTIAL ENCRYPTION - Some embodiments include a Trusted Security Module that creates secure connections using a set of split keys. Some embodiments include the creation of remote and local keys that are distributed to multiple devices. When the devices wish to communicate with each other, the remote and local keys are combined into connection keys to encrypt and decrypt messages. The remote and local keys may be combined in a variety of ways, including appending the remote key to the local key. A key mask may be used to create a connection key by using various combinations of bits from the remote key and from the local key. Other embodiments are described. | 07-24-2014 |
20140205090 | METHOD AND SYSTEM FOR SECURELY COMPUTING A BASE POINT IN DIRECT ANONYMOUS ATTESTATION - A method and system computes a basepoint for use in a signing operation of a direct anonymous attestation scheme. The method and system includes computing a basepoint at a host computing device and verifying the base point at a trusted platform module (TPM) device. | 07-24-2014 |
20140205091 | METHOD FOR A KEY GENERATION USING GENOMIC DATA AND ITS APPLICATION - A method generates an alphanumeric or numeric key linked to personal genomic data. In a first step genomic data from a single genome are analyzed. Genetic markers are retrieved from the data and associated with various informations like, but not exclusively, their name, identification number, polymorphism frequency distribution in various populations, and localization in genome regions. Groups of genetic markers are then created according one or a combination of these informations. For each group, an alphanumeric or numeric value is computed and represent an element of the key. The assembly of each element produces the final key, named the “Genumber”. The Genumber can then be used securely in various applications to produce personalized results, linked to the genome source, like creative and artistic applications or secured transaction-based application like banking transactions or medical data storage, but not exclusively. | 07-24-2014 |
20140205092 | SECURE PROVISIONING IN AN UNTRUSTED ENVIRONMENT - Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the electronic circuit. A second entity (e.g., an OEM): 1) embeds a trust anchor in a first copy of the electronic circuit; 2) causes the electronic circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second copy of the electronic circuit and causes the electronic circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the electronic circuit. The electronic circuit can authenticate itself to the OEM using the message signing key pair. | 07-24-2014 |
20140211938 | MODIFIED ELLIPTIC CURVE SIGNATURE ALGORITHM FOR MESSAGE RECOVERY - A modified Chinese State Encryption Management Bureau's SM2 Elliptic Curve Signature Algorithm that offers partial message recovery and lowers the signature size for a given cryptographic strength. The modified SM2 Elliptic Curve Signature Algorithm includes a signature and verification algorithm that modifies a signature generation primitive to compute a key derived from the ephemeral signing key, and a multiple of the signer's public key. | 07-31-2014 |
20140211939 | Zero Configuration of Security for Smart Meters - Techniques for injecting encryption keys into a meter as a part of a manufacturing process are discussed. Since various encryption keys injected into meters may be specific to each individual meter, a utility company customer may require a copy of the injected encryption keys associated with each individual meter. The techniques may include providing a copy of keys injected into each meter to a utility company customer. In some instances, the meter manufacturer may not store or persist various encryption keys that are injected into the meters during the manufacturing process. | 07-31-2014 |
20140219442 | SECURE CRYPTO KEY GENERATION AND DISTRIBUTION - This document discusses, among other things, a method of distributing authentication keys that can prevent certain forms of circuit fabrication piracy. In an example, a method can include selecting a number of authentication keys for generation at a key generation computer, generating a random number using a random number generator of the key generation computer, generating the number of authentication keys using the random number and a key generation algorithm stored in the memory of the key generation computer, scrambling each of the number of authentication keys using a scrambling routine executing on the key generation computer, and distributing the scrambled authentication keys to an authorized manufacturers. | 08-07-2014 |
20140233731 | Device and Method for Generating Keys with Enhanced Security for Fully Homomorphic Encryption Algorithm - There is proposed a method of generating secret and public keys vDGHV with enhanced security, implemented in a device including at least one microprocessor and a memory. The method includes generating a secret key SK corresponding the generation of a prime random number p or product of prime numbers. | 08-21-2014 |
20140247938 | DEVICE FOR GENERATING AN ENCRYPTED KEY AND METHOD FOR PROVIDING AN ENCRYPTED KEY TO A RECEIVER - A device for generating an encrypted master key. The device comprises at least one input interface configured to receive a receiver identifier, a service provider identifier and a master key for the service provider; a memory configured to store a secret of the device; a processor configured to: process the receiver identifier using the secret to obtain a root key, process the service provider identifier using the root key to obtain a top key and process the master key using the top key to obtain an encrypted master key; and an output interface configured to output the encrypted master key. Also provided is a method for providing an encrypted master key to a receiver. An advantage is that the device can enable a new service provider to provide services to a receiver using an already deployed smartcard. | 09-04-2014 |
20140247939 | DATA PROCESSING DEVICE AND DATA PROCESSING METHOD AND PROGRAM - A storage part stores a public key generated based on a doubly homomorphic encryption algorithm and data encrypted by using the public key as a template to be used for authentication. A random number generating part generates a random number using at least a part of the public key in the storage part. A template updating part performs an arithmetic operation using the random number generated by the random number generating part and updates the template. The storage part stores the updated template by overwriting the template before being updated. | 09-04-2014 |
20140254794 | SESSION KEY GENERATION AND DISTRIBUTION WITH MULTIPLE SECURITY ASSOCIATIONS PER PROTOCOL INSTANCE - A single instance of a session key generation protocol is executed in a manner that generates a plurality of security associations between user equipment and a first network element of a communication system. In one aspect, a first one of the security associations is utilized to secure data sent between the user equipment and the first network element in an ongoing communication. In conjunction with a handoff of the ongoing communication from the first network element to a second network element of the communication system, another one of the security associations is selected, and the other selected security association is utilized to secure data sent between the user equipment and the second network element in the ongoing communication. The security associations may comprise respective sets of session keys derived from a single pairwise master key. | 09-11-2014 |
20140270157 | INTERNET PROTOCOL NETWORK MAPPER - A network mapper for performing tasks on targets is provided. The mapper generates a map of a network that specifies the overall configuration of the network. The mapper inputs a procedure that defines how the network is to be mapped. The procedure specifies what, when, and in what order the tasks are to be performed. Each task specifies processing that is to be performed for a target to produce results. The procedure may also specify input parameters for a task. The mapper inputs initial targets that specify a range of network addresses to be mapped. The mapper maps the network by, for each target, executing the procedure to perform the tasks on the target. The results of the tasks represent the mapping of the network defined by the initial targets. | 09-18-2014 |
20140270158 | CONNECTION KEY DISTRIBUTION - A system and a method implementing the method pertaining to securely providing a mobile device with a cryptographic key in a vehicle. The method includes generating a cryptographic key pair. The key pair may include at least a first cryptographic key and a second cryptographic key. The method may further include creating a label using a scannable image readable by a mobile device; the scannable image may be based on the second cryptographic key. And the method may include providing the label to the vehicle for displaying the scannable image. | 09-18-2014 |
20140270159 | SYSTEM AND METHOD FOR PROVIDING COMPRESSED ENCRYPTION AND DECRYPTION IN HOMOMORPHIC ENCRYPTION BASED ON INTEGERS - The present invention relates to a technique which provides a function of compressed encryption large pieces of plaintext information in a single ciphertext in order to improve a space efficiency of the encryption data which occupies most of a storage space to design an efficient SHE technique which is a base of the FHE technique design. More specifically, the present invention relates to a technique which is designed to improve a structure in which only one bit is encrypted/decrypted in the technique of the prior art to encrypt/decrypt multiple bit information to improve the space efficiency for storing a ciphertext. | 09-18-2014 |
20140270160 | DIGITAL SIGNATURE AUTHENTICATION WITHOUT A CERTIFICATION AUTHORITY - Systems and methods for managing private and public encryption keys without the need for a third party certification authority. An initial value is generated by an authentication server. The initial value is divided into at least two portions and each portion is communicated with a user using different communication channels. The user receives the portions and enters a secret string value (i.e. a secret sentence) known only to the user. The portions are concatenated together to recreate the initial value. The portions, the initial value, and the secret string value are then used to create public and private keys for use by the user. Any recipient can authenticate digital signatures without needing the secret string value or the user's device can authenticate a digital signature using the portions and the secret string value. | 09-18-2014 |
20140270161 | METHOD AND APPARATUS FOR SECURE STORAGE AND RETRIEVAL OF LIVE OFF DISK MEDIA PROGRAMS - A method and system are provided for securely storing and retrieving live off-disk media programs. Events delineate media segments, each of which are encrypted with a different key so as to be streamable to a remote device via digital living network alliance (DLNA) or HTTP live streaming protocols. Media segments and identifiers for managing the storage and retrieval of such media segments are compatible with live streaming data structures, obviating the need to re-encrypt data streams. | 09-18-2014 |
20140301548 | Non-Retained Message System - A system and method for non-retained electronic messaging is described. In one embodiment, the system includes a message receiver module, a message storing and identifier generation module, a message retrieval module and an expunging module. The message receiver module receives a message. The message storing and identifier generation module stores the message in a non-transitory, non-persistent memory of one or more computing devices, generates a message identifier and sends the message identifier to a recipient device. The message retrieval module receives a selection of the message identifier from the recipient device, retrieves the message from the non-transitory, non-persistent memory, and sends the message to the recipient device for presentation. The expunging module expunges the message from the one or more devices responsive to sending the message to the recipient device for presentation. | 10-09-2014 |
20140301549 | PROCESS FOR SELECTING COMPRESSED KEY BITS FOR COLLISION RESOLUTION IN HASH LOOKUP TABLE - A method and network element identify a set of bit indices for forming compressed keys, which are used to map a set of keys of corresponding input values to assigned lookup values in a hash table, where the keys of the input values have colliding hash values according to a hash function of the hash table. The method includes a set of steps including receiving the set of keys. The bits of the set of keys are traversed to find a best split bit index. The set of keys are split into two subsets according to the best split bit index. A check is made whether all of the set of keys have been split into separate subsets. A selected best split bit is added to a bit index. Alternate split bits are tallied and a bit is selected with a highest tally to add to bit index. | 10-09-2014 |
20140321641 | METHOD AND SYSTEM FOR DECOUPLING USER AUTHENTICATION AND DATA ENCRYPTION ON MOBILE DEVICES - A method for decoupling user authentication and data encryption on mobile devices includes generating an encryption key (“EK”) for encrypting data and a key encryption key (“KEK”) for encrypting the EK, obtaining an encrypted EK by encrypting the EK using the KEK, storing the encrypted EK on a data container device (“DCD”), and storing the KEK on a key vault device (“KVD”) that is distinct from the DCD. Neither the EK nor KEK are generated using a user authentication secret as a seed. The DCD may fetch the KEK from the KVD as desired to decrypt the EK and to encrypt and decrypt data stored on the DCD. Examples of the DCD include a memory stick, smartphone, or tablet computer, while examples of the KVD include a dongle, smartphone, or tablet computer. | 10-30-2014 |
20140321642 | GROUP ENCRYPTION METHODS AND DEVICES - The present invention improves on prior art group encryption schemes by encrypting an alias of a recipient's public key instead of the public key itself. A Group Manager publishes the encryption of the alias,the corresponding public key and a corresponding certificate on a public database DB. The alias is a resulting value of a suitably chosen function ƒ on the public key, and can be viewed as a hash of the public key. This can allow a significant decrease in the size and cost of the resulting construction as the alias can be made smaller than the public key. In particular, there is no need to apply the second encryption scheme as many times as there are group dements in the recipient's public key. | 10-30-2014 |
20140362986 | PARAMETERIZED RANDOM DATA GENERATOR PROVIDING A SEQUENCE OF BYTES WITH UNIFORM STATISTICAL DISTRIBUTION - A random data generator, a method, and a non-transitory machine-readable medium each operate a plurality of random number generators. Each random number generator is coupled to receive inputs comprising seed numbers, and generates an output stream of n-bit numbers. A bit-swap module receives each n-bit number and reorders the bits of the n-bit number to provide a reordered n-bit number. A byte select circuit selects a byte from the reordered n-bit number and provides a selected byte as an output to the random data stream. | 12-11-2014 |
20140369495 | Secure modules using unique identification elements - Various embodiments of the invention relate to secure systems and modules, and more particularly, to systems, devices and methods of generating and applying identification elements uniquely associated with modules or elements. These unique identification elements provide an improved, statistically random source from which keys may be derived. The application of these keys across various architectures result in an improvement in the security of data communicated within a system. | 12-18-2014 |
20140369496 | KEY IMPLEMENTATION SYSTEM - An LSI includes a first decryptor which receives first encrypted key data, and decrypts the first encrypted key data using a first cryptographic key, thereby generating first decrypted key data, a second cryptographic key generator which generates a second cryptographic key based on a second ID, a second encryptor which encrypts the first decrypted key data using the second cryptographic key, thereby generating second encrypted key data, and a second decryptor which decrypts the second encrypted key data using the second cryptographic key, thereby generating second decrypted key data. At a time of key setting, the second encryptor stores the second encrypted key data in a storage unit. At a time of key usage, the second decryptor reads the second encrypted key data from the storage unit. | 12-18-2014 |
20140369497 | USER ACCESS CONTROL BASED ON A GRAPHICAL SIGNATURE - A user inputs a pattern consisting of a plurality of lines. The lines are classified by relative length, overall direction and degree of curvature. Where a line is started from a new position, the direction from the previous starting point is taken into account. The series of lines is then serialised into a key value, which may then be used to decrypt data stored on a device. This enables data to be securely stored since the key is supplied by the user at runtime and is not itself stored on the device. | 12-18-2014 |
20140376718 | DOWNLOADING OF DATA TO SECURE DEVICES - An encryption key may be generated based on personalized unit data associated with a software download recipient, for example, a secure processor. In some aspects, the secure processor may generate a decryption key based on its personalized unit data, and a software download may be performed between the software provider and the secure processor using the generated encryption keys. The secure processor may then decrypt and load the software for execution. The encryption and decryption key generation may also be based on a sequence number or other data indicating one or more previous software downloads at the secure processor. Using the sequence number or other data, sequences of multiple encryption and/or decryption keys may be generated to support multiple software downloads to a secure processor. | 12-25-2014 |
20150010145 | ELECTRONIC KEY REGISTRATION METHOD AND ELECTRONIC KEY REGISTRATION SYSTEM - A method for registering first and second electronic keys, which are capable of controlling a communication subject, to a controller of the communication subject, wherein the first electronic key is to be initially registered, and the second electronic key is to be additionally registered, the method including: performing an additional key production process including storing, in the second electronic key, an additional encryption key generation code unique to the second electronic key and an additional encryption key that is used to verify the second electronic key; and performing a key additional registration process including obtaining the additional encryption key generation code from the second electronic key when identification information unique to the communication subject is stored in the second electronic key, generating the additional encryption key with an additional encryption key generation logic, and storing the additional encryption key in the controller. | 01-08-2015 |
20150010146 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - Speed-up of a cryptographic process by software (program) is realized. A data processing unit which executes a data process according to a program defining a cryptographic process sequence is included, and the data processing unit, according to the program, generates a bit slice expression data based on a plurality of plain text data items which are encryption process targets and a bit slice expression key based on a cryptographic key of each plain text data item, generates a round key based on the bit slice expression key, executes the cryptographic process including operation and movement processes of a block unit of the bit slice expression data, and an operation using the round key, and generates the plurality of encrypted data items corresponding to the plurality of plain text data items by the reverse conversion of the data with respect to the cryptographic process results. | 01-08-2015 |
20150010147 | CRYPTOGRAPHIC SYSTEM, CRYPTOGRAPHIC METHOD, AND CRYPTOGRAPHIC PROGRAM - The present invention aims to allow for addition of an attribute category without reissuing a public parameter. A cryptographic system | 01-08-2015 |
20150010148 | Key Management Using Security Enclave Processor - An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory. | 01-08-2015 |
20150016604 | SYSTEMS AND METHODS FOR DISTRIBUTING AND SECURING DATA - A robust computational secret sharing scheme that provides for the efficient distribution and subsequent recovery of a private data is disclosed. A cryptographic key may be randomly generated and then shared using a secret sharing algorithm to generate a collection of key shares. The private data may be encrypted using the key, resulting in a ciphertext. The ciphertext may then be broken into ciphertext fragments using an Information Dispersal Algorithm. Each key share and a corresponding ciphertext. Fragment are provided as input to a committal method of a probabilistic commitment scheme, resulting in a committal value and a decommittal value. The share for the robust computational secret sharing scheme may be obtained by combining the key share, the ciphertext fragment, the decommittal value, and the vector of committal values. | 01-15-2015 |
20150016605 | UNIQUE SURROGATE KEY GENERATION USING CRYPTOGRAPHIC HASHING - The present invention relates to a method or system of generating a surrogate key using cryptographic hashing. One embodiment of the method of the present invention may have steps such as selecting a field or group of fields that is or are unique among all records in the database and for each record, extracting the data from the fields; concatenating the extracted data into an input message; running the input message through a hash generator, either in batches or one at a time, for testing purposes perhaps; and outputting a surrogate key. | 01-15-2015 |
20150023497 | APPARATUS AND METHOD FOR KEY UPDATE FOR USE IN A BLOCK CIPHER ALGORITHM - A method herein is for encryption key update in a station. In the method, a first data block is encrypted using a first plurality of round keys over a first plurality of rounds to generate a first encrypted data block, wherein the first plurality of round keys are generated based on an initial block key. A round key of the first plurality of round keys is retained for use as a basis for a first derived block key. A second data block is encrypted using a second plurality of round keys over a second plurality of rounds to generate a second encrypted data block, wherein the second plurality of round keys are generated based on the first derived block key. A round key of the second plurality of round keys may be retained for use as a basis for a second derived block key. | 01-22-2015 |
20150023498 | BYZANTINE FAULT TOLERANCE AND THRESHOLD COIN TOSSING - A coin share generator ( | 01-22-2015 |
20150023499 | Cryptographic Key Generation - A technique for generating a cryptographic key is provided. The technique is particularly useful for protecting the communication between two entities cooperatively running a distributed security operation. The technique comprises providing at least two parameters, the first parameter comprising or deriving from some cryptographic keys which have been computed by the first entity by running the security operation; and the second parameter comprising or deriving from a token, where the token comprises an exclusive OR of a sequence number (SQN) and an Anonymity Key (AK). A key derivation function is applied to the provided parameters to generate the desired cryptographic key. | 01-22-2015 |
20150023500 | APPARATUS AND METHOD FOR SKEIN HASHING - Described herein are an apparatus and method for Skein hashing. The apparatus comprises a block cipher operable to receive an input data and to generate a hashed output data by applying Unique Block Iteration (UBI) modes, the block cipher comprising at least two mix and permute logic units which are pipelined by registers; and a counter, coupled to the block cipher, to determine a sequence of the UBI modes and to cause the block cipher to process at least two input data simultaneously for generating the hashed output data. | 01-22-2015 |
20150023501 | Method and Apparatus for Hardware-Accelerated Encryption/Decryption - An integrated circuit for data encryption/decryption and secure key management is disclosed. The integrated circuit may be used in conjunction with other integrated circuits, processors, and software to construct a wide variety of secure data processing, storage, and communication systems. An embodiment of the integrated circuit includes a run-time scalable block cipher circuit, wherein the run-time scalable block cipher circuit is run-time scalable to balance throughput with power consumption. | 01-22-2015 |
20150036819 | QUANTUM-KEY-DISTRIBUTION RECEIVING DEVICE AND METHOD FOR USING SINGLE-PHOTON DETECTOR - There is provided a quantum-key-distribution receiving device used in a quantum key distribution system that utilizes a pair of quantum-entangled photons including a signal photon and an idler photon, the quantum-key-distribution receiving device including a single-photon detector in which a secure-key generation rate is dependent on a first performance index η/(1+P | 02-05-2015 |
20150063565 | METHODS AND APPARATUSES FOR PRIME NUMBER GENERATION AND STORAGE - One feature pertains to a method for generating a prime number by repeatedly generating a random number seed S having k bits, generating a random number R having n bits based on the seed S, where k is less than n, and determining whether the random number R is prime. The steps are repeated until it is determined that the random number R generated is prime, upon which the random number seed S used to generate the random number R is stored in a memory circuit. Later, the stored random number seed S may be retrieved from the memory circuit, and the prime number is regenerated based on the random number seed S. In one example, the random number R generated is further based on a secret key k | 03-05-2015 |
20150063566 | ENCRYPTION USING REAL-WORLD OBJECTS - Technologies are generally described for providing an encryption method using real-world objects. In some examples, a method may include capturing, by a first electronic device, an external object, generating an object signal associated with the external object, generating an encryption key based on the object signal, and transmitting data encrypted by the encryption key to a second electronic device. | 03-05-2015 |
20150078550 | SECURITY PROCESSING UNIT WITH CONFIGURABLE ACCESS CONTROL - A security processing unit is configured to manage cryptographic keys. In some instances, the security processing unit may comprise a co-processing unit that includes memory, one or more processors, and other components to perform operations in a secure environment. A component that is external to the security processing unit may communicate with the security processing unit to generate a cryptographic key, manage access to a cryptographic key, encrypt/decrypt data with a cryptographic key, or otherwise utilize a cryptographic key. The external component may comprise a central processing unit, an application, and/or any other hardware or software component that is located outside the security processing unit. | 03-19-2015 |
20150086009 | HANDLING KEY ROTATION PROBLEMS - Example embodiments include centralized systems for managing cryptographic keys and trust relationships among systems. Embodiments may include a centralized key store and a centralized policy store. Key sets comprising public/private keys may be stored in or identified by key objects. Key objects within the key store may be organized into trust sets and policies may apply at any level within the key store. Policies may identify when to rotate key sets. When rotating key sets, a new public key and a new private key may be generated. The new public/private keys may be installed at locations where the old public/private keys reside. As the new public/private keys are installed, they may be tested. If problems with the new public/private keys occur, the new public/private keys may be rolled back to the old public/private keys for locations experiencing problems. Remedial action may then be taken to resolve the problems. | 03-26-2015 |
20150086010 | INFORMATION PROCESSING APPARATUS, SERVER APPARATUS, AND COMPUTER PROGRAM PRODUCT - In an embodiment, an information processing apparatus is connected to external apparatuses. The information processing apparatus includes:
| 03-26-2015 |
20150098565 | PRIVACY ENHANCED SPATIAL ANALYTICS - Method, system, and computer program products, implementing and using techniques for processing data representing observations of entities. An anonymized key is generated. The anonymized key represents a spacetime region with which an entity is associated. The spacetime region represents a spatial region and a time interval. The entity is associated with the spacetime region based on spacetime coordinates for the entity. | 04-09-2015 |
20150098566 | CRYPTOGRAPHIC SYSTEM, CRYPTOGRAPHIC METHOD, CRYPTOGRAPHIC PROGRAM, AND DECRYPTION DEVICE - In a functional encryption scheme where a decryption key dk can decrypt a ciphertext encrypted by an encryption key ek, when decrypting the encryption key in which a parameter Φ is set, by the decryption key dk in which a parameter Ψ is set, if and only if a relation R(Φ, Ψ) holds, a wider range as a relation R is expressed. Of first information including a polynomial d(x), plural polynomials D | 04-09-2015 |
20150098567 | METHOD OF MANAGING SENSITIVE DATA IN MOBILE TERMINAL AND ESCROW SERVER FOR PERFORMING SAME - A method of managing the sensitive data of a mobile terminal and an escrow server for performing the method are disclosed. In the method of managing the sensitive data of a mobile terminal, an escrow server receives a request for registration from a mobile terminal, a user key is generated in response to the request for registration, a user virtual folder adapted to store the sensitive data of the mobile terminal is generated, encrypted sensitive data is received from the mobile terminal if the mobile terminal determines to store the sensitive data in the escrow server, and the encrypted sensitive data is re-encrypted and stored in the user virtual folder. | 04-09-2015 |
20150110267 | Unified Key Schedule Engine - A key generator may comprise a first set of word registers each configured to store at least one word of a prior key, a set of computational elements coupled with the first set of word registers, one or more path selection elements coupled with the set of computational elements, wherein the one or more path selection elements are configured to select as a selected computational pathway a first computational pathway including a first subset of computational elements when a mode selection signal indicates a first mode, and select as the selected computational pathway a second computational pathway including a second subset of computational elements when the mode selection signal indicates a second mode, and a second set of word registers coupled with the set of computational elements, wherein each of the second set of word registers is configured to store at least one word of a new key generated by the selected computational pathway. | 04-23-2015 |
20150117640 | APPARATUS AND METHOD FOR PERFORMING KEY DERIVATION IN CLOSED DOMAIN - Provided are an apparatus and method for guaranteeing the safety of a computing device by separating a closed domain from an open domain in the computing device and allowing the closed domain to perform key derivation that is required for encryption/decryption of data. The computing device includes a hypervisor, the open domain and the closed domain isolated from the open domain without being open to a user, the open domain and the closed domain managed by the hypervisor, and a key derivation executable code configured to generate an encryption key needed to perform encryption in the open domain, from a seed value, the key derivation executable code being executed in the closed domain, wherein the encryption key generated by the key derivation executable code is transferred to the open domain, and is automatically discarded after being used for encryption of data in the open domain. | 04-30-2015 |
20150117641 | PROTECTION METHOD AND SYSTEM FOR DISTRIBUTING DIGITAL FILES WHETHER NEW, SECOND-HAND, FOR RENTAL, EXCHANGE OR TRANSFER - Methods for generating a virtual recursive secure container and for generating a virtual secure container of relationship of rights along with a system that distributes copyrighted digital content, respecting the legal framework for intellectual property when distributed electronically, either on the Internet or any other digital medium, and offering consumers their rights as buyers of digital content. | 04-30-2015 |
20150124961 | Public Key Encryption Algorithms for Hard Lock File Encryption - In some aspects, an encryption method comprises encrypting a first portion of a message using a first secret key. The first secret key is generated based on the public key of an entity. A one-way function is used to generate a second secret key from the first secret key, and the first secret key is subsequently discarded. A second portion of the message is encrypted using the second secret key. The encrypted first portion of the message and the encrypted second portion of the message are provided to the entity. | 05-07-2015 |
20150124962 | Fast Computation of a Single Coefficient in an Inverse Polynomial - In one exemplary embodiment of the invention, a method for computing a resultant and a free term of a scaled inverse of a first polynomial v(x) modulo a second polynomial f | 05-07-2015 |
20150131796 | ENCRYPTION KEY GENERATION - A method of generating an encryption key. The method comprises collecting a plurality of user defined variables defined by input from a user and collecting a plurality of environmental variables associated with varying environmental conditions. The method further comprises defining parameters of a plurality of scrambling functions using the user defined variables and calculating a plurality of scramble values. Each scramble value comprises a combination of environmental variables combined in accordance with one of the plurality of scrambling functions. The method further comprises combining the scramble values to produce a scramble code and generating the encryption key from the scramble code. | 05-14-2015 |
20150139418 | Method and Apparatus for User Identity Verification - The present disclosure describes a method and apparatus for user identity verification as a user migrates amongst systems, servers, computing environments and/or segments within a cloud computing environment. A user currently accessing a first system seeks to migrate from the first system to a target system. The target system validates whether the user may access the target system based on a first private key and a first public key. A verification system maintains a second public key that is based on an identity of the user and inaccessible to the user. The verification system receives a second private key from an initial system of the user. Based on the second private/public keys, the verification system sends a validation of user identity to the target system. | 05-21-2015 |
20150146869 | ELECTRONIC CIRCUIT, ELECTRONIC APPARATUS, AND AUTHENTICATION SYSTEM - An electronic circuit includes: a plurality of RS latch circuits each configured to enter a metastable state in accordance with a clock signal input to the RS latch circuit; a determination circuit configured to determine whether an output of each of the RS latch circuits is a random number or a fixed number; and a selector configured to select whether to maintain the clock signal input to the RS latch circuit, to change the clock signal input to the RS latch circuit to another clock signal having a different frequency, or to input a clock signal for fixing a signal output from the RS latch circuit, as the clock signal input to the RS latch circuit, in accordance with a result determined by the determination circuit. | 05-28-2015 |
20150146870 | METHOD AND ARRANGEMENT IN A TELECOMMUNICATION SYSTEM - A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a | 05-28-2015 |
20150295722 | KEY GENERATION APPARATUS AND METHOD FOR GENERATING A KEY - A key generation apparatus for generating a key using a physical unclonable function includes a memory device configured to store a plurality of auxiliary data records, each auxiliary data record of the plurality of auxiliary data records having auxiliary data and supplementary information items, a selection device configured to select an auxiliary data record based on the supplementary information items, and a generation device configured to generate the key based on the auxiliary data of the selected auxiliary data record and using the physical unclonable function. | 10-15-2015 |
20150310206 | PASSWORD MANAGEMENT - A method of generating a password. An embodiment includes: receiving a first user input defining a seed for the password, receiving a second user input defining a destination for the password, operating a coding function to generate the password from the first user input and the second user input, and outputting the password generated by the coding function. | 10-29-2015 |
20150312034 | METHOD FOR IMAGE ENCRYPTION AND DECRYPTION INCORPORATING PHYSIOLOGICAL FEATURES AND IMAGE CAPTURE DEVICE THEREOF - The disclosure illustrates an image encryption and decryption method using physiological features and image capture device using the same method. The image encryption and decryption method comprises an encryption procedure and a decryption procedure. The encryption procedure comprises following steps. At first, an image capture module is used to capture a plurality of first iris images. An encryption-decryption module is used to generate a first key according to the plurality of first iris images. When an image is generated by the image capture module, the encryption-decryption module encrypts the image with the first key to generate an encrypted image. The decryption procedure comprises following a step of using the encryption-decryption module to decrypt the encrypted image with the first key. | 10-29-2015 |
20150312036 | GENERATION AND MANAGEMENT OF MULTIPLE BASE KEYS BASED ON A DEVICE GENERATED KEY - A request to generate a first key may be received. A device generated key that is stored in a memory may be received in response to the request. Furthermore, a first entity identification (ID) that is stored in the memory may be received. The first key may be generated based on the first entity ID and the device generated key that are stored in the memory. | 10-29-2015 |
20150318988 | CRYPTOGRAPHIC SYSTEM, RE-ENCRYPTION KEY GENERATION DEVICE, RE-ENCRYPTION DEVICE, CRYPTOGRAPHIC METHOD, AND CRYPTOGRAPHIC PROGRAM - It is an object to implement a functional proxy re-encryption scheme. A decryption device | 11-05-2015 |
20150326390 | METHOD OF MANAGING KEYS AND ELECTRONIC DEVICE ADAPTED TO THE SAME - A method of managing keys and an electronic device adapted to the method are provided. The method includes creating a first key, based on information included in a memory space of a processor, creating a second key, based on at least one item of user information, and creating a third key that was created through at least one encryption process, based on the created first key and the created second key. | 11-12-2015 |
20150333905 | METHODS AND DEVICES FOR SECURING KEYS WHEN KEY-MANAGEMENT PROCESSES ARE SUBVERTED BY AN ADVERSARY - The present invention discloses methods and devices for securing keys when key-management processes are subverted by an adversary. Methods include the steps of: upon receiving a creation request in the computing-environment, creating a secure key in at least one location in a computing environment by repetitively computing respective secure-key contributions: in at least one location; and in a set of N computing resources in the computing environment, wherein N is a non-negative integer; and applying the respective secure-key contributions to change a secure-key value, wherein: the respective secure-key contributions cannot be omitted or modified by at least one location; and the secure key is never revealed to the computing resources; thereby enabling the computing resources in the computing environment to ensure that the secure key is truly random; wherein at least one location is a region of memory located in a computing resource operationally connected to the computing-environment. | 11-19-2015 |
20150333906 | SYSTEM AND METHOD FOR GENERATING AND PROTECTING CRYPTOGRAPHIC KEYS - In the present disclosure, implementations of Diffie-Hellman key agreement are provided that, when embodied in software, resist extraction of cryptographically sensitive parameters during software execution by white-box attackers. Four embodiments are taught that make extraction of sensitive parameters difficult during the generation of the public key and the computation of the shared secret. The embodiments utilize transformed random numbers in the derivation of the public key and shared secret. The traditional attack model for Diffie-Hellman implementations considers only black-box attacks, where attackers analyze only the inputs and outputs of the implementation. In contrast, white-box attacks describe a much more powerful type of attacker who has total visibility into the software implementation as it is being executed. | 11-19-2015 |
20150341169 | DISCOVERY AND SECURE TRANSFER OF USER INTEREST DATA - A method for establishing an encrypted communication channel is described. Query IDs are generated at a first device. Each query ID identifies a keyword in a set of keywords. Query IDs are received, at a second device. A second set of keywords is determined by the second device based on the query IDs. Match IDs are determined based on the second set. Each match ID identifies a keyword in the second set. An encryption key is generated based on the second set. A response is sent which includes the match IDs and an encrypted message. At the first device, the second set is determined based on the match IDs. The second set includes keywords of the first set of keywords identified by the match IDs. The encryption key is generated at the first device and the encrypted message is decrypted. Apparatus and computer readable media are also described. | 11-26-2015 |
20150349954 | SYSTEM AND METHOD FOR RANDOM SEED GENERATION - Provided is a method for ensuring security of a system from unauthorized access, comprising the steps of receiving a force and a direction information over time corresponding to a physical movement of a mobile electronic device with a touch screen configured to, be held in a hand, the movement carried out by holding, and moving the mobile device with the hand; creating an analog signal corresponding to the force; digitizing the analog signal to form a set of binary bits; inputting the binary bits into a random number generator; using an output from the random number generator to form a password or a cryptographic key, wherein the password or the cryptographic key is used appropriately by the security system. | 12-03-2015 |
20150349955 | METHOD FOR RAPIDLY GENERATING COORDINATE POINT IN EMBEDDED SYSTEM - A method for rapidly generating coordinate points in an embedded system, comprising: according to a preset segment number of segmentation and a preset step size, segmenting a numerical value to be calculated and then grouping each data segment, and calculating an initial point value corresponding to each digit in a group of data of each data segment; detecting the value of each digit in the current data group of all data segments, subjecting the initial point value corresponding to the digit with a value of 1 and an intermediate point value to point addition operation, and updating the intermediate point value using the point addition operation result; judging whether a next data group of each data segment exists, if it does not exist, taking the intermediate point value as a resulting coordinate point value and storing same, and ending; and if it exists, subjecting the intermediate point value to a point doubling operation for a preset step size frequency, and updating the intermediate point value using the point doubling operation result, taking a next data group of each data segment as a new current data group, and continuing to perform a point addition and point doubling operation. The present invention can rapidly generate coordinate points, is effectively applied to the generation of key pairs and signatures, and greatly improves the operation speed. | 12-03-2015 |
20150358160 | SECRETS RENEWABILITY - A method, system and apparatus for deriving a secondary secret from a root secret are described, the method, system and apparatus including reserving a memory buffer included in an integrated circuit, the memory buffer being large enough to contain all of the bits which will include the secondary secret, receiving a plurality of bits from a root secret, the root secret being stored in a secure memory of the integrated circuit, inputting the plurality of bits from the root secret and at least one control bit into a permutation network, and thereby producing a multiplicity of output bits, the at least one control bit including one of one bit of a value g, and one bit an output of a function which receives g as an input, receiving the multiplicity of output bits from the permutation network, inputting the multiplicity of output bits from the permutation network into a plurality of logic gates, thereby combining the multiplicity of output bits, wherein a fixed number of bits is output from the logic gates, inputting the fixed number of bits output by the logic gates into an error correcting code module, the fixed number of bits output by the logic gates including a first group of intermediate output bits and a second group of intermediate output bits and receiving output bits from the error correcting code module, the output bits of the error correcting code module including the first group of intermediate output bits as changed by the error correcting code module, where the change depends on the second group of intermediate output bits, filling non-filled registers in the reserved memory buffer with the first group of intermediate output bits as changed by the error correcting code module, and repeating the steps of “receiving a plurality of bits from a root secret” through “filling non-filled registers in the reserved memory buffer” until the entire secondary secret is derived, wherein the steps of “receiving a plurality of bits from a root secret” through “filling non-filled registers in the reserved memory buffer” are performed in a single clock cycle of the integrated circuit. Related apparatus, methods and systems are also described. | 12-10-2015 |
20150365231 | METHOD FOR CONFIGURING A SECURE ELEMENT, KEY DERIVATION PROGRAM, COMPUTER PROGRAM PRODUCT AND CONFIGURABLE SECURE ELEMENT - There is disclosed a method for configuring a secure element, the method comprising: storing an application in the secure element; storing a master key in the secure element; storing a key derivation program in the secure element; generating, by the key derivation program, at least one application key for use by the application, wherein said generating comprises deriving the application key from the master key and an identifier of the secure element. Furthermore, a corresponding key derivation program, computer program product and configurable secure element are disclosed. | 12-17-2015 |
20150372812 | METHODS AND DEVICES FOR KEY MANAGEMENT IN AN AS-A-SERVICE CONTEXT - The present invention discloses methods and devices for key management in an as-a-service (aaS) context. Methods include the steps of: upon receiving a creation request in a provider computing-environment, creating a specific key in at least one location in the provider computing-environment by repetitively computing respective specific-key contributions: in a set of N computing resources in the provider computing-environment; and in a set of M customer locations in a customer computing-environment; and applying the respective specific-key contributions to change a specific-key value in the computing resources, wherein the respective specific-key contributions are never revealed to any computing resources, and to any customer locations, other than respective contributors; wherein at least one location is a region of memory located in a computing resource operationally connected to the provider computing-environment, wherein the customer locations are regions of memory located in a computing resource operationally connected to the customer computing-environment. | 12-24-2015 |
20150372818 | Algebraic Symmetric Cipher - An algebraic symmetric cipher is provided. The cipher does not employ methods of presently known symmetric ciphers as its basis. The cipher relies on an information loss in transformation of input data (plaintext) to output data (cipher-text), where information loss is non-invertible in absence of cipher key materials, and; is reliant on an inverse information gain in transformation of input data (cipher-text) into output data (plaintext), where information gain is obtained operations making use of cipher key materials. | 12-24-2015 |
20150381357 | Method and Apparatus for Generating a Secret Key - A first partner connected to a channel collects samples of a physical variable on the basis of a time-variable property of the channel; stores a first array of at least bivalent elements; stores a second array of at least bivalent elements, each element in the second array corresponding to a remaining element in the first array and representing a first state if the sample, to which the remaining element in the first array corresponds, is outside a limit range and representing a second state if the sample is within the limit range; receives a parity check bit from the second partner; subjects elements in the first array to a parity check using the parity check bit; and, if the parity check fails, determines a checked element in the first array whose corresponding element in the second array represents the second state, and inverts the determined element in the first array. | 12-31-2015 |
20150381359 | ENCIPHERING APPARATUS AND METHOD, DECIPHERING APPARATUS AND METHOD AS WELL AS INFORMATION PROCESSING APPARATUS AND METHOD - The invention provides an enciphering apparatus and method, a deciphering apparatus and method and an information processing apparatus and method by which illegal copying can be prevented with certainty. Data enciphered by a 1394 interface of a DVD player is transmitted to a personal computer and a magneto-optical disk apparatus through a 1394 bus. In the magneto-optical disk apparatus with which a change to a function is open to a user, the received data is deciphered by a 1394 interface. In contrast, in the personal computer with which a change to a function is open to a user, the enciphered data is deciphered using a time variable key by a 1394 interface, and a result of the decipherment is further deciphered using a session key by an application section. | 12-31-2015 |
20150382187 | SECURE WIRELESS DEVICE CONNECTION USING POWER LINE MESSAGES - Technologies are generally provided to establish a secure connection between a wireless network access point and a wireless enabled device by sharing a secret key synthesized from one or more messages exchanged over power lines. Messages exchanged between devices within a location such as a household over power lines and/or with a power utility control center may be collected, for example, communication messages between a wireless enabled device and a smart meter or any other device. The wireless enabled device and a wireless network access point may synthesize a secret key from the collected messages and share the secret key to establish a secure wireless connection over a channel that is not secure. | 12-31-2015 |
20160006570 | GENERATING A KEY DERIVED FROM A CRYPTOGRAPHIC KEY USING A PHYSICALLY UNCLONABLE FUNCTION - The embodiments relate to a method and a device for generating a key derived from a cryptographic key using at least one physically unclonable function. At least one request value is assigned to the cryptographic key and to at least one derivation parameter. A response value is generated on a circuit unit using the at least one physically unclonable function dependent on at least one respective request value. The derived key is derived from the at least one response value. | 01-07-2016 |
20160006725 | Systems, Methods and Apparatuses for the Application-Specific Identification of Devices - The systems, methods and apparatuses described herein provide a computing environment that manages application specific identification of devices. An apparatus according to the present disclosure may comprise a non-volatile storage storing identifier (ID) base data and a processor. The processor may be configured to validate a certificate of an application being executed on the apparatus. The certificate may contain a code signer ID for a code signer of the application. The processor may further be configured to receive a request for a unique ID of the application, generate the unique ID from the code signer ID and the ID base data and return the generated unique ID. | 01-07-2016 |
20160013938 | DECRYPTION ENGINE AND DECRYPTION METHOD | 01-14-2016 |
20160013939 | GENERATING A KEY BASED ON A COMBINATION OF KEYS | 01-14-2016 |
20160013940 | ENCRYPTION CODE GENERATION USING SPIN-TORQUE NANO-OSCILLATORS | 01-14-2016 |
20160013941 | GENERATION OF ENCRYPTION KEYS BASED ON LOCATION | 01-14-2016 |
20160020902 | Key Generating Method and Apparatus - A key generating method and apparatus, where the method includes acquiring complete picture data of a complete picture; displaying a partial picture of the complete picture in a display window; capturing a first picture from the partial picture, and generating first picture data of the first picture; and generating a key according to the first picture data. | 01-21-2016 |
20160020903 | NONCE GENERATION FOR ENCRYPTION AND DECRYPTION - The present disclosure describes methods of encrypting and decrypting blocks of data stored in computer readable memory for a device using a block cipher with a nonce. In particular, methods of encrypting and decrypting blocks of data where the value of the nonce is based on previous execution instructions of a program executed by the device for a previously executed block are described. Embodiments disclosed include a method of encrypting blocks of data bits stored in computer readable memory for a device using a block cipher with a nonce and a key, the method comprising for each block of data: generating a value of the nonce based on previous execution instructions of a program executed by the device for a previously executed block of data; and encrypting the block of data with the nonce and key using the block cipher. | 01-21-2016 |
20160028538 | APPARATUS AND METHOD FOR GENERATING KEY - Provided are an apparatus and method for generating a key. The apparatus includes: an input analyzer configured to identify a plurality of symbols from user identity (ID) information, and to derive at least one permutation from the plurality of symbols; and a key generator configured to obtain a plurality of pre-calculated keys including a plurality of first pre-calculated keys and at least one second pre-calculated key, and to generate, from the plurality of pre-calculated keys, a cryptographic key corresponding to the user ID information, the plurality of first pre-calculated keys respectively corresponding to the plurality of symbols, the at least one second pre-calculated key respectively corresponding to the at least one permutation. | 01-28-2016 |
20160028544 | RANDOM NUMBER GENERATOR FUNCTIONS IN MEMORY - A memory device includes but is not limited to an integrated circuit substrate, integrated circuit memory integrated onto the integrated circuit substrate and apportioned into a plurality of memory segments, and security logic integrated with the integrated circuit memory onto the integrated circuit substrate. The security logic can include at least random number generator logic apportioned into two or more logic segments configured to perform at least one random number generator function in association with at least one memory segment of the plurality of memory segments. In addition to the foregoing, other aspects are described in the claims, drawings, and text forming a part of the present disclosure. | 01-28-2016 |
20160065366 | Password-Based Generation and Management of Secret Cryptographic Keys - Methods and apparatus are provided for generating a secret cryptographic key of a user computer connectable to a server via a network. A secret user value is provided at the user computer. A secret server value is provided at the server with a check value which encodes the secret user value and a user password. The user computer encodes the secret user value and an input password to produce a first value corresponding to said check value, and communicates the first value to the server. The server compares the first and the check values to check whether the input password equals the user password. If so, the server encodes the first and the secret server values to produce a second value and communicates the second value to the user computer. The user computer generates the secret cryptographic key by encoding the second value, the input password and the secret user value. | 03-03-2016 |
20160072625 | CRYPTOGRAPHIC SYSTEM, CRYPTOGRAPHIC METHOD, AND CRYPTOGRAPHIC PROGRAM - It is an object to provide predicate encryption that can conceal both attribute information being set in a ciphertext and predicate information being set in a decryption key even in a public key setting. An encryption device | 03-10-2016 |
20160072627 | Generation of cryptographic keys - Method for generating a pair of public and private cryptographic keys in the additive group of integers modulo n, where n is the product of two prime numbers p and q, the method including the following steps:
| 03-10-2016 |
20160080144 | APPARATUS AND METHOD FOR DATA ENCRYPTION - Provided is an apparatus for encrypting data including a key determiner configured to determine a cipher key for white-box cryptography (WBC)-based encryption and a symmetric key different from the cipher key and an encrypter configured to generate a ciphertext of the data using the WBC-based encryption and symmetric-key-based encryption with the symmetric key. | 03-17-2016 |
20160087795 | SECURE MEMORIES USING UNIQUE IDENTIFICATION ELEMENTS - Various embodiments of the invention relate to secure systems and modules, and more particularly, to systems, devices and methods of generating and applying identification elements uniquely associated with memory, memory mapping and encrypted storage. These unique identification elements provide an improved, statistically random source from which keys and memory mappings may be derived. The application of these keys across various architectures result in an improvement in the security of data stored within a system. | 03-24-2016 |
20160112192 | INCORRUPTIBLE PUBLIC KEY USING QUANTUM CRYPTOGRAPHY FOR SECURE WIRED AND WIRELESS COMMUNICATIONS - A hardware system and encryption method that generates encryption keys based on quantum mechanical phenomena that can be delivered directly, over public wired and wireless channels, to communicating devices. The encryption strength is derived from physical phenomena and not mathematical complexity and, therefore, is “future proof” against advances in computational power. The present invention allows pre-existing networked devices to communicate securely within a geographically defined “protection zone.” | 04-21-2016 |
20160119121 | ENCRYPTION/DECRYPTION APPARATUS AND ENCRYPTION/DECRYPTION METHOD THEREOF - An encryption/decryption apparatus and an encryption/decryption method thereof are provided. A data encryption/decryption unit performs an encryption/decryption operation to a digital data and thus generates an encryption/decryption power signal corresponding to the encryption/decryption operation. A complementary power generating unit generates a complementary power signal corresponding to the encryption/decryption power signal. The encryption/decryption apparatus outputs the complementary power signal and the encryption/decryption power signal as a power signal, wherein a sum of the complementary power signal and the encryption/decryption power signal is a fixed value. | 04-28-2016 |
20160119138 | DYNAMIC SEED AND KEY GENERATION FROM BIOMETRIC INDICIA - Generating a seed and/or a key from live biometric indicia, such that all the information necessary for generating the seed and/or the key is not stored, is provided. A method comprises receiving and enrolling a biometric template from a user; assigning an optimization value to the enrolled biometric template; encrypting an item of test data using the optimization value, such that the optimization value is an encryption seed; storing the encrypted item of test data on the storage medium; destroying the encryption seed after encrypting the item of test data; receiving a live biometric template; comparing the templates and determining an interval based on a probability that the templates are specific to the same user; iteratively testing values within the interval to identify the value in the interval for decrypting the encrypted item of test data; and generating the key using the seed. | 04-28-2016 |
20160124751 | ACCESS ISOLATION FOR MULTI-OPERATING SYSTEM DEVICES - The present application is directed to access isolation for multi-operating system devices. In general, a device may be configured using firmware to accommodate more than one operating system (OS) operating concurrently on the device or to transition from one OS to another. An access isolation module (AIM) in the firmware may determine a device equipment configuration and may partition the equipment for use by multiple operating systems. The AIM may disable OS-based equipment sensing and may allocate at least a portion of the equipment to each OS using customized tables. When transitioning between operating systems, the AIM may help to ensure that information from one OS is not accessible to others. For example, the AIM may detect when a foreground OS is to be replaced by a background OS, and may protect (e.g., lockout or encrypt) the files of the foreground OS prior to the background OS becoming active. | 05-05-2016 |
20160127333 | Technologies for Secure Inter-Virtual Network Function Communication - Technologies for secure inter-virtual network function communication include a computing device to determine a cryptographic key for secure communication over at least one of an inter-virtual network function (VNF) network, an inter-virtual network function component (VNFC) network, or a VNF-VNFC network based on a security policy of the computing device; and. The computing device securely communicates over at least one of the inter-VNF, inter-VNFC, or VNF-VNFC network based on the determined cryptographic key. | 05-05-2016 |
20160142204 | SYSTEM AND METHOD FOR GENERATING A CRYPTOGRAPHIC KEY - A system and method for generating a cryptographic key using a sequence of data segments selected by a user from one or more data resources. Raw data from the one or more data resources corresponding to each of the selected data segments, and the sequence in which such data segments are selected, is extracted and processed to generate a key. The key can be used for any cryptographic and authentication purpose. By enabling a user to select the sequence of data segments from the one or more data resources in any manner the user desires, the user can create a strong key, but also easily remember the underlying data resource and chosen sequence. This technique provides enhanced security while maintaining ease of creation and use of such security. | 05-19-2016 |
20160142205 | SYMMETRIC SECRET KEY PROTECTION - A system and method includes obtaining a secret key at a processor of a device, obtaining a salt and an environmental variable, generating a cryptographically transformed derived key via the processor of the device using the secret key, the salt, and the environmental variable, storing the derived key in a memory of the device, and using the derived key for cryptographic communications via a network with another device. | 05-19-2016 |
20160149702 | COMMUNICATION ARRANGEMENT AND METHOD FOR GENERATING A CRYPTOGRAPHIC KEY - In various embodiments, a communication arrangement is provided. The communication arrangement includes a first communication device, and a second communication device. The first communication device includes a processing element configured to read out a device-specific number from a component of the first communication device, to mask the device-specific number by the random number and to transmit the masked device-specific number to the second communication device. The second communication device includes a mapping element configured to map the masked device-specific number to a codeword of a code and to transmit the codeword to the first communication device. The first communication device further includes a key generator configured to demask the codeword by the random number and to determine a cryptographic key based on the demasked codeword. | 05-26-2016 |
20160156470 | SYSTEM FOR SHARING A CRYPTOGRAPHIC KEY | 06-02-2016 |
20160156476 | Physically Unclonable Function Circuits and Methods of Performing Key Enrollment in Physically Unclonable Function Circuits | 06-02-2016 |
20160164673 | METHOD FOR CHANGING AN AUTHENTICATION KEY - The invention relates to a method for generating an authentication key in a security module ( | 06-09-2016 |
20160173282 | Key Management For On-The-Fly Hardware Decryption Within Integrated Circuits | 06-16-2016 |
20160182229 | DATA PROCESSING DEVICE AND METHOD FOR PROTECTING A DATA PROCESSING DEVICE AGAINST TAMPERING | 06-23-2016 |
20160191238 | SMS4 ACCELERATION HARDWARE - Embodiments of an invention for SMS4 acceleration hardware are disclosed. In an embodiment, an apparatus includes SMS4 hardware and key transformation hardware. The SMS4 hardware is to execute a round of encryption and a round of key expansion. The key transformation hardware is to transform a key to provide for the SMS4 hardware to execute a round of decryption. | 06-30-2016 |
20160191242 | STORAGE AND RETRIEVAL OF DISPERSED STORAGE NETWORK ACCESS INFORMATION - A method includes affiliating an authentication token with user information of a user. The method further includes generating a private/public key pairing associated with the user information. The method further includes applying a share encoding function on a private key of the private/public key pairing to produce a set of encoded shares. The method further includes generating a set of random numbers and generating a set of hidden passwords based on the user information. The method further includes generating a set of encryption keys based on the set of hidden passwords and the set of random numbers. The method further includes encrypting the set of encoded shares utilizing the set of encryption keys to produce a set of encrypted shares. The method further includes outputting the set of encrypted shares to the authentication token for storage therein and outputting the set of random numbers to a set of authenticating units. | 06-30-2016 |
20160191248 | TECHNOLOGIES FOR SECURE PRESENCE ASSURANCE - Technologies for secure presence assurance include a computing device having a presence assertion circuitry that receives an input seed value and generates a cryptographic hash based on the received input seed value. The computing device further verifies the integrity of the presence assertion circuitry based on the generated cryptographic hash. | 06-30-2016 |
20160191255 | Carbon Nanotube Array for Cryptographic Key Generation and Protection - Techniques for use of carbon nanotubes as an anti-tampering feature and for use of randomly metallic or semiconducting carbon nanotubes in the generation of a physically unclonable cryptographic key generation are provided. In one aspect, a cryptographic key having an anti-tampering feature is provided which includes: an array of memory bits oriented along at least one bit line and at least one word line, wherein each of the memory bits comprises a memory cell, wherein the cryptographic key is stored in the memory cell, and wherein the memory cell is connected to the at least one bit line; and a metallic carbon nanotube interconnect which connects the memory cell to the at least one word line. A cryptographic key and method for processing the cryptographic key are also provided. | 06-30-2016 |
20160380766 | ENCRYPTION SYSTEM WITH A GENERATOR OF ONE-TIME KEYS AND A METHOD FOR GENERATING ONE TIME-KEYS - A computer-implemented method for irreversible generating of distinct one-time encryption keys. For each subsequent operation of generating the one-time encryption key, the method comprises the following steps, performed with a one-time key generator: reading previously stored values P and Q to obtain read values P and Q, wherein the values P and Q are probable prime numbers; modifying the read values P and Q by using a modifier M and an additive operation, including size adjustment to obtain modified values P and Q; generating, based on the modified values P and Q, new values P and Q as probable prime numbers; storing the new values P and Q as stored values P and Q; executing a multiplication operation on the stored values P and Q to determine a new value N; and providing the new value N as a new component of the one-time encryption key. | 12-29-2016 |
20220141011 | SPLIT RANDOM NUMBER GENERATOR - A computing system may implement a split random number generator that may use a random number generator to generate and store seed values in a memory for retrieval and use by one or more core processors to generate random numbers for secure processes within each core processor. | 05-05-2022 |
20220141016 | KEYS FOR ELLIPTIC CURVE CRYPTOGRAPHY - Cryptographic circuitry, in operation, generates N first pairs of elliptic curve cryptography (ECC) keys r(i), R(i), with i varying from 1 to N, using K second pairs of ECC keys p(k), P(k), with k varying from 1 to K, wherein K is smaller than N. Each pair r(i), R(i) of the first pairs of keys is a linear combination of pairs of the second pairs of ECC keys according to: | 05-05-2022 |