Entries |
Document | Title | Date |
20080215886 | FUNCTION LICENSE AUTHENTICATION METHOD AND FUNCTION LICENSE AUTHENTICATION SYSTEM - There is provided a function license authentication method and system capable of preventing the illegal creation of a license key. | 09-04-2008 |
20080222416 | Secure Network Connection - Implementations described and claimed herein provide a secure network connection for remote access, e.g., to building automation systems. A secure network connection may be established according to one implementation between a remote client and a system host for the building automation system. The system host provides its network address to a security host. When the remote client desires access to the system host, the remote client requests the network address from the security host. The security host authenticates the remote client as an authorized user. If the remote client is an authorized user, the security host provides the network address and a security key to the remote client. The remote client then uses the network address to request access to the system host. The system host authenticates the remote client by requesting the security host to verify the security key before granting the remote client access to the system host. | 09-11-2008 |
20080229106 | Information processing apparatus and data transmission method of information processing apparatus - An apparatus stores first divided trust information which is one portion resulting from division of trust information generated by a transmission target apparatus that is a transmission target for data, receives a transmission request for the data from the target apparatus and receives second divided trust information which is the other portion resulting from division of the trust information of the target apparatus and verification information generated using information indicating a state of the target apparatus that made the request, recovers the trust information using the first divided trust information stored and the received second divided trust information, verifies trustworthiness of the target apparatus using the recovered trust information and the received verification information, transmits the data indicated by the request to the target apparatus when the verification of trustworthiness is successful. | 09-18-2008 |
20080235511 | DEVICE AUTHENTICATION AND SECURE CHANNEL MANAGEMENT FOR PEER-TO-PEER INITIATED COMMUNICATIONS - A method and system for providing secure access to a device initiating communications using a peer-to-peer signaling protocol, such as a SIP or H.323. In a device registration phase, the device contacts a secure access server, and authenticates to the secure access server by providing an identification, such as its factory ID. The secure access server then issues a device ID and private key to the authenticated device. A client can then initiate a further communication session and be authenticated by the secure access server. The secure access server returns the device identification and the device's public key to the client. The client and device can then perform a symmetrical key exchange for their current communication session, and can communicate with appropriate encryption. The device's private key can be set to expire after one or more uses. | 09-25-2008 |
20080235512 | PRINT DATA COMMUNICATION WITH DATA ENCRYPTION AND DECRYPTION - A printing job containing printing data is transmitted to a specified image forming apparatus through a communications medium so that the printing data can be printed by the specified image forming apparatus. The printing data is encrypted in an encrypting method specified for printing the printing job, the information about the destination for the image forming apparatus is obtained, and the information about the destination obtained by the obtaining means is decrypted by the disclosed method, apparatus, and medium. | 09-25-2008 |
20080244267 | Local and remote access control of a resource - Embodiments of the invention are generally directed to systems, methods, and apparatuses for local and remote access to a resource. In some embodiments, an integrated circuit includes a configurable hardware resource. In addition, the integrated circuit may also include access control logic to authenticate agents that attempt to configure the resource. In some embodiments, the agents may be in-band or out-of-band agents. Other embodiments are described and claimed. | 10-02-2008 |
20080244268 | End-to-end network security with traffic visibility - Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. The key may be derived using a cryptographic one way function and a client identifier so that end-to-end security may be achieved. | 10-02-2008 |
20080270797 | SYMBIOTIC STORAGE DEVICES - A system is provided, the system having a first storage device and a second storage device. A symbiotic relationship is established between the first and second storage devices to selectively store backup digital content for each other. | 10-30-2008 |
20080282087 | System debug and trace system and method, and applications thereof - An embedded system or system on chip (SoC) includes a secure JTAG system and method to provide secure on-chip control, capture, and export of on chip information in an embedded environment to a probe. In one embodiment, the system comprises encryption logic associated with a JTAG subsystem and decryption logic in the probe for encrypted JTAG read traffic. Inverted encryption/decryption logic provides bi-directional encryption and decryption of JTAG traffic. Encrypted information includes both authentication of valid probe/target interface and encryption of debug data. | 11-13-2008 |
20080288777 | A Peer-to-Peer Access Control Method Based on Ports - A port based peer access control method, comprises the steps of: 1) enabling the authentication control entity; 2) two authentication control entities authenticating each other; 3) setting the status of the controlled port. The method may further comprise the steps of enabling the authentication server entity, two authentication subsystems negotiating the key. By modifying the asymmetry of background technique, the invention has advantages of peer control, distinguishable authentication control entity, good scalability, good security, simple key negotiation process, relatively complete system, high flexibility, thus the invention can satisfy the requirements of central management as well as resolve the technical issues of the prior network access control method, including complex process, poor security, poor scalability, so it provides essential guarantee for secure network access. | 11-20-2008 |
20080301445 | HIDDEN LINK DYNAMIC KEY MANAGER FOR USE IN COMPUTER SYSTEMS WITH DATABASE STRUCTURE FOR STORAGE OF ENCRYPTED DATA AND METHOD FOR STORAGE AND RETRIEVAL OF ENCRYPTED DATA - A computer system is disclosed that contains cryptographic keys and cryptographic key identifiers. The system has a repository cryptographic engine that communicates securely with a remote cryptographic engine, and the repository cryptographic engine is associated with a user data store. The user data store includes a hidden link including a session key identifier encrypted with a protection key. The hidden link is associated with a remote data entity. A key data store associated with the repository server includes a session key encrypted with a session-key-protection key. The session key is used to encrypt and decrypt the remote data entity. The system also includes a repository key exchange module operable to exchange the session key with a remote key exchange module. | 12-04-2008 |
20080301446 | AUTHORIZING CUSTOMER PREMISE EQUIPMENT INTO A NETWORK - Systems and methods for authorizing customer premise equipment into a network. A publicly available network membership key can be provided to enable initial connection to the network. Unique network membership keys associated with various customer premise equipment can be provided to enable service level access to the network and/or authorization into a sub-cell associated with the network. | 12-04-2008 |
20080307225 | Method For Locking on to Encrypted Communication Connections in a Packet-Oriented Network - There is described a method for locking on or legal interception of encrypted communication connections, preferably in a peer-to-peer network. If all users in a communication network have a digital certificate, a good authentication and an end-to-end encryption of communication data is possible. A modification of network elements is disclosed to nevertheless provide legal tapping from authorized positions. The above can be used on a special tapping mode, in which the keys for all incoming and outgoing messages are provided to an authorized control position. | 12-11-2008 |
20080313464 | SYSTEM AND METHOD OF CREATING AND SENDING BROADCAST AND MULTICAST DATA - A method of encrypting broadcast and multicast data communicated between two or more parties, each party having knowledge of a shared key, is provided. The key is calculated using values, some of which are communicated between the parties, so that the shared key is not itself transferred. Avoiding the transfer of the key offers several advantages over existing encryption methods. | 12-18-2008 |
20080320308 | Method for remote message attestation in a communication system - The invention relates to a method for remote attestation. In the method is created a first asymmetric key pair in a trusted platform module in an electronic device. A first public key and software platform state information are certified with an attestation identity key associated with the trusted platform module to produce a first certificate. A second asymmetric key pair is produced in an application within the electronic device. The second public key is certified with said first secret key to produce a second certificate. A message is signed with the second secret key to provide a message signature in the first electronic device. The message and the message signature, software platform state information, the first certificate and the second certificate are sent to a second electronic device. | 12-25-2008 |
20090037737 | ASYNCHRONOUS ENHANCED SHARED SECRET PROVISIONING PROTOCOL - An Asynchronous Enhanced Shared Secret Provisioning Protocol (ESSPP) provides a novel method and system for adding devices to a network in a secure manner. A registration process is launched by at least one of two network devices together. These two devices then automatically register with each other. When two devices running Asynchronous ESSPP detect each other, they exchange identities and establish a key that can later be used by the devices to mutually authenticate each other and generate session encryption keys. An out-of-band examination of registration signatures generated at the two devices can be performed to help ensure that there was not a man-in-the-middle attacker involved in the key exchange. | 02-05-2009 |
20090044014 | NETWORK CONSTRUCTING METHOD AND COMMUNICATION APPARATUS - In a wireless network communication device, multiple items of network identification information, which are for identifying wireless network systems, are read out of a memory and displayed on a display unit. Network identification information of a wireless network system, which is capable of being constructed anew, is selected from the multiple items of network identification information displayed and a wireless network system corresponding to the network identification information selected is constructed. | 02-12-2009 |
20090055648 | METHOD OF AND APPARATUS FOR SHARING SECRET INFORMATION BETWEEN DEVICE IN HOME NETWORK - A method and apparatus for sharing secret information between devices in a home network are provided. In the method and apparatus, home network devices receive a password (credential) input by a user and encrypt secret information based on the credential by using keys generated according to a predetermined identity-based encryption (IBE) scheme. Accordingly, it is possible to securely share the secret information between home network devices without any certificate authority or certificate. | 02-26-2009 |
20090055649 | KEY ALLOCATING METHOD AND KEY ALLOCATION SYSTEM FOR ENCRYPTED COMMUNICATION - Both a management server and a validation server are installed. Both a terminal and a terminal register setting information which is usable in an encrypted communication in the management server. When carrying out the encrypted communication, the management server searches the registered setting information for coincident setting information. The management server generates keys for the encrypted communications which can be used by the terminals, and delivers these generated keys in combination with the coincident setting information. The management server authenticates both the terminals in conjunction with the validation server. Since the terminals trust such results that the management server has authenticated the terminals respectively, these terminals need not authenticate the respective communication counter terminals. | 02-26-2009 |
20090063860 | Printer driver that encrypts print data - A system for transmitting encrypted print job data across a network. The printer driver on the client device encrypts the print job data using a random AES key and uses the printer's public key to encrypt the random AES key. The print job data remains encrypted during transmission from the client device to the printer via the server. As such, the contents of the print job cannot be viewed by anyone who eavesdrops on the communications between the client device and the printer or by anyone who obtains the print job data from the server's data storage medium. The printer's public certificate, containing the printer's public key, is promulgated to the client device via the server which stores the printer's public certificate with other data pertinent to the client device's printer driver. | 03-05-2009 |
20090063861 | Information security transmission system - An information security transmission system is disclosed. The system comprises a first information equipment and a second information equipment, wherein the first information equipment can obtain at least one certification data, connecting to the second information equipment through a network for processing an information transmission, accordingly, a key pair used for encryption/decryption can be obtained through the certificate authority or that can be obtained without the certificate authority selectively, such that the information transmission security channel can be established and the data transmission security can be ensured. The first information equipment and the second information equipment respectively comprises a first dynamic codec and a second dynamic codec for processing a coding/decoding process depending on a dynamic code book, furthermore, an automatic error detecting mechanism and an error correcting mechanism can be associated for ensuring the data transmission security and the data correction especially at one time transmission. The transmission data is under the protection of accessing limit, such as time limit, number of times limit, or equipment limit, such that once the receiver end has received the transmission data, the transmission data can be read under the accessing limit, therefore, if the accessing limit is overtook, then the transmission data would be removed for preventing the data to be lost. | 03-05-2009 |
20090063862 | MASHUP SERVICE SUPPORT METHOD AND APPARATUS - A mashup service support method includes externally receiving a mashup service application, acquiring and managing an authentication key corresponding to the received mashup service application, and executing the received mashup service application using the acquired authentication key. A user can use a variety of web services by normally operating a mashup service application through Open API due to the storing and managing of an authentication key. | 03-05-2009 |
20090063863 | Secure authenticated channel - A protocol (i.e. method) and corresponding apparatuses for calculating a session key. Two peers with knowledge of a common Diffie-Hellman permanent key, K | 03-05-2009 |
20090070586 | Method, Device and Computer Program Product for the Encoded Transmission of Media Data Between the Media Server and the Subscriber Terminal - A request is transmitted from a subscriber terminal via a control channel of an access network to an application function for determining a set of encoding parameters. An encoding context is generated by the application function in accordance with the set of encoding parameters. The encoding context is transmitted from the application function to a media server via a control interface of a core network. Either encoded media data are then decoded or unencoded media data are encoded by the media server using the encoding context in such a way that an encoded transmission of media data is carried out between the media server and the subscriber terminal. A network and a computer program are suitable for carrying out the method. | 03-12-2009 |
20090089582 | METHODS AND APPARATUS FOR PROVIDING UPGRADEABLE KEY BINDINGS FOR TRUSTED PLATFORM MODULES - A processing system with a trusted platform module (TPM) supports migration of digital keys. For instance, an application in the processing system may create a first configuration key as a child of a TPM storage root key (SRK) when the processing system has a first configuration. The application may also create an upgradable root user key associated with an upgrade authority as a child of the first configuration key. The application may also create a user key as a child of the upgradable root user key. When the processing system has a second configuration, the application may create a second configuration key as a child of the SRK. The application may request migration approval from the upgrade authority. In response to receiving the approval from the upgrade authority, the application may migrate the root user key to be a child of the second configuration key. Other embodiments are described and claimed. | 04-02-2009 |
20090089583 | Method of establishing authentication keys and secure wireless communication - A method of establishing authentication keys at both a network and mobile equipment are provided. The authentication key generated by the mobile equipment is based on both mobile keys and network keys, which are each calculated by the mobile equipment. The authentication key generated by the network is based on both mobile keys and network keys, which are each calculated by the network. The mobile keys are calculated from a challenge generated by the mobile equipment and the network keys generated by the mobile based on a challenge generated by network. | 04-02-2009 |
20090094458 | PROCESS AND SYSTEM FOR CONFIRMING TRANSACTIONS BY MEANS OF MOBILE UNITS - Process for confirming transactions by means of mobile units (MU), wherein a control device (CD) sends a request message (RM) containing transaction data (TD) to a mobile unit (MU), which can send to the control device (CD) a confirmation message (CM) containing a confirmation code (CD), wherein the control device (CD) and/or the mobile unit (MU) are provided with one or more digital memories (DM) in which security applications (SA) are stored for encoding and digitally signing the request message (RM) and/or the confirmation message (CM), respectively, before sending them. The present invention also relates to a system for carrying out said process. | 04-09-2009 |
20090119509 | METHOD FOR NEGOTIATING SECURITY-RELATED FUNCTIONS OF SUBSCRIBER STATION IN WIRELESS PORTABLE INTERNET SYSTEM - The present invention relates to a subscriber station security-related parameter negotiation method in a wireless portable Internet system. The subscriber station security-related parameter negotiation method includes security-related parameters in transmitting/receiving basic capability negotiation request messages and basic capability negotiation response messages such that the subscriber station and the base station negotiate the subscriber station security-related parameters. The security-related parameters include an authorization policy support subfield used to negotiate an authorization policy between the subscriber station and the base station, and message authentication code mode subfields used to negotiate a message authentication code mode. The base station can inform the subscriber station that authentication or message authentication is not performed and is omitted according to a service provider policy by writing it on the authorization policy support subfield or message authentication code mode subfield. In addition, the subscriber station and the base station can select an authorization policy formed with at least one combination through the authorization policy support subfield of the security negotiation parameters. According to the present invention, the service provider of the wireless portable Internet system can more efficiently and flexibly manage the system by providing a scheme for omitting an authentication function and a message authentication function as well as for supporting various authorization policies and message authentication functions. | 05-07-2009 |
20090119510 | END-TO-END NETWORK SECURITY WITH TRAFFIC VISIBILITY - End-to-end security between clients and a server, and traffic visibility to intermediate network devices, achieved through combined mode, single pass encryption and authentication using two keys is disclosed. In various embodiments, a combined encryption-authentication unit includes a cipher unit and an authentication unit coupled in parallel to the cipher unit, and generates an authentication tag using an authentication key in parallel with the generation of the cipher text using an encryption key, where the authentication and encryption key have different key values. In various embodiments, the cipher unit operates in AES counter mode, and the authentication unit operates in parallel, in AES-GMAC mode Using a two key, single pass combined mode algorithm preserves network performance using a limited number of HW gates, while allowing an intermediate device access to the encryption key for deciphering the data, without providing that device the ability to compromise data integrity, which is preserved between the end to end devices. | 05-07-2009 |
20090119511 | AUTOMATED KEY MANAGEMENT SYSTEM AND METHOD - A system and method for automatic key and certificate management is disclosed. In particular, a key store in a base computer contains both new and previously viewed cryptographic keys. In one embodiment, for each new key, if a corresponding certificate matches an existing certificate, the new certificate may be automatically downloaded to a mobile communications device without prompting a user. | 05-07-2009 |
20090125719 | METHODS OF ENSURING LEGITIMATE PAY-PER-CLICK ADVERTISING - A method for transferring state information between a client device and a server, the client device being configured to select content, and the server having a memory module and being configured to store referenced content and to transmit referenced content to at least one client device. The method includes receiving a request on the server from the client device, wherein the request includes the state information from the client device; detecting whether the state information has previously been received by the server; updating the state information; and transmitting a response including the updated state information to the client device. | 05-14-2009 |
20090125720 | System Having Secure Access Between IC Entities - A system is provided having first and second integrated circuits. The first integrated circuit implements a first entity which stores an encryption or decryption function, one or more secret keys for use with the function, and an identity of each of the secret keys which are each indicative of an access permission to the first entity associated with each of the secret keys. The second integrated circuit implements a second entity which stores the function and is programmed and configured to issue a request to the first integrated circuit for one or more of the access permissions and associated key identities for one or more of the secret keys stored in the first entity. The first integrated circuit being programmed and configured to respond to the request by outputting the access permissions and key identities to the second entity for use with the function without outputting the secret keys. | 05-14-2009 |
20090132822 | METHOD AND DEVICE FOR SECURELY DISTRIBUTING DATA IN GROUP COMMUNICATION - In a method for securely distributing data in group communication, the group has a plurality of members, and the method includes the following steps: (A) under a data recording mode, assigning one member of the group as a recording member; (B) enabling the recording member to generate and send a security key to other members of the group, to record communication contents of all the members during a group communication session, and to create an entry of recorded data therefor; and (C) enabling the other members of the group to receive and store the security key, the security key enabling the other members of the group to retrieve the recorded data from the recording member under a data retrieval mode. | 05-21-2009 |
20090132823 | MULTIMEDIA DATA PROTECTION - The invention provides a method of transmitting a media work such as a movie to a client comprising the steps of (a) encrypting the work using a sequence of different keys corresponding to respective temporally spaced segments of the document, (b) transmitting software code containing an algorithm from a security server to the client, the algorithm having a result that is a function of the state of the client, (c) executing the code at the client and returning the result to the security server, (d) determining whether the result is indicative of an unmodified client, and further comprising the steps of: (e) transmitting a segment from a server to the client, (f) securely streaming a key corresponding to the transmitted segment from a secure remote server to the client, (g) decrypting the segment using the obtained media key, (h) if step (d) indicates a modified client, preventing further keys from being transmitted, otherwise repeating steps (e) to (g) and repeating steps (b) to (d). | 05-21-2009 |
20090138713 | PROXY USE WITHIN A MESH NETWORK - A method and system facilitate communications between an unassociated device and a server via a mesh network and a wide area network. The method may include receiving transmissions from candidate proxy devices, wherein each candidate proxy device is associated with a mesh network. The method may include selecting a proxy device from the candidate proxy devices. The method may include communicating with a server via the proxy device and the associated mesh network. | 05-28-2009 |
20090138714 | COMMUNICATION APPARATUS, KEY SERVER, MANAGEMENT SERVER, COMMUNICATION SERVER, CONTENT DISTRIBUTION SYSTEM, COMMUNICATION METHOD, AND RECORDING MEDIUM - A plurality of first encrypted pieces is generated by encrypting the pieces with a first encryption key. The second encrypted piece is generated by encrypting at least one of the pieces with a second encryption key. The first encryption key and the second encryption key for encrypting the same piece are different from each other. A communication apparatus receives a first encrypted piece or a second encrypted piece from other communication apparatus for each piece, transmits a request message for requesting a decryption key for decrypting the encrypted piece to a key server, and receives the decryption key from the key server in response to the request message. | 05-28-2009 |
20090138715 | WIRELESS NETWORK SECURITY USING RANDOMNESS - The present invention provides systems and methods for securing communications in a wireless network by utilizing the inherent randomness of propagation errors to enable legitimate users to dynamically create a shared symmetric secret key. In one embodiment, the invention provides a system with two computers each having a wireless network adapter. The sending node encodes the frames, transmits the frames, determines if the frames were correctly received, retransmits the frames if they were not correctly received, stores the frames that were not retransmitted, and applies a uses the stored frames to generate a secret key. The receiving node receives the encoded frames, determines if the frames were retransmitted, stores at least one of the frames that was not retransmitted, and uses the stored frames to generate the same secret key as the receiving node. | 05-28-2009 |
20090138716 | METHOD FOR TRANSMITTING AND RECEIVING DATA, IN PARTICULAR FOR SECURE EXCHANGES BETWEEN AN AIRCRAFT AND A GROUND BASE, RELATED DEVICES AND AIRCRAFT EQUIPPED WITH SUCH DEVICES - A method for transmitting data, a receiving method, related devices, and an aircraft equipped with the devices. The method includes determining an authentication word of the data; processing the data to obtain processed data; and transmitting the processed data on a transmission channel. | 05-28-2009 |
20090144550 | METHOD AND SYSTEM FOR SECURE COMMUNICATION IN NEAR FIELD COMMUNICATION NETWORK - Disclosed is a method for secure communication between a plurality of electronic devices in a Near Field Communication (NFC) network, and a system for supporting the method. To this end, a first electronic device shares a plurality of keys with the at least one device among the plurality of electronic devices and selects a first key among the plurality of keys and exchanges data encrypted based on the first key with the at least one device among the plurality of electronic devices and replaces the first key with at least one key among the plurality of keys while exchanging the data after at least one predetermined criterion has been satisfied. | 06-04-2009 |
20090150674 | System and Method for Device Bound Public Key Infrastructure - Techniques are provided secured communication of data, such as in the context of a public key infrastructure (PKI). In one embodiment, the technique may involve using a private key that is bound to the device requesting the secure data, thereby making it harder for someone to copy, steal or fake. The private key may be generated by adding a filler code to a unique device identifier. The identifier may be based on at least one user-configurable parameter and at least one non-user-configurable parameter of the device. | 06-11-2009 |
20090158040 | METHOD AND SYSTEM FOR SECURE EXCHANGE OF DATA IN A NETWORK - A first network device implements a method for the secure exchange of data in a network. The network also includes a second network device and a remote device. The method includes establishing an indirect path to the remote device and pre-negotiating first security parameters with the remote device over the indirect path using a network layer protocol, when the second network device has an active first data link. The method further includes establishing an active second data link with the remote device and exchanging first data with the remote device over the active second data link using the first security parameters, when the first data link becomes inactive. | 06-18-2009 |
20090158041 | METHODS AND DEVICES FOR CREATING SECURITY GROUP AND AUTHENTICATION OVER P2P NETWORK - A method of creating a security group over a Peer-To-Peer (P2P) network is disclosed. An invitee terminal attaches a public key to a peer advertisement in which its own identification information is encrypted using its own private key, and then sends a resulting peer advertisement over the P2P network. An inviter terminal, which has found the peer advertisement, encrypts a group advertisement, including group information about the security group, using public keys of the corresponding invitee terminal, and then sends a resulting group advertisement to the invitee terminal desired to be invited to the security group. The invitee terminal decrypts the group advertisement using its own private key, and participates in the security group using the group information. | 06-18-2009 |
20090158042 | Managed Access Point Protocol - Methods, apparatuses and systems facilitating deployment and configuration of managed access points in hierarchical wireless network systems. An embodiment of the invention facilitates deployment and configuration of conventional, substantially autonomous access points operating in connection with a central management node, such as a server or appliance. In another embodiment, the present invention facilitates deployment and configuration of light-weight access points in a hierarchical wireless network system. In one embodiment, the present invention also provides a streamlined encryption key exchange protocol adapted to hierarchical wireless network system architectures. | 06-18-2009 |
20090164786 | CONTENT DELIVERY METHOD, CONTROL TERMINAL, AND DISPLAY TERMINAL - A content delivery method, a control terminal for content delivery, and a display terminal for receiving content delivery. In a content delivery service, the control terminal for authentication and the display terminal for displaying and/or storing of content are separately provided to perform authentication and exchange of a key so as to select a content delivery destination from a server. | 06-25-2009 |
20090172403 | METHOD AND SYSTEM FOR GENERATING AND DISTRIBUTING MOBILE IP SECURITY KEY AFTER REAUTHENTICATION - A method for generating and distributing MIP security key after Re-Authentication, including: an AAA Server generates an EMSK during a Re-Authentication process; the MS generate a new first MIP security key for the MS according to the EMSK, and replaces the corresponding old first MIP security key with the new first MIP security key; and a HA receives new second MIP security key information for the HA which is sent by the AAA Server actively, or requests from the AAA Server the new second MIP security key information for the HA, and replaces the corresponding old second MIP security key that is locally stored with the new second MIP security key that is sent by the AAA Server actively or requested from the AAA Server. The present invention ensures execution of MIP Registration process after Re-Authentication. | 07-02-2009 |
20090177888 | INFORMATION PROCESSING DEVICE, KEY SETTING METHOD, AND PROGRAM - There is provided an information processing device including an identifier setting unit for setting an identifier to a set of terminal devices corresponding to each node of a tree structure, and a key setting unit for setting a key distributed to the terminal device based on the identifier, wherein the identifier setting unit includes a first identifier indicating the set of terminal devices corresponding to each node, and sets the identifier so as to further include a second identifier showing a correspondence relation between plurality of subsets when the set includes a plurality of subsets. | 07-09-2009 |
20090177889 | METHOD FOR SHARING A LINK KEY IN A ZIGBEE NETWORK AND A COMMUNICATION SYSTEM THEREFOR - A communication system and method for securely and efficiently sharing a link key for security and authentication in a ZigBee network. Upon receipt of an access request from an end device, a trust center sends a public key to the end device, and upon receipt of the public key, the end device encrypts an arbitrary key using the public key, and sends the encrypted arbitrary key to the trust center. The trust center generates a link key using the arbitrary key, and sends the link key to the end device. | 07-09-2009 |
20090183005 | Distributing Access to a Data Item - A method is provided for use in distributing access to a data item. The method includes allowing multiple transfers between computers of a single instance of permission to gain access to the data item, the transfers occurring across data connections and including a first transfer between a first computer and a second computer and a subsequent transfer between the second computer and a third computer, wherein at any one time only one computer retains the instance of permission and is able to use the instance of permission to gain access to the data item. | 07-16-2009 |
20090193253 | METHOD AND SERVER FOR PROVIDING A MOBILE KEY - After a radio link is established between a mobile subscriber terminal and an access network, the subscriber is authenticated by a proxy server of an intermediate network forwarding, from the access network to a home network of the subscriber, authentication message(s) containing a subscriber identification. If the subscriber is authenticated and the subscriber identification is already stored in the proxy server, the proxy server assigns a group-specific mobile key to the subscriber identification. When the home agent receives a registration request message originating from a subscriber terminal and containing a subscriber identification and transmits a key request message, containing the subscriber identification, for a mobile key to the proxy server, if the subscriber identification in the key request message matches a subscriber identification stored by the proxy server, a mobile key for cryptographic protection of mobile signalling messages is provided to the home agent by the proxy server. | 07-30-2009 |
20090199001 | Access to services in a telecommunications network - A method and arrangement is disclosed for providing a user, not previously having an individual subscription with a network operator, with credentials for secure access to network services. The arrangement includes a gateway, associated with a subscription for network services, having means for generating and exporting to a user entity personalized user security data derived from security data related to the subscription. In particular, the derivation of credentials is based on a function that is shared between network and gateway and further conveniently makes use of bootstrapping on keying material from the subscription authentication. Pre-registered user identities are assigned trusted users who, thereafter, can download credentials and authenticate for service access. The invention may be implemented at a public place for providing temporary visitors network access whereby trust may exemplary be established by presenting a credit card. | 08-06-2009 |
20090199002 | Methods and Systems for Shortened Hash Authentication and Implicit Session Key Agreement - A first hash result is generated at a client system in accordance with hash input parameters known to the client system. A second hash result is generated at a server system in accordance with hash input parameters known to the server system. Each of the first hash result and the second hash result is truncated in a same manner. The truncated first hash result is transmitted from the client system to the server system. The truncated first hash result as transmitted to the server system is compared with the truncated second hash result generated at the server system. Equality between the truncated first hash result as transmitted to the server system and the truncated second hash result generated at the server system authenticates the client system to the server system. | 08-06-2009 |
20090204817 | COMMUNICATION SYSTEM - In a method and system for a communications system, identifying at least one of a received message that has been decrypted using a first decryption method and a message to be sent that is to be encrypted using a first encryption method, generating a copy of the at least one of the received message and the message to be sent, encrypting the copy of the at least one of the received message and the message to be sent using a second encryption method to create an encrypted copy of the at least one of the received message and the message to be sent, and transmitting the encrypted copy of the at least one of the received message and the message to be sent from the communications device for decryption and storage. | 08-13-2009 |
20090210709 | CONTENT TRANSMITTING AND RECEIVING SYSTEM - A transmitting apparatus transmits, to a receiving apparatus, a content that contains at least, in the stated order, a first portion that is encrypted with a shared key shared between the transmitting apparatus and the receiving apparatus, a second portion that is not encrypted, and a third portion that is encrypted with the shared key. In this situation, in the case where the encrypted third portion has become a transmission target after the second portion has been transmitted, and also, there is a possibility that the shared key stored in the receiving apparatus may be invalidated when the encrypted third portion is received, the transmitting apparatus sequentially transmits a fourth portion and the encrypted third portion to the receiving apparatus, the fourth portion containing at least element data that belongs to the last group in the second portion. | 08-20-2009 |
20090210710 | SECURITY AUTHENTICATION AND KEY MANAGEMENT WITHIN AN INFRASTRUCTURE-BASED WIRELESS MULTI-HOP NETWORK - A system and method of security authentication and key management scheme in a multi-hop wireless network is provided herein with a hop-by-hop security model. The scheme adapts the 802.11r key hierarchy into the meshed AP network. In this approach, a top key holder (R0KH) derives and holds the top Pairwise Master Key (PMK_0) for each supplicant wireless device after the authentication process. All authenticator AP take the level one key holder (R1KH) role and receive the next level Pairwise Master Key (PMK_1) from R0KH. The link level data protection key is derived from PMK_1 via the 802.11i 4-way handshaking. | 08-20-2009 |
20090210711 | Methods, systems and devices for packet watermarking and efficient provisioning of bandwidth - Disclosed herein are methods and systems for transmitting streams of data. The present invention also relates to generating packet watermarks and packet watermark keys. The present invention also relates to a computerized system for packaging data for transmission to a user. The system may utilize computer code to generate a bandwidth rights certificate that may include: at least one cryptographic credential; routing information for the transmission; and, optionally, a digital signature of a certificate owner; a unique identification code of a certificate owner; a certificate validity period; and pricing information for use of bandwidth. The present invention also relates to an electronic method and system for purchasing good and services by establishing an account whereby a customer is credited with a predetermined amount of bandwidth usage, and then charges are assessed against the account in an amount of bandwidth usage which corresponds to the agreed upon purchase value for the selected item. | 08-20-2009 |
20090217043 | METHOD AND SYSTEM FOR MUTUAL AUTHENTICATION OF NODES IN A WIRELESS COMMUNICATION NETWORK - A method as provided enables mutual authentication of nodes in a wireless communication network. The method includes processing at a first node a beacon message received from a second node, wherein the beacon message comprises a first nonce value (step | 08-27-2009 |
20090217044 | AUTOMATED KEY MANAGEMENT SYSTEM AND METHOD - A system and method for automatic key and certificate management is disclosed. In particular, a key store in a base computer contains both new and previously viewed cryptographic keys. In one embodiment, for each new key, if a corresponding certificate matches an existing certificate, the new certificate may be automatically downloaded to a mobile communications device without prompting a user. | 08-27-2009 |
20090222665 | NON-INTERACTIVE ENTITY APPLICATION PROXY METHOD AND SYSTEM - A security method and system. The method includes retrieving configuration data associated with a non interactive entity (NIE) software application. The configuration data comprises a refresh count, a refresh period, and a session ID. A master refresh period is calculated from the refresh period. Credentials data associated with the NIE software application are retrieved. The credentials data are transmitted to a resource server. A session key generated by the resource server is received by the NIE software application. The NIE software application calculates a stale time associated with the session key. The NIE software application generates a first updated refresh count. The NIE software application stores the session key, the first updated refresh count, the first refresh period, and the first specified stale time. | 09-03-2009 |
20090222666 | Mechanism for generating message sequence order numbers - In one embodiment, a mechanism for generating message sequence order numbers is disclosed. In one embodiment, a method includes generating a timestamp value, and calculating a message authentication code (MAC) using as inputs the timestamp value, public information of an intended recipient, and a shared secret key kept between a broadcaster and the intended recipient. In addition, the method includes extracting, according to a pre-determined process agreed to between the broadcaster and the intended recipient, a required number of bits that define a size of an initial sequence number from the MAC. Lastly, the method includes using the extracted result as the initial sequence number. | 09-03-2009 |
20090235076 | Extensible and flexible electronic information tracking systems and methods - A method and system for tracking electronic information includes the steps of: encrypting an electronic file stored on a hardware storage device; attaching or incorporating with the file a standalone executable program that implements a request for a decryption key accompanied by tracking information when an attempt is made to access the file; verifying the tracking information by a central processing unit; if the tracking information is verified as acceptable, providing the decryption key; and if the tracking information is not verified as acceptable, modifying the file to include a record of the failed attempt to access the file and the tracking information, and storing said modified file on the hardware storage device. | 09-17-2009 |
20090235077 | NETWORK INFRASTRUCTURE VALIDATION OF NETWORK MANAGEMENT FRAMES - A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key. | 09-17-2009 |
20090240942 | LONG TERM KEY ESTABLISHMENT FOR EMBEDDED DEVICES - A secure communication session is established between a first device and a second device, by generating, in the first device, a first secret key to be utilized for communication sessions with other devices. The second device requests to establish a first communication session with the first device, and the second device generates a second secret key corresponding to the first secret key of the first device. The second device stores the generated second secret key in a non-volatile memory of the second device, the second secret key being stored in the non-volatile memory in association with an identifier of the first device. Finally, a secure communication session is established between the first and second devices utilizing the first and second secret keys. | 09-24-2009 |
20090240943 | CHALLENGE RESPONSE-BASED DEVICE AUTHENTICATION SYSTEM AND METHOD - A challenge response scheme authenticates a requesting device by an authenticating device. The authenticating device generates and issues a challenge to the requesting device. The requesting device combines the challenge with a hash of a password provided by a user, and the combination is further hashed in order to generate a requesting encryption key used to encrypt the user supplied password. The encrypted user supplied password is sent to the authenticating device as a response to the issued challenge. The authenticating device generates an authenticating encryption key by generating the hash of a combination of the challenge and a stored hash of an authenticating device password. The authenticating encryption key is used to decrypt the response in order to retrieve the user-supplied password. If the user-supplied password hash matches the stored authenticating device password hash, the requesting device is authenticated and the authenticating device is in possession of the password. | 09-24-2009 |
20090249071 | MANAGING CODE ENTITLEMENTS FOR SOFTWARE DEVELOPERS IN SECURE OPERATING ENVIRONMENTS - Systems and methods for managing access to restricted data and system resources in secure operating environments are disclosed. Developer access profiles are issued by trusted authorities to developers which define entitlements that provide limited access to system resources and data on specified computing devices. The developer access profiles allow software developers to write software which accesses parts of the target platform environment which are typically off limits to third party developers. | 10-01-2009 |
20090249072 | METHOD FOR GENERATING RIGHTS OBJECT AND DEVICE TO PERFORM THE METHOD, METHOD FOR TRANSMITTING RIGHTS OBJECT AND DEVICE TO PERFORM THE METHOD, AND METHOD FOR RECEIVING RIGHTS OBJECT AND DEVICE TO PERFORM THE METHOD - A method for transmitting a Rights Object (RO) includes generating a password key by encrypting a password, generating the RO using the password key, and transmitting the RO from a first device to a second device. The second device and the first device share the password and the second device generates the password key using the same encryption method as that used by the first device to generate the password key. The second device decrypts a Message Authentication Code (MAC) key and a Rights Object Encryption Key (REK) using the password key, decrypts a Content Encryption Key (CEK) using the decrypted REK, and verifies integrity of the RO using the decrypted MAC key. The second device can use and/or access content associated with the RO using the decrypted CEK. The CEK may be generated by the first device or may be the CEK from a Rights Issuer. | 10-01-2009 |
20090249073 | APPARATUS AND METHOD FOR GROUP SESSION KEY AND ESTABLISHMENT USING A CERTIFIED MIGRATION KEY - A method and apparatus for group session key and establishment using a certified migration key are described. In one embodiment, the method includes exporting of a protected certified migration key (CMK) to a target platform. In one embodiment, exporting of the protected CMK requires that the target platform is authorized for participation in a group and has a storage key, including attributes that comply with the group security policy. Once the protected CMK is exported, in one embodiment, a group master key is encrypted with a public portion of the CMK to form a protected group master key. Subsequently, the protected group master key is transmitted to the target platform. In one embodiment, possession of the group master key enables the target platform to participate in a secure group communication session. Other embodiments are described and claimed. | 10-01-2009 |
20090254751 | DATA TRANSMISSION APPARATUS, DATA RECEPTION APPARATUS, AND DATA TRANSFER SYSTEM - Provided is a data transmission apparatus, a data reception apparatus, and a data transfer system which can prevent a case where the same usable data is present in plural apparatuses at the same time and can certainly the move data, in MOVE processing of the data between the data transmission apparatus and the data reception apparatus. The data transmission apparatus ( | 10-08-2009 |
20090259851 | Methods and Apparatus for Authentication and Identity Management Using a Public Key Infrastructure (PKI) in an IP-Based Telephony Environment - Methods and apparatus arc provided for user authentication using a Public Key Infrastructure (PKI) in an IP-based telephony environment, such as an IMS network. A user of a user device attempting to access an IP-based telephony network can be authenticated by obtaining one or more private keys of the user from a secure memory associated with the user device; generating an integrity key and a ciphering key; encrypting the integrity key and the ciphering key using a session key; encrypting the session key with a public key of the IP-based telephony network; and providing the encrypted session key, encrypted integrity key and encrypted ciphering key to the IP-based telephony network for authentication. A network-based method is also provided for authenticating a user in an IP-based telephony network. | 10-15-2009 |
20090271627 | Secure Data Transmission - A method of facilitating secure sending of a message from a sender to a recipient over a network, comprising establishing communication between a sender side and a recipient trusted server having knowledge of an encryption key of recipient; obtaining a messaging key comprising a messaging encryption key and a messaging decryption key; exchanging messaging key data between sender side and recipient trusted server such that sender side has knowledge of the messaging encryption key and recipient trusted server has knowledge of the messaging decryption key; encrypting messaging decryption key with recipient's encryption key by recipient trusted server; transmitting messaging decryption key encrypted by recipient's encryption key from recipient trusted server to sender side, and transmitting messaging decryption key encrypted by recipient's encryption key from sender side to recipient and transmitting the message encrypted by messaging encryption key directly from sender side to recipient. | 10-29-2009 |
20090271628 | METHOD AND SYSTEM FOR KEY EXCHANGE AND METHOD AND APPARATUS FOR REDUCING PARAMETER TRANSMISSION BANDWIDTH - The embodiments of the present disclosure disclose a method and apparatus for reducing the parameter transmission bandwidth. The parameter sender reduces the values of the parameters before sending the parameters to the parameter receiver. This scheme reduces the bandwidth consumed during parameter transmission, thus makes the transmission more efficient. The embodiment of the present disclosure also discloses a method for key exchange. This method reduces the values of the transmission parameters before sending the transmission parameters. This saves the bandwidth compared with the protocol in the prior art. Besides, the embodiment of the present disclosure discloses a system for key exchange. The parameter sender sends the transmission parameters to the bandwidth processing unit. The bandwidth processing unit performs a modulo operation on the received transmission parameters and then sends the processed transmission parameters to the parameter receiver, thus reducing the bandwidth consumed in the transmission of transmission parameters. | 10-29-2009 |
20090282249 | PROCESS FOR ESTABLISHING A SECRET KEY - A method for establishing a secret key for a data transmission between communication partners in a network, in particular in a personal area network (PAN), or in a body area network (BAN), wherein one or several inefficient communication partners (B) in comparison to a strong, preferably central communication partner (A) of the network, have reduced power resources, is characterized through the following steps: the strong communication partner (A) transmits a plurality of data pairs, each comprising a possible key (K | 11-12-2009 |
20090282250 | COMMUNICATION APPARATUS, SERVER, AND COMPUTER PROGRAM PRODUCT THEREFOR - A communication apparatus receives, from another communication apparatus, a plurality of encrypted pieces obtained by encrypting a plurality of pieces constituting a part of a content and obtains a part or all of decryption keys used for decrypting the encrypted pieces. The communication apparatus also obtains an invalid piece list showing one or more identifiers of one or more encrypted pieces that can respectively be decrypted by using one or more decryption keys that have already been invalidated. In the case where at least one of the encrypted pieces is listed in the invalid piece list, the communication apparatus deletes the at least one of the encrypted pieces, based on an obtainment status of the encrypted pieces or an obtainment status of the decryption keys. | 11-12-2009 |
20090282251 | AUTHENTICATING A WIRELESS DEVICE IN A VISITED NETWORK - Alternative authentication approaches for service request are provided. For a mobile station roaming in a visited network that does not support conventional updating of cryptographic keys (such as Dynamic Mobile IP Key Update) for a desired service, such cryptographic key authentication may be accomplished in a different way. Instead of merely rejecting a service request when a cryptographic key for the mobile station is not found at the home network, the home network may initiate a process by which a text messaging channel is utilized to establish such cryptographic key with the requesting mobile station. Alternatively, the home network may utilize other information, such as a verifiable identifier or credential for the requesting mobile station (e.g., IMSI, MIN, etc.) along with a roaming status of the requesting mobile station to authenticate the mobile station and grant access to network services allowing a requested service to be established. | 11-12-2009 |
20090282252 | METHOD FOR AUTHENTICATION - A client is intended to be authenticated with a server. The present disclosure relates to a method that includes using an algorithm for the client and server, but independently of one another, to produce a first key. A second key is produced by the client such that its distance from the first key is within a predetermined distance. The second key is sent to the server. The server successfully authenticates the client if the distance between the received second key and the first key is within the predetermined delta. The second key is used as a new start key for further authentication of the client with the server. | 11-12-2009 |
20090287928 | Methods, Portable Electronic Devices, Systems and Computer Program Products for Securing Electronic Conference Room Whiteboards - Methods, portable electronic devices, systems and computer program products for securing an electronic whiteboard. A near field communication (NFC) session is established between a portable electronic device and the electronic whiteboard to secure information provided on the electronic whiteboard. Dispersion of the information provided on the electronic whiteboard is enabled and/or disabled using security credentials associated with the established NFC session. | 11-19-2009 |
20090287929 | METHOD AND APPARATUS FOR TWO-FACTOR KEY EXCHANGE PROTOCOL RESILIENT TO PASSWORD MISTYPING - A system and method for two factor key exchange protocol resilient to password mistyping is disclosed. This authentication process is based on two factors including both electronically stored (long keys) and human supplied credentials (password or biometrics). The disclosed system and method ensures security in the presence of mistyping. The system includes receiving a message from a client signifying a request to establish a secure connection and sending a first random number to the client. The method continues with receiving a string and authorization code with parameters comprising the first random number and the string where the string includes an identifier, a short key and a second random number encrypted with a public key. The method continues with decrypting the string with a private key verifying the authentication code, verifying the short key and session key derivation by both server and client. | 11-19-2009 |
20090287930 | IDENTITY BASED SYMMETRIC CRYPTOSYSTEM USING SECURE BIOMETRIC MODEL - Methods, apparatus, and computer program products are herein described that provide for an identity-based cryptosystem using a highly secure biometric model through which both access and data transmission are effectively made very secure. Through implementation of generating and securely storing biometric data as syndrome vectors tolerance is provided for the inherent variability of biometric data. In addition, to insure that the biometric data is not duplicated by adversaries who might gain access to the syndrome generation algorithm and the biometric data, present aspects, provide for keeping the private key more secure and making the cryptosystem user-identity dependent. As such the systems, apparatus and computer program products herein disclosed provide end-to-end authentication of end users using secure biometry, which constitute the symmetric and/or asymmetric identity-based cryptosystem. | 11-19-2009 |
20090292923 | KEY-IN PROCESSING DEVICE AND METHOD - A key-in processing device for executing a control processing on a basis of information of a key input comprises a determination part for determining what a same key is input continuously, a first storage part for storing information corresponding to an application software that is an object for processing according to the key determined the continuous input, the application software installed on the device, and a notifying part for notifying the application software corresponding to the information stored in the first storage part of information corresponding to the key determined the continuous input. | 11-26-2009 |
20090300357 | METHOD FOR PERSONAL NETWORK MANAGEMENT ACROSS MULTIPLE OPERATORS - A method for accessing a Personal Network (PN) from a Guest device. In this method, the Guest device ( | 12-03-2009 |
20090300358 | METHOD FOR MANAGING NETWORK KEY AND UPDATING SESSION KEY - A method for managing network key and updating session key is provided. The step of the key management includes: constructing key request group, constructing key negotiation response group, and constructing key negotiation acknowledgement group. The step of multicasting key management method includes multicasting main key negotiation protocol and multicasting session key distribution protocol. The multicasting main key negotiation protocol comprises key updating informs group, constructing encryption key negotiation request group, constructing key negotiation response group and constructing key negotiation acknowledgement group. The multicasting session key distribution protocol comprises multicasting session key request and multicasting session key distribution. | 12-03-2009 |
20090300359 | APPARATUS AND METHOD FOR SECURELY SUBMITTING AND PROCESSING A REQUEST - An apparatus and a method for securely submitting a request and an apparatus and a method for securely processing a request. The apparatus for securely submitting a request includes a request pre-submitting component and a request confirmation component. The request pre-submitting component sends a request with a unique identifier to a server and sends an alarm message containing the unique identifier and a request description to the request confirmation component. The request confirmation component contains a key inaccessible to other components in a client. It pops up a request confirmation window, on which the request description is displayed, in response to the alarm message and generates a request confirmation message associated with the request by using the key and the unique identifier. | 12-03-2009 |
20090300360 | APPLICATION SETTING TERMINAL, APPLICATION EXECUTING TERMINAL, AND SETTING INFORMATION MANAGING SERVER - An application setting terminal includes a GUI | 12-03-2009 |
20090300361 | METHOD FOR RECEIVING/SENDING MULTIMEDIA MESSAGES - A method for receiving/sending multimedia message uses a wireless LAN, and communicates with a gateway via the wireless LAN so as to send and receive multimedia messages. Furthermore, the gateway of the invention detects whether the user device is located within the wireless LAN. If yes, then multimedia messages are sent and received via the wireless LAN; and if not, then via conventional telecom network. The invention also discloses a corresponding gateway and a corresponding user device. | 12-03-2009 |
20090307495 | CONFIDENTIAL COMMUNICATION METHOD - In SSL encryption communication in which a client and a server share a password, the client generates random number data, encrypts the random number data with a public key and a password, and transmits the encrypted random number data to the server, so that the client and the server safely share the random number data having a bit length longer than that of the password. Safe cryptographic communication is performed without intermediaries by using the random number data or by mutually presenting a hash value of the random number data. | 12-10-2009 |
20090307496 | METHOD OF DERIVING AND UPDATING TRAFFIC ENCRYPTION KEY - A method for efficiently deriving a traffic encryption key for data encryption is disclosed. A method of generating a traffic encryption key (TEK) comprises the steps of receiving, by a mobile station from base station, a first nonce and first security materials for deriving the traffic encryption key (TEK) and deriving the traffic encryption key (TEK) using one or more of the first nonce, the authentication key (AK), and the first security materials. | 12-10-2009 |
20090307497 | IDENTITY-BASED-ENCRYPTION MESSAGING SYSTEM - A system is provided that uses identity-based encryption to support secure communications between senders and recipients over a communications network. Private key generators are used to provide public parameter information. Senders encrypt messages for recipients using public keys based on recipient identities and using the public parameter information as inputs to an identity-based encryption algorithm. Recipients use private keys to decrypt the messages. There may be multiple private key generators in the system and a given recipient may have multiple private keys. Senders can include private key identifying information in the messages they send to recipients. The private key identifying information may be used by the recipients to determine which of their private keys to use in decrypting a message. Recipients may obtain the correct private key to use to decrypt a message from a local database of private keys or from an appropriate private key server. | 12-10-2009 |
20090313472 | SECURE SESSION KEY GENERATION - A method and apparatus for securing the interface between a Universal Integrated Circuit Card (UICC) and a Terminal in wireless communications is disclosed. The security of Authentication and Key Agreement (AKA) and application level generic bootstrapping architecture (GBA) with UICC-based enhancements (GBA_U) procedures is improved. A secure shared session key is used to encrypt communications between the UICC and the Terminal. The secure shared session key generated using authenticating or non-authenticating procedures. | 12-17-2009 |
20090327729 | Secure pre-caching through local superdistribution and key exchange - A distributed peer-to-peer document archival system provides the version-control, security, access control, linking among stored documents and remote access to documents usually associated with centralized storage systems while still providing the simplicity, personalization and robustness to network outages associated with personal and peer-to-peer storage systems. | 12-31-2009 |
20090327730 | APPARATUS AND METHOD FOR ENCRYPTED COMMUNICATION PROCESSING - To provide an apparatus and a method for encrypted communication processing having a high communication speed in inter-node communication on a network capable of performing effective encrypted communication with improved security without losing the high speed. In the inter-node communication on the network, a plurality of shared encryption keys are first set and are switched arbitrarily for each packet to be transmitted, thus there is no need to repeat the handshaking for changing, whenever needed, the encryption keys to be used. | 12-31-2009 |
20090327731 | SECURITY DEVICE FOR CRYPTOGRAPHIC COMMUNICATIONS - Cryptographic systems and methods are provided in which authentication operations, digital signature operations, and encryption operations may be performed. Authentication operations may be performed using authentication information. The authentication information may be constructed using a symmetric authentication key or a public/private pair of authentication keys. Users may digitally sign data using private signing keys. Corresponding public signing keys may be used to verify user signatures. Identity-based-encryption (IBE) arrangements may be used for encrypting messages using the identity of a recipient. IBE-encrypted messages may be decrypted using appropriate IBE private keys. A smart card, universal serial bus key, or other security device having a tamper-proof enclosure may use the authentication information to obtain secret key information. Information such as IBE private key information, private signature key information, and authentication information may be stored in the tamper-proof enclosure. | 12-31-2009 |
20100005301 | AUTHENTICATION AND ENCRYPTION UTLIZING COMMAND IDENTIFIERS - A data processing system, recording device, data processing method and program providing medium are provided to execute authentication processing and content storing processing between apparatuses. Program localization is employed to restrict access to program content. A plurality of key blocks store key data for authentication processing. Key block designation information is set in a recorder/reproducer, which is configured for executing authentication processing with the recording device by designating a key block. The recorder/reproducer can set a key block for each product, model or the like. In addition, data stored according to a selected key block cannot be utilized in a recorder/reproducer in which a different key block is set. Furthermore, an encryption processing controlling section of a recording device executes control in accordance with a pre-defined setting sequence. Furthermore, an illegal instrument that has not completed the authentication processing can be prevented from utilizing program content. | 01-07-2010 |
20100005302 | TECHNIQUES FOR VALIDATING AND SHARING SECRETS - Techniques for validating and sharing secrets are presented. A secret is divided into a plurality of parts. Each part is represented by a unique value. Each value is distributed to a unique user that shares in the secret. The secret is recreated when each user presents each user's unique value. Each unique value is then used to recreate its corresponding part of the key and when all parts are present and validated, the secret is reproduced. | 01-07-2010 |
20100005303 | UNIVERSAL AUTHENTICATION METHOD - The object of the current invention is to provide the user with an authentication method that is more secure than conventional authentication methods and can be used on personal computers, PDAs, cell phones, personal digital media devices, home and car lock and security systems, television/VCR/DVD remote controls, credit card authentication systems, automatic teller machine authentication systems, among others. | 01-07-2010 |
20100011212 | RADIO FREQUENCY IDENTIFICATION (RFID) BASED AUTHENTICATION METHODOLOGY USING STANDARD AND PRIVATE FREQUENCY RFID TAGS - Disclosed is a self-contained hardware-based authentication system that incorporates different authentication protocols for access to soft and/or hard assets with different security levels. The system embodiments include the use of a RFID device that comprises dual RFID tags operating under different frequencies. Specifically, one RFID tag operates on a public frequency and, when activated, transmits an identifier encrypted using a public key. The other RFID tag operates on a private frequency and, when activated, transmits a private key that can be used to decrypt the encrypted identifier. Upon receipt by a processor (e.g., a local processor or security server) of a request for access to a specific asset, a security level for the specific asset is determined. Then, depending upon the particular security level (e.g. low, medium or high) different authentication protocols are instituted using the RFID device. Also disclosed are embodiments of an associated authentication methodology. | 01-14-2010 |
20100011213 | INFORMATION PROCESSING DEVICE, COMPUTER PROGRAM, AND INFORMATION PROCESSING SYSTEM - An information processing device includes: a receiving unit that receives a first random number from another information processing device; a generating unit that generates a second random number; a time-variant-key generating unit that generates a time variant key for encryption according to the second random number; an encrypting unit that encrypts the first random number with the time variant key; and a transmitting unit that transmits the first random number encrypted by the time variant key and the second random number to the other information processing device. | 01-14-2010 |
20100017612 | Electronic Apparatus and Communication System - According to one embodiment, an electronic apparatus includes a display process unit and a data transmission process unit. The display process unit is configured to display connection confirmation information, which is known to a user and is transmitted from a device via a network during a connection establishing process for establishing connection between the device and an electronic apparatus, on a display screen of the electronic apparatus. The data transmission process unit is configured to start a process of transmitting the data that is to be kept secret to the device via the network in response to a predetermined user operation which indicates that the user has confirmed that the connection confirmation information displayed on the display screen is correct. | 01-21-2010 |
20100023767 | API for Diffie-Hellman secret agreement - Various technologies and techniques are disclosed for implementing a Diffie-Hellman secret agreement. An application programming interface is provided that is operable to allow a first computer to generate a Diffie-Hellman secret agreement for communicating securely with a second computer over an insecure channel. A get public key operation is performed upon receiving a request to perform the get public key operation. The get public key operation gets a public key of the first computer. A retrieval operation is performed upon receiving a request to perform the retrieval operation. The retrieval operation retrieves the Diffie-Hellman secret agreement upon supplying a public key of the second computer. | 01-28-2010 |
20100023768 | Method and system for security key agreement - A method and system for security key agreement is disclosed. The method may include broadcasting a first connectivity association discovery message and receiving a message from a second node on the network; if the second node is not a member of a connectivity association and the message from the second node is a second connectivity association discovery message, one of the first or second nodes may be assigned as a master node. The method may further include the master node sending an authentication request message, receiving an authentication response, sending a session key indication message, receiving a session key acknowledgement message, and broadcasting a connectivity association augment message. | 01-28-2010 |
20100023769 | METHODS AND APPARATUS FOR SECURE DOCUMENT PRINTING - Methods and apparatus are provided for securely printing a print job on a networked printer. An application program running on a networked computer instructs the printer to generate and exchange cryptographic keys. The application program then encrypts the print job using the keys, and then communicates the encrypted print job to the printer. The printer decrypts the received print job and prints the document. | 01-28-2010 |
20100023770 | METHODS AND APPARATUS FOR SECURE DOCUMENT PRINTING - Methods and apparatus are provided for securely printing a print job on a networked printer. An application program running on a networked computer instructs the printer to generate and exchange cryptographic keys. The application program then encrypts the print job using the keys, and then communicates the encrypted print job to the printer. The printer decrypts the received print job and prints the document. | 01-28-2010 |
20100023771 | IMPLICIT CERTIFICATE VERIFICATION - A method of computing a cryptographic key to be shared between a pair of correspondents communicating with one another through a cryptographic system is provided, where one of the correspondents receives a certificate of the other correspondents public key information to be combined with private key information of the one correspondent to generate the key. The method comprises the steps of computing the key by combining the public key information and the private key information and including in the computation a component corresponding to verification of the certificate, such that failure of the certificate to verify results in a key at the one corespondent that is different to the key computed at the other correspondent. | 01-28-2010 |
20100023772 | METHOD FOR GENERATING A ONE-TIME ACCESS CODE - A method for generating an access code for a device or system. The one-time access code generated by the method for the device or system is valid only once. The method can be used for supplying goods or services by means of automatic or semiautomatic access control devices or systems, for example. | 01-28-2010 |
20100031044 | PREFIX REACHABILITY DETECTION IN A COMMUNICATION - There is disclosed a method, and a communication system, and a communication node for implementing the claimed method, for attempting to enhance legitimacy assessment and thwart a man-in-the middle or similar false-location attack by evaluating the topology of a communication-session requesting node relative to the proposed communication path through a network between the requesting node and the requested node. Upon receiving the request, a PRD (Prefix Reachability Detection) protocol is initiated, either after or during a secure key exchange, if any, which if performed preferably includes an ART (address reachability text). The PRD is executed by sending a message to the communication node challenging the location-authenticity of the requesting device. The communication node, which may be for example an access router through which the requesting node accesses the network, determines if the requesting node is positioned behind the communication node topologically, and reports the result to the requested node. The requested node may then make a decision on whether to permit the communication. If so, the PRD may be repeated one or more times while the communication session is in progress. | 02-04-2010 |
20100037055 | Method For Authenticated Communication In Dynamic Federated Environments - According to one embodiment of the present invention, a method for protecting authenticated communication in dynamic federated environments is provided. The method includes distributing shares of a private signature key to a group of users. When switching from an existing to a new group of users, the method includes producing a plurality of sub-shares from each of the distributed shares of existing users, with each sub-share being accompanied by a corresponding validity proof. The sub-shares from multiple existing users are combined to generate a set of shares for new users, with each new share being derived from sub-shares from multiple existing users. | 02-11-2010 |
20100037056 | METHOD TO SUPPORT PRIVACY PRESERVING SECURE DATA MANAGEMENT IN ARCHIVAL SYSTEMS - An infrastructure for archiving data among a client, a broker, and a plurality of archives, wherein the client comprises: a backup agent configured to fragment and erasure encode the data to create a set of erasure encoded data fragments; a communications agent configured to communicate the erasure encoded data fragments to the broker, issue a challenge for a challenge/response protocol to the broker, and to request data from the archives; and a restore agent configured to combine the data fragments obtained from the broker upon a data restore request. | 02-11-2010 |
20100037057 | SYSTEM AND METHOD FOR USING NETWORKED MOBILE DEVICES IN VEHICLES - A system and method for using networked mobile devices in a vehicle in a tightly integrated manner is presented. The vehicle has an OBE, a mobile device client, and vehicle components, and the mobile device has a mobile device proxy and applications, such that the mobile device client and the mobile device proxy communicate, enabling dynamic transfer of the applications to the OBE and execution of the applications on the mobile device and the OBE using the plurality of vehicle components at runtime. In one embodiment, the mobile device client and the mobile device proxy authenticate each other. The authentication can be performed using digital certificates. The mobile device client can communicate the vehicle components on the vehicle to the mobile device proxy. The mobile device client and the mobile device proxy can communicate using Bluetooth. The vehicle components can include dashboard displays, speakers, and voice I/O systems. | 02-11-2010 |
20100042841 | Updating and Distributing Encryption Keys - System and method for providing secure communications is provided. Initially, an exchange protocol, such as a password-authenticated key exchange protocol, is used to create a shared secret. From the shared secret, two keys are created: a utilized key and a stored key. The utilized key is used to encrypt messages between nodes. When it is time to replace the utilized key to maintain security, the stored key is utilized to encrypt messages for generating/distributing a new shared secret. The new shared secret is then used to generate a new utilized key and a new stored key. This process may be repeated any number of times to maintain security. | 02-18-2010 |
20100049980 | METHODS AND SYSTEMS FOR BOOTSTRAPPING SECURITY KEY INFORMATION USING SESSION INITIATION PROTOCOL - Methods, systems and communication nodes for bootstrapping key establishment to exchange encryption keys between a terminal-based client and an application server using Session Initiation Protocol (SIP) signaling are described. | 02-25-2010 |
20100058059 | SHARING KEYS BETWEEN COOPERATING PARTIES - An apparatus and a method for generating a secure cipher key over an insecure channel. In one embodiment, a set of polynomials is generated and shared between a first party and a second party over the insecure channel. The first party generates a first random exponent for its private cipher key. The second party generates a second random exponent for its private cipher key. The first party operates on the set of polynomials with the first random exponent and sends the results to the second party. The second party operates on the set of polynomials with the second random exponent and sends the results to the first party. A shared cipher key is computed based on the exchanged operation results. | 03-04-2010 |
20100058060 | Username Based Key Exchange - A method and apparatus for an system and process for sharing a secret over an unsecured channel in conjunction with an authentication system. A client computes a message authentication code based on a hashed password value and a first random string received from the server. The client sends a response to the server that includes authentication data including a second random string. Both the client and server concatenate the first random string, second random string and username. Theses values are processed to generate as a shared master secret to further generate shared secrets or keys to establish a secured communication channel between the client and server. The secured communication can be based on stateless messaging where the decryption key associated with the message is identified by the message authentication code, which is placed within the message. | 03-04-2010 |
20100058061 | CONTROLLING ACCESS TO DATA STREAMS - Access to one or more data streams can be controlled by encrypting a description of how segments of the data streams can be assembled, for example, to produce an audio or video program. Access to the one or more data streams can also be provided by obfuscating names of at least some of the segments in order to make it more difficult to determine the proper order for assembling the segments. In at least some embodiments, the data contained in at least some of the segments themselves is not encrypted. | 03-04-2010 |
20100058062 | FAMILY DWELLING RESTRICTED COMMUNICATION SYSTEM - A network comprising an authentication network limited to a family dwelling; a content source; and a content receiver. Wherein the content source is configured to transmit encrypted content to the content receiver, and the content receiver can decode the encrypted content only when both the content source and the content receiver are physically connect to the authentication network. | 03-04-2010 |
20100070768 | KEY EXCHANGE DEVICE, KEY EXCHANGE PROCESSING SYSTEM, KEY EXCHANGE METHOD, AND PROGRAM - A key exchange apparatus according to the present invention includes storage | 03-18-2010 |
20100070769 | LOG ACQUISITION SYSTEM, LOG COLLECTION TERMINAL, LOG ACQUISITION TERMINAL, AND LOG ACQUISITION METHOD AND PROGRAM USING THE SAME SYSTEM AND TERMINALS - In a log acquisition system comprising a log collection terminal for collecting log data and a log acquisition terminal for acquiring the log data collected by the log collection terminal from the log collection terminal, the log collection terminal stores a common key between the log collection terminal and the log acquisition terminal in a hardware security module inherently mounted in the log collection terminal, encrypts the collected log data as encrypted log data using the stored common key, and stores the encrypted log data, and the log acquisition terminal stores the common key in a hardware security module inherently mounted in the log acquisition terminal, acquires the encrypted log data from the log collection terminal, and decrypts the acquired encrypted log data with the common key. | 03-18-2010 |
20100077215 | METHOD FOR TRANSMITTING INFORMATION WITH A SEMANTIC ACKNOWLEDGEMENT OF RECEIPT - The method for transmitting information between an emitter and a receiver includes a phase of authentication of the receiver using a pair of encryption keys of the private key/public key types, a phase of sending a series of information from the emitter to the receiver, a phase of retransmission by the receiver towards the emitter of an acknowledgement of receipt including at least one element semantically associated with the series of information transmitted. | 03-25-2010 |
20100082987 | TRANSPARENT TRUST VALIDATION OF AN UNKNOWN PLATFORM - A transparent trust validation of an unknown platform can be performed by communicationally coupling it to a trusted device, such as a portable peripheral device carried by a user, or one or more remote computing devices. Information from the unknown platform can be obtained by boot code copied to it from the trusted device and such information can be validated by the trusted device. The trusted device can then provide an encrypted version of decryption key to the boot code which can request the Trusted Platform Module (TPM) of the unknown platform to decrypt and return the decryption key. If the information originally obtained from the unknown platform and validated by the trusted device was authentic, the TPM will be able to provide the decryption key to the boot code, enabling it to decrypt an encrypted volume comprising applications, operating systems or other components. | 04-01-2010 |
20100082988 | WIRELESS SENSOR NETWORK KEY DISTRIBUTION - When installing and maintaining a wireless sensor network in a medical or factory environment, distribution of keying material to sensor nodes ( | 04-01-2010 |
20100088517 | Method and Apparatus for Logging Based Identification - A method and apparatus for logging based identification are described. In one embodiment, the method comprises extracting entries of a hash chained log that represents a series of previous transactions. The method may also comprise ordering hash values of the entries extracted from the hash chained log into an ordered list. In one embodiment, the method may further comprise producing a cryptographic hash of the ordered list. | 04-08-2010 |
20100095123 | METHOD, SYSTEM AND DEVICE FOR NEGOTIATING SECURITY CAPABILITY WHEN TERMINAL MOVES - A method for negotiating a security capability when a terminal moves is provided. When a user equipment (UE) moves from a second/third generation (2G/3G) network to a long term evolution (LTE) network, the method includes the following steps. A mobility management entity (MME) acquires a non-access signaling (NAS) security algorithm supported by the UE, and an authentication vector-related key or a root key derived according to the authentication vector-related key, selects an NAS security algorithm, derives an NAS protection key according to the authentication vector-related key or the root key, and sends a message carrying the selected NAS security algorithm to the UE. The UE derives an NAS protection key according to an authentication vector-related key thereof. A system for negotiating a security capability when a terminal moves, a UE, and an MME are further provided. | 04-15-2010 |
20100095124 | METHOD AND SYSTEM FOR ACCESS AUTHENTICATION - A method and a system for access authentication. A shared services resource includes a second factor authentication module. At least one network resource each include a first factor authentication module. A trusted computing base communicates with the shared services and the at least one network resource through a pipe. An assertion may be obtained on a trusted computing base for accessing at least one network resource. At least one of the at least one network resource may be accessed with the trusted computing base when the assertion has been obtained by the trusted computing base and is valid. | 04-15-2010 |
20100100740 | System and Method for Security Association Between Communication Devices Within a Wireless Home Network - Embodiments of the application describe a method and system for discovering and authenticating communication devices and establishing a secure communication link within a wireless home network without requiring a secure channel. According to an embodiment, communication devices exchange public keys using multiple messages each including at least a portion of the public key of the sending device. The devices authenticate the receipt of the public key and establish a shared master key. The shared master key is used to further derive a session key for securing the application data between the communicating devices for a current session. | 04-22-2010 |
20100100741 | ESTABLISHING SHARED INFORMATION IN A NETWORK - A method for establishing shared information is described. The method includes estimating characteristics of a communication channel between two nodes based on signals transmitted between the nodes. The method also includes transmitting a signal from the first node to the second node, the signal being modulated with a first data sequence according to a first estimated characteristic, and transmitting a signal from the second node to the first node, the signal being modulated with a second data sequence according to a second estimated characteristic. Shared information is formed at each of the first and second nodes based on at least a portion of the first data sequence and at least a portion of the second data sequence. | 04-22-2010 |
20100106971 | METHOD AND COMMUNICATION SYSTEM FOR PROTECTING AN AUTHENTICATION CONNECTION - A method for protecting an authentication connection is described, comprising generating a first keying material by generating a first authentication connection, deriving from the generated first keying material a second keying material and utilizing the second keying material for protecting a second authentication connection. | 04-29-2010 |
20100106972 | SIGNALLING DELEGATION IN A MOVING NETWORK - In order to delegate location update signaling responsibility from a Mobile Node to a Mobile Router, the Mobile Router is provided with a second symmetric key generated by a Mobile Node using a first symmetric key shared between the Mobile Node and a Peer Node. The Mobile Router is additionally provided with a “certificate” authenticating the second symmetric key using the first symmetric key. In this way, the mobile router can sign location update related messages sent to the Peer Node with the second symmetric key, and can provide the Peer Node with the certificate in order to allow the Peer Node to authenticate the right of the Mobile Router to act on behalf of the Mobile Node. | 04-29-2010 |
20100115278 | SUPPORT OF MULTIPLE PRE-SHARED KEYS IN ACCESS POINT - A method of operating an access point (AP) configured to support multiple pre-shared keys at a given time to authenticate its associated client devices. Each client device associated with the AP is provisioned with a key. To authenticate the client device tat attempts to connect to the AP, the AP determines which pre-shared key (PSK) of the multiple supported pre-shared keys (PSKs). if any, matches information including the key received from the client device. When the information matches, the client device is allowed to connect to the AP. Provisioning the AP with multiple PSKs allows selectively disconnecting associated client devices from the AP. The AP may be configured to support PSKs of different lifetime and complexity. Removing a PSK of the multiple PSKs supported by the AP and disconnecting a client device that uses this PSK does not disconnect other client devices using different keys to access the AP. | 05-06-2010 |
20100115279 | Method for pairing and authenticating one or more medical devices and one or more remote electronic devices - A method for authenticating a medical device and a remote electronic device may include generating a PIN code by one device, capturing the generated PIN code with the other device, checking authentication of the PIN code, which is based at least in part on the captured PIN code, by the one device, generating a strong key by the one device, sending the strong key encrypted to the other device, checking authentication of the sent strong key by the one device, and upon successful authentication, storing the strong key in a memory of the one device and the other device. The roles of the medical device and the remote electronic device may be reversed in the authenticating method. The authenticating method may be preceded by a pairing process and/or followed by a binding process. | 05-06-2010 |
20100122091 | Access Control System And Method Based On Hierarchical Key, And Authentication Key Exchange Method Thereof - Disclosed relates to an access control system and method based on hierarchical keys. The system comprises an access control server (ACS), a home gateway, and a plurality of sensor devices disposed on a home network. The ACS sets up user's access limits of authority and authorization verifier, and saves the related data of user's password and the user's access limits of authority. The gateway records the authority limits' level and the authority limits' key which are constructed based on a hierarchical key structure. When a user logs in the ACS to request access, an one-time communication key between the user and the home gateway is established by exchanging the ticket and the token that are issued by the ACS. This allows the user to access the information of the sensor devices. | 05-13-2010 |
20100125736 | METHOD AND SYSTEM FOR SHARING CONTENTS WITH REMOVABLE STORAGE - Disclosed is a content sharing method and system using an external memory. A method for transmitting encrypted contents to an external memory device list includes receiving a device list and public keys for devices, encrypting a domain key by using a public key to generate at least one device domain key, and transmitting the device domain key to the external memory. The method for performing encrypted contents further includes checking a public key of a device, extracting a device domain key corresponding to a public key checked by at least one device domain key stored in an external memory, decoding the extracted device domain key, decoding the encrypted contents by using the decoded device domain key, and performing the decoded encrypted contents. According to the present invention, since a single piece of contents stored in an external memory is reproducible by a plurality of devices, the existing problem of repeatedly settling the single piece of contents is solved and external memory resources are efficiently used. | 05-20-2010 |
20100131763 | MOBILE SYSTEM, SERVICE SYSTEM, AND KEY AUTHENTICATION METHOD TO MANAGE KEY IN LOCAL WIRELESS COMMUNICATION - A mobile system, a service system, and a key authentication method to manage a key in a local wireless communication are provided. The mobile system and the service system may generate a hash value with respect to a public key of the service system using an identical hash function, and output a result corresponding to the hash value. | 05-27-2010 |
20100131764 | SYSTEM AND METHOD FOR SECURED DATA TRANSFER OVER A NETWORK FROM A MOBILE DEVICE - A secured data transfer system ( | 05-27-2010 |
20100138660 | SECURE COMMUNICATION SESSION SETUP - A device receives an encrypted key generating value from a first device and decrypts the encrypted key generating value. A temporary session key associated with the first device is generated based on the key generating value. A secure session invitation message is received from the first device. A master session key is generated and encrypted using the temporary session key associated with the first device. The encrypted master session key is transmitted to the first device. | 06-03-2010 |
20100138661 | MOBILE STATION, ACCESS POINT, GATEWAY APPARATUS, BASE STATION, AND HANDSHAKE METHOD THEREOF FOR USE IN A WIRELESS NETWORK FRAMEWORK - A mobile station, an access point, a gateway apparatus, a base station, and a handshake method thereof for use in a wireless network framework are provided. The wireless network framework comprises a first wireless network comprising the access point, and a second wireless network comprising the gateway apparatus and base station. There is an IP security tunnel between the access point and the gateway apparatus. When the mobile station handovers from the first wireless network to the second wireless network, it transmits a master session key to the gateway apparatus via the access point and the IP security tunnel. Additionally, when the mobile station handovers from the second wireless network to the first wireless network, it transmits a master session key to the access point. As a result, the authentication time, which is needed in handover procedure between the first wireless network and the second wireless network, is reduced effectively. | 06-03-2010 |
20100146278 | MULTIMEDIA ARRANGEMENT - The invention relates to a multimedia arrangement comprising a remote control ( | 06-10-2010 |
20100153726 | AUTHENTICATION METHOD, SYSTEM, AND APPARATUS THEREOF FOR INTER-DOMAIN INFORMATION COMMUNICATION - The present invention provides an authentication method for inter-domain information communication applied to first and second domains. The method instructs a first electronic device belonging to the first domain to request, through an intermediary node device simultaneously registered in the first and second domains, to obtain a first key from a second key distribution center in the second domain for transmission to a second electronic device in the second domain, and instructs the second electronic device to request, through the intermediary node device, to obtain a second key from a first key distribution center in the first domain for transmission to the first electronic device. Therefore, the first and second electronic devices are instructed to generate a shared third key using the first and second keys to perform secure information communication authentication. | 06-17-2010 |
20100153727 | ENHANCED SECURITY FOR DIRECT LINK COMMUNICATIONS - A method for secure direct link communications between multiple wireless transmit/receive units (WTRUs). The WTRUs exchange nonces that are used for generating a common nonce. A group identification information element (GIIE) is generated from at least the common nonce and is forwarded to an authentication server. The authentication server generates a group direct link master key (GDLMK) from the GIIE to match WTRUs as part of a key agreement group. Group key encryption key (GKEK) and a group key confirmation key (GKCK) are also generated based on the common nonce and are used to encrypt and sign the GDLMK so that base stations do not have access to the GDLMK. Also disclosed is a method for selecting a key management suite (KMS) to generate temporal keys. A KMS index (KMSI) may be set according to a selected KMS, transmitted to another WTRU and used to establish a direct link. | 06-17-2010 |
20100153728 | ACCELERATION OF KEY AGREEMENT PROTOCOLS - The generation of a shared secret key K in the implementation of a key agreement protocol, for example MQV, may be optimized for accelerated computation by selecting the ephemeral public key and the long-term public key of a correspondent to be identical. One correspondent determines whether the pair of public keys of the other correspondent are identical. If it is, a simplified representation of the shared key K is used which reduces the number of scalar multiplication operations for an additive group or exponentiation operations for a multiplicative group. Further optimisation may be obtained by performing simultaneous scalar multiplication or simultaneous exponentiation in the computation of K. | 06-17-2010 |
20100161989 | COMMUNICATION APPARATUS, DATA COMMUNICATION METHOD, AND NETWORK SYSTEM - A communication apparatus includes a storage part configured to store a first key generated according to authentication with a transmission source, identification information of the transmission source, and first information remaining unchanged regardless of the initialization of a coupling status and corresponding to the transmission source, with the first key, the identification information and the first information mapped to each other, an acquisition part configured to acquire a public key from the transmission source holding the identification information responsive to the first information stored on the storage part if the identification information of the transmission source has changed in response to the initialization of the coupling status, and a calculation part configured to generate an encryption key for use in encryption and decryption of data transmitted by the transmission source, based on the first key responsive to the first information, and the public key. | 06-24-2010 |
20100169646 | SECURE AND EFFICIENT DOMAIN KEY DISTRIBUTION FOR DEVICE REGISTRATION - A domain key is securely distributed from a device in an existing network to a device outside the network. Each device generates the session key on its own using the first random number, the second random number, the Personal Identification Number, and the same key generation function. The device in the existing network sends the domain key encrypted with the session key to the other device. | 07-01-2010 |
20100174908 | METHOD AND SYSTEM FOR SECURELY EXCHANGING ENCRYPTION KEY DETERMINATION INFORMATION - A system and method for securely exchanging plurality of information items used to generate a plurality of encryption keys used in a public key-and-private key system. In accordance with the principles of the invention, elements of exchanged information items, such as public key and synchronizing indictors are encrypted before the exchange. The information item element is encrypted using an encryption key determined from information items that were previously exchanged. The encryption of information items used to determine subsequent encryption keys provides additional security to the encryption key used in the transmission of informational data as the encrypted elements of the information item must be decrypted before the data message encryption key can be decrypted. The process of exchanging encrypted information items can be repeated until an agreed upon number of encrypting keys is determined. | 07-08-2010 |
20100174909 | DATA AUTHENTICATION USING PLURAL ELECTRONIC KEYS - A method for transmitting digital data to a recipient via a communications network includes providing digital data and digitally signing the digital data using N cryptographic keys. Each of the N cryptographic keys is associated with a same sender of the digital data, and N>1. The recipient receives the digital data and verifies the digital signature using N cryptographic keys associated with the N cryptographic keys used to sign the digital data. In dependence upon verifying the digital signature, the recipient accepts the digital data as being authentic. | 07-08-2010 |
20100180119 | KEY EXCHANGING APPARATUS - A key exchanging apparatus transmits the contribution data to the plurality of counterpart apparatuses, generates a signer contribution confirmation signature with respect to a contribution data set including all the contribution data received from the plurality of counterpart apparatuses, generates auxiliary data and auxiliary data validity certification sentence from the contribution data set and the contribution random number, transmits the auxiliary data, the auxiliary data validity certification sentence and the contribution confirmation signature to the plurality of counterpart apparatuses, verifies validity of auxiliary data by using the counterpart identifier set, the counterpart public key set, the contribution confirmation signature set including the data received from the plurality of counterpart apparatuses, the auxiliary data set and the auxiliary data validity certification sentence set, and generates a public key from the contribution data set and the auxiliary data received from the plurality of counterpart apparatuses. | 07-15-2010 |
20100185861 | ANONYMOUS KEY ISSUING FOR ATTRIBUTE-BASED ENCRYPTION - The claimed subject matter provides systems and/or methods that establish a decryption key for use with an attribute authority. The system can include components that identify a pseudonym based a global identifier (GID) associated with a user, initiates communication with the attribute authority, and selects a first random value utilized to determine a first value. The system also includes components that select a second random value, employs the first value and the second random value to generate a second value and a third value, receives the second value and the third value, identifies a third random value, and employs the second value, the third value, the first random value, and the third random value to determine a fourth value which is employed to determine a fifth value. The fifth value is employed to derive the decryption key for use with the attribute authority. | 07-22-2010 |
20100185862 | Method and System for Encrypting JavaScript Object Notation (JSON) Messages - The confidentiality of JavaScript Object Notation (JSON) message data is secured using an encryption scheme. The encryption scheme implements a JSON encryption syntax, together with a set of processing rules for creating encrypting arbitrary data in JSON messages in a platform/language independent manner. A method for encrypting a data item in a JSON message begins by applying an encryption method and a key to the data item to generate a cipher value. A data object is then constructed that represents an encryption of the data item. The data item in the JSON message is then replaced with the data object, and the resulting modified JSON message is then output from a sending entity. At a receiving entity, information in the data object is used to re-generate the data item, which is then placed back in the original message. | 07-22-2010 |
20100185863 | METHOD AND APPARATUS FOR TIME-LAPSE CRYPTOGRAPHY - According to one aspect, provided is a construction and specification for an implementation of a new cryptographic primitive, “Time-Lapse Cryptography”, with which a sender can encrypt a message so that it is guaranteed to be revealed at an exact moment in the future, even if this revelation turns out to be undesirable to the sender. In one embodiment, a Time-Lapse Cryptography Service is provided (“the Service”) based on a network of parties. Senders encrypt their messages with this public key whose secret key is not known to anyone—not even a trusted third party—until a predefined and specific future time T+δ, at which point the secret key is constructed and published. In one example, the secret key can only be known after it is constructed. At or after that time, anyone can decrypt the cipher text using this secret key. Other embodiments describe other applications of such a service, for example, one embodiment is used in sealed bid auctions, others in insider stock sales, clinical trials, and electronic voting, among a variety of possible implementations. In one embodiment, a method for cryptographic encoding is provided, including generation of cryptographic key components by a plurality of parties, where participation of the parties is verified. A public key is constructed from a plurality of key components, | 07-22-2010 |
20100191969 | DIGITAL RIGHTS MANAGEMENT WITH PERSISTENTLY-UNENCRYPTED CONTENT - A digital rights management license provides access to a decryption key that can be used to decrypt an encrypted digital content item. The digital rights management license also includes a policy that defines circumstances in which the decryption key is allowed to decrypt encrypted content data for the purpose of creating a persistently-unencrypted version of the content data. | 07-29-2010 |
20100191970 | GENERATING PROTECTED ACCESS CREDENTIALS - A computer-implemented process comprises receiving, at a first computer, a base cryptographic seed through a secure connection to a second computer; generating one or more protected access credential parameters; combining said base cryptographic seed with at least a portion of said generated protected access credential parameters using a hashed message authentication code function to generate a master key; encrypting at least a portion of said generated protected access credential parameters using at least a portion of said generated master key; incorporating said encrypted protected access credential parameters and at least a portion of said generated protected access credential parameters into a protected access credential. In an embodiment, a master server securely distributes the seed and the process is performed by a plurality of access servers to separately generate the same master key for use in subsequent authentication communications using an authentication protocol such as EAP-FAST. | 07-29-2010 |
20100191971 | METHODS AND APPARATUS FOR LAYER 2 AND LAYER 3 SECURITY BETWEEN WIRELESS TERMINATION POINTS - A method is provided for both layer 2 (L2) and layer 3 (L3) security in the context, for example, of a WISP-e protocol. An AES algorithm in CBC mode is used for encryption and decryption of the control frames. The session keys (e.g., 128-bit session keys) are derived from a pre-shared secret configured on both communicating wireless termination points. | 07-29-2010 |
20100199092 | SENSOR DERIVED AUTHENTICATION FOR ESTABLISHING PEER-TO-PEER NETWORKS - Methods, systems and devices for generating an authentication key are provided. Two or more communications devices can generate an authentication key by monitoring a physical stimulus that is experienced by both devices (e.g., a common physical stimulus). Each device can then use an identical, predetermined algorithm to generate a common authentication key based on the stimulus. The devices can use the common authentication key to establish a secure network. | 08-05-2010 |
20100199093 | KEY EXCHANGE DEVICE - The present invention includes a section ( | 08-05-2010 |
20100199094 | Pairwise Temporal Key Creation for Secure Networks - A system and method for establishing a pairwise temporal key (PTK) between two devices based on a shared master key and using a single message authentication codes (MAC) algorithm is disclosed. The devices use the shared master key to independently compute four MACs representing the desired PTK, a KCK, and a first and a second KMAC. The Responder sends its first KMAC to the Initiator, which retains the computed PTK only if it verifies that the received first KMAC equals its computed first KMAC and hence that the Responder indeed possesses the purportedly shared master key. The Initiator sends a third message including the second KMAC to the Responder. The Responder retains the computed PTK only if it has verified that the received second KMAC equals its computed second KMAC and hence that the Initiator indeed possesses the purportedly shared master key. | 08-05-2010 |
20100199095 | Password-Authenticated Association Based on Public Key Scrambling - A system and method for establishing a mutual entity authentication and a shared secret between two devices using a password without giving any useful information for finding the password is disclosed. Unique first private keys and first public keys are assigned to both devices. A shared password is provided to both devices. The public keys are scrambled using the shared password and then exchanged between the two devices. Both devices descramble their respectively received scrambled public keys using the shared password to recover the public keys. Both devices compute a shared secret from their own private keys and the recovered public keys. Both devices compute, exchange, and verify their hashes of the shared secret. If verification is successful, both devices use the shared secret to generate a shared master key, which is used either directly or via a later-generated session key for securing message communications between the two devices. | 08-05-2010 |
20100205442 | METHOD AND APPARATUS FOR TRAFFIC COUNT KEY MANAGEMENT AND KEY COUNT MANAGEMENT - Various methods and apparatuses for managing count values (e.g. key counts) to manage a TEK in various communication environments are disclosed. Also, various methods and apparatuses for generating and maintaining a traffic key encryption key by using key count values are disclosed. | 08-12-2010 |
20100205443 | METHOD AND STRUCTURE FOR SELF-SEALED JOINT PROOF-OF-KNOWLEDGE AND DIFFIE-HELLMAN KEY-EXCHANGE PROTOCOLS - A method (and structure) for a party (the prover) to prove its knowledge, jointly and non-malleably, of multiple secret (fixed and/or ephemeral) Diffie-Hellman exponents (DH-exponents), corresponding to its public (fixed and/or ephemeral) DH-components and with respect to the public (fixed and/or ephemeral) challenging DH-components from another party (the verifier). The joint proof-of-knowledge (JPOK) consists of secrets made by multiplying multiple DH-secrets, which can be generated and verified by each party by its own secret DH-exponents and the public DH-components of both parties. To ensure the non-malleability of the JPOK, the method invented herein makes all these multiplied DH-secrets to be independent, and makes the session-tag committed to the multiplied DH-secrets. To preserve players' privacy and/or to improve protocol efficiency, the invented method makes the DH-secrets to be multiplied to further satisfy at least one of the following (besides above independence and commitments properties): (1) Deniability: all the DH-secrets to be multiplied can be computed out merely from the ephemeral secret DH-exponents and the public DH-components of both parties; (2) Pre-computability: a DH-secret involving a fixed DH-component of a party can be offline pre-computed by its peer; (3) Post-ID computability: a DH-secret involving an ephemeral DH-component of a party can be computed by its peer without knowing that party's identity and/or fixed DH-components. The secrets made by multiplying multiple DH-secrets can then be used to derive session-keys and to generate and verify authenticators between the parties. The invented method can also be used in parallel or subsequently by the parties, possibly with reserved player roles in different runs of the method, for mutual identifications, key confirmations, and for achieving more advanced cryptographic protocols in various settings. | 08-12-2010 |
20100211789 | INLINE KEY-BASED PEER-TO-PEER PROCESSING - Various exemplary embodiments relate to a method and related network element including one or more of the following: receiving, in a network element in the telecommunications network, a first plurality of packets transmitted from a P2P client to a P2P central entity, the first plurality of packets relating to a request for peer location information; performing deep packet inspection (DPI) to extract a key from the request for peer location information, the key identifying a P2P content item; querying a key storage module using the key to determine whether the key corresponds to a P2P content item for which transfers are to be prevented; and preventing subsequent transfers of the P2P content item between the P2P client and one or more peers that maintain the P2P content item. | 08-19-2010 |
20100211790 | AUTHENTICATION - The present invention relates to at least a method of authenticating a user in a communication network including contacting an authentication entity in a first authentication of a user seeking access to the communication network; supplying to the user first information, the first information being generated based on privacy information of the user and shared information, the shared information being shared among all access nodes of a group of access nodes, the group of access nodes including at least a first access node and a second access node, and verifying the privacy information in a second authentication of the user by applying the shared information to the first information. The present invention further relates to a corresponding apparatus. | 08-19-2010 |
20100217986 | AUTHENTICATED SECRET SHARING - A method and system distributes N shares of a secret among cooperating entities by forming a mathematical construct that has an embedded internal structure to allow authentication of a reconstructed secret. The mathematical construct can be a splitting polynomial constructed using the secret, a key and a message authentication code (MAC) as coefficients. The splitting polynomial is evaluated at N random evaluation points to obtain N result values. N shares of the secret are generated and distributed among the cooperating entities for storage. A reconstructed secret can be authenticated by computing the MAC of the reconstructed secret and verifying a relationship among the coefficients of a reconstructed splitting polynomial using the MAC. If the coefficients do not satisfy the relationship, one or more additional shares of the secret can be used to reconstruct the splitting polynomial and the secret. | 08-26-2010 |
20100228980 | Method and Arrangement for Providing a Wireless Mesh Network - A method and an arrangement are provided wherein a newly added mesh node does not require a link to the AAA server for the purpose of authentication. Authentication is carried out using a node which is already present in the mesh network and which has a link to the AAA server | 09-09-2010 |
20100228981 | Communication method, mesh netwrok system and communication terminal - A communication method in which an operation, such as authentication, required when a new communication terminal participates in a mesh network is carried out in a more efficient manner. A second communication terminal that has already established an adjacent communication link with at least two first communication terminals, out of a plurality of communication terminals, distributes an adjacent terminal list including terminal identifiers of the first communication terminals along with a temporal key generated by the second communication terminal. One of the first communication terminals that received the adjacent terminal list and the temporal key distributes adjacent registration information, which is generated using a second temporal key. The other one of the first communication terminals that received both the adjacent terminal list and the adjacent registration information determines whether the terminal identifier of one of the first communication terminals is included in the adjacent terminal list, and whether the first temporal key distributed along with the adjacent terminal list matches with the second temporal key used for generating the adjacent registration information. If both determination results are affirmative, one of the first communication terminals is authenticated. | 09-09-2010 |
20100241862 | MULTIDIMENSIONAL IDENTIFICATION, AUTHENTICATION, AUTHORIZATION AND KEY DISTRIBUTION SYSTEM FOR PATIENT MONITORING - A method, wireless system and a wireless device are described. The method, system and device provide multidimensional identification, authentication, authorization and key distribution providing secure communications at a deepest common security domain. | 09-23-2010 |
20100250938 | DISTRIBUTED GENERATION OF MUTUAL SECRETS - Embodiments provide methods, apparatuses, and systems for determining numbers that correspond to a collection of matching derivative numbers. The matching derivative numbers may be included in both a first plurality of derivative numbers selected by a first computing system, and in a second plurality of derivative numbers selected by a second computing system. The numbers may be used to compute a secret. The secret may be used for secure communication between the first and second computing systems. | 09-30-2010 |
20100250939 | SYSTEM AND METHOD OF HANDLING ENCRYPTED BACKUP DATA - By using a symmetric key to encrypt mobile device data before transmitting the data to a backup location in a backup operation, access to the data, at the backup location, may be restricted. To facilitate later decryption of the backed up mobile device data, the mobile device may also transmit the symmetric key to the off-device location. However, to limit use of the symmetric key, the mobile device may encrypt the symmetric key using authentication data, before transmitting the encrypted symmetric key to the backup location. | 09-30-2010 |
20100250940 | DATA PROCESSOR, RELAY TRANSMITTER, AND DATA TRANSMISSION SYSTEM - A data processor is configured to perform wireless communication with a relay transmitter, store a first physical address for the relay transmitter on a storage unit, receive a second physical address for the relay transmitter from the relay transmitter after the data processor being turned on, determine whether the second physical address for the relay transmitter is identical to the first physical address for the relay transmitter, and, when one or more authentication requirements is satisfied, establish wireless connection with the relay transmitter so as to achieve the data communication with an external device via the wireless communication with the relay transmitter. The authentication requirement includes the determination that the second physical address for the relay transmitter is identical to the first physical address for the relay transmitter. | 09-30-2010 |
20100250941 | WAPI UNICAST SECRET KEY NEGOTIATION METHOD - A WAPI unicast secret key negotiation method includes the following steps: 1 a authenticator entity adds a message integrity code onto a unicast secret key negotiation request packet, and transmits it to a authentication supplicant entity; 2 after the authentication supplicant entity receives the unicast secret key negotiation request packet, it performs validation, and it discards the packet directly if it is not correct; the authentication supplicant entity performs other validation if it is correct; when the validation is successful, it responds a unicast secret key negotiation response packet to the authenticator entity; 3 after the authenticator entity receives the unicast secret key negotiation response packet, it performs validation, if the validation is successful, it responds the unicast secret key negotiation acknowledge packet to the authentication supplicant entity; 4 after the authentication supplicant entity receives the unicast secret key negotiation acknowledge packet, it performs validation, if the validation is successful it negotiates and obtains a consistent unicast session secret key. The present invention resolves the DoS attacking problem which exists in the unicast secret key management protocol in the present WAPI security mechanism. | 09-30-2010 |
20100250942 | SYSTEM FOR ENABLING AUTHENTICATED COMMUNICATION BETWEEN ENTITIES - A system for enabling authenticated communication between a first entity and at least one other entity is provided. The system has a second entity and a processor. The first entity and the second entity share transport keys. The second entity has at least one variant key configured to be transported from the second entity to the first entity using the transport keys under control of the processor. The variant key is generated by applying a one way function to a base key and a first bit-pattern in the at least one other entity and is usable to enable the authenticated communication by the first entity with the at least one other entity. | 09-30-2010 |
20100262828 | SYSTEMS, DEVICES, AND METHODS FOR SECURELY TRANSMITTING A SECURITY PARAMETER TO A COMPUTING DEVICE - Embodiments of the systems, devices, and methods described herein generally facilitate the secure transmittal of security parameters. In accordance with at least one embodiment, a representation of first data comprising a password is generated at the first computing device as an image or audio signal. The image or audio signal is transmitted from the first computing device to the second computing device. The password is determined from the image or audio signal at the second computing device. A key exchange is performed between the first computing device and the second computing device wherein a key is derived at each of the first and second computing devices. In at least one embodiment, one or more security parameters (e.g. one or more public keys) are exchanged between the first and second computing devices, and techniques for securing the exchange of security parameters or authenticating exchanged security parameters are generally disclosed herein. | 10-14-2010 |
20100262829 | SYSTEMS, DEVICES, AND METHODS FOR SECURELY TRANSMITTING A SECURITY PARAMETER TO A COMPUTING DEVICE - Embodiments of the systems, devices, and methods described herein generally facilitate the secure transmittal of security parameters. In accordance with at least one embodiment, a representation of first data comprising a password is generated at the first computing device as an image or audio signal. The image or audio signal is transmitted from the first computing device to the second computing device. The password is determined from the image or audio signal at the second computing device. A key exchange is performed between the first computing device and the second computing device wherein a key is derived at each of the first and second computing devices. In at least one embodiment, one or more security parameters (e.g. one or more public keys) are exchanged between the first and second computing devices, and techniques for securing the exchange of security parameters or authenticating exchanged security parameters are generally disclosed herein. | 10-14-2010 |
20100268953 | RECORDING DEVICE, AND CONTENT-DATA PLAYBACK SYSTEM - A recording device configured to store content data in an encrypted manner, the recording device comprises a memory unit which stores various data, and a controller which controls the memory unit. The controller possesses a controller key and unique identification information, and is configured to generate a controller-unique key unique for each controller in accordance with the controller key and the identification information. The memory unit stores an MKB generated by encrypting a medium key with a device key set that is a collection of a plurality of device keys, an encrypted device key set generated by encrypting the device key set with the controller-unique key, and a device-key-set index which uniquely identifies the device key set. The controller comprises a decryption unit which obtains a device key set by decrypting the encrypted device key set with the controller-unique key, an ID generating unit which generates a medium ID from the identification information and the device-key-set index, and an authentication unit which executes an authentication process with an exterior in accordance with the device key set, the medium ID and the MKB. | 10-21-2010 |
20100268954 | METHOD OF ONE-WAY ACCESS AUTHENTICATION - A method of one-way access authentication is disclosed. The method includes the following steps. According to system parameters set up by a third entity, a second entity sends an authentication request and key distribution grouping message to a first entity. The first entity verifies the validity of the message sent from the second entity, and if it is valid, the first entity generates authentication and key response grouping message and sends it to the second entity, which verifies the validity of the message sent from the first entity, and if it is valid, the second entity generates the authentication and key confirmation grouping message and sends the message to the first entity. The first entity verifies the validity of the authentication and key conformation grouping message, and if it is valid, the authentication succeeds and the key is regarded as the master key of agreement. | 10-21-2010 |
20100268955 | CONTENT TRANSMISSION DEVICE AND CONTENT RECEPTION DEVICE - A content reception equipment for accessing an in-home content transmission equipment from a remote place executes a first authentication process with the content transmission equipment in advance, executes the remote access information sharing process required for access from a remote place, and causes the information on the content reception equipment and the remote access information to be registered in an equipment information table of the content transmission equipment. | 10-21-2010 |
20100275021 | DEFINING ACCESS RIGHTS TO CONTENT - A portion of text associated with a message intended for a group of recipients is encrypted at a computing device. The portion of text may include less than an entirety of the message. Access to the portion of text may be restricted for a first subset of the group of recipients and allowed for a second subset of the group of recipients. | 10-28-2010 |
20100275022 | TRANSMITTER, RECEIVER, AND CONTENT TRANSMITTING AND RECEIVING METHOD - According to one embodiment, a transmitter is configured to transmit content to a receiver. Available dubbing count is set in advance for the content such that the content can be dubbed a plurality of times. The transmitter includes a key exchanger, an encryption processor, and a dubbing management module. The key exchanger performs key exchange to share a common key with the receiver. The encryption processor encrypts, in response to a content request received from the receiver, the content with the common key to transmit the content to the receiver. The dubbing management module reduces, upon receipt of a right transfer request related to the use of the content from the receiver, the available dubbing count by dubbing count indicating the number of times of dubbing of the content. The dubbing count is contained in the right transfer request. | 10-28-2010 |
20100275023 | TRANSMITTER, RECEIVER, AND CONTENT TRANSMITTING AND RECEIVING METHOD - According to one embodiment, a transmitter configured to transmit content to a receiver. Available dubbing count is set in advance for the content such that the content can be dubbed a plurality of times. The transmitter includes a key exchanger, an encryption processor, and a management module. The key exchanger performs key exchange to share a common key with the receiver, and transmits the common key and at least one count label corresponding to the number of times of dubbing to the receiver. The encryption processor encrypts, in response to a content request for the content received from the receiver, the content with the common key to transmit the content to the receiver. The management module reduces the available dubbing count of the content upon each receipt of a right transfer request requesting to transfer right to use the content from the receiver, and transmits permission to the receiver to validate the right to use the content. | 10-28-2010 |
20100281261 | DEVICE AND METHOD FOR NEAR FIELD COMMUNICATIONS USING AUDIO TRANSDUCERS - Secure wireless communication links are established between proximately-located devices, each of which includes respective audio transmitters and audio receivers. The audio transmitter of the first device can be used to transmit a device-dependent authentication key, which is received by the audio receiver of the second device. The audio transmitter of the second device can be used to transmit an acknowledgement, which is received at the audio receiver of the first device. The round-trip time from transmitting the authentication key from the first device to receiving the acknowledgement at the first device can be determined, and the decision of whether to establish the secure wireless communication link can be based on the determined round-trip time. In certain embodiments, these steps can be repeated starting with the second device to establish a two-way trust between the devices. | 11-04-2010 |
20100281262 | Method for Digital Rights Management in a Mobile Communications Network - The present invention relates to a method and an operator network node for enabling a user-defined DRM domain of *SIMs hosted by *SIM-enabled devices. The operator network node is connectable to a *SIM based device and to a content provider node, and comprises means for establishing a secure channel between a *SIM-based device and an operator network node, means for creating a DRM domain defined by at least one user of *SIM-based devices, means for receiving at the operator network node a registration request from the *SIM-based device to register the *SIM of the *SIM-based device into the created user-defined DRM domain, means for registering at the operator network node the *SIM of the *SIM-based device into the registered user-defined DRM domain, and means for making the registered information associated with the user-defined DRM domain available to the content provider. The invention also relates to a further method and the content provider comprising means for accessing in the operator network node registered information associated with a registered user-defined DRM domain comprising *SIMs of a user, and means for establishing a content provider defined DRM domain comprising at least one of the *SIMs of the user-defined DRM domain. | 11-04-2010 |
20100287374 | Protecting Hardware Circuit Design by Secret Sharing - Techniques are able to lock and unlock and integrated circuit (IC) based device by encrypting/decrypting a bus on the device. The bus may be a system bus for the IC, a bus within the IC, or an external input/output bus. A shared secret protocol is used between an IC designer and a fabrication facility building the IC. The IC at the fabrication facility scrambles the bus on the IC using an encryption key generated from unique identification data received from the IC designer. With the IC bus locked by the encryption key, only the IC designer may be able to determine and communicate the appropriate activation key required to unlock (e.g., unscramble) the bus and thus make the integrated circuit usable. | 11-11-2010 |
20100287375 | System and Method for Operating End-to-End Security Channel Between Server and IC Card - The present invention relates to a system and method for operating an end-to-end security channel between an IC card and a server on a communication network. A method for connecting an end-to-end security channel between an IC card and a server on a communication network includes the steps of: generating, by the server, a random number Rs for transmission to the IC card, generating an E(Rs) by encrypting the random number Rs by a user public key, and transmitting the E(Rs) to the IC card through the communication network; receiving, by the IC card, the E(Rs) through the communication network and extracting the random number Rs by decrypting the E(Rs) by a user private key; generating, by the IC card, a random number Rc to be transmitted to the server, generating a session key K′ by the random number Rs and the random number Rc, and generating a first card verifier MAC by encrypting the random number Rs by the session key K′; transmitting, by the IC card, the random number Rc and the first card verifier MAC to the server through the communication network; receiving, by the server, the random number Rc and the first card verifier MAC through the communication network, generating a session key K by the random number Rs and the random number Rc, and generating a first server verifier MAC by encrypting the random number Rs by the session key K; and comparing, by the server, the first card verifier MAC and the first server verifier MAC to certify the session key K. | 11-11-2010 |
20100299525 | METHOD AND APPARATUS FOR SPLIT-TERMINATING A SECURE NETWORK CONNECTION, WITH CLIENT AUTHENTICATION - A method and apparatus are provided for split-terminating a secure client-server communication connection, with client authentication. During handshaking between the client and the server, cooperating network intermediaries relay the handshaking messages, without altering the messages. At least one of the intermediaries possesses a private key of the server, and extracts a set of data fields from the handshaking messages, including a Client-Key-Exchange message that can be decrypted with the private key. The intermediary uses the extracted data to compute the client-server session key separate from the client's and the server's similar computation, and may transmit the key to the other intermediary via a secure communication channel. The client and the server thus establish the end-to-end client-server connection, and may authenticate each other, after which the network intermediaries may intercept and optimize the client-server communications transparently to the client and the server. | 11-25-2010 |
20100299526 | NETWORK HAVING QUANTUM KEY DISTRIBUTION - A method of performing quantum key distribution across a network. The method involves a first node first agreeing a quantum key with a first intermediate node in the path. Next the intermediate node exchanges a quantum signal with the next node in the path—which is a targeted node. The intermediate node communicates with the first node using the previous established quantum key details of the quantum signal sent or received by the intermediate node. The first node then performs a key agreement step to agree a quantum key directly with the targeted node. Having established a quantum key with the current targeted node the method can be repeated but with the next node in the network path as the targeted node until a destination node is reached. The final quantum key agreed with the destination node can then be used for encrypting communication between those nodes across the network. | 11-25-2010 |
20100306542 | Password-authenticated asymmetric key exchange - Communicating keys between network devices on a network using asymmetric cryptographic techniques, for which asymmetric keys may be derived from a single (same) password. Knowledge or partial knowledge of the password may be the only information shared between parties prior to execution of a key exchange, and may be the only criteria by which one party will base trust in the other. A first network device may encrypt a key using a password-based key derived from a password, and authenticate a second device based on the second network device's ability to decrypt the encrypted key using a key derived from the same password. Knowledge of the password may be conveyed by the second device to the first device—a session key may be generated as a function of the decrypted key, and a function of this session key may be communicated from the second device to the first device. | 12-02-2010 |
20100306543 | Method of efficient secure function evaluation using resettable tamper-resistant hardware tokens - An embodiment of the present invention provides a computer implemented method for the transfer of private information of one user to another user—a primitive known as Oblivious Transfer. An output from a strong pseudorandom function generation (SPRFG) is calculated by a first user's computing module based on first and second parameters: the first parameter specifying one of two secret keys; the second parameter being a value selected within the domain of the SPRFG by the first user. The first user is prevented from reading or learning the stored two secret keys. The output is transmitted to a computer of a second user which generates first and second encrypted values that are each based on an inverse SPRFG calculation using the first and second secret keys, respectively, and corresponding private values of the second user. The encrypted values are sent to a first computer of the first user that calculates one of the private values using a mathematical computation based on the second parameter and the one of the first and second encrypted values that corresponds to the one of the first and second key used. | 12-02-2010 |
20100306544 | SECURE COMPUTING ENVIRONMENT IN A TRANSPORTABLE CONTAINER - A secure container can comprise a security server, one or more container servers, and one or more sensors that can detect a breach of the physically secure computing environment provided by the container. A management server external to the container can be informed when the container is sealed and authorized and can subsequently provide a cryptographic key enabling the security server in the container to boot. Each container server can request and receive a cryptographic key from the security server enabling them to boot. If the container is breached, such keys can be withheld and any computing device that is powered off, or restarted, will be unable to complete a subsequent boot. If the container loses a support system and is degraded, so long as the security server does not lose power, it can provide the cryptographic keys to container servers restarted after the degradation is removed. | 12-02-2010 |
20100313025 | METHODS ESTABLISHING A SYMMETRIC ENCRYPTION KEY AND DEVICES THEREOF - A method, computer readable medium, and an apparatus for establishing a symmetric encryption key includes determining at one of a plurality of communication devices a first phase difference based on a first transmission from another one of the plurality of communication devices. A first new encryption key is generated based on the determined first phase difference at the one of the plurality of communication devices. At another one of the plurality of communication devices a second phase difference is generated based on a second transmission from the one of the plurality of communication devices. A second new encryption key is generated based on the determined second phase difference at the another one of the plurality of communication devices. Authenticity of the generated first new encryption key and the generated second new encryption key is determined. Communication between the one of the plurality of communication devices and the another one of the plurality of communication devices is established when the generated first new encryption key and the generated second new encryption key are determined to be authenticated. | 12-09-2010 |
20100313026 | INFORMATION PROCESSING APPARATUS AND METHOD - In order to limit use of content, when a source receives a request for transmitting content from a sink, the source performs an authentication process. When the authentication is successful, the source transmits to the sink key information necessary for decrypting the encryption applied to the content. The sink can receive the content by receiving the key information and by decrypting the encryption applied to the content by using the key information. | 12-09-2010 |
20100318799 | DISCOVERY OF SECURE NETWORK ENCLAVES - A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located. | 12-16-2010 |
20100318800 | KEY MANAGEMENT IN SECURE NETWORK ENCLAVES - A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located. | 12-16-2010 |
20100325435 | Two-factor authenticated key exchange method and authentication method using the same, and recording medium storing program including the same - A two-factor authenticated key exchange method. A subscriber station transmits a value generated by using an identifier and an authentication server's public key to the authentication server through an access point. The authentication server uses the value to detect the subscriber's password, a key stored in a token, and the authentication server's secret key, generate a random number. The subscriber station uses the random number, password, and the key to transmit an encrypted value and the subscriber's authenticator to the authentication server. The authentication server establishes a second value generated by using the password, key, and random number to be a decrypted key to decrypt the encrypted value, authenticate the subscriber's authenticator, and transmits the authentication server's authenticator to the subscriber station. The subscriber station authenticates the authentication server's authenticator by using the key and password. | 12-23-2010 |
20100325436 | METHOD, SYSTEM, AND DEVICE FOR OBTAINING KEYS - A communication system that obtains a key includes: a server that confirms support of Identity Based Encryption (IBE) authentication; the server obtains public parameters and a private key for IBE; and the server receives a PreMasterSecret key encrypted through the IBE, and obtains a plain text of the PreMasterSecret key according to the public parameters and the private key. The system includes a client and a server. The client includes an IBE negotiating module, a public parameter obtaining module, a server identifier obtaining module, and a processing module. The server includes an IBE negotiating module, a public parameter obtaining module, a private key obtaining module, and a processing module. Through combination of the IBE technology and the SSL/TLS technology, the modes of encrypting a PreMasterSecret key in the existing SSL/TLS protocol are diversified, and the use scope of the existing SSL/TLS protocol is extended substantially. | 12-23-2010 |
20100332835 | METHOD AND SYSTEM FOR SECURE COMMUNICATION BETWEEN COMPUTERS - Method, system and computer program for exchanging data between a client computer and a storage device are described, in which the storage device may send a long-term DH-component to an intermediate server. The client computer may send a first short-term DH-component to the storage device through the intermediate server that adds a communication expiration time. The storage device may send a second short-term DH-component to the client computer. The client computer and the storage device may calculate a symmetric key from the long-term component and from both short-term DH-components to exchange data and may delete the short-term DH-components upon reaching the expiration time. | 12-30-2010 |
20100332836 | METHOD AND APPARATUS FOR RECOVERING SESSIONS - A method for recovering sessions includes storing, by a client, session information after a session is established between the server and the client. When the session needs to be recovered upon interruption, the client sends all state information before interruption of the session and the session information to the server, and the server recovers the session upon the received session information and all state information before interruption of the session. After a session is interrupted, the server does not need to store any session-related information, thus saving the resources of the server, and all information about the previous session can be recovered completely. | 12-30-2010 |
20110004760 | METHOD AND APPARATUS OF DERIVING SECURITY KEY(S) - A method, apparatus and a wireless communication system to derive security key(s) over an air link in a secure manner by sending by a mobile station over the air a single direction permutation of a mobile station ID, establishing keys with the base station and sending the mobile station real ID in a secure manner. | 01-06-2011 |
20110004761 | VIRAL FILE TRANSFER - A method of distributing data between mobile devices while retaining control of that data. In particular, Digital Rights Management parameters are monitored and modified to control the distribution, and distribution is only permitted to devices which are approved or authorized. Mechanisms are provided for validating the identity of devices requesting transmission of the file. | 01-06-2011 |
20110004762 | SECURITY FOR A NON-3GPP ACCESS TO AN EVOLVED PACKET SYSTEM - A home subscriber server ( | 01-06-2011 |
20110010549 | Efficient key management system and method - A system for providing cost effective, secure key exchange from at least one first device to at least one second device through at least one proxy server is provided. The system includes a first key exchange message from the at least one first device to the at least one second device via the at least one proxy server. A second key exchange message from the at least one second device to the at least one first device via a media stream of the Internet is required to complete the computation of the session key. A method of securing a communication system is also set forth. The method includes the steps of providing a routing device for identifying a subscriber, and providing a master key exchange session, the master key exchange session including a key k to find a subscriber and a nonce r to answer a query to the subscriber, wherein the master key exchange session includes both the key k and the nonce r. | 01-13-2011 |
20110010550 | METHOD FOR LOCKING AN APPLICATION PROGRAM - A method for locking the application program includes: when running a application program stored in a terminal, it judges whether a first unlocking key of the application program exists in the terminal; in the case that the first unlocking key does not exist, the terminal generates and stores the first unlocking key, and sends it to a device; judging whether the device has locked the application program, in the case that the result of judgment is no, proceeding to the first step, otherwise proceeding to the second step: the first step, the device locks the application program, generates a second unlocking key, and notifies the second unlocking key to a user, proceeding to the second step; the second step, performing the authentication process for the user; in the case that the first unlocking key exists in the terminal, the first unlocking key is sent to the device, judging whether the device has locked the application program or not, if not, proceeding to the third step, otherwise proceeding to the forth step; the third step, the device locks the application program, generates the second unlocking key and notifies the second unlocking key to the user, proceeding to the forth step; the forth step, performing the verification process. | 01-13-2011 |
20110010551 | SHARED ENCRYPTION KEY GENERATION VIA ACCELEROMETER DIGITIZATION - An apparatus and method for generating a shared secret between at least two wireless portable electronic devices. A shared secret is generated by holding together the at least two devices and shaking them. An acceleration of the at least two devices is measured at least during a time window beginning at a time corresponding to when a magnitude of the acceleration exceeds a predetermined threshold. The acceleration is sampled, resulting in a plurality of vectors, such that a first vector is an initial sample of the acceleration during the time window. In some embodiments, the acceleration is measured in three dimensions. Dot products are calculated between the first vector and each of a plurality of subsequent vectors, resulting in an array of scalars. At least a portion of this array is used to generate the shared secret between the at least two devices. | 01-13-2011 |
20110016321 | Automated Security Provisioning Protocol for Wide Area Network Communication Devices in Open Device Environment - An automated security provisioning protocol is provided for wide area network communication devices in an open device environment, such as cellular communication devices in a machine-to-machine (M2M) environment. For example, a method for performing a security provisioning protocol between a first communication device and a second communication device over at least one wide area communication network comprises the following steps from the perspective of the first communication device. The first communication device automatically uses access information not previously provisioned in the wide area communication network to gain access to the wide area communication network for an initial purpose of communicating with the second communication device. The first communication device, upon gaining access to the wide area communication network, automatically performs an authenticated key exchange operation with the second communication device over the wide area communication network and establishes a secure communication key as a result of the authenticated key exchange operation for subsequent use by the first communication device for secure communications. The wide area communication network is operated by a first entity and the second communication device is operated by a second entity. | 01-20-2011 |
20110016322 | SYSTEM AND METHOD FOR EXCHANGING KEY GENERATION PARAMETERS FOR SECURE COMMUNICATIONS - A communication system exchanges key generation parameters for secure communications. An internet service and communications device of a user are in communication with each other. The internet service includes an account authentication mechanism for a user and includes a database having stored cryptographic keys and key generation parameters. A device client operates on the communications device and initiates a request to the internet service that authenticates the user and establishes a secure communications channel between the internet service and communications device and determine key generation parameters based on an authenticated user identifier and transmits the key generation parameters for initiating key generation and securely establishing a cryptographic key between the internet service and communications device. | 01-20-2011 |
20110016323 | REMOTE SECURE AUTHORIZATION - The present invention discloses a technique provisioning network cryptographic keys to a client when direct physical transfer is not feasible. In an embodiment of the invention, a client token generates a temporary key encrypted with a first secret key known only in a master token database and passes this on to an enterprise network token of a network to which service is requested. The enterprise network token then further encrypts the encrypted temporary key with a second secret key and passes that on to the master token database. Since the second secret key is also known by the master token database, the originally encrypted temporary key can be securely decoded only by a master token coupled to the master token database. The decrypted temporary key can then be re-encrypted with a key known only by the enterprise network token and the master token, and returned to the enterprise network token. This allows the enterprise network token to gain secure access to the temporary key of the client token, thereby allowing the enterprise network token to securely provision the remote client token with the appropriate enterprise Network Keys. | 01-20-2011 |
20110029775 | COMMUNICATION CUTOFF DEVICE, SERVER DEVICE AND METHOD - A network monitor device | 02-03-2011 |
20110029776 | WIRELESS PERSONAL AREA NETWORK ACCESS METHOD BASED ON PRIMITIVE - A wireless personal area network access method based on the primitive, includes: a coordinator broadcasts a beacon frame to the device which requests connecting to the wireless personal area network (WPAN), the beacon frame includes the authentication request information for the device and the authentication and a key management tool supported by the coordinator; the device authenticates the authentication request information, when the coordinator has an authentication request to the device, the coordinator and the device execute the authentication based on the primitive and obtains the conversation key. | 02-03-2011 |
20110029777 | BOOTSTRAP OF NFC APPLICATION USING GBA - The present invention provides a bootstrap system comprising a network system and a mobile handset where the mobile handset can easily receive services of NFC bootstrap application. The handset is effectively authenticated after a bootstrap controller in the network verifies whether a user credential derived in the mobile handset and a user credential separately received from a network server are equal. The application setting is sent to a handset from a bootstrap controller via ad-hoc near field communication (NFC) between the mobile handset and the bootstrap controller. Then the user of the mobile handset can receive various services of the NFC application after the network server delivers the user credential to the service devices with NFC interface. | 02-03-2011 |
20110029778 | METHOD FOR DISTRIBUTED IDENTIFICATION, A STATION IN A NETWORK - The present invention relates to a method for identifying and/or, authenticating, and/or authorizing a first radio station in a radio network, comprising the steps of (a) at the first radio station, transmitting to a second radio station a first radio station identifier computed from a set of identity parameters based on the identity of the first radio station, comprising at least one identity parameter, (b) at the first radio station, transmitting at least one identity parameter from the set of identity parameters, (c) at the second radio station, comparing an authentication identifier computed on the basis of the transmitted identity parameter to the first radio station identifier for enabling a subsequent communication between the first and second radio stations. | 02-03-2011 |
20110047383 | SECURE PEER-TO-PEER MESSAGING INVITATION ARCHITECTURE - First and second communication devices respectively have first and second personal identification numbers (PINs). The first communication device transmits to the second communication device a first encryption key, and receives from the second communication device the second PIN that has been encrypted by the second communication device using the first encryption key. The first communication device receives from the second communication device a second encryption key, decrypts the encrypted second PIN, and encrypts the first PIN using the second encryption key, and transmits the encrypted first PIN to the second communication device. The first communication device conducts, with the second communication, device a peer-to-peer messaging session by transmitting to the second communication device peer-to-peer messages that contain the second PIN and receiving from the second communication device peer-to-peer messages that contain the first PIN. Each message is routed by a routing server based on the respective first and second PINs. | 02-24-2011 |
20110055570 | LOCATION UPDATE OF A MOBILE NODE - A method of facilitating location update signalling within a communication network between a mobile node and an end host includes establishing a trust relationship between one or more end hosts ( | 03-03-2011 |
20110055571 | METHOD AND SYSTEM FOR PREVENTING LOWER-LAYER LEVEL ATTACKS IN A NETWORK - A method for preventing lower-layer level attacks committed against entities in a network. The method comprises forming a secure peer group (SPG) of member entities in the network, wherein each of the member entities is configured with a media access control (MAC) address locked to its own identity and a Internet protocol (IP) address linked to its MAC address; establishing a secure handshake between at least a source member entity and a target member entity of the SPG by mutually authenticating of the source member entity and the target member entity; and securely transferring data from the source member entity to the target member entity. | 03-03-2011 |
20110055572 | ROUTE OPTIMIZATION IN MOBILE IP NETWORKS - The present invention the present invention concerns a method for optimizing a route between a mobile node and a correspondent node in mobile Internet protocol networks. The mobile node is served by an anchor point being a node, e.g. a mobile IP home agent. According to the method the anchor point generates a Multi-key Cryptographically Generated Address (MCGA) for the mobile node. The MCGA is generated using at least the public keys of the mobile node and the anchor point. The anchor point assigns and registers the generated MCGA as a home address for the mobile node and sends a binding update message to the correspondent node on behalf of the mobile node. The binding update message includes at least a signature of the MCGA signed by the anchor point. Thereby route optimization can be performed such that data packets can be exchanged between the mobile node and the correspondent node without routing the packets via the anchor point. | 03-03-2011 |
20110066858 | SYSTEM AND METHOD FOR IPSec LINK CONFIGURATION - A method for configuring Internet Protocol Security (IPsec) protocol. The method includes configuring IPsec phase 1 Security Associations (SA) lifetimes and soft phase 2 SA lifetimes in a manner enabling efficient Dead Peer Detection recovery of secure communication between client and server in the event of a communication disruption and thereby preventing undesirable sustained periods of non-communication between client and server. | 03-17-2011 |
20110072268 | SERVER APPARATUS, LICENSE DISTRIBUTION METHOD, AND CONTENT RECEPTION APPARATUS - [Object] To stabilize an operation of a license server by avoiding concentration of license acquisition requests from a large number of clients at a time right after a broadcast start time of a content. | 03-24-2011 |
20110078445 | Method For Establishing A Wireless Link Key Between A Remote Device And A Group Device - Disclosed is a method for establishing a wireless link key between a remote device and a group device. In the method, the remote device obtains a group identifier from the group device, and determines whether the group device is associated with a group having a trust association with the remote device. When the group device is determined to be associated with a group having an established trust association with the remote device, the remote device forwards a link setup request to the group device for virtually pairing with the group device using the trust association to establish the wireless link key. When the group device is determined not to be associated with a group having an established trust association with the remote device, the remote device forwards a pairing request to the group device for pairing with the group device to establish the wireless link key. | 03-31-2011 |
20110078446 | SYSTEM AND METHOD FOR DEPLOYING A MASTER KEY BETWEEN TWO COMMUNICATION DEVICES - A system and method of deploying a master key for a first communication device and second communication device. The first communication device receives a request message from the second communication device through a wireless communication network, and creates a master key algorithm based on configuration parameters of the request message. The first communication device further generates a master key according to the master key algorithm, verifies whether the master key created by the first communication device is correct, and installs the master key in the first and second communication devices when the master key is correct. | 03-31-2011 |
20110093712 | COMMUNICATION DEVICE SUPPORTING PAIRING - Provided is a communication device. The communication device may transmit information to an external device using a terminal that makes a physical contact with the external device, and may sense the physical contact. In response to the sensed physical contact, the communication device may generate a link key. | 04-21-2011 |
20110099376 | SYSTEMS AND METHODS FOR AUTHENTICATING AN ELECTRONIC TRANSACTION - Systems and methods for authenticating a request between a client computer and a transaction server are provided. An application request, comprising an identity of a user originating the request, is received at an application server from the client. The application server constructs a signing key based on (i) the identity of the user making the request, (ii) a time based salt value, (iii) a secret shared between the application and transaction servers and, optionally, (iv) an identifier of the distributor or developer of the application. The signing key is embedded in an unbranded version of the application thereby branding the application. The branded application can sign a request with the signing key and submit the signed request to the transaction server with the identity of the user and the identifier of the distributor or developer of the application. | 04-28-2011 |
20110107103 | SYSTEMS AND METHODS FOR SECURE DISTRIBUTED STORAGE - Embodiments relate to systems and methods for secure distributed storage. In aspects, a set of remote storage hosts, such as personal computers, servers, media devices, cell phones, or others, can subscribe or register to provide storage via a cloud-based or other distributed network. Source data from an originating computer, such as a data file, can be decomposed into data storage subunits, each of which is encrypted via a cloud management system or other logic or control. The data storage subunits can comprise data blocks or even or uneven size. The set of encrypted data storage subunits can be registered to a table or other record, and disseminated to the remote storage hosts. In the event of data loss at the originating computer or at other times, the remotely stored data storage subunits can be extracted, decrypted, and reassembled to reconstruct the original source data. | 05-05-2011 |
20110107104 | METHOD, SYSTEM, AND DEVICE FOR NEGOTIATING SA ON IPv6 NETWORK - A method, system, and device for negotiating a security association (SA) on an Internet Protocol version 6 (IPv6) network are disclosed. In this method, the initiator and the responder generate an SA through the interaction of two messages. Compared with the conventional procedure for setting up an SA based on the Internet Key Exchange Protocol (IKE), the interaction procedure in the present invention is simplified significantly. Therefore, the negotiation is faster and more convenient. In addition, with the present invention, cryptographically generated address parameters (CGA Params) are carried in the message and the CGA may be verified so that the invader cannot spoof the address. | 05-05-2011 |
20110113250 | SECURITY INTEGRATION BETWEEN A WIRELESS AND A WIRED NETWORK USING A WIRELESS GATEWAY PROXY - A method, system and computer program product in a wireless gateway to provide secured communications over a wireless network and a wired network is provided herein. The method includes the steps of receiving a first authentication credential from a wireless device and mapping the first authentication credential to a second authentication credential. The method further includes transmitting the second authentication credential to an authentication server and receiving a first authentication response from the authentication server. The method also includes generating a first shared secret and a second shared secret if the first authentication response indicates that authentication is successful and transmitting a second authentication response to the wireless device. The first shared secret is used to setup a first secured channel for communications with a service provider over a wired network and the second shared secret is used to setup a second secured channel for communications with the wireless device. | 05-12-2011 |
20110119492 | Apparatus and Method for Over-the-Air (OTA) Provisioning of Authentication and Key Agreement (AKA) Credentials Between Two Access Systems - A method and apparatus for over-the-air provisioning of authentication credentials at an access device via a first access system, wherein the authentication credentials are for a second access system lacking an over-the-air provisioning procedure. For example, the second access system may be a 3GPP system using AKA authentication methods. The first access system may be CDMA, using an OTASP or IOTA procedure. Provisioning the authentication credentials may include provisioning any of a 3GPP AKA authentication root key (K), AKA authentication related parameters, an AKA authentication algorithm to be used in the 3GPP authentication, or authentication algorithm customization parameters. | 05-19-2011 |
20110126014 | Event Triggered Pairing of Wireless Communication Devices Based on Time Measurements - An event-triggered pairing mechanism allows pairing wireless devices having short range interfaces (e.g., Bluetooth devices) by bumping the wireless devices together. A wireless device being paired with a connecting device detects a bump event, determines time information about the bump event, and then generates a private session key based on the time information. Once the devices are paired and the private session key is generated, user content can be securely exchanged between the devices. | 05-26-2011 |
20110126015 | SINK AUTHENTICATION SYSTEM AND METHOD USING MOBILE COMMUNICATION NETWORK - A system is provided for authentication between a mobile device (MD) and a sink using a mobile communication network. If a sink authentication request for the sink is received from the MD, a base station (BS) sends a sink authentication response including sink authentication information for the sink, to the MD. The MD forwards the sink authentication request for the sink to the BS, and if a sink authentication response is received from the BS, authenticates the sink using the received sink authentication information. The sink performs authentication with the MD. | 05-26-2011 |
20110126016 | SYSTEM AND METHOD FOR SECURE WIRELESS MULTI-HOP NETWORK FORMATION - The present invention provides methods and devices for a security architecture for use in wireless multi-hop networks. A method for implementing pair-wise encryption key establishment, network node authentication and determining tunnel encryption keys is provided in a following manner. In a multi-hop wireless network including a plurality of network nodes, pair-wise security is established between pairs of neighbouring network nodes of the plurality of network nodes. For example, pair-wise security is established in the form of temporal pair-wise encryption keys. Following establishment of pair-wise security between pairs of neighbouring network nodes, for a pair of network nodes that are not neighbours, tunnel security is established between the pair of network nodes using tunnel encryption keys derived by the pair of network nodes on an ad hoc basis. The tunnel encryption keys are used to form the connection between non-neighbouring network nodes so as to avoid the hop-by-hop encryption/decryption used in conventional multi-hop wireless systems. | 05-26-2011 |
20110126017 | Methods, Nodes, System, Computer Programs and Computer Program Products for Secure User Subscription or Registration - The invention relates to secure user subscription or registration to a service at least partly enabled in a network. The network comprises user equipment adapted to perform generic bootstrapping. A network application function provides the service. A bootstrapping server function generates a bootstrapping transaction identifier. A home subscriber system stores a user profile, comprising information relating to the user and at least one service provided by the network application function. Corresponding communication network nodes and methods of their operation are also disclosed. | 05-26-2011 |
20110131415 | MULTIFACTOR USERNAME BASED AUTHENTICATION - A hashed value is computed from an encrypted password value and a displayed code value from a hardware token at a client. The encrypted password value is based on a username, a context identifier, and a password. The client provides the username and the hashed value to a server. The encrypted password value associated with the username is retrieved at the server. An expected hashed value is computed at the server. The client is validated based on a comparison of the hashed value and the expected hashed value. | 06-02-2011 |
20110138184 | Efficient Techniques for Achieving Security Against Cheating Tamper-Resistant Tokens - An improved secure transaction system for facilitating secure transactions between devices in a network is set forth. The system includes a first device. A secure agent, adapted for encrypting and delivering a message on behalf of the first device, is provided. The secure agent has a secret key drawn at random from a large domain embedded in the agent by the first device. A second device, adapted to obtain the message, based on a session ID, from the secure agent, is provided. The second device can selectively test the truth of a corresponding message from the agent, based on querying of the first device. The testing is unknown and unpredictable to the secure agent during the transaction. In this manner, the first device and agent are kept separate to deter cheating. | 06-09-2011 |
20110138185 | METHOD AND APPARATUS FOR UPDATING DATA - A method and apparatus for updating data, the method including: receiving a forced update command to forcibly update at least one of a first digital rights management (DRM) module and a first device key stored in the device; receiving a DRM package including at least one of a second DRM module and a second device key based on the forced update command; and updating the at least one of the first DRM module and the first device key based on the received DRM package. | 06-09-2011 |
20110145581 | MEDIA PLAYBACK ACROSS DEVICES - A method may include displaying media items via a network, wherein the network includes a mobile device, a personal computer, and a set-top box connected to a television. A first communication session may be established with the personal computer via the network. A media item may be identified for display on the television. A request may be transmitted to the personal computer to output the identified media item for display on the television. | 06-16-2011 |
20110145582 | METHOD FOR SHARING AND UPDATING KEY USING WATERMARK - A method for sharing and updating a key using a watermark is disclosed. The method includes receiving an image to be encoded from an image input device encoding the image, and inserting a master key value as a watermark into the encoded image, for use as an input of a key derivation function. | 06-16-2011 |
20110145583 | Smart Card Security Feature Profile in Home Subscriber Server - In accordance with the exemplary embodiments of the invention there is at least a method, an executable computer program, and an apparatus to determine at a network application function a list of desired user equipment security features to be used, the security features of the list ordered by preference of the network application function, send the list to a database of user security settings via a bootstrapping server function, and receive by the network application function, via the bootstrapping server function, a security features response including a security key, derived from information stored in the database, corresponding to a desired security feature contained in the list, thereby informing the network application function of the availability of at least one of the desired security features in the user equipment. | 06-16-2011 |
20110154041 | METHOD TO SECURELY TRANSFER USER ENCRYPTION KEYS AND SERVICES BETWEEN MOBILE DEVICES - A method for securely transferring a service from a first mobile device to a second mobile device, the service being associated with a server configured for facilitating provisioning of services to mobile devices over a wireless communications network. The method includes generating in the first mobile device a shared key, the shared key being generated using a master key unique to the server and to the first mobile device, the master key being accessible by the server and by the first mobile device; and sending said shared key from the first mobile device to the second mobile device using an alternate communication mechanism independent from the server. | 06-23-2011 |
20110154042 | METHOD AND PROCESSING UNIT FOR SECURE PROCESSING OF ACCESS CONTROLLED AUDIO/VIDEO DATA - A method based on access conditions verification performed by two conditional access devices consecutively on a control message before releasing a control word to a descrambler. The control message encapsulates a second part including another control message. The processing unit for carrying out the method comprises a first conditional access device connected to a second conditional access device provided with a descrambler and a secured processor or secured hardware logic. The control message and the second part are each encrypted and accompanied by respectively first and second authentication data. The first conditional access device decrypts and verifies integrity of the control message, verifies the first access conditions and transmits the second part to the second access control device. The second conditional access device decrypts and verifies integrity of the second part and further verifies the second access conditions, and releases and loads the control word into the descrambler. | 06-23-2011 |
20110161670 | Reducing Leakage of Information from Cryptographic Systems - A system is described for reducing leakage of meaningful information from cryptographic operations. The system uses a pairwise independent hash function to generate a modified secret key SK′ having individual components. The system forms a modified secret key collection that includes SK′ and its individual components. The system then uses the modified secret key collection to decrypt a message. The decryption involves providing multiple partial operation results in separate respective steps. Leakage of meaningful information is reduced due to difficulty in piecing together meaningful information from information leaked by the separate partial operations. In one example, the hash function has the form H | 06-30-2011 |
20110161671 | SYSTEM AND METHOD FOR SECURING DATA - A system and method are provided for securing data. The method includes generating a first public encryption key by a cryptographic processor associated with a first computer subsystem; sending the first public encryption key to a second computer subsystem; and receiving first encrypted data at the first computer subsystem, the first encrypted data having been encrypted by the second computer subsystem using the first public encryption key. The method further includes generating a first private encryption key by the cryptographic processor; decrypting the first encrypted data using the first private encryption key generated by the cryptographic processor to obtain a first decrypted data; and storing the first decrypted data in a memory associated with the cryptographic processor. | 06-30-2011 |
20110167272 | Secure Multi-UIM aka key exchange - An apparatus in one example, where the apparatus comprises a communication device component that performs an authentication key agreement protocol by receiving a first random nonce (RAND) and an authentication token, wherein the communication device component is configured with a shared secret key. The communication device component generates a derivation key by applying a pseudo random function to the RAND and the shared secret key. The communication device component generates a first set of session keys based on a second random nonce (RANDC) and the derivation key where the first set of session keys are used in encrypting communications. | 07-07-2011 |
20110167273 | METHOD FOR SECURE COMMUNICATION IN A NETWORK, A COMMUNICATION DEVICE, A NETWORK AND A COMPUTER PROGRAM THEREFOR - The present invention relates to a method for secure communications and communication networks having communication devices, using secure means like encryption system for securing communications. More particularly, the present invention relates to a method for secure communications from a first node (N | 07-07-2011 |
20110173450 | Secure Coupling of Hardware Components - A method and a system for securing communication between at least a first and a second hardware components of a mobile device is described. The method includes establishing a first shared secret between the first and the second hardware components during an initialization of the mobile device and, following the initialization of the mobile device, using the first shared secret or a derivative thereof to secure the communication between the first and the second hardware components. | 07-14-2011 |
20110179276 | COMMUNICATION APPARATUS - A communication apparatus performs data communication with a communication device, and includes an authentication processing portion configured to perform authentication processing, including a round trip time (RTT) test on authentication requests received from one or more unauthenticated communication devices and a data communication portion configured to perform data communications with the communication device authenticated by the authentication processing portion. If, in authentication processing of a current authentication request, a prior RTT test is being performed corresponding to a prior authentication request originating from the same communication device, the current RTT test is not performed, and authentication processing waits for the completion of the prior RTT test. If the result of the prior RTT test is successful, authentication processing uses the result of the prior RTT test as the result corresponding to the current authentication request. | 07-21-2011 |
20110179277 | Key Distribution to a Set of Routers - Before actually communicating information/data between two endpoints (C, S) connected to a network a secure and confidential distribution of a special key (K h) is performed to nodes (R j) along a path in the network. This is allowed by performing a path handshaking procedure in which first a hint token is forwarded along the path in a first direction and then a disclosure token is forwarded in the opposite direction. In forwarding the disclosure token it is verified in the nodes against the already received hint token. This assures that only nodes on the particular path will receive the special key or possibly some other information related thereto. | 07-21-2011 |
20110185177 | Method for generating an asymmetric cryptographic key pair and its application - The invention pertains to a method, computer readable medium, and data processing system for generation of an asymmetric cryptographic key pair including reception of an arbitrarily selectable login name, calculation of a first data object key, whereby a random value and the login name are included in the calculation, and calculation of a second data object key from the first data object key, whereby the first and second data object keys form the asymmetric cryptographic key pair. | 07-28-2011 |
20110197066 | MULTI-FUNCTIONAL SYSTEM, SECURITY METHOD, SECURITY PROGRAM, AND STORAGE MEDIUM - A multi-functional system includes a main system, and sub-systems operated by sub-programs and the main system. The sub-systems includes a first memory storing a first public key, and a second memory storing an encrypted sub-program and second public key, a first communication controller transmitting the first public key for encrypted communication, a decryption unit decrypting the encrypted sub-program and second public key using an encryption key, and a second controller transmitting the decrypted second public key for encrypted communication. The main system includes a first public key, a second public key, a security device, and first and second communication controllers. The sub-systems execute a plurality of corresponding subprograms under the control of the main system. | 08-11-2011 |
20110202769 | SYSTEM AND METHOD FOR DETECTING COPY OF SECURE MICRO - A Secure Micro (SM) copy detection system includes at least one Access Point (AP) that is connected to at least one host group including at least one SM, at least one Multiple-Services Operator (MSO) that is used to manage the at least one SM and includes the at least one AP, and a host information management server that is used to perform authentication of the at least one SM and that is independently connected to the at least one MSO. | 08-18-2011 |
20110202770 | SECURITY OF DATA OVER A NETWORK - A method for securing data transmitted over a network to an image display device. In one embodiment, the method may include identifying at least one image display device on the network, selecting the at least one image display device for transmission of data, activating a data protection process to generate locked data and transmitting the locked data to the image display device. The method may further include receiving a key to unlock the locked data such that the data is available to the image display device. | 08-18-2011 |
20110208968 | WIRELESS LAN DEVICE, WIRELESS LAN SYSTEM, AND COMMUNICATION METHOD FOR RELAYING PACKET - A wireless LAN device which performs wireless communication in a wireless network comprises: a communication section for performing the wireless communication such that a packet can be relayed in the wireless network; and a setting section for obtaining first identification information from another wireless LAN device present in a communicable state within a radio wave arrival range of the wireless LAN device, which first identification information can identify the other wireless LAN device, and setting a role for executing an asymmetric protocol asymmetric between the wireless LAN device and the other wireless LAN device, the role being set based on the first identification information, and second identification information, stored in the wireless LAN device, that can identify the wireless LAN device. The wireless LAN device shares an encryption key, based on the set role, and relays a packet by encrypting the packet by using the encryption key. | 08-25-2011 |
20110213977 | METHODS AND DEVICES FOR COMPUTING A SHARED ENCRYPTION KEY - Embodiments described herein are generally directed to methods and devices in which computing devices, and mobile devices in particular, establish a shared encryption key for a device group comprising at least three mobile devices. In accordance with one example embodiment, a public key of a mobile device is computed using a shared password as performed in accordance with authentication acts of a password-authenticated key exchange protocol, and transmitted to at least one other mobile device of the group. A public value is computed as a function of a mobile device private key and of a public key of at least one other mobile device of the device group, in accordance with a group key establishment protocol. The public values of the mobile devices of the device group are used to compute a shared encryption key. | 09-01-2011 |
20110213978 | SECURE METHODS OF TRANSMITTING AND RECEIVING DATA BETWEEN TERMINALS COMPRISING NEAR-FIELD COMMUNICATION, AND CORRESPONDING TERMINALS - A method is provided for secure transmission of a data file from a sender terminal to at least one recipient terminal, each including a near-field communication device and implementing an encryption of the file, as a function of at least one item of encryption information that is known or determined by the sender terminal. The includes the following steps, in the sender terminal: dividing the file into a first file portion and a second file portion; sending with the near-field communication device a first data set including at least one portion of the encryption information item and the first file portion to the recipient terminal or terminals; sending with a radiofrequency transmitter a second data set including at least the second file portion to the recipient terminal or terminals. | 09-01-2011 |
20110213979 | QUANTUM KEY DISTRIBUTION - The invention relates to methods and apparatus for Quantum key distribution. Such methods including authenticating a first node in a communications network with a remote node in the communications network. The authentication may include connecting an authentication device to the first node, agreeing a quantum key between the first node and the remote node based on a quantum signal transmitted or received by the first node and performing an authentication step between the authentication device and the remote node on an encrypted channel. Authentication between the authentication device and remote node may be taken as authentication of the first node. | 09-01-2011 |
20110213980 | METHOD FOR ACCESSING A PLURALITY OF SERVICES BY A MOBILE TERMINAL USER, AND RELATED SECURE DEVICE - A method for enabling the user of at least one mobile terminal to access a plurality of services, includes: creating (E | 09-01-2011 |
20110219233 | QUADRATIC RESIDUE BASED PASSWORD AUTHENTICATED KEY EXCHANGE METHOD AND SYSTEM - A method is provided for use in secure electronic communication. The method may include obtaining a password shared with an intended key exchange entity and sending a key exchange request including a first value to the intended key exchange entity. The method may also include receiving a key exchange reply including a permutation of a first quadratic residue of the first value, and calculating a second quadratic residue of the first value based on the key exchange reply. Further, the method may also include determining a second value shared with the key exchange entity based on the first quadratic residue and the second quadratic residue. | 09-08-2011 |
20110225423 | SYSTEMS AND METHODS FOR IDENTITY ENCAPSULATED CRYPTOGRAHY - A method and a system to provide identity encapsulated cryptography are provided. A method may comprise receiving a user key to access a service. The service may be provided by an enterprise and hosted within a public cloud. A request for a country key assigned to a country of a user is transmitted and the country key is received. Session data resulting from the use of the service hosted within the public cloud is encrypted using the user key and the user key is encrypted using the country key. The encrypted session data and the encrypted user key are stored in the public cloud. The country key may be provided to a legal agency of the country of the user to decrypt session data of the user and to not decrypt session data of other users of another country. | 09-15-2011 |
20110225424 | Inter Base Station Interface Establishment - A method of establishing a peer-to-peer IPSec security association between a pair of base stations located within the same or different radio access networks. The base stations communicate with a core network via the same or different security gateways of the core network using respective pre-established IPSec security associations. The method comprises exchanging peer-to-peer IKE security association initiation request and initiation response messages between the base stations using said pre-established security associations. | 09-15-2011 |
20110231661 | Content Distribution with Mutual Anonymity - A method for transferring content includes requesting the content from a serving peer and sending the content to a requesting peer. Requesting the content includes sending a request to a tracker, receiving a request token, a path identifier, and a first peer identifier from the tracker, and sending a request message to a second peer. The first peer identifier includes an identity of a first peer, and the request message includes the request token, the path identifier, and the first peer identifier. Sending the content includes receiving the request token and the path identifier from a third peer, sending a return message to a fourth peer, and transferring the content from the serving peer to the requesting peer through a transfer path. The return message includes the path identifier and a second peer identifier. The second peer identifier includes an identity of a fifth peer. The transfer path includes at least the second, fourth, and fifth peers. | 09-22-2011 |
20110258452 | REMOTE AUTHENTICATION AND TRANSACTION SIGNATURES - The invention provides a method, apparatus, computer readable medium and signal which allows the usage of devices containing PKI private keys such as PKI-enabled smart cards or USB sticks to authenticate users and to sign transactions. The authenticity of the user and/or the message is verified. Furthermore the operation (authentication and/or signing) occurs without the need for an application to have some kind of a direct or indirect digital connection with the device containing the private key. In addition the operation occurs without the need for the PKI-enabled device containing the private key (e.g. a PKI smart card or USB stick) to either support symmetric cryptographic operations or to have been personalized with some secret or confidential data element that can be read by a suitable reader. | 10-20-2011 |
20110264915 | SYSTEM AND METHOD FOR SECURING MESH ACCESS POINTS IN A WIRELESS MESH NETWORK, INCLUDING RAPID ROAMING - Authentication in a mesh network controlled by a central controller, including using standard IEEE 802.11i mechanisms between a potential child mesh access point (AP) as supplicant and the controller as authenticator. Each mesh AP in the mesh network has a secure tunnel to a controller using a protocol for controlling the mesh AP, including AP capabilities, and a fast roaming method for re-establishing a secure layer-2 link with a new parent mesh AP including, while the mesh AP is a child mesh AP to the first parent mesh AP and has a secure layer-2 link to the first parent mesh AP, caching key information and wireless mesh network identity information in the controller. | 10-27-2011 |
20110276802 | METHODS AND APPARATUS FOR PEER-TO-PEER TRANSFER OF SECURE DATA USING NEAR FIELD COMMUNICATIONS - The present invention discloses an apparatus and method of transferring data from a first device to a second device. The method includes transmitting a request to transfer the data from the first device to the second device, receiving, at the first device, a decryption key to allow transfer of the data stored in a memory of the first device, receiving, at the second device, an encryption key, and transmitting the data from the first device to the second device using peer-to-peer communications. The method also includes encrypting the data at the second device using the encryption key, storing the encrypted data in a memory of the second device, receiving, at the first device, an acknowledgement from the second device, the acknowledgement indicating that the data has been encrypted and stored in the memory of the second device, and deleting the data from the memory of the first device. | 11-10-2011 |
20110296185 | Protection of Control Plane Traffic Against Replayed and Delayed Packet Attack - Techniques are provided for determining freshness of control messages in a network. At a first device that is to enter into a secure communication session with a second device, timestamp information and time window size information are sent to the second device in a control message during a first exchange between a first device and a second device. At the first device, timestamp information and time window size information are obtained from a control message received from the second device by the first device during the first exchange. At the first device, the freshness of a control message is tested based on the timestamp information of the control message during a second exchange and the time window size information received from the second device during the first exchange. | 12-01-2011 |
20110296186 | SYSTEM AND METHOD FOR PROVIDING SECURED ACCESS TO SERVICES - A system and method for providing authenticated access to an initiating terminal in relation to the services provided by a terminating terminal via a communications network are disclosed. In one aspect, a global server comprises a communications module, which receives and processes a key exchange initiation message from the initiating terminal so as to establish an encrypted communications channel with the terminating terminal. The communications module, responsive to a received key exchange initiation message, performs an encrypted communication establishment process in respect of the received key exchange initiation message. The encrypted communication establishment process comprises authenticating the initiating terminal, and in the event that the initiating terminal is successfully authenticated, transmitting keying data corresponding to the received key exchange initiation message to the terminating terminal. The keying data is identified on the basis of data associated with the initiating terminal. | 12-01-2011 |
20110307698 | MASKING THE OUTPUT OF RANDOM NUMBER GENERATORS IN KEY GENERATION PROTOCOLS - To mitigate the effects of a weak random number generator (RNG) in a public key cryptosystem, a public key obtained from the RNG is encrypted using a deterministic cryptographic scheme before being made publicly available. A trusted party receiving the encrypted public key can recover the public key and combine it with other information so it is not subject to direct scrutiny. In one embodiment, the trusted party incorporates the public key in a certificate, such as an implicit certificate, for use by the correspondents in other communications. | 12-15-2011 |
20110314286 | ACCESS AUTHENTICATION METHOD APPLYING TO IBSS NETWORK - An access authentication method applying to IBSS network involves the following steps of: 1) performing authentication role configuration for network entities; 2) authenticating an authentication entity and a request entity that have been performed the authentication role configuration via an authentication protocol; and 3) after finishing the authentication, the authentication entity and the request entity perform the key negotiation, wherein, the message integrity check field and protocol synchronization lock-in field are added in a key negotiation message. The access authentication method applying to IBSS network provided by the invention has the advantages of the better safeness and the higher execution efficiency. | 12-22-2011 |
20110314287 | Method and apparatus for binding subscriber authentication and device authentication in communication systems - An authentication method is provided between a device (e.g., a client device or access terminal) and a network entity. A removable storage device may be coupled to the device and stores a subscriber-specific key that may be used for subscriber authentication. A secure storage device may be coupled to the device and stores a device-specific key used for device authentication. Subscriber authentication may be performed between the device and a network entity. Device authentication may also be performed of the device with the network entity. A security key may then be generated that binds the subscriber authentication and the device authentication. The security key may be used to secure communications between the device and a serving network. | 12-22-2011 |
20110320816 | SYSTEMS AND METHOD FOR MALWARE DETECTION - A system and method for distinguishing human input events from malware-generated events includes one or more central processing units (CPUs), one or more input devices and memory. The memory includes program code that when executed by the CPU causes the CPU to obtain a first set of input events from a user utilizing the input device. The first input events are used to obtain or derive a feature indicative of the user, such as a multi-dimensional feature vector as provided by a support vector machine. Second input events are then obtained, and the second input events are classified against the feature to determine if either the user or malware initiated the second input events. | 12-29-2011 |
20120011368 | METHOD AND SYSTEM FOR TRANSMITTING DELAY MEDIA INFORMATION IN IP MULTIMEDIA SUBSYSTEM - The present invention provides a method and a system for transmitting delay media information in an IP multimedia subsystem, the system includes: a sending party of media information, a receiving party of the media information, a KMS and a mailbox server of the receiving party of the media information. The method and system of the present invention establishes an end-to-end security association between the sending party and the receiving party of the media information to encrypt the media information between them, without any need for the KMS to store the media key; at the same time, the security association is also established between the sending party and the mailbox server of the receiving party, and between the mailbox server of the receiving party and the receiving party, to perform an integrity protection and a mutual authentication between them, thus the security transmission of the IMS delay media information can be realized. | 01-12-2012 |
20120017086 | INFORMATION SECURITY TRANSMISSION SYSTEM - Provided herein is an information security transmission system, comprising a first information equipment and a second information equipment, wherein the first information equipment can obtain at least one certification data, connecting to the second information equipment through a network for processing an information transmission, accordingly, a key pair used for encryption/decryption can be obtained through the certificate authority or that can be obtained without the certificate authority selectively, such that the information transmission security channel can be established and the data transmission security can be ensured. The first information equipment and the second information equipment respectively comprises a first dynamic codec and a second dynamic codec for processing a coding/decoding process depending on a dynamic code book, furthermore, an automatic error detecting mechanism and an error correcting mechanism can be associated for ensuring the data transmission security and the data correction especially at one time transmission. | 01-19-2012 |
20120017087 | CONTENT DELIVERY NETWORK ENCRYPTION - A system and method for delivering content to end users encrypted within a content delivery network (CDN) for content originators is disclosed. CDNs transport content for content originators to end user systems in a largely opaque manner. Caches and origin servers in the CDN are used to store content. Some or all of the content is encrypted within the CDN. When universal resource indicators (URIs) are received from an end user system, the CDN can determine the key used to decrypt the content object within the CDN before delivery. Where there is a cache miss, an origin server can be queried for the content object, which is encrypted in the CDN. | 01-19-2012 |
20120017088 | WIRELESS LOCAL AREA NETWORK TERMINAL PRE-AUTHENTICATION METHOD AND WIRELESS LOCAL AREA NETWORK SYSTEM - A method for pre-authenticating a wireless local area network terminal and a wireless local area network system. The pre-authentication method includes after a current access point (AP) which has set up security association with a station (STA) receiving a pre-authentication start packet sent by the STA, the current AP interacting with a destination AP to verify certificates of the current AP and the destination AP for each other. If a certificate of the destination AP is verified to be valid, the current AP sending key information of the security association set up with the STA by the current AP to the destination AP, and the destination AP saving the key information, the key information including a basic key generated by negotiation between the STA and the current AP. | 01-19-2012 |
20120030468 | SYSTEM AND METHOD FOR OPTIMAL VERIFICATION OF OPERATIONS ON DYNAMIC SETS - A system and method for cryptographically checking the correctness of outsourced set operations performed by an untrusted server over a dynamic collection of sets that are owned (and updated) by a trusted source is disclosed. The system and method provides new authentication mechanisms that allow any entity to publicly verify a proof attesting the correctness of primitive set operations such as intersection, union, subset and set difference. Based on a novel extension of the security properties of bilinear-map accumulators as well as on a primitive called accumulation tree, the system and method achieves optimal verification and proof complexity, as well as optimal update complexity, while incurring no extra asymptotic space overhead. The method provides an efficient proof construction, adding a logarithmic overhead to the computation of the answer of a set-operation query. Applications of interest include efficient verification of keyword search and database queries. | 02-02-2012 |
20120036362 | Secret-Key Exchange for Wireless and Sensor Networks - A mechanism is provided for establishing a shared secret-key for secure communication between nodes in a wireless network. A first node in the wireless network provides a spreading code to a second node of the wireless network. The second node provides a first input for the key establishment to the first node using communication encoded with the spreading code. Responsive to obtaining the first input from the second node, the first node provides a second input for the key establishment to the second node using communication encoded with the spreading code. Then, the first node and the second node establish the shared secret-key using the first input and the second input. | 02-09-2012 |
20120036363 | METHOD FOR KEY IDENTIFICATION USING AN INTERNET SECURITY ASSOCIATION AND KEY MANAGEMENT BASED PROTOCOL - An initiating device: generates a message having an ISAKMP-based header that includes a security parameter index (SPI) field; identifies a key in the SPI field of the ISKMP-based header; and sends the message to a responding device. The responding device: receives the message; extracts the key identifier; and when a shared key is selected using the key identifier, uses the selected shared key to establish, with the initiating device, a session having a secure tunnel. | 02-09-2012 |
20120042166 | METHOD AND DEVICE FOR AUTOMATICALLY DISTRIBUTING UPDATED KEY MATERIAL - A method for handling an encrypted message received on an electronic device that has not been encrypted using a current public key. The portable electronic device automatically generates a reply message to the sender in response to determining that the message has not been encrypted with the current public key. The reply message may contain the current public key of the recipient device, and may request the sender to resend the message encrypted with the current public key. | 02-16-2012 |
20120042167 | SIMPLE NONAUTONOMOUS PEERING NETWORK MEDIA - A method of playing content across a network includes receiving, at a media player, an input from a user selecting media located on a network, sending a request across a network comprised of devices employing a common security protocol, the request to identify peer devices on the network, receiving a response across the network from a peer device, and accessing the media from a content memory of the peer device. A method of tracking valid peers on a secure media network, includes receiving, at a media player, an input from a user selecting media located on a peer device on the network, performing an authentication test of the peer player, determining if a latency associated with the peer player meets a criteria, and updating a latency log on the media player to include the peer player. A device has a content memory to store media content for playback, a network port arranged to allow the device to access a network, and a controller programmed to send a request through the network port to a network, the request being for a particular media content file, communicate with a peer device across the network to authenticate a communication session with the peer device, receive a response from the peer device indicating that the session has been authenticated, and access the media content file on a content memory on the peer device. | 02-16-2012 |
20120047366 | SOC WITH SECURITY FUNCTION AND DEVICE AND SCANNING METHOD USING THE SAME - A system-on-chip (SOC) for semiconductor intellectual property (IP), a device including the same, and a method of operating the same are provided. The SOC includes: an interface which receives scanning data from a main module in which the SOC is mounted; and an anti-virus engine which determines whether a virus exists in the received scanning data. Accordingly, the security of a device is tightened. | 02-23-2012 |
20120047367 | METHOD AND APPARATUS FOR GENERATING SECURITY CONTEXT - A method and an apparatus for generating a security context are provided. The implementation of the method includes: receiving a first message carrying a network capability of a User Equipment (UE); and generating the security context according to the network capability of the UE carried in the first message if the network capability of the UE carried in the first message is inconsistent with the stored network capability of the UE. After the network capability of the UE changes, information carrying the network capability of the UE is sent to a network side, so as to inform the network side that the network capability of the UE changes; therefore the network side can obtain the network capability of the UE, generate the security context according to the changed network capability of the UE, and further trigger a Radio Resource Control (RRC) connection establishment process. | 02-23-2012 |
20120060034 | DIGITAL INFORMATION STREAM COMMUNICATION SYSTEM AND METHOD - A digital information stream communication (DISC) system within a first conditional access system (CAS) is disclosed. The DISC system communicates information from a digital information stream (DIS) having DIS attributes for accessibility using the first CAS or associated with a digital media (DM) content in the DIS. The DISC system includes a monitoring module configured to receive the DIS and identify one or more of the DIS attributes for accessibility using the first CAS. The DISC system also includes a processing module configured to identify one or more of the DIS attributes associated with the DM content and analyze the DIS attributes. It does this to determine whether to send DIS data from the DIS to a second CAS based upon the DIS data being included in the DIS attributes. The DISC system also includes a processor configured to operate the monitoring module and the processing module. | 03-08-2012 |
20120066500 | Method of Time Synchronization Communication - A method for sending a public key from a client to a time server for encrypting a response message to the client as part of a time synchronization communication to providing a safe way of performing time synchronization communication, where the method comprises sharing the public key of the time server with the client prior to the time synchronization communication, sending an encrypted public key of the client to the time server, and decrypting the encrypted public key of the client using the private key of the time server by the time server. | 03-15-2012 |
20120066501 | MULTI-FACTOR AND MULTI-CHANNEL ID AUTHENTICATION AND TRANSACTION CONTROL - The present disclosure provides a system and method for conducting multi-factor and multi-channel ID authentication and transaction control. The authentication and transaction control may be conducted between a device and servers of the service providers only, without involvement of a third party. A server of the device assists personalizing, binding, unbinding and rebinding of the device with respect to the servers of the service providers. | 03-15-2012 |
20120072728 | RETRIEVING AND USING CLOUD BASED STORAGE CREDENTIALS - The present invention extends to methods, systems, and computer program products for retrieving and using cloud based storage credentials. Embodiments of the invention include automatically retrieving cloud based credentials (e.g., storage keys) as needed, such as, for example, on demand. Automatically retrieving credentials reduces administrator workloads and mitigates the potential for human errors. Embodiments of the invention also include using credentials (e.g., storage keys) in the deployment and ongoing operation of services (e.g., computing workers) in a resource cloud. Embodiments of the invention also include propagating credentials (e.g., storage keys) to instances running in the cloud during deployment. | 03-22-2012 |
20120079277 | VERIFICATION AND PROTECTION OF GENUINE SOFTWARE INSTALLATION USING HARDWARE SUPER KEY - A device, system, and method are disclosed. In one embodiment the device receives a user key from a user application. The device then creates a management engine key by applying a management engine key creation algorithm to the user key. Then the device sends the management engine key to a remote server. Later, the device retrieves a server key from the remote server. The device next performs a hash combination of the user key, the management engine key, and the server key to create a super key. Once the super key has been created, the device authenticates the super key, and if the super key is valid, the device then sends a management engine certification to the user application. | 03-29-2012 |
20120089838 | METHOD AND DEVICE FOR SECURELY CONFIGURING A TERMINAL - A method of configuring a terminal including initializing the terminal, and which automatically triggers at least: detecting presence of a memory by a basic input/ouput system of the terminal, accessing the memory by the basic input/ouput system, starting up an operating system stored in the memory, and starting up a driver of a telecommunication network access module, the driver of the access module being stored in the memory and configured to drive the access module through a communication link between the terminal and a telecommunication device including the access module. | 04-12-2012 |
20120089839 | ONLINE SECURE DEVICE PROVISIONING WITH ONLINE DEVICE BINDING USING WHITELISTS - One or more servers are provided including a session manager, authentication module, authorization module, encryption module, database, and protocol handler. The session manager is configured to receive requests for new identity data from network-enabled devices. Each request is authenticated first by the update server via its authentication module by validating the signature of the request message as well as the certificate chain trusted by the update server. The authorization module is configured to determine if the network-enabled devices specified on a whitelist are authorized to be provisioned with new identity data. The database is configured to receive new identity records generated by an identity data generation system. Each of the new identity records includes a new identifier. The new identifier is not associated or linked to any previously assigned/used identifiers and identity data, thus all the new identity records are generated independently and then loaded to the update server. | 04-12-2012 |
20120089840 | SYSTEM AND METHOD FOR CONTROLLING DATA COMMUNICATIONS BETWEEN A SERVER AND A CLIENT DEVICE - A system and method for controlling data communications between a server and a client device, such as a mobile device. Embodiments relate generally to a technique where stop data is provided to the client device. This stop data can be transmitted (e.g. by the client device) to the server. When processed by the server, the stop data indicates to the server that at least some of the encrypted data received by the client device from the server was not decrypted using the second key (e.g. as may be the case when the second key has been deleted). Upon receiving the stop data, the server may, for example, withhold the transmission of data encrypted with the first key to the client device until the second key is restored on the client device. In one embodiment, the stop data is provided to the client device in an encoded (e.g. encrypted) form. | 04-12-2012 |
20120096269 | DYNAMICALLY SCALABLE VIRTUAL GATEWAY APPLIANCE - A Virtual Elastic Gateway Appliance (VEGA) that implements all the capability of a security gateway in a set of virtual appliances for operation in a virtualized, cloud environment is provided. The virtual appliances are divided into various components to provide key exchange and data protection in separate virtual appliances allowing each to be scaled elastically and independently. Security management of the virtual gateway is under control of the client while the cloud provider can meter use of virtual resources. Shared state operation and tunneled key exchange ensure robust operation in a dynamic environment. | 04-19-2012 |
20120096270 | END-TO-END NETWORK SECURITY WITH TRAFFIC VISIBILITY - End-to-end security between clients and a server, and traffic visibility to intermediate network devices, achieved through combined mode, single pass encryption and authentication using two keys is disclosed. In various embodiments, a combined encryption-authentication unit includes a cipher unit and an authentication unit coupled in parallel to the cipher unit, and generates an authentication tag using an authentication key in parallel with the generation of the cipher text using an encryption key, where the authentication and encryption key have different key values. In various embodiments, the cipher unit operates in AES counter mode, and the authentication unit operates in parallel, in AES-GMAC mode Using a two key, single pass combined mode algorithm preserves network performance using a limited number of HW gates, while allowing an intermediate device access to the encryption key for deciphering the data, without providing that device the ability to compromise data integrity, which is preserved between the end to end devices. | 04-19-2012 |
20120137132 | SHARED SECRET ESTABLISHMENT AND DISTRIBUTION - Providing secure communication with a security token includes establishing a shared secret between the security token and a first entity, transferring the shared secret between the first entity and a second entity, and the security token and the second entity establishing a secure communication channel using the shared secret. Transferring the shared secret may include selectively transferring the shared secret to a subset of entities according to access considerations for the security token. The security token may be part of a mobile phone having NFC capability, the first entity may be a Web service and the second entity may be a door controller. The Web service may establish a shared secret with the mobile phone. Providing secure communication with a security token may also include distributing the shared secret to all of the hosts corresponding to doors to which the phone can be used to obtain access. | 05-31-2012 |
20120137133 | Key Agreement and Transport Protocol - A key establishment protocol includes the generation of a value of cryptographic function, typically a hash, of a session key and public information. This value is transferred between correspondents together with the information necessary to generate the session key. Provided the session key has not been compromised, the value of the cryptographic function will be the same at each of the correspondents. The value of the cryptographic function cannot be compromised or modified without access to the session key. | 05-31-2012 |
20120144199 | COMMUNICATION APPARATUS, CONTROL METHOD FOR COMMUNICATION APPARATUS, AND PROGRAM - A communication apparatus of the present invention is a communication apparatus that communicates with a plurality of other communication apparatuses, and starts processing for setting an address for the communication apparatus using encrypted communication when encrypted communication with the plurality of communication apparatuses becomes possible by sharing encryption keys for encrypting communication with the other communication apparatuses. | 06-07-2012 |
20120144200 | CONTENT SECURITY TRANSMISSION PROTECTION DEVICE AND SYSTEM THEREOF, AND CONTENT SECURITY TRANSMISSION METHOD - The invention relates to information security technologies, provides a content security transmission device and a content security transmission system which separate data transmission function of a digital interface from data management and processing function thereof, and provides a content security transmission method based on the device and the system. The content security transmission protection device comprises digital interfaces and a management/processing unit, the management/processing unit is configured in a specific chip in the device, used for updating a revocation list stored therein and collecting information from downstream devices. A transmitting device and a forwarding device in the content security transmission protection system comprise digital interfaces and management/processing units. The invention employs software in the specific chip CPU to implement data management and processing function without increasing cost, thus being capable of increasing any functions, improving flexibility and expansibility of the system, and greatly reducing size and cost of digital interface chips, namely reducing the development difficulty. The digital interfaces only implement simple data transmission function at fast processing speed. | 06-07-2012 |
20120159172 | SECURE AND PRIVATE LOCATION - Systems and methods of restricting access to mobile platform location information may involve receiving, via a link, location information for a mobile platform at a processor of the mobile platform, and preventing unauthorized access to the location information by an operating system associated with the mobile platform. | 06-21-2012 |
20120159173 | SERVICE KEY DELIVERY SYSTEM - A Service Key Delivery (SKD) system for delivering a service keys to client devices in a communications network. The delivered service keys are operable to be used to decrypt an encrypted key operable to be used to decrypt an encrypted digital content. The SKD system includes a data input interface for receiving a distribution time frame for the keys and a listing of client device identifications. The SKD system also includes a scheduling module to partition at least part of the distribution time frame into a number of time slots in which the number may be based on a variety of factors. The scheduling module assigns the time slots in the partitioned part of the distribution time frame to the client devices based on the identifications in the listing. The SKD system also includes a message generator configured to send key delivery messages to the client devices. | 06-21-2012 |
20120166802 | METHOD AND APPARATUS FOR ESTABLISHING A SECURITY ASSOCIATION - A method for establishing a security association between a client and a service node for the purpose of pushing information from the service node to the client, where the client and a key server share a base secret. The method comprises sending a request for generation and provision of a service key from the service node to a key server, the request identifying the client and the service node, generating a service key at the key server using the identities of the client and the service node, the base secret, and additional information, and sending the service key to the service node together with said additional information, forwarding said additional information from the service node to the client, and at the client, generating said service key using the received additional information and the base key. A similar approach may be used to provide p2p key management. | 06-28-2012 |
20120166803 | VERIFICATION METHOD, APPARATUS, AND SYSTEM FOR RESOURCE ACCESS CONTROL - A verification method includes obtaining a Uniform Resource Locator (URL) link from a user terminal. The URL link is generated by a portal server according to obtained user terminal information and includes the user terminal information. The method further includes obtaining the user terminal information included in the URL link and performing a validity check according to user terminal information stored on a network side and the user terminal information included in the URL link. The validity check can be performed on the URL link according to the user terminal information, which prevents different users from accessing a resource through the same correct URL link and avoids occurrence of link theft. | 06-28-2012 |
20120166804 | VLAN Tunneling - According to one embodiment of the invention, a method is described that is directed to sending, by a network device, information over a first tunnel associated with a first virtual local area network. Also, a second tunnel associated with the second virtual local area network is created by the network device if the information is determined to be received from a network device that is a member of the second virtual local area network differing from the first virtual local area network. Herein, the first tunnel and the second tunnel each encapsulates at least data link traffic. | 06-28-2012 |
20120198234 | METHOD AND APPARATUS FOR ENSURING THE INTEGRITY OF A DOWNLOADED DATA SET - The disclosed embodiments provide a system that ensures the integrity of a downloaded data set. During operation, a browser application executing on a computing device receives a data set that was signed using the private key of a host computer. The browser application stores this signed data set in a browser data store. Subsequently, the browser application also receives a public key from the host computer (e.g., while accessing a web page associated with the signed data set). The browser application ensures the integrity of the data set by executing scripted program code that: uses the public key to decode the signature for the data set; calculates a hash value for the signed data set; and compares the decoded signature with the hash value to validate the data set. | 08-02-2012 |
20120198235 | SECURE MESSAGING WITH READ-UNDENIABILITY AND DELETION-VERIFIABILITY - A cryptographically-secure component is used to provide read-undeniability and deletion-verifiability for messaging applications. When a messaging application of a sending node desires to send a message to a messaging application of a receiving node, the sending node requests an encryption key from the receiving node. The cryptographically-secure component of the receiving node generates an encryption key that is bound to a state of the receiving node. The messaging application of the sending node encrypts the message using the encryption key and sends the encrypted message to the messaging application of the receiving node. Because the encryption key used to encrypt the message is bound to the state associated with reading the message by the cryptographically-secure component, if the receiving node desires to decrypt and read the encrypted message, the receiving node may advance its state to the bound state to retrieve the decryption key. | 08-02-2012 |
20120198236 | SYSTEMS, DEVICES, AND METHODS FOR SECURELY TRANSMITTING A SECURITY PARAMETER TO A COMPUTING DEVICE - Embodiments of the systems, devices, and methods described herein generally facilitate the secure transmittal of security parameters. In accordance with at least one embodiment, a representation of first data comprising a password is generated at the first computing device as an audio signal. The audio signal is transmitted from the first computing device to the second computing device. The password is determined from the audio signal at the second computing device. A key exchange is performed between the first computing device and the second computing device wherein a key is derived at each of the first and second computing devices. In at least one embodiment, one or more security parameters (e.g. one or more public keys) are exchanged between the first and second computing devices, and techniques for securing the exchange of security parameters or authenticating exchanged security parameters are generally disclosed herein. | 08-02-2012 |
20120210134 | METHOD OF SECURING COMMUNICATION - A method for securing data to be transmitted between a plurality of devices which includes exchanging encryption keys between first and second devices of the plurality of devices, selecting digital rights management (DRM) features for the data which is to be transmitted from the first device, encrypting the data to be transmitted and the selected digital rights management features using at least one distinct key, transmitting the encrypted data and the selected DRM features to the second device and a third device, and decrypting the encrypted data on the second device using the exchanged encryption keys and displaying the data according to the selected DRM features. | 08-16-2012 |
20120216041 | SERVICE SYSTEM - Provided is a system including a first server which stores a first encryption key and a second server which stores a second encryption key. The first server has a storage unit which stores double encryption information obtained by subjecting the information to double encryption using a first encryption key and a second encryption key. The first server stores encrypted information obtained by encrypting the information by a third encryption key. The first server further stores a double encryption key obtained by encrypting the third encryption key and the second encryption key. | 08-23-2012 |
20120221858 | Accelerated Key Agreement With Assisted Computations - A method is provided for obtaining a secret value for use as a key in a cryptographic operation, the secret value combining a private key, x, of one computing device with a public key, Y, of another computing device to obtain a secret value xY. The method includes obtaining a pair of scalars x | 08-30-2012 |
20120226909 | Method of Configuring a Node, Related Node and Configuration Server - A method for configuring a node, said node holding a public key depending on an identifier relating to said node, a related secret key and an address of a configuration server storing sets of configuration parameters for respective nodes, the method comprising the following steps carried out at the configuration server:
| 09-06-2012 |
20120233467 | IMPARTING CRYPTOGRAPHIC INFORMATION IN NETWORK COMMUNICATIONS - This specification describes technologies relating to imparting cryptographic information in network communications, in general, aspects of the subject matter described in this specification can be embodied in methods that include identifying a location in a pre-defined portion of a network communication to be sent in a client-server environment, wherein the pre-defined portion is reserved for random data, inserting cryptographic information into the pre-defined portion of the network communication at the location, and sending the network communication in the client-server environment to facilitate modifying interactions in the client-server environment based at least in part on a result of processing of the cryptographic information; and on a receiving side, receiving cryptographic information inserted into the pre-defined portion of the network communication in the client-server environment, identifying the location, processing the cryptographic information, and modifying interactions in the client-server environment based at least in part on a result of the processing. | 09-13-2012 |
20120233468 | AUTHENTICATING METHOD OF COMMUNICATING CONNECTION, GATEWAY APPARATUS USING AUTHENTICATING METHOD, AND COMMUNICATION SYSTEM USING AUTHENTICATING METHOD - An authenticating method of communicating connection between a terminal and a gateway apparatus, the method including transmitting authentication information and first intrinsic identification information that is intrinsic identification information of the terminal from the terminal to the gateway apparatus and requesting the authentication; authenticating the communicating connection by using at least one of the first intrinsic identification information and the authentication information; and when the authenticating is successful, generating at least one authentication key by using at least one of the first intrinsic identification information and second intrinsic identification information that is intrinsic identification information of the gateway apparatus, thereby increasing communication security between the terminal and the gateway apparatus. | 09-13-2012 |
20120239933 | Methods and Devices Having a Key Distributor Function for Improving the Speed and Quality of a Handover - Embodiments relate to a key distributer node (AS) for a network, which comprises:
| 09-20-2012 |
20120254615 | USING A DYNAMICALLY-GENERATED SYMMETRIC KEY TO ESTABLISH INTERNET PROTOCOL SECURITY FOR COMMUNICATIONS BETWEEN A MOBILE SUBSCRIBER AND A SUPPORTING WIRELESS COMMUNICATIONS NETWORK - Embodiments provide a means for securing wireless network communications. A security association can be established between a mobile subscriber device ( | 10-04-2012 |
20120254616 | Identity-Based Decryption - Devices and methods are provided for managing identity-based decryption of digital content. A message sender (“Alice”) uses a random key (Krand) to encrypt message content for a message recipient (“Bob”). Then Alice uses the public key of a message decryption service provider (“Carmen”) to generate a wrapped key ciphertext comprising the Krand and authentication information associated with Bob. Alice then sends a message text containing the encrypted message content and the wrapped key ciphertext to Bob, who in turn sends the wrapped key ciphertext to Carmen along with his authentication information. Carmen then uses her private key to process the wrapped key ciphertext to decrypt the Krand and Bob's authentication information. If the authentication information provided by Bob matches the decrypted authentication information, then Carmen sends the decrypted Krand to Bob, who uses it to decrypt the encrypted message content. | 10-04-2012 |
20120254617 | METHOD AND SYSTEM FOR ESTABLISHING SECURITY CONNECTION BETWEEN SWITCH EQUIPMENTS - A method and a system for establishing a security connection between switch equipments are disclosed in the present invention. The system includes the first switch equipment and the second switch equipment; the first switch equipment sends the switch key negotiation activation packet and the switch key negotiation response packet to the second switch equipment; the second switch equipment sends the switch key negotiation request packet to the first switch equipment. The embodiments of the present invention provide a security policy for data security transmission between switch equipments by establishing shared switch key between each two switch equipments, thus guaranteeing the confidentiality of the data transmission process between switch equipments in the data link layer. The calculation burden of switch equipment and the delay of the data packets transmitted from the transmission end to the reception end can be reduced and the efficiency of network transmission can be improved. | 10-04-2012 |
20120260094 | DIGITAL RIGHTS MANAGMENET USING ATTRIBUTE-BASED ENCRYPTION - A data provider ( | 10-11-2012 |
20120272064 | DISCOVERY OF SECURITY ASSOCIATIONS - Techniques are disclosed for discovering security associations formed in communication environments. For example, a method for forming a discoverable security association between a first computing device (e.g., a first client) and a second computing device (e.g., a second client) comprises the following steps. The first computing device is provided with a seed that is used by the first computing device to generate a secret that is used by the first computing device to compute a key for use in securing communications with the second computing device. The secret is re-computable based on knowledge of the seed and the key is re-computable based on knowledge of the secret such that a third computing device (e.g., an intercepting server) can use the re-computed key to intercept communications between the first computing device and the second computing device unbeknownst to the first computing device and the second computing device. By way of example, the key may be a result of an identity based authenticated key exchange. | 10-25-2012 |
20120272065 | Authentication Method, Host Computer and Recording Medium - According to one embodiment, a host computer updates the media key block MKB in a first updatable memory device in the case where the version number of the media key block MKB read from a recording medium is newer than that of the media key block MKB in the first updatable memory device. The host computer generates a medium unique key Kmu based on a media key Km calculated from the media key block MKB read from the recording medium and a media ID read from the recording medium. The host computer executes the authentication and key exchange AKE process with the recording medium based on the medium unique key Kmu. | 10-25-2012 |
20120284518 | METHOD OF ANONYMOUS ENTITY AUTHENTICATION USING GROUP-BASED ANONYMOUS SIGNATURES - Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a first entity and a second entity. The first entity remains anonymous to the second entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication between the entities, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA). | 11-08-2012 |
20120284519 | IMPLEMENTING METHOD, SYSTEM OF UNIVERSAL CARD SYSTEM AND SMART CARD - An implementing method, a system of a universal card system and a smart card are disclosed. The smart card receives the creating master control sub-application message from a card-issuing party operation platform, decrypts the message according to a pre-stored encryption key of the card-issuing party sensitive data, obtains the master control sub-application data, and creates a master control sub-application according to the master control sub-application data. An enterprise managing key is included in the master control sub-application data. The smart card receives the creating non-master control sub-application message from an enterprise operation platform, decrypts the creating non-master control sub-application message according to encryption key of the enterprise sensitive data in the enterprise managing key, obtains the non-master control sub-application data, and creates a non-master control sub-application according to the non-master control sub-application data. | 11-08-2012 |
20120284520 | ESTABLISHING SHARED INFORMATION IN A NETWORK - A method for establishing shared information is described. The method includes estimating characteristics of a communication channel between two nodes based on signals transmitted between the nodes. The method also includes transmitting a signal from the first node to the second node, the signal being modulated with a first data sequence according to a first estimated characteristic, and transmitting a signal from the second node to the first node, the signal being modulated with a second data sequence according to a second estimated characteristic. Shared information is formed at each of the first and second nodes based on at least a portion of the first data sequence and at least a portion of the second data sequence. | 11-08-2012 |
20120297194 | Device Authentication - A first device in possession of a value is able to determine, without communicating the value and without communicating any information from which the value can be identified, whether a second device is also in possession of the value. The first device accomplishes this with the assistance of a third device that is able to communicate with the first device and with the second device. The second device also does not communicate the value and does not communicate any information from which the value can be identified. The first device may send additional information to the third device which, if passed to the second device, enables the second device to determine that the first device is in possession of the value. The value may be a secret. | 11-22-2012 |
20120303961 | Systems and Methods for Authenticating Mobile Devices - Embodiments of the invention provide systems and methods for authenticating mobile devices. A registration request and identifying information for a mobile device or a secure element associated with the mobile device may be received. Based upon the received identifying information and a base level key, a rotated key for the mobile device may be determined. The determined rotated key may then be provided to the mobile device, and the rotated key may be utilized for subsequent authentication of the mobile device. | 11-29-2012 |
20120317417 | METHOD OF GENERATION OF A SECRET KEY FOR A WIRELESS COMMUNICATION SYSTEM - The present invention concerns a method of generation of a secret key, shared between a first terminal and a second terminal. The key is generated from the impulse response of the transmission channel separating the two terminals. A first message representative of the impulse response estimated by the first terminal is transmitted to the second terminal. This message is encoded using a channel encoding and punctured at a rate which prevents any decoding if additional information is missing. The second terminal combines this first message with at least a part of a second message representative of the impulse response estimated by the second terminal in order to attempt to decode the first message. If the decoding is successful the secret key is generated by the second terminal from the first message thus decoded. | 12-13-2012 |
20120331297 | METHOD FOR RECEIVING/SENDING MULTIMEDIA MESSAGES - A multimedia messaging system for receiving/sending multimedia messages, includes: a wireless LAN; and a MMS gateway. The MMS gateway performs: receiving/sending the multimedia message to/from a MMS user device via the wireless LAN; and encrypting the multimedia message. The encryption is performed by: issuing a certificate to the MMS user device; sending a session ID and a master key encrypted by the MMS gateway's private key to the MMS user device in response to a request of the MMS user device having the certificate; generated a shared secret key using an algorithm combining the master key with the MMS user device's phone number and the session ID; and encrypting the multimedia message using the shared secret key. | 12-27-2012 |
20120331298 | SECURITY AUTHENTICATION METHOD, APPARATUS, AND SYSTEM - Embodiments of the present invention provide a security authentication method, apparatus, and system, where the method includes: verifying a feature identifier for identifying terminal equipment, where the terminal equipment is machine-to-machine equipment; and obtaining a key corresponding to the feature identifier, so as to perform secure communication with the terminal equipment according to the key. In the embodiments of the present invention, after terminal equipment, a mobility management entity, and a home subscriber system successfully perform authentication and key agreement, it is verified whether a feature identifier of the terminal is legal, and when the feature identifier of the terminal is a legal identifier, a key is obtained according to the feature identifier, so that the mobility management entity and the terminal equipment perform secure communication according to the key, thereby implementing secure communication between M2M equipment and a network side. | 12-27-2012 |
20130007455 | SYSTEM AND METHOD FOR ESTABLISHING PERPETUAL TRUST AMONG PLATFORM DOMAINS - A method may include generating a first shared secret for a present boot session of the information handling system and determining if a second shared secret existed for a prior boot session of the information handling system. If the second shared secret existed for the prior boot session, the method may include encrypting the first shared secret with the second shared secret and communicating the first shared secret encrypted by the second shared secret from a first information handling resource to a second information handling resource. If the second shared secret did not exist for the prior boot session, the method may include communicating the first shared secret unencrypted from the first information handling resource to the second information handling resource. The method may additionally include securely communicating between the first information handling resource and the second information handling resource using the first shared secret for encryption and decryption. | 01-03-2013 |
20130007456 | SYSTEM AND METHOD FOR EXCHANGING KEY GENERATION PARAMETERS FOR SECURE COMMUNICATIONS - A communication system exchanges key generation parameters for secure communications. An internet service and communications device of a user are in communication with each other. The internet service includes an account authentication mechanism for a user and includes a database having stored cryptographic keys and key generation parameters. A device client operates on the communications device and initiates a request to the internet service that authenticates the user and establishes a secure communications channel between the internet service and communications device and determine key generation parameters based on an authenticated user identifier and transmits the key generation parameters for initiating key generation and securely establishing a cryptographic key between the internet service and communications device. | 01-03-2013 |
20130007457 | EXCHANGE OF KEY MATERIAL - A communication network manages key material. A method generates and provides session keys from a security node to an access node for further propagation during handoff procedures, without requiring the security node to take part in the handoff procedures. | 01-03-2013 |
20130013926 | Method and Apparatus for Device-to-Device Key Management - Various methods for device-to-device key management are provided. One example method includes receiving a communication mode change command requesting a mode change to device-to-device communications, and generating a local device security key based on a secret key and a base value. The local device security key may be configured for use in device-to-device communications. The example method may also include receiving a security key combination value, and deconstructing the security key combination value using the local device security key to determine a peer device security key. The peer device security key may be configured for use in device-to-device communications. Similar and related example methods and example apparatuses are also provided. | 01-10-2013 |
20130019098 | SYSTEMS AND METHODS FOR AUTHENTICATING AN ELECTRONIC TRANSACTION - Systems and methods for authenticating a request between a client computer and a transaction server are provided. An application request, comprising an identity of a user originating the request, is received at an application server from the client. The application server constructs a signing key based on (i) the identity of the user making the request, (ii) a time based salt value, (iii) a secret shared between the application and transaction servers and, optionally, (iv) an identifier of the distributor or developer of the application. The signing key is embedded in an unbranded version of the application thereby branding the application. The branded application can sign a request with the signing key and submit the signed request to the transaction server with the identity of the user and the identifier of the distributor or developer of the application. | 01-17-2013 |
20130019099 | Strengthened Public Key Protocol - A method of determining the integrity of a message exchanged between a pair of correspondents. The message is secured by embodying the message in a function of a public key derived from a private key selected by one of the correspondents. The method comprises first obtaining the public key. The public key is then subjected to at least one mathematical test to determine whether the public key satisfies predefined mathematical characteristics. Messages utilizing the public key are accepted if the public key satisfies the predefined mathematical characteristics. | 01-17-2013 |
20130024693 | Network Reputation System And Its Controlling Method Thereof - A network reputation system and its controlling method are provided. A credential and exchange component permits a user to generate credentials and exchange matching items with those persons having a social relationship with the user. A reputation evaluation component enables other users to make evaluations about an estimatee via the sharing of social network information. A query and response component receives a query from a person having a social relationship with the user for requesting an evaluation about the estimatee, and responds with an associated evaluation result to the person having a social relationship with the user, via the sharing of social network information and the evaluations made by the other users about the estimatee. | 01-24-2013 |
20130036307 | AUTHENTICATION OF CACHE DNS SERVER RESPONSES - A response to a Domain Name System (DNS) query can be protected with authentication information to be used by a host that originated the query. In one example, a DNS server is not among servers that can be authenticated by the Domain Name System Security Extensions (DNSSEC). The DNS server generates a public-private key pair and uses the private key for signing DNS resolutions. The corresponding public key can be distributed to hosts that will communicate with the DNS server. In various implementations, the public key is distributed by the DNS server and/or routers or as part of a neighbor discovery interaction. In one example, the public key is distributed in certificate path advertisements of the IPv6 Secure Neighbor Discovery Protocol (SEND) protocol. | 02-07-2013 |
20130036308 | END-TO-END AUTHENTICATION OF SESSION INITIATION PROTOCOL MESSAGES USING CERTIFICATES - End-to-end authentication capability based on public-key certificates is combined with the Session Initiation Protocol (SIP) to allow a SIP node that receives a SIP request message to authenticate the sender of request. The SIP request message is sent with a digital signature generated with a private key of the sender and may include a certificate of the sender. The SIP request message my also be encrypted with a public key of the recipient. After receiving the SIP request, the receiving SIP node obtains a certificate of the sender and authenticates the sender based on the digital signature. The digital signature may be included in an Authorization header of the SIP request, or in a multipart message body constructed according to the S/MIME standard. | 02-07-2013 |
20130042112 | USE OF NON-INTERACTIVE IDENTITY BASED KEY AGREEMENT DERIVED SECRET KEYS WITH AUTHENTICATED ENCRYPTION - A sender private key is created from a master key. The sender private key and public information about a recipient is used to produce a secret key. Data is encrypted with the secret key. The encryption uses authentication data. The encrypted data is sent to the recipient. A recipient private key is created from the master key. The recipient private key is different from the sender private key. The recipient private key and public information about the sender is used to recreate the secret key. At the recipient, the secret key is used to decrypt the encrypted data and the authentication data is used to authenticate the data. | 02-14-2013 |
20130042113 | DATA SHARING SYSTEM, DATA DISTRIBUTION SYSTEM, AND DATA PROTECTION METHOD - Embodiments of the present invention provide a data protection method, used by a data owner to share data with a data sharer securely through a data distribution system. The data owner first establishes a proxy relationship with the data sharer, while the data distribution system is configured to maintain a proxy relationship between the data owner and the data sharer, and after receiving encrypted shared data sent by the data owner, the data distribution system changes the encrypted shared data according to the proxy relationship, so that the data sharer may decrypt the data. By using the data protection method in the embodiments of the present invention, both encryption and decryption of data are a result of coordination of three parties, thereby avoiding a problem of data leakage caused by a problem of a single party. | 02-14-2013 |
20130046981 | SECURE PROVISIONING OF INTEGRATED CIRCUITS AT VARIOUS STATES OF DEPLOYMENT, METHODS THEREOF - An integrated circuit is provisioned after the integrated circuit has been sold and integrated into a customer's product. During provisioning, the integrated circuit is booted in a secure manner using a security value, such as a cryptographic key, owned by a manufacturer of the integrated circuit, or by a purchaser of the integrated circuit, to establish a secure communications channel with a provisioning server. Once the secure communications channel is established, the integrated circuit can be provisioned with a security value that is owned by the purchaser of the integrated circuit and the manufacturer's security value is disabled. | 02-21-2013 |
20130046982 | APPARATUS AND METHOD FOR SUPPORTING FAMILY CLOUD IN CLOUD COMPUTING SYSTEM - A method and an apparatus for effective data sharing between users in a cloud computing system are provided. The cloud computing system includes a first cloud hub and a User Equipment (UE). The first cloud hub provides a cloud service to a UE connected by a public cloud access and provides a cloud service to a UE connected to a public personal cloud system installed by a service provider, and is installed by a user. The UE subscribes to the first cloud hub as a main cloud and inquires as to data stored in the first cloud hub. | 02-21-2013 |
20130046983 | AUTHENTICATION METHOD AND DEVICE, AUTHENTICATION CENTRE AND SYSTEM - An authentication method and device, authentication centre and system are provided. The method comprises: receiving at least one access request and obtaining sub-key information from the access request; generating a group key according to the obtained sub-key information, and interacting with the network side according to the group key to perform the group authentication. The solution can solve the problem that the one-to-one authentication causes network load in the present art, implement the authentication of multiple nodes at one time, reduce network resources and the network load of the server, and can be appropriate for the authentication of the terminal nodes in the internet of things, and can greatly improve the availability of services in the internet of things. | 02-21-2013 |
20130046984 | Establishing a Secured Communication Session - The present invention relates to a method for establishing a secured communication session in a communication system between a user using an untrusted device and a server. According to the present invention the user first obtains an authentication algorithm and an encryption algorithm and then creates a session key. Next the user obtains a public key of the server and sends a personal identity number to the server for authentication by using the authentication algorithm, the personal identity number being encrypted by using the encryption algorithm and the public key of the server. The user also sends the session key to the server for encrypting purpose between the user and the server, the session key being encrypted by using the encryption algorithm and the public key of the server. | 02-21-2013 |
20130046985 | Method and Apparatus for Cryptographic Key Storage Wherein Key Servers are Authenticated by Possession and Secure Distribution of Stored Keys - A key management system includes secured data stored on a first system secured by a control key stored securely on a key server. The secured data is secured against attacks such as unauthorized use, modification or access, where authorization to access the secured data is determined by knowledge of an access private key of an access key pair. When an authorized user is to access the secured data, the first system generates a request to the key server, signed with the access private key, wherein the request is for a decryption control key and the request includes a one-time public key of a key pair generated by the first system for the request. The first system can decrypt the decryption control key from the response, using a one-time private key. The first system can then decrypt the secured data with the decryption control key remaining secured in transport. | 02-21-2013 |
20130046986 | ELECTRONIC DATA COMMUNICATION SYSTEM - There is described an electronic data communication system in which encrypted mail messages for a recipient are sent in two parts: message data encrypted by a symmetric encryption algorithm using a session key and session key data encrypted by an asymmetric encryption algorithm using a public key associated with the recipient. If the recipient uses a webmail service to access the encrypted electronic mail message, the encrypted session key data is sent to a trusted third party server which has access to the private key of the user. The trusted third party server decrypts the encrypted session key using the private key of the user, and then sends the decrypted session key to a remote network device for decryption of the encrypted message. | 02-21-2013 |
20130054970 | Apparatuses and Methods for Enabling a User to Consume Protected Contents of a Content Provider - The embodiments of the present invention relate to apparatuses, in terms of a client device ( | 02-28-2013 |
20130054971 | TERMINAL DEVICE, VERIFICATION DEVICE, KEY DISTRIBUTION DEVICE, CONTENT PLAYBACK METHOD, KEY DISTRIBUTION METHOD, AND COMPUTER PROGRAM - The terminal device | 02-28-2013 |
20130061054 | METHOD TO CONTROL AND LIMIT READABILITY OF ELECTRONIC DOCUMENTS - A series of data treatment processes, software applications and hardware devices jointly used to achieve the ability to make an electronic document available to the public or to a limited audience to either cease being readable, or start being readable, at a given moment in time or after a given event has occurred. A typical usage scenario consists in “automatic destruction” of documents used internally by an organization and that must be made unreadable after a certain project is complete. Conversely, public offers for auctions may be posted to all the participants and the issuer in an unreadable form, and made then readable after the deadline of the auction is expired. Again, documents may be made unreadable after a certain number of reads, or forwarded to a specific address under some conditions, or accessed only through well-known unmodified clients. | 03-07-2013 |
20130067228 | METHOD AND DEVICE FOR SECURELY SHARING IMAGES ACROSS UNTRUSTED CHANNELS - A method and device for securely sharing images across untrusted channels includes downloading an encrypted image from a remote server to a computing device. The encrypted image may be encrypted at the time of uploading by another user. The current user of the computing device is authenticated using a facial recognition procedure. If the current user is authenticated and is determined to be authorized to view the decrypted image, the encrypted image is decrypted and displayed to the user. If the user becomes unauthenticated (e.g., the user leaves the computing device or another user replaces the current user), the encrypted image is displayed in place of the encrypted image such that the decrypted image is displayed only for authorized persons physically present at the computing device. | 03-14-2013 |
20130067229 | METHOD AND APPARATUS FOR KEY SHARING OVER REMOTE DESKTOP PROTOCOL - Various methods for the secure exchange of private keys for authenticating a user to an RDP service are provided. One example method may comprise receiving a request comprising a session token to provide a user with access to an RDP service, and retrieving a username and password associated with the user using the session token. The method may further comprise assigning a time period of validity to the password. Furthermore, the method may comprise generating a first secret key based on user information, generating a second secret key based on the first secret key and a salt, and encrypting a packet comprising the password and the time period using the second secret key. Additionally, the method may comprise transmitting the username and encrypted packet to the device for authenticating the user with the requested RDP service. Similar and related example methods, apparatuses, systems, and computer program products are also provided. | 03-14-2013 |
20130067230 | METHOD FOR GENERATING RIGHTS OBJECT AND DEVICE TO PERFORM THE METHOD, METHOD FOR TRANSMITTING RIGHTS OBJECT AND DEVICE TO PERFORM THE METHOD, AND METHOD FOR RECEIVING RIGHTS OBJECT AND DEVICE TO PERFORM THE METHOD - A method for transmitting a Rights Object (RO) includes generating a password key by encrypting a password, generating the RO using the password key, and transmitting the RO from a first device to a second device. The second device and the first device share the password and the second device generates the password key using the same encryption method as that used by the first device to generate the password key. The second device decrypts a Message Authentication Code (MAC) key and a Rights Object Encryption Key (REK) using the password key, decrypts a Content Encryption Key (CEK) using the decrypted REK, and verifies integrity of the RO using the decrypted MAC key. The second device can use and/or access content associated with the RO using the decrypted CEK. The CEK may be generated by the first device or may be the CEK from a Rights Issuer. | 03-14-2013 |
20130073854 | DATA STORAGE INCORPORATING CRYTPOGRAPHICALLY ENHANCED DATA PROTECTION - Various exemplary embodiments relate to a system for storing encrypted data and providing access to a group of users. The system may include: a record of user accounts including: a user identifier and a public encryption key; an access control list (ACL) defining an access control policy including: permissions defining access to data objects associated with the ACL and an ACL key list including copies of a an ACL key encrypted with the public keys of the users; a user-data storage medium including: encrypted user data, stored as a plurality of data objects, each object associated with an ACL and encrypted with the ACL key, and meta-data; and an access controller configured to: receive a request for a data object, and send a copy of the data object and the ACL key encrypted with the public key of the user if the user has permission to access the data object. | 03-21-2013 |
20130073855 | Collision Based Multivariate Signature Scheme - A cryptographic method and system is described, the method and system including providing a key pair that includes a private key and a corresponding public key, which defines a multivariate polynomial mapping, computing, using a processor and the private key, a digital signature for a message such that a first application of the mapping to the digital signature gives a first result, and a second application of the mapping to the message gives a second result that is equal to the first result, and conveying the message with the digital signature to a recipient for authentication using the public key. Related hardware, methods, and systems are also described. | 03-21-2013 |
20130080781 | METHOD AND SYSTEM FOR SENDING A MESSAGE THROUGH A SECURE CONNECTION - The method and system enable secure forwarding of a message from a first computer to a second computer via an intermediate computer in a telecommunication network. A message is formed in the first computer or in a computer that is served by the first computer, and in the latter case, sending the message to the first computer. In the first computer, a secure message is then formed by giving the message a unique identity and a destination address. The message is sent from the first computer to the intermediate computer after which the destination address and the unique identity are used to find an address to the second computer. The current destination address is substituted with the found address to the second computer, and the unique identity is substituted with another unique identity. Then the message is forwarded to the second computer. | 03-28-2013 |
20130080782 | METHOD AND SYSTEM OF SECURING GROUP COMMUNICATION IN A MACHINE-TO-MACHINE COMMUNICATION ENVIRONMENT - A method and system for securing group communication in a Machine-to-Machine (M2M) communication environment including a plurality of Machine Type Communication (MTC) groups, wherein each of the plurality of MTC groups includes a plurality of MTC devices. The method includes generating a unique group key for securing communication with MTC devices associated with an MTC group in an M2M communication environment, securely providing information on the unique group key to the MTC devices associated with the MTC group, and securely communicating at least one broadcast group message with the MTC devices using the unique group key information. | 03-28-2013 |
20130080783 | METHOD FOR ESTABLISHING SECURE NETWORK ARCHITECTURE, METHOD AND SYSTEM FOR SECURE COMMUNICATION - A method for establishing a secure network architecture, a method and system for secure communication are provided. Said method for establishing a secure network architecture includes: 1) constructing the network architecture where the identities of nodes are legal, including: neighboring node discovery; performing identities certification and shared key negotiation between a node and the neighbor node; 2) constructing a secure switching device architecture, including: establishing a shared key between every two of the switch devices. | 03-28-2013 |
20130086383 | VIRTUAL MACHINE IMAGES ENCRYPTION USING TRUSTED COMPUTING GROUP SEALING - A host machine provisions a virtual machine from a catalog of stock virtual machines. The host machine instantiates the virtual machine. The host machine configures the virtual machine, based on customer inputs, to form a customer's configured virtual machine. The host machine creates an image from the customer's configured virtual machine. The host machine unwraps a sealed customer's symmetric key to form a customer's symmetric key. The host machine encrypts the customer's configured virtual machine with the customer's symmetric key to form an encrypted configured virtual machine. The host machine stores the encrypted configured virtual machine to non-volatile storage. | 04-04-2013 |
20130091359 | Short-range Secure Data Communication Method Based on Sound Wave or Audio, and Apparatus Thereof - The present invention discloses an apparatus, a system and a method for short-range sound wave communication. The system realizes non-contact secure transmission by using the sound wave as the data transmission medium, and also can realize a reliable and secure data link directly through an audio connection. The invention systematically constructs multiple end-to-end transmission verification mechanisms for the process of data transmission: transmission data integrity verification, valid time verification, password verification, service data verification and data encryption; and according to the security level of the data, the sending end specifies the requirements for encryption and data verification in the transmission data so as to notify the reception end which verifications should be performed to the data packets, how to perform the verifications, etc. By using the same verification processing manner, operations can be performed to the data (e.g. the payment and settlement function of an account). With lower cost, the present invention can realize the reliable communication of a small data volume using sound wave, and has certain security. | 04-11-2013 |
20130097423 | PROCESSING DEVICE AND COMPUTER-READABLE RECORDING MEDIUM HAVING STORED THEREIN PROCESSING PROGRAM - A processing device for executing predetermined process associated with information to be processed at preset key time, the processing device includes a processor, wherein the processor determines whether or not key time is included in a check period which is between key time at which previous process was performed and current time, at a check timing set for each predetermined time; and the processor executes the predetermined process which is to be performed at the key time, when it is determined that the key time is included in the check period. | 04-18-2013 |
20130097424 | DISCOVERY OF SECURE NETWORK ENCLAVES - A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located. | 04-18-2013 |
20130103947 | TEMPORAL PROXIMITY TO VERIFY PHYSICAL PROXIMITY - A security system assesses the response time to requests for information to determine whether the responding system is in physical proximity to the requesting system. Generally, physical proximity corresponds to temporal proximity. If the response time indicates a substantial or abnormal lag between request and response, the system assumes that the lag is caused by the request and response having to travel a substantial or abnormal physical distance, or caused by the request being processed to generate a response, rather than being answered by an existing response in the physical possession of a user. If a substantial or abnormal lag is detected, for example due to the fact that the information was downloaded from the Internet, the system is configured to limit subsequent access to protected material by the current user, and/or to notify security personnel of the abnormal response lag. | 04-25-2013 |
20130111208 | TECHNIQUES FOR AUTHENTICATION VIA A MOBILE DEVICE | 05-02-2013 |
20130111209 | Authenticating an Ephemeral Diffie-Hellman using a Trusted Third Party | 05-02-2013 |
20130111210 | METHODS AND SYSTEMS FOR ENABLING, TRACKING, AND CORRELATING ANONYMOUS USER ACTIVITY | 05-02-2013 |
20130111211 | External Reference Monitor | 05-02-2013 |
20130117568 | CRYPTOGRAPHIC TECHNIQUES FOR A COMMUNICATIONS NETWORK - Techniques are described for enabling authentication and/or key agreement between communications network stations and service networks. The techniques described include the negotiation and use of a cryptographic primitive shared between a service network and a home environment of a station. The techniques described also feature a key usage indicator, such as a sequence number, maintained by the service network and a station. Comparison of the key usage indicators can, for example, permit efficient authentication of the service network. | 05-09-2013 |
20130124866 | CLIENT-SERVER SYSTEM WITH SECURITY FOR UNTRUSTED SERVER - In the context of a computer client-server architecture, typically used in the Internet for communicating between a server and applications running on user computers (clients), a method is provided for enhancing security in the context of digital rights management (DRM) where the server is an untrusted server that may not be secure, but the client is secure. This method operates to authenticate the server to the client and vice versa to defeat hacking attacks intended to obtain confidential information. Values passed between the server and the client include encrypted random numbers, authentication values and other verification data generated using cryptographic techniques including double encryption. | 05-16-2013 |
20130124867 | SYSTEM AND METHOD FOR SECURE SOFTWARE LICENSE DISTRIBUTION - In one embodiment, a method includes receiving a request to remove one or more limitations imposed on a full-featured base application executing on a client computer. The method further includes creating a license package. The license package includes a first layer and a second layer separately encrypted therein. The second layer includes a license key operable to be consumed by the full-featured base application to remove the one or more limitations. The first layer comprises information sufficient to identify the license key. In addition, the method includes encapsulating the license package into a file having a file-type association with the full-featured base application. Further, the method includes transmitting the file to the client computer. The method also includes interacting with the full-featured base application to allow decryption of the first layer and the second layer so that the license key can be applied. | 05-16-2013 |
20130132722 | SYSTEM AND METHOD FOR AUTHENTICATING DATA - Systems and methods for authenticating data and timeliness are disclosed. A method for authentication can comprise processing a data block to determine a first secret element, generating a second secret element based upon the first secret element, generating a non-secret element based upon the second secret element, and comparing the non-secret element to a nonce associated with the first secret element to determine authentication. | 05-23-2013 |
20130132723 | CRYPTOGRAPHIC METHOD FOR COMMUNICATING CONFIDENTIAL INFORMATION - A cryptographic method for communicating confidential information m between a first electronic entity (A) and a second electronic entity (B), includes a distribution step and a reconciliation step, the distribution step including a plurality of steps, one of which consists of the first entity (A) and the second entity (B) calculating a first intermediate value P | 05-23-2013 |
20130132724 | SYSTEM AND METHOD FOR AUTHENTICATING A RESOURCE-CONSTRAINED CLIENT - A system and method for authenticating a resource-constrained client are provided. The method includes transmitting, by the server, a query message including a first modified secret key to the client, wherein the first modified secret key is generated using a first secret key and a first blinding value; receiving, from the client, a response message including a response value, wherein the response value is generated using the first blinding value, a second secret key, and an error value; calculating the error value from the response value; and determining, based on the error value, whether authentication of the client is successful. | 05-23-2013 |
20130132725 | PROTECTION METHOD, DECRYPTION METHOD, RECORDING MEDIUM AND TERMINAL FOR SAID PROTECTION METHOD - Protecting data transmission, either multimedia or a control word, between a security processor and a terminal includes, at the security processor, building a current session key by root key diversification as a function of a parameter transmitted by the terminal, decrypting the data, encrypting it with the session key, and transmitting it, and at the terminal, decrypting it using a secret code to obtain plain data, recording, in advance, secret codes, each enabling decryption of only data encrypted by a corresponding session key obtained by root-key diversification with a parameter, which can be the transmitted parameter, receiving the parameter in a message that also contains the data to be decrypted by the security processor, and in response, selecting, from the secret codes, a code for decrypting the data encrypted with the session key, as a function of the parameter or another parameter in the message. | 05-23-2013 |
20130138961 | COMMUNICATION TERMINAL, COMMUNICATION SYSTEM, COMMUNICATION METHOD AND COMMUNICATION PROGRAM - A communication terminal that can adjust which section of a one-time pad cipher key is used and achieve cipher communication when there is a possibility that the one-time pad cipher keys are not completely matched between communication terminals. A cipher key transfer device acquires a one-time pad cipher key from a key sharing system, divides the acquired one-time pad cipher key with a predetermined number of bits, and transfers the same to a mobile communication terminal after converting the same into one-time pad cipher key cartridges. Along with the partner's terminal, the mobile communication terminal negotiates which one-time pad cipher key cartridge will be used to perform cipher communication, decides the one-time pad cipher key cartridge to be used, and begins cipher communication. | 05-30-2013 |
20130145164 | SEMICONDUCTOR MEMORY DEVICE - According to one embodiment, a device includes a first memory area to store a first key. A second memory area stores encrypted secret identification (ID) information generated from secret ID information with a family key. A third memory area stores a family key block including data generated from the family key with an ID key. An authentication module performs authentication. A second key is generated from a first number with the first key, a session key is generated from a random number with the second key, and authentication information is generated from the secret ID information with the session key. The encrypted secret ID information, family key block and the authentication information is output. | 06-06-2013 |
20130151853 | SYSTEMS AND METHODS FOR SECURE PEER-TO-PEER COMMUNICATIONS - Systems and methods for secure peer-to-peer communication are disclosed herein. Various embodiments of the present invention advantageously enable authentication of a remote device, but without the use of a PKI certificate, and more generally, without requiring involvement from outside parties. In an exemplary embodiment, a password-protected message may be sent to a remote device, the password-protected message containing a unique identifier of a local device and a locally generated random number. Upon accessing the password-protected message, the remote device may reply to the local device including its own unique identifier and a remotely generated random number, where the reply is encrypted using the locally generated random number. An acknowledgement message may then be sent to the remote device including a mutually unique key, where the acknowledgement message is encrypted using the remotely generated random number. Subsequent communications between these devices may then be encrypted with this mutually unique key. | 06-13-2013 |
20130151854 | METHOD FOR AUTHENTICATING A PORTABLE DATA CARRIER - A method for authenticating a portable data carrier ( | 06-13-2013 |
20130159715 | Secure Peer-to-Peer Messaging Invitation Architecture - First and second communication devices respectively have first and second personal identification numbers (PINs). The first communication device transmits to the second communication device a first encryption key, and receives from the second communication device the second PIN that has been encrypted by the second communication device using the first encryption key. The first communication device receives from the second communication device a second encryption key, decrypts the encrypted second PIN, and encrypts the first PIN using the second encryption key, and transmits the encrypted first PIN to the second communication device. The first communication device conducts, with the second communication, device a peer-to-peer messaging session by transmitting to the second communication device peer-to-peer messages that contain the second PIN and receiving from the second communication device peer-to-peer messages that contain the first PIN. Each message is routed by a routing server based on the respective first and second PINs. | 06-20-2013 |
20130179689 | INFORMATION DISTRIBUTION METHOD, INFORMATION DISTRIBUTION SYSTEM AND IN-VEHICLE TERMINAL - [Objective] When installing software into an in-vehicle terminal from a server, it is required to prevent the software from being installed into an unsuitable terminal, and to reduce time and efforts for data input and download, thereby improving the convenience of the user. | 07-11-2013 |
20130185562 | HOST DEVICE, SEMICONDUCTOR MEMORY DEVICE, AND AUTHENTICATION METHOD - According to one embodiment, encrypted secret identification information (E-SecretID) and the key management information (FKB) are read from a memory device. Encrypted management key (E-FKey) is obtained using the key management information (FKB) and index information (k). The index information (k) and the encrypted management key (E-FKey) are transmitted to the semiconductor memory device. An index key (INK) is generated using the first key information (NKey) and the received index information (k). The encrypted management key (E-FKey) is decrypted using the index key (INK) to obtain management key (FKey), which is transmitted to the host device. | 07-18-2013 |
20130191639 | SYSTEM AND METHOD FOR SECURING COMMUNICATIONS BETWEEN DEVICES - A system and method for providing an improved way to secure messages being transmitted between communicating devices. Security mechanisms, operating below the session establishment level, provide fast encryption that is unconditionally secure or becomes stronger over time as devices continue to communicate. After random or arbitrary characters are used to encrypt an initial message, each new message communicated between two devices is encrypted with the most recent message communicated there-between as well as the changing key. Moreover, an exclusive dyadic relationship between the devices is obtained which prevents the cloning or piracy of the devices or the data communicated between them. The disclosed system and method also provide a multi-threading capability, thereby reducing the likelihood of a denial of service of attack. | 07-25-2013 |
20130212392 | KEY MANAGEMENT ON DEVICE FOR PERIMETERS - There is provided a method and apparatus for resetting a password for a device or managing the device, the device having an encryption perimeter. A device shares a public/private key pair with a server, the public key being on the device and the private key being on the server. An intermediate value is encrypted on the mobile device using the public key. If the password is lost or the device needs to be managed, the server can request the encrypted intermediate value, decrypt it, and send the decrypted value to the mobile device which may then resume operations. A new password may be provided by the server or the user may set a new password once the encryption key is recreated from the decrypted intermediate value. | 08-15-2013 |
20130212393 | SECURING A SECRET OF A USER - Methods, systems and apparatuses for securing a secret are disclosed. One method includes receiving a secret from the user and generating encrypted shares based on the secret, a policy, and a plurality of public keys. The encrypted shares are provided to a custodian, wherein the custodian verifies that the encrypted shares can be used to reconstitute the secret upon receiving the encrypted shares. | 08-15-2013 |
20130212394 | Method for 802.1X Authentication, Access Device and Access Control Device - In a method for 802.1X authentication, used in a network which comprises an access device and an access control device, a WLAN security template and a 802.1X client template is enabled at the access device, a 802.1X client template is enabled at the access device, and a 802.1X device template is enabled at a tunnel port of the access control device. The access control device establishes a 802.1X authentication tunnel with the access device, receive a packet transmitted by a client at the access control device through the 802.1X authentication tunnel, authenticates the client after receiving the packet, and assists the access device through the 802.1X authentication tunnel to obtain a session key. | 08-15-2013 |
20130212395 | MONITORING AND CONTROLLING ACCESS TO ELECTRONIC CONTENT - Methods, systems and apparatuses for monitoring and controlling access to an electronic content are disclosed. One method includes creating, by an owner server, a group comprising generating a group public key PK | 08-15-2013 |
20130219180 | DATA PROCESSING FOR SECURING LOCAL RESOURCES IN A MOBILE DEVICE - A method of data processing for securing local resources in a mobile device. The method includes: a) when network connectivity is available: coupling the mobile device with a first identity module associated to a first International Mobile Subscriber Identity (IMSI), receiving in the first identity module a network challenge from a communication network, ciphering the network challenge using a secret key, and sending a corresponding response to the network for subsequent successful authentication, b) after a successful authentication to the communication network: associating at least a part of the local resources to the first IMSI, and storing, in a database of the mobile device, authentication data related to the challenge/response duplet, granting access to local resources associated to the first IMSI. | 08-22-2013 |
20130227291 | METHODS AND APPARATUSES FOR SECURE COMMUNICATION - A method of establishing a secure communications path between a first local server on a local network and a device on a wide area network comprising: establishing a first secure communications connection between a second local server on the local network and the device; establishing a second secure communications connection between the second local server and the first local server, wherein the second local server impersonates the device for at least a portion of the connection request; and proxying data between the local server and the device | 08-29-2013 |
20130227292 | COMMUNICATING AN IDENTITY OF A GROUP SHARED SECRET TO A SERVER - An identity is communicated by a client device to a server without requiring the identity to be disclosed to eavesdroppers and without requiring the use of symmetric or asymmetric cryptography. In one example, the identity is an identity of the client device, where the identity has been assigned to the client device by the server through the provisioning of a unique subset of client-identifying keys. In another example, the identity is an identity of a group shared secret that has been provisioned by the server to the client device. | 08-29-2013 |
20130232339 | SYSTEMS, METHODS AND APPARATUSES FOR THE SECURE TRANSMISSION OF MEDIA CONTENT - The systems, methods and apparatuses described herein permit encrypted media content to be displayed by a display device under control of a local device. The local device may comprise a computer processor to control playing of the encrypted media content and a first communication interface to transmit an association encryption envelope and, according to the control, the encrypted media content. The display device may comprise a second communication interface coupled to the first interface to receive the encrypted media content and the association encryption envelope, a decryption engine to decrypt the association encryption envelope using a private key of the display device to recover a symmetric encryption key used to encrypt the encrypted media content and decrypt the encrypted media content using the recovered symmetric encryption key, and a decoder to decode the decrypted media content for display on a display screen according to the control. | 09-05-2013 |
20130246794 | SYSTEMS, DEVICES, AND METHODS FOR SECURELY TRANSMITTING A SECURITY PARAMETER TO A COMPUTING DEVICE - Embodiments of the systems, devices, and methods described herein generally facilitate the secure transmittal of security parameters. In accordance with at least one embodiment, a representation of first data comprising a password is generated at the first computing device as an audio signal. The audio signal is transmitted from the first computing device to the second computing device. The password is determined from the audio signal at the second computing device. A key exchange is performed between the first computing device and the second computing device wherein a key is derived at each of the first and second computing devices. In at least one embodiment, one or more security parameters (e.g. one or more public keys) are exchanged between the first and second computing devices, and techniques for securing the exchange of security parameters or authenticating exchanged security parameters are generally disclosed herein. | 09-19-2013 |
20130254544 | Method and Apparatus for Provisioning a Temporary Identity Module Using a Key-Sharing Scheme - A method and apparatus for providing a temporary identity module to a device ( | 09-26-2013 |
20130262868 | SHARED BUFFERS FOR PROCESSING ELEMENTS ON A NETWORK DEVICE - Examples are disclosed for exchanging a key between an input/output device for network device and a first processing element operating on the network device. Data having a destination associated with the first processing element may be received by the input/output device. The exchanged key may be used to encrypt the received data. The encrypted data may then be sent to a buffer maintained at least in part in a memory for the network device. The memory may be arranged to enable sharing of the buffer with at least a second processing element operating on the network device. Examples are also disclosed for the processing element to receive an indication of the storing of the encrypted data in the buffer. The processing element may then obtain the encrypted data from the buffer and decrypt the data using the exchanged key. | 10-03-2013 |
20130268762 | SYSTEMS, METHODS, AND COMPUTER-READABLE MEDIA FOR SECURE DIGITAL COMMUNICATIONS AND NETWORKS - Provided are system, methods, and computer-readable media for systems, methods, and computer-readable media for secure digital communications and networks. The system provides for secure communication between nodes through the use of a subscription between two nodes based on unique identifiers that are unique to each node, and communication between nodes without a subscription may be blocked. Additionally, secure communications between a node and a remote node are dynamically encrypted using asymmetric and symmetric encryption. The encryption algorithms and key lengths may be changed at each subsequent negotiation between a node and a remote node. | 10-10-2013 |
20130275757 | Secure Quantum Authentication System - A method and apparatus for sharing information. First bits are selected from a shared secret key in a first device. The first bits have a selected length. Second bits with the selected length in signals are sent from the first device to a second device. The signals have selected types of properties based on the first bits. The second bits are encoded in states for the selected types of properties. A key is generated in the first device. The key is based on the second bits received at the second device having the selected types of properties identified as matching expected types of properties. | 10-17-2013 |
20130275758 | SECURE MESSAGING - Given the rise in popularity of communicating personal, private, sensitive, or vital peer-to-peer or peer-to-group information over insecure text messaging infrastructure, it would be highly desirable to provide a lightweight solution that enables the exchange of information in a secure manner. The non-limiting technology herein provides systems and methods for the exchange of cryptographic material that can be used to encipher message-oriented communications between at least two peer devices. Once the cryptographic material is exchanged between cooperating peers, this lightweight solution can be used by common off the shelf hardware such as smartphones, tablets, feature phones, or special purpose machine to machine devices for private communications, such as command and control, location services, etc. using insecure voice or data communication paths, such as SMS. | 10-17-2013 |
20130275759 | TRANSMITTER, RECEIVER, AND TRANSMITTING METHOD - According to one embodiment, a transmitting method transmits a start request for an authentication and key exchange from at least one of receivers to the transmitter, performs an authentication and key exchange for at least one of a first key common to the receivers and a second key peculiar to the at least one of the receivers, and encrypts the content by using a key shared by the transmitter and the at least one of the receivers to transmit the encrypted content to the at least one of the receivers. | 10-17-2013 |
20130290720 | PROCESS AND SYSTEM FOR SELECTABLE DATA TRANSMISSION - Method and/or system for use in selectable data transmission. An electronic key may be generated (e.g., by a central module) and stored as assigned to authentication data. Electronic data may then be encrypted (e.g., by the central module) into encrypted data using at least part of the electronic key. A signaling message may be transmitted (e.g., by the central module) to a first communications terminal, and the encrypted data may then be transmitted (e.g., by the central module) to a second communications terminal that is selected by the first communications terminal. At least part of the electronic key may then be transmitted (e.g., by the central module) to the second communications terminal. The encrypted data may be decrypted by the second communications terminal using the at least part of the electronic key. | 10-31-2013 |
20130290721 | KEY EXCHANGE FOR A NETWORK ARCHITECTURE - Provided is a method of providing secure communication between an initiator and a responder in a communication network. The method includes providing an encryption key for securing communications between an initiator and a responder in a communications network that includes the initiator generating an initiator Diffie-Hellman computed value, the initiator transmitting the initiator Diffie-Hellman computed value to the responder, the responder generating the encryption key and a responder Diffie-Hellman computed value, the responder transmitting the responder Diffie-Hellman computed value to the initiator, and the initiator generating the encryption key. | 10-31-2013 |
20130290722 | EXTERNAL AUTHENTICATION SUPPORT OVER AN UNTRUSTED NETWORK - There are provided measures for supporting an authentication to an external packet data network over an untrusted access network, said measures exemplarily comprising authenticating a user equipment to a communication network providing connectivity for the user equipment across an unsecured access network in response to a first authentication request, wherein the authentication request is an authentication request of a key information exchange mechanism and includes authentication data, receiving a second authentication request for authenticating the user equipment towards a packet data network external to the communications network. The measures may further comprise creating a binding update message including the authentication data and identity information of the user received from the user equipment. | 10-31-2013 |
20130290723 | Key sharing method and system for machine type communication (MTC) server - The disclosure discloses a key sharing method for a Machine Type Communication (MTC) server, wherein when establishing a safe connection and performs safe communications with a first MTC server via a Generic Bootstrapping Architecture (GBA) process, an MTC device may send a second MTC server a request message containing a bootstrapping identifier (B-TID) currently used by the MTC device and the first MTC server and a host identifier NAF-ID | 10-31-2013 |
20130297938 | COMMUNICATION APPARATUS, CONTROL METHOD, AND STORAGE MEDIUM - Disclosed is a communication apparatus for executing processing for sharing an encryption key between itself and another party's communication apparatus, wherein the communication apparatus executes the processing, respectively at least one time, as an authenticating apparatus and an authenticated apparatus. The communication apparatus determines which encryption key of an encryption key provided by this communication apparatus and an encryption key provided by the other party's communication apparatus is the encryption key used in common by this communication apparatus and the other party's communication apparatus, and decides, in accordance with result of the determination, which of this communication apparatus and the other party's communication apparatus is to be made the authenticating apparatus first. | 11-07-2013 |
20130297939 | IDENTITY BASED AUTHENTICATED KEY AGREEMENT PROTOCOL - A key agreement protocol between a first party and a second party comprises the following steps from the first party perspective. An encrypted first random key component is directed to the second party, the first random key component having been computed at the first party and encrypted using a public key of the second party in accordance with an identity based encryption operation. An encrypted second random key component corresponding to the second party is received. The encrypted second random key component is decrypted using a private key of the first party. A session key for use in subsequent communications between the first party and the second party is computed based at least in part on the second random key component. | 11-07-2013 |
20130297940 | AUTHENTICATION IN COMMUNICATIONS NETWORKS - The invention relates to a method of authenticating a user equipment in a communications network. The method involves sending a message from a network entity to the user equipment. This message includes a set of options for an authentication procedure for authenticating an internet protocol communication over a first interface between the user equipment and the network entity; said options including a “shared key”-based authentication procedure. The method also involves selecting an option from the set. In the event that the “shared-key”-based authentication procedure is selected, a shared secret from a security key established in a generic bootstrapping architecture (GBA) is generated over a second interface between the user equipment and a bootstrapping service function. The shared secret is then used to compute and verify authentication payloads in the key-based authentication procedure for the communication over the first interface. | 11-07-2013 |
20130311778 | SYSTEM AND METHOD FOR SECURE CLOUD SERVICE DELIVERY WITH PRIORITIZED SERVICES IN A NETWORK ENVIRONMENT - An example method includes receiving a request for a cloud capability set during an Internet Key Exchange negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities, mapping the request to one or more cryptographic modules that can support the cloud capability set, and offloading the VPN tunnel to the one or more cryptographic modules. The request can be an Internet Security Association and Key Management Protocol (ISAKMP) packet listing the one or more cloud capabilities in a private payload. The method may further include splitting the VPN tunnel between the cryptographic modules if no single cryptographic module can support substantially all the cloud capabilities in the cloud capability set. In some embodiments, the request is compared with a service catalog comprising authorized cloud capabilities. | 11-21-2013 |
20130318352 | COMMUNICATION SETUP METHOD AND WIRELESS CONNECTION DEVICE - A method of setting up wireless communication between a client device and a wireless connection device, the method including: establishing non-limited, temporary communication between devices; obtaining an identifier assigned to a client device or an identifier assigned to connection between the client device and a wireless connection device; limiting a device accessing the temporary communication by using the obtained identifier; causing the client device to receive a file for communication settings for the wireless connection device; establishing encrypted communication in conformity with a predetermined protocol; and causing information on communication settings to be exchanged via the encrypted communication. | 11-28-2013 |
20130326223 | METHODS AND SYSTEMS FOR INCREASING THE SECURITY OF PRIVATE KEYS - A method for increasing the security of private keys is provided that includes generating transaction data at a device operated by a user and processing the transaction data. Moreover, the method includes determining whether the user permits using a private key that is associated with the user and with a public-private key pair of the user. The private key is stored in a computer system different from the device. Furthermore, the method includes authenticating the user when the user permits using the private key, applying the private key to other data after successfully authenticating the user, and transmitting the other data to the device. The method also includes conducting a transaction with the transaction data. | 12-05-2013 |
20130332736 | ELECTRONIC KEY REGISTRATION SYSTEM - An immobilizer ECU transmits a vehicle ID code and a SEED code, which is read from an electronic key, to a data center online. The data center generates an encryption key from the received SEED code and a first logic, and generates a further SEED code from the encryption key, the vehicle ID code, and a second logic. The immobilizer ECU obtains the further SEED code online from the data center, generates the encryption key from the obtained further SEED code, the vehicle ID code, and the second logic, and stores the encryption key. | 12-12-2013 |
20130332737 | METHOD AND APPARATUS OF SECURELY PROCESSING DATA FOR FILE BACKUP, DE-DUPLICATION, AND RESTORATION - Disclosed are an apparatus and method of restoring at least one data file. The method may include retrieving the at least one data file to be restored from a data storage location, determining that the at least one data file is a link file, and regenerating a previously exchanged shared secret. The method may also include decrypting a key from the link file using the shared secret, and retrieving data from a data repository location to be restored. | 12-12-2013 |
20130332738 | COMMUNICATING IN A PEER-TO-PEER COMPUTER ENVIRONMENT - Communicating in a peer-to-peer computer environment. A request is received from a user device at a peer provider node computer system, wherein the request is signed by a private key. Provided a public key verifies the private key, providing potential peers to the user device from the peer provider node computer system such that the user device is enabled to utilize the peer-to-peer computer environment for a communication according to user requirements. | 12-12-2013 |
20130332739 | METHOD OF SHARING A SESSION KEY BETWEEN WIRELESS COMMUNICATION TERMINALS USING A VARIABLE-LENGTH AUTHENTICATION CODE - Disclosure relates to a method of sharing a session key between wireless communication terminals using a variable-length authentication code. The method includes: generating a public key by using an own private key; generating a message including the public key and a first random number and encoding the message using an own secret key to exchange an encrypted message with the other terminal; decoding the encrypted message of the other terminal by receiving a secret key of the other terminal; generating an authentication code by calculating the first random number and a second random number included in the decoded message; obtaining a medium value from the authenticated code; and generating a session key by using a public key included in the decoded message of the other terminal. | 12-12-2013 |
20130339738 | Method for data privacy in a fixed content distributed data storage - A storage cluster of symmetric nodes includes a data privacy scheme that implements key management through secret sharing. The protection scheme preferably is implemented at install time. At install, an encryption key is generated, split, and the constituent pieces written to respective archive nodes. The key is not written to a drive to ensure that it cannot be stolen. Due to the secret sharing, any t of the n nodes must be present before the cluster can mount the drives. To un-share the secret, a process runs before the cluster comes up. It contacts as many nodes as possible to attempt to reach a sufficient t value. Once it does, the process un-shares the secret and mounts the drives locally. Given bidirectional communication, this mount occurs more or less at the same time on all t nodes. Once the drives are mounted, the cluster can continue to boot as normal. | 12-19-2013 |
20130339739 | DEVICE FOR AND METHOD OF HANDLING SENSITIVE DATA - A device for handling sensitive data comprises a first integrated circuitry forming a first trust zone and a second integrated circuitry forming a second trust zone. The first circuitry comprises a secure processing unit adapted for processing sensitive data, the second circuitry comprises a persistent memory area within its trust zone for storing sensitive data. The second integrated circuitry is separated from the first integrated circuitry, the processing unit of the first circuitry transfers sensitive data from the first trust zone to the second trust, the second circuitry transfers sensitive data stored in its persistent memory area to the processing unit of the first trust zone. The first and the second integrated circuitry comprise crypto means for securely transferring sensitive data based on a symmetrical crypto method using a secure key. The second integrated circuitry comprises means for initiating a new key generation to replace the active secure key. | 12-19-2013 |
20140006786 | KEY AGREEMENT USING A KEY DERIVATION KEY | 01-02-2014 |
20140006787 | METHOD AND APPARATUS FOR RESTRICTING ACCESS TO A WIRELESS SYSTEM | 01-02-2014 |
20140013117 | AUTHENTICATION METHOD OF WIRELESS MESH NETWORK - Disclosed is an authentication method of a wireless mesh network capable of reducing overload and communication delay during authentication procedure by performing authentication between nodes without accessing an authentication server. The authentication method of a wireless mesh network according to an exemplary embodiment of the present disclosure includes: selecting, by a new node, a first neighbor node among one or more adjacent nodes; transmitting, by the new node, an authentication request message including a public key of the new node; authenticating, by the first neighbor node, the public key of the new node; transmitting, by the first neighbor node, an authentication response message including a public key of the first neighbor node to the new node; and authenticating, by the new node, the public key of the first neighbor node; transmitting, by the new node, an authentication identification message to the first neighbor node. | 01-09-2014 |
20140025953 | SECURE STREAMING CONTAINER - A system and method for securely streaming encrypted digital media content out of a digital container to a user's media player. This streaming occurs after the digital container has been delivered to the user's machine and after the user has been authorized to access the encrypted content. The user's operating system and media player treat the data stream as if it were a being delivered over the Internet (or other network) from a streaming web server. However, no Internet connection is required after the container has been delivered to the user and the data stream suffers no quality loss due to network traffic or web server access problems. In this process of the invention, the encrypted content files are decrypted and fed to the user's media player in real time and are never written to the user's hard drive or storage device. This process makes unauthorized copying of the digital content contained in the digital container virtually impossible. | 01-23-2014 |
20140032909 | METHOD AND APPARATUS FOR PUBLIC KEY CRYPTOGRAPHY - Method and apparatus are described wherein, in one example embodiment, a first entity shares a digital file such as a digital image with a second entity, and the first entity and the second entity each use the digital file as a seed to generate identical public/private key pairs using the same key generation procedure, such that both entities hold identical key pairs. The first and second entities may use the key pairs to encrypt, decrypt, or sign and authenticate communications between the entities. | 01-30-2014 |
20140032910 | STORAGE SYSTEM IN WHICH FICTITIOUS INFORMATION IS PREVENTED - According to one embodiment, a storage system includes a host device, a secure storing medium, and a non-secure storing medium. The secure storing medium includes a memory provided with a protected first storing region which stores secret information sent from the host device, and a second storing region which stores encoded contents, and a controller which carries out authentication processing for accessing the first storing region. The host device and the secure storing medium produce a bus key which is shared only by the host device and the secure storing medium by authentication processing, and which is used for encoding processing when information of the first storing region is sent and received between the host device and the secure storing medium. The host device has the capability to request the secure storing medium to send a status. | 01-30-2014 |
20140032911 | KEY AGREEMENT AND TRANSPORT PROTOCOL - A key establishment protocol includes the generation of a value of cryptographic function, typically a hash, of a session key and public information. This value is transferred between correspondents together with the information necessary to generate the session key. Provided the session key has not been compromised, the value of the cryptographic function will be the same at each of the correspondents. The value of the cryptographic function cannot be compromised or modified without access to the session key. | 01-30-2014 |
20140040620 | Secure Function Evaluation Between Semi-Honest Parties - Methods and apparatus are provided for secure function evaluation between a semi-honest client and a semi-honest server using an information-theoretic version of garbled circuits (GC). An information-theoretic version of a garbled circuit C is sliced into a sequence of shallow circuits C | 02-06-2014 |
20140040621 | Mobile Electronic Device - A mobile device includes a controller with a memory storing a key and a communication interface. The key is configured to be used to generate an authentication sequence. The controller is configured to transmit the key via the communication interface upon request. The communication interface can be an NFC interface. | 02-06-2014 |
20140040622 | SECURE UNLOCKING AND RECOVERY OF A LOCKED WRAPPED APP ON A MOBILE DEVICE - A security-wrapped app that is locked and inaccessible is unlocked and recovered using a secure and user-friendly protocol. Apps that are security wrapped are passphrase protected. The app security keystore on the device becomes locked. The keystore is encrypted with a recovery key which is only in an encrypted form on the device and cannot be decrypted or otherwise accessed by the user. As such, the user cannot unlock the keystore on the device and therefore is not able to unlock the app. The app can be unlocked using a recovery mechanism that is highly secure in all communications between the mobile device and the service provider server. At the same time the recovery mechanism is easy for the end user to carry out. | 02-06-2014 |
20140047240 | DATA RECORDING DEVICE, AND METHOD OF PROCESSING DATA RECORDING DEVICE - A controller is provided with a controller key and a first controller identification information unique to the controller. The controller generates a controller unique key unique to a respective controller based on the controller key and the first controller identification information, and a second controller identification information based on the first controller identification information. A decryptor decrypts the encrypted medium device key using the controller unique key to obtain a medium device key. An authentication/key exchange process unit performs authentication/key exchange process with the host device through an interface unit using the medium device key, the medium device key certificate and the second controller identification information to establish a secure channel. | 02-13-2014 |
20140047241 | DATA RECORDING DEVICE, HOST DEVICE AND METHOD OF PROCESSING DATA RECORDING DEVICE - A data storage unit can store an encrypted medium device key Enc (Kcu, Kmd_i), and a medium device key certificate (Certmedia). A controller can include an information recording unit to store a controller key (Kc) and first controller identification information (IDcu). A key generation unit executes a one-way function calculation based on the controller key and the first controller identification information to generate a controller unique key (Kcu). An identification information generating unit executes a one-way function calculation based on the controller key and the first controller identification information to generate second controller identification information (IDcntr). A key encryption unit encrypts the medium device key (Kmd_i) by the controller unique key (Kcu) to generate encrypted medium device key Enc (Kcu, Kmd_i). A key exchange unit executes an authentication key exchange process with a host device using the medium device key (Kmd_i) and the medium device key certificate (Certmedia). | 02-13-2014 |
20140047242 | METHOD AND SYSTEM FOR PRESERVING PRIVACY DURING DATA AGGREGATION IN A WIRELESS SENSOR NETWORK - A computer-based system and method for secured privacy preservation scheme while data aggregation in a non-hierarchical wireless sensor network that lacks peer-to-peer communication between the communicating sensor nodes is disclosed. The method and system adopts formation of self-adaptive efficient cluster formation for robust privacy preservation in the network by grouping the multiple sensor nodes in the network to form multiple clusters that enables low computation overhead and high scalability in the network. The method and system of the invention discloses an effective twin-key management scheme that provides establishment of secure communication among the sensor nodes and the secure communication between at least one sensor node with the sever node performing the function data aggregation of the data collected by the sensor nodes. | 02-13-2014 |
20140052989 | SECURE DATA EXCHANGE USING MESSAGING SERVICE - A system for securely communicating over a network includes a sending device and a receiving device. The sending device includes first processing hardware configured to encrypt a symmetric key associated with the sending device with a public key associated with a receiving device. The first processing hardware is further configured to steganographically embed the symmetric key into an image. The sending device further includes a first signal interface configured to send the image to the receiving device. The receiving device includes second signal interface for receiving the image from the sending device. The receiving device also includes second processing hardware configured to decrypt the symmetric key with a private key stored on the receiving device and to further secure communications with the sender via the symmetric key. | 02-20-2014 |
20140052990 | ELECTRONIC FILE SENDING METHOD - An electronic file sending method is provided to securely and easily send en electronic file to a receiver. A receiving apparatus receives from a sending apparatus an electronic mail including an encrypted electronic file. The sending apparatus uses a public key of a management server to encrypt a decryption password that is necessary to decrypt the encrypted electronic file and sends the encrypted decryption password to the management server. In association with a file identifier of the electronic file, the management server stores the decryption password and an electronic mail address of a correct receiver, who is a receiver of the receiving apparatus. The receiving apparatus sends to the management server the file identifier of the electronic file and the electronic mail address of the receiver. The management server uses a public key of the receiving apparatus to encrypt the password and sends the encrypted password to the receiving apparatus. | 02-20-2014 |
20140052991 | Optical Network Terminal Management Control Interface-Based Passive Optical Network Security Enhancement - A network component comprising at least one processor coupled to a memory and configured to exchange security information using a plurality of attributes in a management entity (ME) in an optical network unit (ONU) via an ONU management control interface (OMCI) channel, wherein the attributes provide security features for the ONU and an optical line terminal (OLT). Also included is an apparatus comprising an ONU configured to couple to an OLT and comprising an OMCI ME, wherein the OMCI ME comprises a plurality of attributes that support a plurality of security features for transmissions between the ONU and the OLT, and wherein the attributes are communicated via an OMCI channel between the ONU and the OLT and provide the security features for the ONU and the OLT. | 02-20-2014 |
20140052992 | Response to Queries by Means of the Communication Terminal of a User - The subject innovation relates to a method with which a response to a request—said response having been ascertained by means of a communication terminal device can be securely transmitted to a data means, whereby the communication terminal device makes a selection from a plurality of response options. A specific key is associated with each of the response options, and the keys, which are in encrypted form, are received, together with the request, in the communication terminal device and they are decrypted in a means of the communication terminal device. On the basis of the selection made, the means ascertains the key that is associated with the selected response option, and the ascertained key is sent in a response message to the data means. The subject innovation also relates to a communication terminal device that is suitable for carrying out the method. | 02-20-2014 |
20140059351 | METHOD AND DEVICE FOR CONNECTING TO A WIRELESS NETWORK USING A VISUAL CODE - A method for connecting a wireless communication device to a wireless network using a visual code includes reading the visual code that includes an access token that is associated with a wireless access point of the wireless network. The method further includes establishing a secure channel with the wireless access point, and sending the access token to the wireless access point over the secure channel, wherein the access token is used for network access control. Moreover, the method includes receiving security key information from the wireless access point over the secure channel, wherein the security key information is different than the access token. Additionally, the method includes establishing a secure link with the wireless access point using the security key information. | 02-27-2014 |
20140059352 | KEY MANAGEMENT SYSTEM, KEY MANAGEMENT METHOD, AND COMMUNICATION DEVICE - In a key management system, a RFID tag decrypts a first key encrypted by a master key and stores the decrypted first key to a service key storage region, then decrypts a second key encrypted by the first key in a third party server, then, encrypts the decrypted second key by the master key and transmits the second key encrypted by the master key to an application of a mobile information terminal, and then decrypts the encrypted second key returned from the application and stores the decrypted second key to the service key storage region. | 02-27-2014 |
20140068266 | MULTIPLE PROFILE AUTHENTICATION - A system and method includes a service provider registering a plurality of profile IDs with a central authority and providing the profile IDs to an institution where the profile IDs are utilized by the institution for authentication of individual users, authorized to act on behalf of the institution. Each profile ID corresponds to an authentication template for the respective user, and the authentication templates are stored by the central authority. A first user transmits an electronic communication, first authentication information, and an indication of a first profile ID, which is received by the service provider. The service provider then receives the first authentication template from the central authority, which may be requested. The first authentication information is then matched to the first authentication template, and additional actions can be taken with respect to the communication after successful matching. | 03-06-2014 |
20140068267 | UNIVERSAL SECURE MESSAGING FOR CRYPTOGRAPHIC MODULES - An anonymous secure messaging method and system for securely exchanging information between a host computer system and a functionally connected cryptographic module. The invention comprises a Host Security Manager application in processing communications with a security executive program installed inside the cryptographic module. An SSL-like communications pathway is established between the host computer system and the cryptographic module. The initial session keys are generated by the host and securely exchanged using a PKI key pair associated with the cryptographic module. The secure communications pathway allows presentation of critical security parameter (CSP) without clear text disclosure of the CSP and further allows use of the generated session keys as temporary substitutes of the CSP for the session in which the session keys were created. | 03-06-2014 |
20140068268 | INFORMATION PROCESSING APPARATUS AND METHOD - To limit use of content, when a source receives a request for transmitting content from a sink, the source performs an authentication process. When the authentication is successful, the source transmits to the sink key information necessary for decrypting the encryption applied to the content. The sink can receive the content by receiving the key information and by decrypting the encryption applied to the content by using the key information. | 03-06-2014 |
20140068269 | METHOD, APPARATUS, AND SYSTEM FOR INTERACTION BETWEEN WEB CLIENT AND SERVER - A method, an apparatus, and a system for interaction between a Web client and a server are provided. The method includes: sending a web page download request to the server; receiving a returned web page download response; parsing the web page download response, and extracting a scripting language program code from web page contents included in the web page download response; determining, when the scripting language program code is loaded in a script engine of the Web client, whether the loaded scripting language program code is a scripting language program code in ciphertext format, and if it is in ciphertext format, calling a decryption module first to perform decryption on the scripting language program code in ciphertext format, to obtain a scripting language program code in plaintext format, and then executing, by the script engine, the scripting language program code in plaintext format loaded in the script engine. | 03-06-2014 |
20140075192 | INFORMATION PROCESSING APPARATUS AND METHOD - To limit use of content, when a source receives a request for transmitting content from a sink, the source performs an authentication process. When the authentication is successful, the source transmits to the sink key information necessary for decrypting the encryption applied to the content. The sink can receive the content by receiving the key information and by decrypting the encryption applied to the content by using the key information. | 03-13-2014 |
20140075193 | STORAGE METHOD - The present invention discloses a storage method. When User A uploads data X to a server which has not been stored in the server, the method includes: calculating a storage encryption key ekS and corresponding decryption key dkS based on data X and a pre-determined algorithm; encrypting the data X with ekS to obtain encrypted data Y, and uploading the data Y to a server; encrypting dkS with ekA which is an encryption key ekA for User A to obtain User A's personal key kA and submitting the kA to the server. | 03-13-2014 |
20140075194 | SYSTEM AND METHOD FOR SECURE AUTHENTICATION OF A "SMART" BATTERY BY A HOST - Systems and methods for providing a battery module | 03-13-2014 |
20140075195 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND PROGRAM - To realize a configuration to output content to a medium and to use the content stored in the medium under control of the use of content. | 03-13-2014 |
20140082364 | Collaborative Uses of a Cloud Computing Confidential Domain of Execution - An exemplary confidential computing system includes a computing device. A cryptographic processing unit is associated with the computing device. The cryptographic processing unit is configured to use a first user key for encrypting a communication to the first user that includes information from the computing device. The cryptographic processing unit is also configured to use the first user key for decrypting any first user information received from the first user device before allowing the received first user information to be available to the computing device. The processing unit is also configured to use at least one other key received from the first user device for processing any other information received from at least one other source. | 03-20-2014 |
20140089667 | SECURE DEBUG TRACE MESSAGES FOR PRODUCTION AUTHENTICATED CODE MODULES - Methods of extending capabilities of authenticated code modules (ACM) with minimal increase in code size comprises defining an authenticated code module (ACM) extension module using an entry of a Firmware Interface Table (FIT). The FIT contains a starting address of the ACM extension module that is located outside of a protected boot block. Based on the ACM extension module having been authenticated, the ACM and the ACM extension module may be processed together. | 03-27-2014 |
20140089668 | TRANSMITTING DEVICE, RECEIVING DEVICE, TRANSMITTING METHOD, RECEIVING METHOD, AND PROGRAM - There is provided a transmitting device including a public key information adder that adds information on a public key corresponding to an electronic signature to a sender address in an email with the electronic signature attached, and a transmitter that transmits the email. | 03-27-2014 |
20140089669 | CONFIDENTIAL PROVISIONING OF SECRET KEYS OVER THE AIR - A method and apparatus for personalizing a smart card coupled with a communication device of a user who is a subscriber of a first telecommunication network and wishes to become a subscriber of a second telecommunication network is disclosed. A first authentication key is stored in both the smart card and in an first application server included in the first telecommunication network. A secure session is established with a second application server included in the second telecommunication network via the first telecommunication network by negotiating with the first application server and the second application server in order that the smart card and the second application server agree on an second authentication key. Shared values and shared functions according to a secure multiparty computation protocol are used to compute a second authentication key which replaces the first authentication key in the smart card. | 03-27-2014 |
20140095876 | INTRODUCTION OF DISCRETE ROOTS OF TRUST - Systems and methods may provide introducing a first root of trust on a platform to a second root of trust on the same platform. In one example, the method may include using an authenticated code module to transfer a first encryption key from a first root of trust on a platform to a second root of trust on the platform, receiving a challenge response from the first root of trust at the second root of trust, and using the first encryption key to verify the challenge response | 04-03-2014 |
20140095877 | TRANSMITTING APPARATUS, COMMUNICATING SYSTEM - According to an aspect of the embodiment, there is provided a transmitting apparatus, including a data storage, a first key storage, a second key storage, an additional information generating unit, a first authenticator generating unit, a second authenticator generating unit, a third authenticator generating unit, and a packet transmitting unit. | 04-03-2014 |
20140095878 | KEY CHANGE MANAGEMENT APPARATUS AND KEY CHANGE MANAGEMENT METHOD - According to one embodiment, an apparatus includes a permission/inhibition information storage which stores a permission/inhibition information file, a changer which changes a first encryption key of a first private key encrypted with the first public key to the second public key by using the first re-encryption key, a first storage which stores a second private key in a device private key temporary storage, a second storage which stores a second re-encryption key in a re-encryption key storage, a permission/inhibition information registration module which registers second permission/inhibition information in the permission/inhibition information file, and a transmitter which transmits the second private key in the re-encryption key storage to the second terminal. | 04-03-2014 |
20140095879 | STORING A KEY IN A REMOTE SECURITY MODULE - A system obtains assurance by a content provider that a content control key is securely stored in a remote security module for further secure communications between the content provider and the security module. A security module manufacturer, which has a pre-established trustful relation with the security module, imports a symmetric transport key into the security module. The symmetric transport key is unique to the security module. The content provider shares the symmetric transport key with the security module manufacturer. The content provider exchanging messages with the security module through a security module communication manager in order to get the proof that the security module stores the content control key. At least a portion of the messages exchanged between the content provider and the security module are protected using the symmetric transport key. The symmetric transport key is independent of said content control key. | 04-03-2014 |
20140095880 | SYSTEM AND METHOD FOR SOFTWARE PROTECTION AND SECURE SOFTWARE DISTRIBUTION - The various embodiments of the present invention provide a secure software distribution and execution method. According to the method, a server receives software from service provider for downloading to a client and identifies the sections for encoding. APIs are inserted in the identified sections. A unique ID is created based on the identity of the each client to generate an encryption algorithm, decryption key and decryption algorithm. The identified sections are encrypted with the generated encryption algorithm. The encrypted application along with encryption algorithm, decryption key and decryption algorithm are downloaded to the driver of the client machine. The API makes call to the driver by sending the encrypted segment when the encrypted portion is reached during the execution of software in the client machine so that the driver decrypts the encoded portion using the received key and the decryption algorithm to enable the continuous execution of the downloaded software. | 04-03-2014 |
20140095881 | FILE SHARING WITH CLIENT SIDE ENCRYPTION - Technology is disclosed herein for sharing encrypted data within a client-server distributed data storage system. According to at least one embodiment, a first computing device encrypts multiple data sets of the first computing device using symmetric encryption keys. Each of the data sets is encrypted using a different symmetric encryption key among the symmetric encryption keys. The first computing device shares the encrypted data sets with a second computing device. The first computing device further sends the symmetric encryption keys to the second computing device via a secured channel. The symmetric encryption keys are suitable for decrypting the encrypted data sets at the second computing device. The secured channel is through a server connected with the first and second computing devices. The server cannot access the contents of the secured channel and cannot access contents of the encrypted data sets. | 04-03-2014 |
20140095882 | METHOD FOR PROVIDING CRYPTOGRAPHIC KEY PAIRS - The invention relates to a method for creating a second asymmetric cryptographic pair of keys, wherein a first private key (G | 04-03-2014 |
20140101449 | METHOD AND SYSTEM FOR THE REMOTE PROVISIONING OF SUBSCRIPTION - The present disclosure relates to a method and system for the remote provisioning of an access subscription of a user to a wireless communication network, wherein at least one network operator provides communication services to mobile communication devices provided with a user UICC card. Data of a temporary subscription are generated from the data of an initial subscription which will subsequently allow generating data of a definitive subscription in a network operator and in the UICC card requesting a subscription from the former without the need of remotely transmitting sensitive data of the definitive subscription. | 04-10-2014 |
20140101450 | METHOD AND APPARATUS FOR REMOTELY PROVISIONING SOFTWARE-BASED SECURITY COPROCESSORS - A virtual security coprocessor is created in a first processing system. The virtual security coprocessor is then transferred to a second processing system, for use by the second processing system. For instance, the second processing system may use the virtual security coprocessor to provide attestation for the second processing system. In an alternative embodiment, a virtual security coprocessor from a first processing system is received at a second processing system. After receiving the virtual security coprocessor from the first processing system, the second processing system uses the virtual security coprocessor. Other embodiments are described and claimed. | 04-10-2014 |
20140101451 | CLIENT SIDE ENCRYPTION WITH RECOVERY METHOD - Technology is disclosed herein for client side data encryption with a recovery mechanism. According to at least one embodiment, a computing device encrypts at least one data set into an encrypted data set using a private encryption key. The computing device encrypts the private encryption key using a password provided by a user of the device. The password is also encrypted using the user's answers to password recovery questions. The encrypted data set, the encrypted key and the encrypted password are transmitted to and stored by a server. The computing device can retrieve and decrypt the encrypted data set form the server. The encryption key can be recovered by decrypting the encrypted key using the password. The password can be recovered by decrypting the encrypted password using answers to the password recovery questions provided by the user. | 04-10-2014 |
20140101452 | METHOD AND TERMINAL FOR TRANSMITTING INFORMATION - The present disclosure provides an information transmitting method and terminal for the same. The method can comprise: establishing a communication connection between an execution terminal and a command terminal into which an IM message is entered when the command terminal detects an information transmission request from the execution terminal; recording multimedia information by the execution terminal and sending the multimedia information from the execution terminal to the command terminal which has established the communication connection with the execution terminal; receiving the multimedia information by the command terminal and inserting the multimedia information by the command terminal into the IM message. The present disclosure can accomplish the transmission of multimedia information via inter-terminal interaction, thereby allowing a terminal into which an IM message is entered to obtain multimedia information from other terminals and increasing the convenience of using IM applications and the applications' rate of utilization. | 04-10-2014 |
20140108805 | TECHNOLOGIES LABELING DIVERSE CONTENT - Technologies for labeling diverse content are described. In some embodiments, a content creation device generates a data structure that may include encrypted diverse content and metadata including at least one rights management (RM) label applying to the diverse content. The RM label may attribute all or a portion of the diverse content to one or more authors. The metadata may also be signed using an independently verifiable electronic signature. A consumption device receiving such a data structure may verify the authenticity of the electronic signature and, if verification succeeds, decrypt the encrypted diverse content in the data structure. Because the metadata is encapsulated with the diverse content in the data structure, it may accompany the diverse content upon its transfer or incorporation into other diverse content. | 04-17-2014 |
20140108806 | COMMUNICATION APPARATUS AND COMMUNICATION PARAMETER CONFIGURATION METHOD THEREOF - A communication apparatus functioning as a master device denies participation by new communication apparatuses in a network in communication parameter configuration mode based on participation statuses of communication apparatuses functioning as slave devices in the network. The communication apparatus functioning as a master device establishes the network in communication parameter configuration mode between the communication apparatuses participating in the network, and configures communication parameters. | 04-17-2014 |
20140108807 | SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. | 04-17-2014 |
20140108808 | HOST DEVICE, SEMICONDUCTOR MEMORY DEVICE, AND AUTHENTICATION METHOD - According to one embodiment, encrypted secret identification information (E-SecretID) and the key management information (FKB) are read from a memory device. Encrypted management key (E-FKey) is obtained using the key management information (FKB) and index information (k). The index information (k) and the encrypted management key (E-FKey) are transmitted to the semiconductor memory device. An index key (INK) is generated using the first key information (NKey) and the received index information (k). The encrypted management key (E-FKey) is decrypted using the index key (INK) to obtain management key (FKey), which is transmitted to the host device. | 04-17-2014 |
20140115337 | SYMMETRIC DYNAMIC AUTHENTICATION AND KEY EXCHANGE SYSTEM AND METHOD THEREOF - A symmetric dynamic authentication and key exchange system and a method thereof are provided. A client and a server obtain initial authentication information at the same time, the client generates first one-time temporary authentication information, a conference key and a standby identity identifier according to the initial authentication information, and transmits them to the server, and the server performs a dynamic authentication program. The server compares the initial authentication information of the client with the conference key to confirm an identity of the client, and then updates the initial authentication information of the server according to the first one-time temporary authentication information, and the server is enabled to have the first one-time temporary authentication information the same as that of the client, and then to generate second one-time temporary authentication information including the standby identity identifier according to the first one-time temporary authentication information and the initial authentication information. | 04-24-2014 |
20140122884 | Decoupled cryptographic schemes using a visual channel - A visual data transfer channel is established between a mobile device and a computing entity to facilitate a decoupled cryptographic scheme. The mobile device stores a private key. In operation, a first code is received by the mobile device over the channel. The first code encodes a cryptographic value that secures other information that has been received or generated at the computing entity. The mobile device private key is then applied to the cryptographic value to generate a second cryptographic value, which is encoded to generate a second code. The second code is then rendered on the mobile device display, from which it can then be transmitted back over the visual channel to the computing entity. At the computing entity, the second cryptographic value is recovered from the second code. | 05-01-2014 |
20140122885 | METHOD AND SYSTEM FOR MANAGING DEVICE IDENTIFICATION - The present disclosure provides a method and a system for managing the identification of devices (DID). A network device may provide the network device information to a server through a network. The server may generate a DID corresponding to the network device, and record the DID and the network device information into a device database. In addition, the network device and the server may share a shared key, which may be used to encrypt the DID and the network device information before the data transmission for enhancing security of the method. Moreover, the server may generate and record an exclusive key (Device Key) for data encryption before the data transmission with the network device, and transmit the Device Key to the network device. Therefore, the Device Key management may be accomplished simultaneously with the DID management to enhance data transmission security between the network device and the server. | 05-01-2014 |
20140122886 | DATA FEDERATION SYSTEM AND METHOD FOR SOCIALITY STORAGE SERVICE IN CLOUD COMPUTING - Provided is a data federation system for a sociality storage service in cloud computing, the data federation system including an instance management unit to collect instance information from a cloud system for integrating cloud storage services provided to individuals, a service authentication unit to authenticate a state of the cloud storage services using the collected instance information, a storage synchronization unit to integrate cloud storages to collect data of the authenticated cloud storage services, and an index management unit to organize the collected data based on a state value of at least one of a file and a folder in the integrated cloud storage. | 05-01-2014 |
20140122887 | INFORMATION PROCESSING APPARATUS, INFORMATION STORAGE APPARATUS, INFORMATION PROCESSING SYSTEM, AND INFORMATION PROCESSING METHOD AND PROGRAM - There is provided an information processing apparatus including: a data processing unit, on which a medium as an information storage apparatus is mounted, which controls reproduction of content stored on the medium, wherein the data processing unit executes host device ID registration processing for outputting a host device ID, which is an identifier of the host device, to the medium and storing the host device ID on the medium, receives the host device ID, which is stored on the medium, from the medium after execution of the host device ID registration processing, executes connection consistency confirmation processing for executing matching processing between the received host ID and the host device ID of the host device, and executes or continues content reproduction under a condition that the matching processing has been established in the connection consistency confirmation processing, or stops the content reproduction if the matching processing has not been established. | 05-01-2014 |
20140122888 | METHOD FOR PASSWORD BASED AUTHENTICATION AND APPARATUS EXECUTING THE METHOD - Provided are an authentication method and an apparatus for the method. An authentication method includes generating, at a terminal, an identifier (ID)-based secret key using an ID of a user of the terminal and key generation factors exchanged with a server, encrypting, at the terminal, a password of the user using a symmetric key encryption algorithm taking the generated secret key as a symmetric key, and requesting authentication for the terminal user by transmitting the encrypted password to the server, and receiving, at the terminal, a response to the authentication request from the server. | 05-01-2014 |
20140129838 | METHOD AND APPARATUS FOR RESILIENT END-TO-END MESSAGE PROTECTION FOR LARGE-SCALE CYBER-PHYSICAL SYSTEM COMMUNICATIONS - To address the security requirements for cyber-physical systems, embodiments of the present invention include a resilient end-to-end message protection framework, termed Resilient End-to End Message Protection or REMP, exploiting the notion of the long-term key that is given on per node basis. This long term key is assigned during the node authentication phase and is subsequently used to derive encryption keys from a random number per-message sent. Compared with conventional schemes, REMP improves privacy, message authentication, and key exposure, and without compromising scalability and end-to-end security. The tradeoff is a slight increase in computation time for message decryption and message authentication. | 05-08-2014 |
20140129839 | INTERNET PROTOCOL MAPPING RESOLUTION IN FIXED MOBILE CONVERGENCE NETWORKS - Techniques for facilitating operation of a communication device having a first internet protocol (IP) address in a first network and a second IP address in a second network include detecting a presence of a network address translation (NAT) table; implementing, when the NAT table is present, a message exchange protocol to obtain a mapping between the first IP address and the second IP address; and reporting, in a communication message, the mapping between the first IP address and the second IP address. In one operational scenario, the first network is a 3 GPP network and the second network is a broadband fixed network such as a DSL or a cable modem network | 05-08-2014 |
20140129840 | SYSTEMS AND METHODS FOR DEVICE AND DATA AUTHENTICATION - Embodiments relate to systems and methods for authenticating devices and securing data. In embodiments, a session key for securing data between two devices can be derived as a byproduct of a challenge-response protocol for authenticating one or both of the devices. | 05-08-2014 |
20140143548 | SECURITY CONTROL METHOD OF NETWORK STORAGE - The present invention discloses a security control method of network storage to ensure that the unencrypted data cannot be figured out from all information stored on the server. The method includes: encrypting, the private key of a user using a user credential and storing the encrypted private key in a server; encrypting data using a storage key, when uploading the data to the server, encrypting the decryption key corresponding to the storage key using the public key of the user, and submitting the encrypted data and the encrypted decryption key to the server. | 05-22-2014 |
20140149744 | METHOD FOR OBTAINING ENCRYPTION KEYS CORRESPONDING TERMINALS, SERVER AND COMPUTER PROGRAM PRODUCTS - A method and apparatus for obtaining an encryption key for an item of data transmitted from a client to a server. The method includes: determining a number R of registers available within the client for carrying out a plurality of calculations of encryption keys; determining a maximum number N of iterations necessary for obtaining at least one encryption key at the server; obtaining a structure of data representative of a key calculation state effected within the R available registers; calculating the at least one encryption key as a function: —of the number of available registers R, by performing at most N calls to a pseudo-random function F and —of the data structure; so that the at least one encryption key can be obtained from a combination of at most T=C | 05-29-2014 |
20140149745 | METHOD AND APPARATUS FOR MANAGING GROUP KEY FOR MOBILE DEVICE - Provided is a method for managing a group key in a key distribution center. The method includes: receiving a key request from a mobile device; generating a private key for the mobile device using information about a withdrawal time included in the key request; generating a public key and a verification key for the mobile device; and transmitting at least one key including the generated key to the mobile device. | 05-29-2014 |
20140156994 | INFORMATION PROCESSING APPARATUS AND METHOD FOR ACTIVATING COMPUTER - An information processing apparatus includes a storage unit and a processor. The storage unit stores a private key corresponding to a public key stored in a storage apparatus connected to the information processing apparatus through a network. The processor receives first data from the network. The processor decrypts second data included in the first data using the private key. The processor determines whether a result of the decryption is third data. The processor activates the information processing apparatus when the result of the decryption is the third data. | 06-05-2014 |
20140156995 | METHOD AND SYSTEM FOR ESTABLISHING REAL-TIME TRUST IN A PUBLIC NETWORK - A method for performing authenticated communication in a public network includes sending an open request to a common directory server for a first key, the first key being a trusted embedded authentication common directory service key wrapped in a public key of a public-private key pair. The open request includes an authentication request value that identifies the open request as a verified setup directory service, the public key, an email address and a specified third additional out-of-band communication channel. The common directory server sends a first reply of three replies after generating the first key, which first reply is sent directly back to the directory server with a first half of the first key offset by a unique value and wrapped using the public key. The second reply of the three replies is sent via email to the email address, which second reply includes a second half of the first key offset by the first half of the first key. The third reply of the three replies is sent to the specified third additional out-of-band channel, which third reply includes the unique value. | 06-05-2014 |
20140164772 | AUGMENTED REALITY BASED PRIVACY AND DECRYPTION - A method, non-transitory computer readable medium and apparatus for decrypting a document are disclosed. For example, the method captures a tag on an encrypted document, transmits the tag to an application server of a communication network to request a per-document decryption key, receives the per-document decryption key if the tag is authenticated, and decrypts a portion of the encrypted document using a temporary decryption key contained in the tag, the tag decrypted with the per-document decryption key. | 06-12-2014 |
20140164773 | OFFLINE DATA ACCESS USING TRUSTED HARDWARE - A cryptographically-secure component provides access-undeniability and verifiable revocation for clients with respect to downloaded content items from a server. A cryptographically-secure component is implemented in a client. When the client wants to purchase and download a content item from the server, the server requests an encryption key from the client. The client generates an encryption key that is bound to a state of the client that is associated with decrypting the content item. The server encrypts the content item using the encryption key and sends the encrypted content item to the client. Because the encryption key used to encrypt the content item is bound to the state associated with the client decrypting the content item, if the client desires to view the content item the client may first advance its state to the bound state to retrieve the decryption key. | 06-12-2014 |
20140164774 | Encryption-Based Data Access Management - Encryption-based data access management may include a variety of processes. In one example, a device may transmit a user authentication request for decrypting encrypted data to a data storage server storing the encrypted data. The computing device may then receive a validation token associated with the user's authentication request, the validation token indicating that the user is authenticated to a domain. Subsequently, the computing device may transmit the validation token to a first key server different from the data storage server. Then, in response to transmitting the validation token the computing device may receive, from the first key server, a key required for decrypting the encrypted data. The device may then decrypt at least a portion of the encrypted data using the key. | 06-12-2014 |
20140164775 | MAJOR MANAGEMENT APPARATUS, AUTHORIZED MANAGEMENT APPARATUS, ELECTRONIC APPARATUS FOR DELEGATION MANAGEMENT, AND DELEGATION MANAGEMENT METHODS THEREOF - A major management apparatus, an authorized management apparatus, an electronic apparatus for delegation management, and delegation management methods thereof are provided. The major management apparatus generates a first and a second delegation deployment messages and respectively transmits them to the authorized management apparatus and the electronic apparatus. The authorized management apparatus encrypts an original authorized operation message into an authorized operation message by an authorization key included in the first delegation deployment message and transmits the authorized operation message to the electronic apparatus. The original authorized operation message includes an operation task message and a right level. The electronic apparatus decrypts the authorized operation message into the original authorized operation message by the authorization key included in the second delegation deployment message and performs an operation according to the operation task message and the right level. | 06-12-2014 |
20140164776 | CRYPTOGRAPHIC METHOD AND SYSTEM - The present invention relates to the field of security of electronic data and/or communications. In one form, the invention relates to data security and/or privacy in a distributed and/or decentralised network environment. In another form, the invention relates to enabling private collaboration and/or information sharing between users, agents and/or applications. Embodiment(s) of the present invention enable the sharing of key(s) and/or content between a first user and/or agent and a second user and/or agent. Furthermore, embodiment(s) of the present invention have application in sharing encrypted information via information sharing services. | 06-12-2014 |
20140164777 | REMOTE DEVICE SECURE DATA FILE STORAGE SYSTEM AND METHOD - A remote device secure data file storage system and method of securely storing data files at a remote device, includes a host system having a database and a plurality of remote devices, each connected with the host system by a communication network. Each remote device and the host system is programmed with a time-based cryptography system that generates an encryption key (RVK) and initialization vector (IV) for encrypting and decrypting data on the remote device. The time-based cryptography system generates the encryption key (RVK) as a function of a parameter (PDPT) that is a function of a personal date (PD) and personal time (PT) of the user. The personal date and personal time of the user being a function of personal data entered by the user on the remote device. The personal date (PD) is a function of the date of birth (DOB) of the user and the personal time (PT) is a function of the time of birth (TOB) of the user. | 06-12-2014 |
20140173281 | APPARATUS AND METHOD FOR ANONYMITY-BASED AUTHENTICATION AND KEY AGREEMENT CAPABLE OF PROVIDING COMMUNICATION MESSAGE BINDING PROPERTY - Disclosed herein are an apparatus and method for anonymity-based authentication and key agreement capable of providing a communication message binding property. The apparatus includes a signature verification unit and a binding checking unit. The signature verification unit receives a plurality of messages, each carrying a signature including link information of a sender, and verifies the signature of each of the plurality of messages. The binding checking unit, if it is determined by the signature verification unit that the signature is valid, determines whether the plurality of messages has been sent by an identical sender based on the link information of the signature. | 06-19-2014 |
20140173282 | METHOD TO ACCESS DATA IN AN ELECTRONIC APPARATUS - An access method includes providing a secure element which stores at least a user key for decrypting one of the encrypted partitions; establishing a temporary secure channel between the secure element and the electronic apparatus; and authenticating in the electronic apparatus a user which is associated to one of the encrypted partitions. The method also includes transmitting an identification of the user authenticated and transmitting the user key from the secure element to the electronic apparatus over the temporary secure channel. The electronic apparatus is programmed to decrypt the encrypted partition and the encrypted partition of the authenticated user is not accessible to the authenticated user or to any other authenticated users in the electronic apparatus, if the user key of the authenticated user is not transmitted to the electronic apparatus. | 06-19-2014 |
20140173283 | KEY MANAGEMENT DEVICE, COMMUNICATION DEVICE, COMMUNICATION SYSTEM, AND COMPUTER PROGRAM PRODUCT - According to an embodiment, a key management device includes a key exchange processing unit, a transmission unit, and an update unit. The key exchange processing unit is configured to perform a key exchange process for executing an exchange of a shared key together with authentication between the key management device and a communication device. The transmission unit is configured to transmit update information for updating a device key of the communication device authenticated to the communication device, when the communication device has not been authenticated before performing the key exchange process, and not to transmit the update information, otherwise. The update unit is configured to update the device key using the update information, when the communication device has not been authenticated before performing the key exchange process, and not to update the device key, otherwise. | 06-19-2014 |
20140173284 | KEY MANAGEMENT USING QUASI OUT OF BAND AUTHENTICATION ARCHITECTURE - To provide key management layered on a quasi-out-of-band authentication system, a security server receives a request for activation of a user interface window for a particular user from a network device via a communication channel. It then transmits an activation PIN to an out of band authentication system for forwarding to the user's telephone via a voice or text message. It next receives the previously transmitted PIN from the network device via the communication channel, and authenticates the user based on the received PIN. After authenticating the user, it establishes a secure, independent, encrypted communication channel between the user interface window and the security server on top of the original communication channel. It then generates and transmits to the user interface window and/or receives from the user interface window via the secure communication channel, key material and certificate material for public key and/or symmetric key cryptography based operations. | 06-19-2014 |
20140181521 | PROVISIONING OF ELECTRONIC DEVICES - Systems and methods for provisioning electronic devices. In some embodiments, a method may include receiving a first message at a provisioning server, the first message originated by a computing device, the first message including a device identifier associated with an automation device. The method may also include receiving a second message at the provisioning server, the second message originated by the automation device and including at least a device identifier portion. In response to the device identifier portion of the second message matching the device identifier of the first message and/or in response to the automation device not being associated with a provisioning account, the method may then include providing configuration information to the automation device. | 06-26-2014 |
20140181522 | COMMUNICATION NODE, KEY SYNCHRONIZATION METHOD, AND KEY SYNCHRONIZATION SYSTEM - In general, according to one embodiment, a communication node includes a key synchronization controller and an application communicator. The key synchronization controller controls synchronization of an application key on the basis of a node-based signaling process and a session-based signaling process, where the former process is for starting or ending exchanging of an application key between a correspondent node and the communication node and the latter process is for synchronizing a rule for assignment of the application key to a session with the correspondent node, the session shared with the correspondent node. The application communicator provides the application key in accordance with the rule, the key for use by an application having the session. | 06-26-2014 |
20140181523 | GESTURE-BASED ENCRYPTION METHODS AND SYSTEMS - Methods and systems for transmitting and receiving are disclosed. For example, a method for establishing secure communications can include measuring one or more human gestures using a sensor on a first device so as to create a first metric of the one or more human gestures, creating a strong encryption key based on the first metric, including time-based information incorporated into the first metric, and communicating to a second device using the strong encryption key to encrypt data sent to the second device. | 06-26-2014 |
20140189355 | ENCRYPTING GLOBALLY UNIQUE IDENTIFIERS AT COMMUNICATION BOUNDARIES - Systems, methods, and computer-readable storage media for encrypting communications containing or referencing globally unique identifiers to prevent unauthorized access to content item data, such as through spoofing or ancillary information leakage. An example system configured to practice the method identifies a communication, between a storage environment and a client device, associated with a globally unique identifier for a content item stored in at least one of the storage environment and the client device. The content item can be addressable via a globally unique identifier. Prior to transmitting the communication, the system can encrypt a portion of the communication containing the globally unique identifier using an encryption key based on a client-specific key and a secret version-specific key to yield an encrypted communication, and transmit the encrypted communication to the client device. | 07-03-2014 |
20140189356 | METHOD OF RESTRICTING CORPORATE DIGITAL INFORMATION WITHIN CORPORATE BOUNDARY - A method of enforcing a virtual corporate boundary may include a client device requesting sensitive content from a network site on a server device responsive to a user's interaction with the client device. The server device can determine whether the user and/or client device are permitted to access the sensitive content. A secure element on the client device can establish a session key between the server device and the client device. The server device can render the sensitive content and send it to the client device, which can display the content to the user. | 07-03-2014 |
20140189357 | ENCRYPTION AND AUTHENTICATION BASED NETWORK MANAGEMENT METHOD AND APPARATUS - Disclosed are an encryption and authentication-based network management method and apparatus. A network management method according to an embodiment of the present invention includes: generating a public key and a private key for encryption and decryption of network attribute information to be used by a virtual machine positioned in the network server to provide the generated public key to a database; receiving network attribute information encrypted by the database with the public key from the database; and decrypting the received network attribute information with the private key to authenticate the network attribute information. | 07-03-2014 |
20140189358 | MULTIMEDIA DATA PROTECTION - A method of transmitting a media work such as a movie to a client is disclosed. The method includes (a) encrypting the work using a sequence of different keys corresponding to respective temporally spaced segments of the document, (b) transmitting software code containing an algorithm from a security server to the client, the algorithm having a result that is a function of the state of the client, (c) executing the code at the client and returning the result to the security server, (d) determining whether the result is indicative of an unmodified client. The method further includes (e) transmitting a segment from a server to the client, (f) securely streaming a key corresponding to the transmitted segment from a secure remote server to the client, (g) decrypting the segment using the obtained media key, (h) if step (d) indicates a modified client, preventing further keys from being transmitted, otherwise repeating steps (e) to (g) and repeating steps (b) to (d). | 07-03-2014 |
20140195809 | Electronic Content Distribution Based On Secret Sharing - A method for distributing information includes distributing an item of encrypted information to a plurality of clients and distributing respective key-shares to the clients, such that each client will require a key-share that has been distributed to at least one other client in order to reconstruct a key for decrypting the encrypted information. Upon receiving from a first client a report that a second client requested and received a respective one of the key-shares from the first client, a record of a delivery of the item to the second client is made responsively to the report. | 07-10-2014 |
20140201531 | ENHANCED MOBILE SECURITY - Systems and methods for utilizing a remote server for storing credentials associated with a mobile device. For example, a login credential and/or a token credential can be stored at the remote server rather than at the mobile device. Because these credentials are stored at the remote server, the ecosystem including the mobile device and certain applications or services used by the mobile device can be more secure than conventional architectures. | 07-17-2014 |
20140201532 | ENHANCED MOBILE SECURITY - Systems and methods for utilizing a remote server for storing credentials associated with a mobile device. For example, a login credential and/or a token credential can be stored at the remote server rather than at the mobile device. Because these credentials are stored at the remote server, the ecosystem including the mobile device and certain applications or services used by the mobile device can be more secure than conventional architectures. | 07-17-2014 |
20140201533 | QUORUM-BASED VIRTUAL MACHINE SECURITY - Technologies related to quorum-based Virtual Machine (VM) security are generally described. In some examples, VM data, such as a VM payload or other VM data, may be quorum-encrypted, such that that a quorum of decryption keys may be used to decrypt the data. Decryption keys may be distributed among multiple VMs, with different decryption keys provided to different VMs, so that single VMs may not decrypt the VM data without decryption keys held by other VMs. To decrypt its data, a VM may assemble a quorum of decryption keys by requesting decryption keys held by other operational VMs, and the VM may then decrypt its data using the assembled quorum of decryption keys. The VM may be prevented from decrypting its data without a sufficient quorum of other operational VMs. | 07-17-2014 |
20140208111 | SECURE VIRTUAL MACHINE MIGRATION - A formalized set of interfaces (e.g., application programming interfaces (APIs)) is described, that uses a security scheme, such as asymmetric (or symmetric) cryptography, in order to enable secure migration of virtual machine instances between multiple host computing devices. The migration is performed by receiving a request to migrate a virtual machine where the request includes public keys for the source host computing and the destination host computing. The source and destination hosts use the public keys to establish an encrypted session and then use the encrypted session to migrate the virtual machine. | 07-24-2014 |
20140208112 | PROVIDING AN ENCRYPTED ACCOUNT CREDENTIAL FROM A FIRST DEVICE TO A SECOND DEVICE - Disclosed is an apparatus, system, and method to decrypt an encrypted account credential at a second device that is received from a first device. The second device may receive a first share of a master key and the encrypted account credential from the first device. The second device may reconstruct the master key with the first share of the master key and a second share of the master key stored at the second device. The second device may decrypt the encrypted account credential with the reconstructed master key. Based upon the decrypted account credential, the second device may be enabled to access an account based upon the decrypted account credential. | 07-24-2014 |
20140208113 | COMMUNICATION APPARATUS, COMMUNICATION METHOD, COMMUNICATION SYSTEM, AND COMPUTER PROGRAM - A measurement to obtain an RTT to a receiving apparatus is performed by a relay apparatus that is disposed between a WAN and a home network and connects these two networks. That an RTT value is equal to or less than the threshold value is set as a content distribution condition from a transmitting apparatus, so that the same use environment as a system using current DLNA and DTCP-IP can be realized for content use in the home network. Thereby, unjust distribution of content is prevented while an authentication and key exchange procedure performed via an external network is allowed. | 07-24-2014 |
20140208114 | SYSTEM AND METHOD FOR MASSIVE CONTROLLED AND SECURED UPDATE OF DEVICES FIRMWARE - System for remote firmware updates of mail processing device from a remote data server including: file download servers connected to the remote data server for receiving encrypted files encrypted from a list of binary files corresponding to firmware of a mail processing device to update; web servers providing a web service application for downloading files and connected to the remote data server and the files download servers for retrieving the encrypted files associated with a personalized files catalogue retrieved from the remote data server; and a user computer system connected to the web servers for receiving the encrypted files for download onto a storage device to plug into the mail processing device. The mail processing device decrypts the encrypted files with file decryption keys previously provided with the personalized files catalogue and installs the files before connecting to the remote data server for report the outcome of the installation. | 07-24-2014 |
20140208115 | COMMUNICATION APPARATUS, METHOD FOR CONTROLLING COMMUNICATION APPARATUS, AND PROGRAM - A communication apparatus includes a storage unit, an updating unit, a determination unit, and a deletion unit. The storage unit stores, in a storage, a first key used to decrypt or authenticate a packet to be communicated between the communication apparatus and a second communication apparatus. The updating unit updates the first key to a second key different from the first key when an expiration date of the first key has passed. The determination unit determines that a packet to be decrypted or authenticated using the second key has been received from the second communication apparatus. The deletion unit deletes the first key from the storage unit in response to the determination unit determining that the packet to be decrypted or authenticated using the second key has been received from the second communication apparatus. | 07-24-2014 |
20140208116 | COMMUNICATION APPARATUS, COMMUNICATION SYSTEM, AND COMPUTER PROGRAM PRODUCT - According to an embodiment, a communication apparatus includes a sharing processing unit, an extension unit, and a communication unit. The sharing processing unit shares a first cryptographic key with an external apparatus connected via a link, and further generates a second cryptographic key and shares the second cryptographic key with the external apparatus through secret communication using the first cryptographic key. The extension unit generates an extended key by extending a length of the second cryptographic key. The communication unit transmits the extended key to a first application which communicates with a second application to which the external apparatus provides the second cryptographic key. | 07-24-2014 |
20140208117 | SERVER APPARATUS AND PROGRAM - A server apparatus according to an embodiment generates a random number on receiving from a user apparatus a notification showing that a re-encryption key should be updated, and calculates re-encryption key data on the basis of the re-encryption key stored and the random number generated. The server apparatus transmits the re-encryption key to the user apparatus and receives, from the user apparatus, the user private key not updated yet and re-encryption key updating data calculated from the re-encryption key data on the basis of the user private key updated. The server apparatus calculates the re-encryption key updated, on the basis of the re-encryption key updating data and the random number, and replaces the re-encryption key stored in the storage device with the updated re-encryption key. | 07-24-2014 |
20140208118 | System and Method for the Safe Spontaneous Transmission of Confidential Data Over Unsecure Connections and Switching Computers - Disclosed is a method and system for transmitting data. The system includes at least one first stationary and/or mobile communication terminal at least one further second communication terminal and a switching unit reachable by all communication terminals via a data network. The communication terminals send data to the switching unit, which data are encrypted with a symmetric encryption method, and send the symmetric key encrypted with a public key of a key pair to the switching unit, so that the same can send it to other communication terminals, which in possession of an associated private key then are capable of accessing the information stored at the switching unit and decrypt the same. | 07-24-2014 |
20140215214 | DIGITAL RIGHTS MANAGEMENT FOR HTTP-BASED MEDIA STREAMING - Techniques and mechanisms described herein facilitate the management of digital rights for media content item presentation. According to various embodiments, a request for a content decryption key may be received at a media application implemented at a computing device. The request may be transmitted by a media content player implemented at the computing device. The request may be transmitted in accordance with a designated key exchange protocol. A license for an encrypted media content item corresponding with the requested content decryption key may be identified at the media application. Based on information included in the license, encrypted key material may be decrypted to create the requested content decryption key via a processor at the computing device. The requested content decryption key may be provided to the media content player. | 07-31-2014 |
20140215215 | SERVER, METHOD OF GROUP KEY NOTIFICATION AND PROGRAM - According to one embodiment, a server includes a message communicator, a key information storage, and a key controller. The message communicator is configured to communicate a message to a client. The key information storage is configured to store key information including at least a key value being value of key, a validity term of key, and assignment information of key. The key controller is configured to generate a key notification message including a key value of the client and a key update time when the message communicator receives a key request message from an authenticated client. The key value is corresponding with the assignment of the key information. The key update time decides from the validity term of the key and a validity term of authentication succeeded state of the client. The message communicator transmits the key notification message to the client. | 07-31-2014 |
20140215216 | REKEY SCHEME ON HIGH SPEED LINKS - In one embodiment, apparatus and methods for a rekey process are disclosed. In certain rekey embodiments, when a key-generation protocol exchange is executed, instead of generating a single new security relationship, such as a Security Association or SA, a multiple set (e.g., 10) of new security relationships (e.g., SAs) are generated. An authorized device can then individually use these security relationships (e.g., SAs) as needed to securely communicate with each other. For example, a set of SAs can be efficiently programmed into an 802.1ae protocol ASIC for handling transmitted and received data packets. In the description herein, embodiments of the invention are described with respect to SA's, and this “SA” term is generally defined as any type of security relation that can be formed to allow a particular node to securely transmit packets or frames to another receiving node. | 07-31-2014 |
20140215217 | Secure Communication - A method comprising the use of a bootstrapping protocol to define a security relationship between a first server and a second server, the first and second servers co-operating to provide a service to a user terminal. A bootstrapping protocol is used to generate a shared key for securing communication between the first server and the second server. The shared key is based on a context of the bootstrapping protocol, and the context is associated with a Subscriber Identity Module (SIM) associated with the user terminal and provides a base for the shared key. A method of the invention may, for example, be employed within a computing/service network such as a “cloud”, and in particular for communications between two servers in the cloud that are co-operating to provide a service to a user. | 07-31-2014 |
20140223182 | METHODS AND DEVICES FOR AUTHENTICATION AND KEY EXCHANGE - One feature pertains to a content accessing device for securing content. The content accessing device is provisioned with a cryptographic algorithm, and generates a symmetric key also known to a content storage device. The content accessing device sends a first authentication challenge to the content storage device, where the first authentication challenge is based on the cryptographic algorithm and the symmetric key. The content accessing device receives a second authentication challenge from the content storage device in response to sending the first authentication challenge, and determines whether the first authentication challenge is different from the second authentication challenge. If the second authentication challenge is different from the first authentication challenge the content accessing device sends a first response to the content storage device in response to the second authentication challenge. | 08-07-2014 |
20140237244 | DEVICE AND AUTHENTICATION METHOD THEREFOR - According to one embodiment, an authentication method includes generating, by the memory, first authentication information by calculating secret identification information with a memory session key in one-way function operation, transmitting encrypted secret identification information, a family key block, and the first authentication information to a host, and generating, by the host, second authentication information by calculating the secret identification information generated by decrypting the encrypted secret identification information with the host session key in one-way function operation. The method further includes comparing, by the host, the first authentication information with the second authentication information. | 08-21-2014 |
20140237245 | DEVICE AND AUTHENTICATION METHOD THEREFOR - According to one embodiment, an authentication method includes generating, by the memory, first authentication information by calculating secret identification information with a memory session key in one-way function operation, transmitting encrypted secret identification information, a family key block, and the first authentication information to a host, and generating, by the host, second authentication information by calculating the secret identification information generated by decrypting the encrypted secret identification information with the host session key in one-way function operation. The method further includes comparing, by the host, the first authentication information with the second authentication information. | 08-21-2014 |
20140237246 | Generating a Symmetric Key to Secure a Communication Link - A symmetric key to be used to secure a communication link between a first device and a second device is generated as follows: a first symmetric key is generated; a second symmetric key is generated; packets communicated between the first device and the second device over communication link are hashed to create a hash result; the first symmetric key, the second symmetric key and the hash result are hashed to generate a third symmetric key to be used to secure the communication link. | 08-21-2014 |
20140237247 | SYSTEM AND METHOD FOR PROVISIONING AND AUTHENTICATING VIA A NETWORK - System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential. | 08-21-2014 |
20140237248 | MOBILE COMMUNICATION SYSTEM IMPLEMENTING INTEGRATION OF MULTIPLE LOGINS OF MOBILE DEVICE APPLICATIONS - In existing mobile implementations, there is a disconnect between the mobile device accessing the network and the applicative services inasmuch as the entity responsible for network access, such as the VPN Gateway, differs from the entity governing access to applications, such as email servers and SharePoint repositories. Therefore existing solutions typically employ two authentication methods. Of these, the first may be used to authenticate the mobile device to the VPN Gateway, while the second may be used to authenticate the mobile device towards the applications server. In order to facilitate strong authentication it is often desired to utilize a mechanism that uses or combines two different factors, e.g. “something you have” (such as but not limited to a smart card) and “something you know” (such as but not limited to a password). Most currently available mobile devices offer limited options to connect external devices to them, rendering most “Something you have” solutions irrelevant. For instance, there is no ability to connect a smart-card to a mobile phone. | 08-21-2014 |
20140245009 | Client Control Through Content Key Format - Client control may be provided. First, content may be encrypted using an actual key. Then an identifier corresponding to a client device may be received and a transformation may be performed on the actual key and the identifier to produce a transmitted key. The transmitted key and the encrypted content may then be sent to the client device where it may be received. The client device may then receive the identifier corresponding to the client device and perform a reverse transformation on the transmitted key using the identifier to produce the actual key. The content may then be decrypted with the actual key. | 08-28-2014 |
20140245010 | DEVICE AND AUTHENTICATION METHOD THEREFOR - According to one embodiment, an authentication method includes generating, by the memory, first authentication information by calculating secret identification information with a memory session key in one-way function operation, transmitting encrypted secret identification information, a family key block, and the first authentication information to a host, and generating, by the host, second authentication information by calculating the secret identification information generated by decrypting the encrypted secret identification information with the host session key in one-way function operation. The method further includes comparing, by the host, the first authentication information with the second authentication information. | 08-28-2014 |
20140245011 | DEVICE AND AUTHENTICATION METHOD THEREFOR - According to one embodiment, an authentication method includes generating, by the memory, first authentication information by calculating secret identification information with a memory session key in one-way function operation, transmitting encrypted secret identification information, a family key block, and the first authentication information to a host, and generating, by the host, second authentication information by calculating the secret identification information generated by decrypting the encrypted secret identification information with the host session key in one-way function operation. The method further includes comparing, by the host, the first authentication information with the second authentication information. | 08-28-2014 |
20140245012 | ENHANCING DATA SECURITY USING RE-ENCRYPTION - A data source may be configured to provide usage data including subscriber identifiers and associated information indicative of subscriber device locations and usage. A data warehouse server may be configured to perform operations including: decrypting subscriber identifiers included in usage data received from the data source using a two-way rolling key groups algorithm; re-encrypting the subscriber identifiers decrypted from the usage data to create secure encrypted identifiers using a one-way secured encryption algorithm; and correlating the subscriber identifiers in the decrypted usage data with the corresponding re-encrypted identifiers. | 08-28-2014 |
20140245013 | METHOD FOR INTERWORKING WITH TRUSTZONE BETWEEN NORMAL DOMAIN AND SECURE DOMAIN, AND MANAGEMENT METHOD OF TRUSTED APPLICATION DOWNLOAD, MANAGEMENT SERVER, DEVICE AND SYSTEM USING IT - The present invention provides a trusted application download management, authentication, and execution method and system. A trusted application download management server according to the present invention includes a service loader, which accesses a device equipped with a trusted platform and establishes a data communication channel, and a service controller which controls the delegation of a download authority for a trusted application and allows the trusted application to be downloaded to the device when a trusted application download is requested by the device, thus totally managing the download of the trusted applications and allowing the trusted application to be securely downloaded. | 08-28-2014 |
20140245014 | Remote control app for smart phones - Methods and apparatus for a Remote Control App for Smart Phones are disclosed. One embodiment of the present invention is a software application or “App” which may be downloaded to a conventional smart phone ( | 08-28-2014 |
20140245015 | OFFLINE FILE ACCESS - In embodiments of the present invention improved capabilities are described for providing secure offline computer content access, comprising at a server-based file access facility connected to a network and to a secure database, storing a data file as an encrypted data file along with a plurality of encryption keys in the secure database, each of the plurality of encryption keys providing access to the encrypted data file, the encrypted data file accessible as downloaded to a mobile computing device that is not connected to the network only through use of at least one of the plurality of encryption keys and presentation of a user secure identifier from a user of the mobile computing device, wherein the at least one of the plurality of encryption keys allows the user of the mobile computing device to access the encrypted data file a limited number of times. | 08-28-2014 |
20140245016 | MANAGEMENT SYSTEM AND METHODS FOR OBJECT STORAGE SYSTEM - The storage system exports logical storage volumes that are provisioned as storage objects. These storage objects are accessed on demand by connected computer systems using standard protocols, such as SCSI and NFS, through logical endpoints for the protocol traffic that are configured in the storage system. To facilitate creation and management of logical storage volumes, special application programming interfaces (APIs) have been developed. The special APIs include commands to create a logical storage volume, bind, unbind, and rebind the logical storage volume, extend the size of the logical storage volume, clone the logical storage volume, and move the logical storage volume. | 08-28-2014 |
20140245017 | Digital Tachograph - A digital tachograph has a security module. A public key, a secure private key, and a signage are stored in the security module. Vehicle-relevant data and the corresponding checksum are encoded using a secure private key and stored in the digital tachograph in a data format by the security module. | 08-28-2014 |
20140250302 | DEVICE - According to one embodiment, a device includes a second data generator configured to generate a session key (SKey) by encrypting a random number (RN) with the second key (HKey) in AES operation; a one-way function processor configured to generate an authentication information (Oneway-ID) by processing the secret identification information (SecretID) with the session key (SKey) in one-way function operation; and a data output interface configured to output the encrypted secret identification information (E-SecretID) and the authentication information (Oneway-ID) to outside of the device. | 09-04-2014 |
20140250303 | MULTI-DRIVE COOPERATION TO GENERATE AN ENCRYPTION KEY - A system, method, and computer-readable storage medium for protecting a set of storage devices using a secret sharing scheme. The data of each storage device is encrypted with a key, and the key is encrypted based on a shared secret and a device-specific value. Each storage device stores a share and its encrypted key, and if a number of storage devices above a threshold are available, then the shared secret can be reconstructed from the shares and used to decrypt the encrypted keys. Otherwise, the secret cannot be reconstructed if less than the threshold number of storage devices are accessible, and then data on the storage devices will be unreadable. | 09-04-2014 |
20140258725 | SYSTEMS AND METHODS FOR IMPLEMENTING TRANSPARENT ENCRYPTION - A method of providing transparent encryption for a web resource includes a key manager receiving an encryption key policy; receiving user identifiers and resource locators; defining an access control list based the user identifiers; generating an encryption key and a key identifier for a first resource locator; and establishing a secure communication channel between first and second watchdog modules. The method also includes the watchdog sending encryption information using the secure communication channel. The method also includes a transparent encryption module storing the encryption key and the access control list in protected memory; receiving an input comprising a request to access the first resource stored in the web resource; determining that the user identifier is included in the access control list; encrypting data using the encryption key; and decrypting data using the encryption key. | 09-11-2014 |
20140281543 | HOST DEVICE CONFIGURED FOR AUTHENTICATION WITH MEMORY DEVICE - A host device connected to a data recording device, includes a holding unit for holding a host device key and a host device certificate, an authentication/key exchange process unit configured to perform an authentication/key exchange process with the data recording device using the host device key and the host device certificate to receive medium device key certificate ID held in the data recording device and contained in the medium device key certificate, an interface unit configured to perform data communication with the data recording device through a secure channel, and an identification information generating unit configured to receive second controller identification information generated in the data recording device based on the first controller identification information by data communication through the secure channel and the interface unit, to generate data recording device identification information based on the second controller identification information and the medium device key certificate ID. | 09-18-2014 |
20140281544 | Trusted Security Zone Containers for the Protection and Confidentiality of Trusted Service Manager Data - Embodiments relate generally to systems and methods for providing access to a trusted security zone container within a trusted security zone of a mobile device. An application may receive trusted service manager validation data from a trusted service manager. The application may also receive a trusted security zone master key, wherein the trusted security zone master key provides access to a plurality of trusted security zone containers within the trusted security zone. The application may hash the trusted service manager validation data with the trusted security zone master key. The application may generate the trusted security zone sub key based on hashing to access one or more containers. One or more signal may be transmitted to provision the set of one or more trusted security zone containers with the trusted security zone sub key. The application may provide the sub key to the trusted service manager to access a container. | 09-18-2014 |
20140281545 | MULTI-LAYER EMBEDDED ENCRYPTION - A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension. | 09-18-2014 |
20140281546 | HEDI-Hopping-Enabled Dynamically-secured Intercommunication (AKA SockHop) - In one embodiment, a secure client-server socket-based Internet communication system uses socket hopping to distribute communication channels per session to a large number of randomly-selected socket ports. | 09-18-2014 |
20140281547 | Wireless Pairing of Personal Health Device with a Computing Device - Systems and methods for the wireless pairing of a personal health device (PHD) (e.g., blood glucose monitor) with a computing device (e.g., smartphone) are disclosed herein. In an embodiment, the PHD communicates a private key to the computing device via a first communication medium (e.g., light signal, audio signal, pattern). The PHD receives from the computing device via a second wireless communication medium (e.g., Bluetooth® or WiFi) pairing information including the private key. The PHD can then establish a secure communication channel with the computing device by pairing the PHD to the computing device. | 09-18-2014 |
20140281548 | INTRA-COMPUTER PROTECTED COMMUNICATIONS BETWEEN APPLICATIONS - Systems, methods and machine-readable media for providing a security service are disclosed. The methods include receiving a modification of the application object code to allow the software application to transmit a request for the security service; retrieving the modified application object code corresponding to the software application from memory; receiving, via a processor, the request for the security service from the modified application object code; and providing, via the processor, the security service. The systems and machine-readable media performing operations according to the methods disclosed. | 09-18-2014 |
20140281549 | METHODS AND APPARATUS FOR SECURING USER INPUT IN A MOBILE DEVICE - The present invention secures user data throughout its lifecycle—(1) when entering data into the mobile device, (2) when storing the data in the mobile device, and (3) when transmitting data from the mobile device. In accordance with a first aspect of the invention, the invention features a methodology for encrypting and passing the keystrokes to the application in an encrypted format. In accordance with a second aspect of the invention, the invention features a methodology to store data in a vault in an encrypted form and launch an application with the data from the vault. In accordance with a third aspect of the invention, the invention features a methodology to transmit data from the mobile device to an external application securely. | 09-18-2014 |
20140281550 | Distributed Storage Network and Method for Storing and Retrieving Encryption Keys - A method begins by a distributed storage (DS) managing unit receiving an encryption key to store. The method continues by determining an encryption method and encrypting the encryption key with the determined encryption method to produce an encrypted key. The method continues by encoding and storing the encrypted key in accordance with a dispersed storage error coding function to produce a set of encoded encrypted key slices, wherein a decode threshold number of the encoded encrypted key slices of the set of encoded encrypted key slices are required to reconstruct the encrypted key. Retrieval of the stored encryption key includes retrieving and decoding at least a decode threshold number of the encoded encrypted key slices of a set of encoded encrypted key slices from storage units of the DSN. The method may include raising or lowering the decode threshold or modifying the retrieval order to increase/decrease security. | 09-18-2014 |
20140281551 | DATA RECORDING DEVICE, AND METHOD OF PROCESSING DATA RECORDING DEVICE - A controller is provided with a controller key and a first controller identification information unique to the controller. The controller generates a controller unique key unique to a respective controller based on the controller key and the first controller identification information, and a second controller identification information based on the first controller identification information. A decryptor decrypts the encrypted medium device key using the controller unique key to obtain a medium device key. An authentication/key exchange process unit performs authentication/key exchange process with the host device through an interface unit using the medium device key, the medium device key certificate and the second controller identification information to establish a secure channel. | 09-18-2014 |
20140289525 | SYSTEM AND METHOD FOR DECENTRALIZED MANAGEMENT OF KEYS AND POLICIES - Various embodiments of a system and method for decentralized management of keys and policies are described. Various embodiments may include a computer system configured to receive a request from a remote computer system associated with a recipient of content. Such request may include an encrypted content encryption key that is encrypted with a packaging key utilized by a packaging entity. The request may also include an identifier identifying the packaging entity. In some embodiments, the request may also include policy information specifying one or more usage rights of the content. The computer system may be configured to, in response to determining the recipient is authorized to access the content, generate the packaging key based on the identifier and a secret root seed, utilize the generated packaging key to decrypt the encrypted content encryption key, and provide the decrypted content encryption key to the remote computer system. | 09-25-2014 |
20140289526 | AUTHENTICATOR, AUTHENTICATEE AND AUTHENTICATION METHOD - According to one embodiment, an authentication method between an authenticatee which stores key information having a data structure composed of a key transition record, secret information XY of a matrix form, and secret information XYE which is created by encrypting the secret information XY, and an authenticator which authenticates the authenticatee, includes selecting, by the authenticator, a record corresponding to a device index of the authenticator from the key information which is received from the authenticatee, and decrypting the record by a device key, thereby taking out a key transition, and executing, by the authenticator, a decryption process on the secret information XYE, which is received from the authenticatee, by using the corresponding key transition, and sharing the secret information XY. | 09-25-2014 |
20140289527 | ENCRYPTED COMMUNICATION DEVICE AND METHOD - An encrypted communication device includes: a pattern generation unit configured to judge whether or not a security association including as matching data a data portion whose data pattern matches between data in a packet targeted for processing and data in a sample packet is to be generated; a key information exchange unit configured to transmit to an opposite device a key information exchange packet including the matching data and key data when the pattern generation unit judges that the security association is to be generated, and receives from the opposite device a key information exchange packet including a security association identifier of the security association, thereby establishing the security association with the opposite device; and a key information unit configured to store the matching data, the key data, and the security association identifier of the security association established by the key information exchange unit. | 09-25-2014 |
20140289528 | SYSTEM AND METHOD FOR PRIVACY-ENHANCED DATA SYNCHRONIZATION - A system, apparatus, method, and machine readable medium are described for establishing a trust circle between multiple devices. For example, one embodiment of a method comprises: transmitting first data from a first device to a second device over a secure communication channel, the first data including at least one key and an identification code identifying a trust circle which includes the first device; the second device generating second data using at least a portion of the first data including the identification code and transmitting the second data over a network to a service; the first device connecting to the service using the identification code to identify the second data, validating the integrity of the second data, and responsively generating third data; and the service storing at least a portion of the second data and the third data to establish a trust relationship between the first device and the second device. | 09-25-2014 |
20140289529 | CONTENT DATA REPRODUCTION SYSTEM AND RECORDING DEVICE - To exclude any unauthorized device from a system and thereby prevent illegal use of content data, a memory card | 09-25-2014 |
20140289530 | SYSTEMS AND METHODS FOR CONTENT DELIVERY - A system, computer-readable storage medium storing at least one program, and computer-implemented method for content delivery is provided. A content sharing session is established between a user device and a content system. Content primitives are generated from a content item controlled by the content system. Each of the generated content primitives is accessed and transmitted to the user device. | 09-25-2014 |
20140298024 | Method for granting access to a network and device for implementing this method - A method for granting access to a network to an electronic communication device via a router using a secure key to encrypt the communication between the router and the electronic communication device, comprising the steps of establishing a first link between a key carrier and the electronic communication device for transferring said secure key to an application software installed in the communication device, and using said secure key to encrypt and decrypt the data transferred between the router and the electronic communication device via a wireless second link. | 10-02-2014 |
20140298025 | METHODS AND APPARATUS TO COLLECT DISTRIBUTED USER INFORMATION FOR MEDIA IMPRESSIONS AND SEARCH TERMS - Disclosed examples involve decoding information from a mobile device into a plurality of encrypted identifiers identifying at least one of the mobile device or a user of the mobile device, sending ones of the encrypted identifiers to corresponding database proprietors, receiving a plurality of user information corresponding to the ones of the encrypted identifiers from the corresponding database proprietors, and associating the plurality of user information with at least one of a search term collected at the mobile device or a media impression logged for media presented at the mobile device. | 10-02-2014 |
20140298026 | INFORMATION PROCESSING DEVICE AND COMPUTER PROGRAM PRODUCT - According to an embodiment, a device includes a processor unit, a control unit, a setting unit, a writing unit, and an executing unit. The processor unit is configured to switch between secure and non-secure modes, read/write data from/to a memory unit, and write an OS execution image of a secure OS unit to the memory unit. The setting unit is configured to set a shared memory area allowing reading and writing in both modes and an execution module memory area allowing reading and writing in the secure mode but not allowing reading or writing in the non-secure mode with respect to the control unit. The writing unit is configured to write an execution module to be executed in the secure OS unit to the shared memory area. The executing unit is configured to execute the execution module that has been written to the execution module memory area. | 10-02-2014 |
20140298027 | INTEGRATED CONTACTLESS MPOS IMPLEMENTATION - Disclosed herein is a method for performing an integrated contactless point-of-sale transaction. More particularly, there is disclose a method comprising: receiving, by a mobile device | 10-02-2014 |
20140298028 | CRYPTOGRAPHIC PROCESSING SYSTEM, CRYPTOGRAPHIC PROCESSING METHOD, CRYPTOGRAHPIC PROCESSING PROGRAM, AND KEY GENERATION DEVICE - A cryptographic processing system and method to decrease the sizes of public parameters and a master secret key, and shorten the time taken for the generation process of the secret key to be supplied to the user and the encryption process. A generation device generates a basis B and a basis B* that form public parameters and a master secret key using a sparse matrix in which each row and each column have at least one value other than 0. An encryption device generates a vector in the basis B, the vector being embedded with predetermined information, as a cipher vector. A decryption device, by treating a predetermined vector in the basis B* as a key vector, conducts a pairing operation for the cipher vector and the key vector, to decrypt the cipher vector. | 10-02-2014 |
20140304512 | METHOD AND SYSTEM FOR AUTHENTICATING AND PRESERVING DATA WITHIN A SECURE DATA REPOSITORY - A computer implemented method for identifying and linking a data originator and a data file or data batch from the originator through one or more data source systems. The system stores the data files and batches on a permanent basis for subsequent verification purposes, verifying the identity of the data file originator through originator-specific information from the data source system; and generating unique data entries associated with the originator identity, the file identity and/or a file verification cryptographic digest, and a unique originator signature. The data entries and signature are stored in encrypted form in a Relay Access Table (RAT), as are the public and private keys associated with both the data file and the originator. A certificate for verification of the data file is generated, that contains a digital signature, as well as a file cryptographic digest and metadata associated with filing conditions. | 10-09-2014 |
20140304513 | STORAGE DRIVE PROCESSING MULTIPLE COMMANDS FROM MULTIPLE SERVERS - One embodiment of the invention relates to a key/value storage device. The key/value storage device includes a storage medium for storing data, a network interface for receiving commands sent by multiple servers, and a controller. The controller processes a put command from a server to store a binary data object on the storage medium. The put command passes a key associated with the binary data object, and returns a unique digest of the binary data object to the server via the network interface. Another embodiment relates to a storage drive. The storage drive includes a network interface for receiving, and a controller for processing, multiple commands from multiple servers. Other embodiments, aspects and features are also disclosed. | 10-09-2014 |
20140310525 | METHOD FOR EXCHANGING STRONG ENCRYPTION KEYS BETWEEN DEVICES USING ALTERNATE INPUT METHODS IN WIRELESS PERSONAL AREA NETWORKS (WPAN) - A method for exchanging strong encryption keys between devices using alternate input methods. At least two devices that want to communicate with one another are set in key exchange mode. The at least two devices are to communicate with one another using a short range radio or personal area network. The at least two devices negotiate with one another to determine which of the at least two devices will generate an encryption key, wherein device A represents the negotiated device and device B represents the non-negotiated device. Device A generates the encryption key and transmits the encryption key to device B using an out-of band transmission channel. The out-of-band transmission channel may be transmitting the encryption key via audio tones. A validation process determines whether the transmission of the encryption key via the out-of-band transmission channel was successful. If the encryption key has been successfully validated, the at least two devices are enabled to automatically accept communications between them over the short range radio or personal area network. | 10-16-2014 |
20140310526 | SECURE SESSION CAPABILITY USING PUBLIC-KEY CRYPTOGRAPHY WITHOUT ACCESS TO THE PRIVATE KEY - A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server. | 10-16-2014 |
20140310527 | Secure Distribution of Content - Methods and systems are described for enabling secure delivery of a content item from a content source to a content receiving device associated with a decryption module configured for use with a split-key cryptosystem comprising encryption and decryption algorithms E and D, a cipher algorithm for generating encryption and decryption keys e,d on the basis of secret information S and a split-key algorithm for splitting e and/or d into i different split-encryption keys e | 10-16-2014 |
20140317408 | DATA BACKUP AND SERVICE ENCRYPTION KEY MANAGEMENT - Disclosed are an apparatus and method of using encryption to access remote online application servers. One example method of operation may include applying an encryption key to an application server access operation. The method may include transmitting authentication credentials to an encryption server and receiving an application session key from the encryption server. The session key is then applied to an agent application seeking access to an application server. The method may also provide transmitting the session key in an encryption request to the encryption server to obtain an encryption key, and receiving an encryption key responsive to the transmitted session key. | 10-23-2014 |
20140317409 | SYSTEM FOR MANAGING CRYPTOGRAPHIC KEYS AND TRUST RELATIONSHIPS IN A SECURE SHELL (SSH) ENVIRONMENT - A system for managing cryptographic keys and trust relationships in a secure shell (SSH) environment by mapping network servers, clients, and appliances and locating SSH keys and key pairs associated with each device. The system provides for mapping the network topology and all SSH keys and key pairs stored on network connected devices, and the creation of a master database of all devices, keys and key pairs, key types and encryption strength, and user accounts with which each key or key pair is associated. The mapping and database enable the effective management of SSH keys and key pairs, detection of errors and weakness, elimination of orphaned or outdated keys, correction of all deficiencies, and replacement of keys in accordance with policies set by the organization maintaining the network. | 10-23-2014 |
20140317410 | NETWORK SERVICE INTERMEDIATION METHOD AND INTERMEDIATION SYSTEM - An intermediation method used in an intermediation system that includes an intermediation device determining a permission for application services requiring user authentication on a network, where in response to a user request, a first account used for a first service and a second account used for a second service, and a registration request for using the linking service linking the first application service and the second application service are associated with each other, when the two accounts are valid, as accounts usable in a linking service, an association between the first and second services is stored in the intermediation device, and when the user makes a request to use the linked services, that use is controlled by a query to the intermediation device regarding whether the account is associated as able to use the linking service. | 10-23-2014 |
20140317411 | DEDUPLICATION OF DATA - Backing up a data file can be accomplished by processing, in-line and at a first client, a plurality of datablocks taken from the data file. The processing of each datablock includes creating a unique signature of the datablock and determining whether the signature is contained in a database of signatures. Each signature in the database is associated with previously backed up datablocks. The database of signatures includes signatures of previous backed up datablocks that were backed up from at least one other client. Data are transmitted to a remote backup server for backing up the datablock. The transmitted data characterize a link to one of the previously stored datablocks when the signature of the processed datablock is found in the database of signatures. Related apparatus, systems, techniques, and articles are also described. | 10-23-2014 |
20140325225 | Self-authenticated method with timestamp - A self-authenticated method with timestamp consists of key generating process and self-authenticated process between sender and receiver. The key generating center generates public key generator and private key according to sender's ID; combines the ID of the key generating center and the applied valid time of the sender to generate a identity of the key generating center with timestamp, and generating the corresponding coupled public and private keys; encrypting sender's ID and timestamp by using the private key of the coupled public and private keys, and obtains the first ciphertext of the sender's ID valid period; key generating center packs the sender's valid period, ID plaintext, first ciphertext of ID valid period, sender's public key generator and private key as a tool kit, and send the tool kit key to the sender; the sender encrypts its own ID and valid period by using sender's private key, to form the second ciphertext of the ID valid period, then sends the plaintext of the valid period, the second ciphertext and the first ciphertext of the ID valid period to the receiver; at the same time, performs valid period authentication and identity authentication. The present invention solves the problem in the existing self-authenticated system that the system cannot define valid period of a user's key. | 10-30-2014 |
20140325226 | System and Method for Controlling User Access to Encrypted Data - Disclosed are systems, methods and computer program products for providing user access to encrypted data. In one example, a system is configured to receive a security policy for the user device, wherein the security policy includes data access conditions and data encryption conditions for one or more users of the user device; identify one or more user accounts in the OS of the user device as specified in the data access conditions; create a pre-boot authentication account (PBA) for the identified user accounts based on the data access conditions, for storing pre-boot authentication credentials for authenticating a user before booting of the OS on the user device; and encrypt at least a portion of data stored on the user device based on the data encryption conditions, wherein access to the encrypted portion of data is granted to the user upon entry of the correct pre-boot authentication credentials. | 10-30-2014 |
20140325227 | Method and Apparatus for Verifiable Generation of Public Keys - The invention provides a method of verifiable generation of public keys. According to the method, a self-signed signature is first generated and then used as input to the generation of a pair of private and public keys. Verification of the signature proves that the keys are generated from a key generation process utilizing the signature. A certification authority can validate and verify a public key generated from a verifiable key generation process. | 10-30-2014 |
20140325228 | LOAD BALANCING HASH COMPUTATION FOR NETWORK SWITCHES - Techniques to avoid polarization in a communication network include a network switch or device having a first interface to receive a data unit or packet, and a second interface via which the packet is transmitted from the network device. The network device includes a hash value generator configured to generate, using a depolarizer, a depolarized key from an initial key (where the initial key is based on contents of the packet and the depolarizer is unique to the network device), and to generate a hash value based on the depolarized key and the packet by using a hash function that is common to all network devices in the network. The hash value may be optionally modified to load balance egress traffic of the network device. The network device selects an egress link or port, such as by determining an index into an egress table based on the (modified) hash value. | 10-30-2014 |
20140325229 | METHOD AND SYSTEM FOR SECURE DIGITAL FILE SHARING - A system and method for securely storing, retrieving and sharing data using PCs and mobile devices and for controlling and tracking the movement of data to and from a variety of computing and storage devices. | 10-30-2014 |
20140325230 | METHOD OF COMPARING PRIVATE DATA WITHOUT REVEALING THE DATA - Disclosed in this specification is a method and program storage device for comparing two sets of private data without revealing those private data. If the comparison deems the two data sets sufficiently similar, helper data may be provided to permit reconstruction of one of the private data sets without transmission of that private data set. | 10-30-2014 |
20140325231 | METHOD AND SYSTEM FOR SHARING ENCRYPTED CONTENT - The present invention relates to the field of sharing encrypted content. In one form, the invention relates to multiple user access and management of encrypted content. In one particular aspect, the present invention is suitable for use in community controlled encryption of shared content using indirect keys. | 10-30-2014 |
20140331049 | Secure Shell Authentication - A first information handling system receives a security challenge and forwards it to a second information handling system. The second information handling system retrieves a private key from a public/private encryption key pair and satisfies the challenge with the private key. The second information handling system forwards the satisfied challenge without divulging the private key. The second information handling system is in a more secure environment than the first information handling system. The challenge may be satisfied by signing the challenge with the private key. Satisfying the challenge may be a step in creating a secure shell connection between the first information handling system and an organization maintaining the first information handling system and the second information handling system. | 11-06-2014 |
20140331050 | QKD KEY MANAGEMENT SYSTEM - A system for securely moving data from one location to another exchanges key material between the locations. The system enables cryptosystems to use key material distributed over a quantum channel. | 11-06-2014 |
20140331051 | LOCALIZED NETWORK AUTHENTICATION AND SECURITY USING TAMPER-RESISTANT KEYS - The invention provides a secure Wi-Fi communications method and system. In an embodiment of the invention, unique physical keys, or tokens, are installed at an access point and each client device of the network. Each key comprises a unique serial number and a common network send cryptographic key and a common network receive cryptographic key used only during the authentication phase by all components on the LAN. Each client key further includes a secret cryptographic key unique to each client device. During authentication, two random numbers are generated per communications session and are known by both sides of the wireless channel. Only the random numbers are sent across the wireless channel and in each case these numbers are encrypted. A transposed cryptographic key is derived from the unique secret cryptographic key using the random numbers generated during authentication. Thus, both sides of the wireless channel know the transposed cryptographic key without it ever being transmitted between the two. | 11-06-2014 |
20140331052 | COMMUNICATING AN IDENTITY OF A GROUP SHARED SECRET TO A SERVER - An identity is communicated by a client device to a server without requiring the identity to be disclosed to eavesdroppers and without requiring the use of symmetric or asymmetric cryptography. In one example, the identity is an identity of the client device, where the identity has been assigned to the client device by the server through the provisioning of a unique subset of client-identifying keys. In another example, the identity is an identity of a group shared secret that has been provisioned by the server to the client device. | 11-06-2014 |
20140337628 | Systems and Methods for Providing a Secure Data Exchange - A system, a method, and a computer program product for a data exchange are provided. A first application generates a first key for exchange of data between the first application and a second application. The first application stores the first key in a first memory location. The second application obtains the first key from the memory location. The second application generates a second key for exchange of data between the first application and the second application. The second application creates a data request that contains the second key and is encrypted using the first key. The encrypted request is provided to the first application. The first application provides the data identified in the data request to the second application. The data is encrypted by the first application using the second key prior to being provided to the second application. The second application decrypts the data using the second key. | 11-13-2014 |
20140337629 | METHODS AND SYSTEMS FOR INCREASING THE SECURITY OF PRIVATE KEYS - A method for increasing the security of private keys is provided that includes generating transaction data at a device operated by a user and processing the transaction data. Moreover, the method includes determining whether the user permits using a private key that is associated with the user and with a public-private key pair of the user. The private key is stored in a computer system different from the device. Furthermore, the method includes authenticating the user when the user permits using the private key, applying the private key to other data after successfully authenticating the user, and transmitting the other data to the device. The method also includes conducting a transaction with the transaction data. | 11-13-2014 |
20140344579 | Accelerated Verification of Digital Signatures and Public Keys - Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and that v=w/z. The verification equality R=uG+vQ may then be computed as −zR+(uz mod n)+wQ=O with z and w of reduced bit length This is beneficial in digital signature verification where increased verification can be attained. | 11-20-2014 |
20140351597 | AUTHENTICATION DEVICE, SYSTEM AND METHOD - An authentication device includes: a memory; and a processor coupled to the memory and configured to: when a registration request including authentication information to be used during authentication is received from a terminal device, generate registration information using the authentication information and key information and store the registration information in the memory, and when an authentication request including input information to be handled as the target of the authentication is received from the terminal device, generate a result of the authentication based on the input information, the registration information, and the key information, and transmit the result of the authentication to the terminal device. | 11-27-2014 |
20140365774 | COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMMUNICATION SYSTEM - According to an embodiment, a communication device includes a storage unit and a determiner. The storage unit is configured to store therein a degree of priority and a first requested volume for each of one or more applications that use an encryption key. The first requested volume indicates a volume of the encryption key requested by the each of applications. The determiner is configured to determine a volume of the encryption key to be assigned to each application in such a way that a first total value that is a total of the volume of the encryption key to be assigned to the application is equal to or smaller than a second total value that is a total value of a volume of the encryption key assignable and that the encryption key of the first requested volume is preferentially assigned to the application whose degree of priority is higher. | 12-11-2014 |
20140365775 | System and Method for Mitigation of Denial of Service Attacks in Networked Computing Systems - In a method of network communication that mitigates denial of service attacks, a server broadcasts cryptographic puzzles with certain time intervals, where each puzzle is only valid for the given time interval. A client receives the puzzle, generates a solution for the puzzle, and sends a network request to the server along with the solution of the puzzle. The server verifies the puzzle solution. If the puzzle solution is valid and received within a designated validity time period, then the server processes the request of the client. The server generates the puzzle and transmits the puzzle to the client before the client generates a request for services from the server. | 12-11-2014 |
20140365776 | Electronic Authentication Systems - A transaction device for establishing a shared secret with a point of interaction (POI) over a communications network to enable encrypted communications between the transaction device and the point of interaction, the device comprising: an input arranged to receive communications from the point of interaction; a processor arranged to generate a first communication according to a Diffie-Hellman protocol; an output arranged to send the first communication to the point of interaction; wherein the processor is arranged to apply a randomly generated blinding factor, r, when generating the first communication and wherein, in response to receiving a second communication from the point of interaction at the input, the second communication having been generated according to the Diffie-Hellman protocol, the processor is arranged to apply the randomly generated blinding factor and generate a shared secret according to the Diffie-Hellman protocol in dependence on data contained within the second communication. | 12-11-2014 |
20140365777 | SYSTEMS AND METHODS FOR SECURING NETWORK COMMUNICATIONS - Secure communications may be established amongst network entities for performing authentication and/or verification of the network entities. For example, a user equipment (UE) may establish a secure channel with an identity provider, capable of issuing user identities for authentication of the user/UE. The UE may also establish a secure channel with a service provider, capable of providing services to the UE via a network. The identity provider may even establish a secure channel with the service provider for performing secure communications. The establishment of each of these secure channels may enable each network entity to authenticate to the other network entities. The secure channels may also enable the UE to verify that the service provider with which it has established the secure channel is an intended service provider for accessing services. | 12-11-2014 |
20140372759 | COPY PROTECTION SCHEME FOR DIGITAL AUDIO AND VIDEO CONTENT AUTHENTICATED HDCP RECEIVERS - A method of delivering digital audio and video content and a HDCP source device are disclosed herein. In one embodiment the method includes: (1) receiving an encryption key from a potential receiver of the digital audio and video content, (2) authenticating the potential receiver is an HDCP compliant device and (3) in addition to the authenticating, verifying the potential receiver is a trusted device for receiving the digital audio and video content. | 12-18-2014 |
20140372760 | METHOD FOR THE ENCRYPTION OF DATA - To improve known encryption methods for communication in non-secured wireless networks, the invention proposes using an active key for encryption, in each instance, and sending along a new key in the messages, in each instance, which key, after it has been received completely, becomes the key used, and, once again, another new key is exchanged. This allows dynamic encryption, which allows an interception-proof connection, starting from a secure initial exchange of keys, for example. | 12-18-2014 |
20140372761 | SYSTEM AND METHOD FOR SECURE CLOUD SERVICE DELIVERY WITH PRIORITIZED SERVICES IN A NETWORK ENVIRONMENT - An example method includes receiving a request for a cloud capability set during an Internet Key Exchange negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities, mapping the request to one or more cryptographic modules that can support the cloud capability set, and offloading the VPN tunnel to the one or more cryptographic modules. The request can be an Internet Security Association and Key Management Protocol (ISAKMP) packet listing the one or more cloud capabilities in a private payload. The method may further include splitting the VPN tunnel between the cryptographic modules if no single cryptographic module can support substantially all the cloud capabilities in the cloud capability set. In some embodiments, the request is compared with a service catalog comprising authorized cloud capabilities. | 12-18-2014 |
20140380054 | MULTIPLE AUTHORITY DATA SECURITY AND ACCESS - Data is encrypted such that multiple keys are needed to decrypt the data. The keys are accessible to different entities so that no single entity has access to all the keys. At least one key is managed by a service provider. A customer computer system of the service provider may be configured with executable instructions directing the orchestration of communications between the various entities having access to the keys. As a result, security compromise in connection with a key does not, by itself, render the data decryptable. | 12-25-2014 |
20140380055 | KEY PAIR UPDATES BASED ON DIGITAL SIGNATURE STATES - Example embodiments relate to updating key pairs based on digital signature states. In example embodiments, first credentials that are generated using a first private key may be sent to a user computing device, where the first private key is associated with a first public key. At some stage, second credentials that are generated using the first private key and a second private key are sent to the user computing device, where the second credentials specify that the first private key is deprecated, and where the user computing device authenticates the second credentials using the first public key. In response to receiving confirmation that a firmware upgrade is installed a number of user computing devices such that an upgrade threshold is satisfied, the first private key may be deactivated. The firmware upgrade may be provided in response to receiving a firmware upgrade request from the user computing device. | 12-25-2014 |
20140380056 | SECURING METHOD FOR LAWFUL INTERCEPTION - A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key. | 12-25-2014 |
20140380057 | Method, Server, Host, and System for Protecting Data Security - A method, a server, a host, and a system for protecting data security. A server generates a cloud feature value that uniquely corresponds to the server, binds a data encryption key required by the host to generate data encryption key ciphertext, and then transmits the data encryption key ciphertext and the cloud feature value to the host; and the host decrypts the ciphertext using the cloud feature value to obtain a data encryption key to be allocated to a user, so that security protection on user data is performed based on the cloud feature value, thereby improving data security. | 12-25-2014 |
20150012750 | INFORMATION DISTRIBUTION SYSTEM, AND SERVER, ON-BOARD TERMINAL AND COMMUNICATION TERMINAL USED THEREFOR - Inherent terminal identification information and a terminal unique key are stored in an on-board terminal, and server-side terminal identification information and a server-side terminal unique key, which are same information as the above terminal identification information and terminal unique key are stored in a server. And, the on-board terminal transmits the terminal identification information to the server via a communication terminal, and the server performs terminal authentication according to the server-side terminal identification information, and if the authentication is success, transmits encrypted software for the on-board terminal of which authentication was success to the communication terminal. The communication terminal transmits the encrypted software to the on-board terminal, and the on-board terminal obtains a software unique key, which is encrypted by the server-side terminal unique key by the server, via the communication terminal, decrypts the encrypted software using the software unique key, and installs it. | 01-08-2015 |
20150012751 | SYSTEM AND METHOD FOR SECURING AUTHENTICATION INFORMATION IN A NETWORKED ENVIRONMENT - This disclosure is directed to systems and methods for securely communicating authentication information in a networked environment such as one involving a client device, a cloud based computing platform, and an enterprise computing environment. Some embodiments may include encrypting, by a client device using a public key, authentication information provided by a user. The encrypted authentication information is sent to a cloud based service which then sends it to an on-premises component residing behind a firewall of an enterprise. The on-premises component decrypts the authentication information using a private key, validates the authentication information, and returns the result to the cloud based service over a network. If validated, the cloud based service establishes a secure connection between the client device and the on-premises component such that the user can access the enterprise's content without the enterprise having to share the authentication information with the cloud based service. | 01-08-2015 |
20150019869 | ONLINE IDENTIFICATION AND AUTHENTICATION - Systems and methods may provide for online identification and authentication. In one example, the method may include generating a credential to represent a relationship based on a common ground of authenticated communication between a first user and a second user, identifying the second user to the first user, authenticating the relationship of the second user to the first user, and initiating, upon authentication, a communication between the first user and the second user. | 01-15-2015 |
20150019870 | MASTER KEY GENERATION AND DISTRIBUTION FOR STORAGE AREA NETWORK DEVICES - Mechanisms are provided for generating a master key used to secure key objects associated with data blocks in a data center. A cryptographic node creation request is received. It is determined that a master key can not be obtained from another cryptographic node in the data center. A master key is generated. The master key is included in a key hierarchy used to encrypt a data center key object, the data center key object corresponding to a data block maintained in a storage area network (SAN), where the data center key object includes a unique identifier, an encrypted key, and a wrapper unique identifier. The master key is split into N shares, with M shares required to recreate the master key, wherein M is less than N. The N shares are distributed to different entities. | 01-15-2015 |
20150026473 | VERIFYING PRIVACY OF WEB REAL-TIME COMMUNICATIONS (WEBRTC) MEDIA CHANNELS VIA CORRESPONDING WEBRTC DATA CHANNELS, AND RELATED METHODS, SYSTEMS, AND COMPUTER-READABLE MEDIA - Verification of privacy of Web Real-Time Communications (WebRTC) media channels via corresponding WebRTC data channels, and related methods, systems, and computer-readable media are disclosed. In this regard, in one embodiment, a method for verifying privacy of a WebRTC media channel comprises establishing the WebRTC media channel between first and second WebRTC clients using a keying material. The method further comprises establishing a corresponding WebRTC data channel between the first and second WebRTC clients using the keying material, and negotiating, in the WebRTC data channel, a cryptographic key exchange. The method also comprises generating a first and a second Short Authentication String (SAS) based on the cryptographic key exchange in the WebRTC data channel. The method further comprises displaying the first SAS and the second SAS, such that a mismatch between the first SAS and the second SAS indicates an existence of a man-in-the-middle (MitM) attacker. | 01-22-2015 |
20150026474 | MANAGED AUTHENTICATION ON A DISTRIBUTED NETWORK - An authoritative computer network ( | 01-22-2015 |
20150026475 | SIMPLE NONAUTONOMOUS PEERING NETWORK MEDIA - A method of playing content across a network includes receiving, at a media player, an input from a user selecting media located on a network, sending a request across a network comprised of devices employing a common security protocol, the request to identify peer devices on the network, receiving a response across the network from a peer device, and accessing the media from a content memory of the peer device. A method of tracking valid peers on a secure media network, includes receiving, at a media player, an input from a user selecting media located on a peer device on the network, performing an authentication test of the peer player, determining if a latency associated with the peer player meets a criteria, and updating a latency log on the media player to include the peer player. A device has a content memory to store media content for playback, a network port arranged to allow the device to access a network, and a controller programmed to send a request through the network port to a network, the request being for a particular media content file, communicate with a peer device across the network to authenticate a communication session with the peer device, receive a response from the peer device indicating that the session has been authenticated, and access the media content file on a content memory on the peer device. | 01-22-2015 |
20150033016 | SYSTEMS AND METHODS FOR SECURING REAL-TIME MESSAGES - A first aspect of the invention includes a method of securing messages using multiple cryptographic algorithms that distributes the burden of computing a session key using a strong cryptographic algorithm while using the session key with a faster cryptographic algorithm to protect messages long enough to compute a new session key. Some embodiments can be improved by use of a non-repeating seed, slotted storage of session keys, or both. A second aspect of the invention is generally directed to an augmented multi-stage hash function, which can be used as the faster cryptographic algorithm. | 01-29-2015 |
20150033017 | Methods and Apparatuses for Electronic Message Authentication - Various methods are provided for facilitating the message recipient authentication using facial detection. One example method may include receiving a message. The message may include a plurality of encoded facial features that identify a message recipient. The method may further include causing an image to be captured of the message recipient in an instance in which the message is accessed. The method may also include authenticating the message recipient based on the captured image and the received plurality of encoded features provided with the received message. Similar and related example apparatuses and example computer program products are also provided. | 01-29-2015 |
20150033018 | SYSTEM FOR DETERMINING WHETHER CHARACTER STRING HAS BEEN ACCEPTED BY AUTOMATON - Provided is a server connectable to a client for input of a string and that has an automaton defining a subsequent state for transition for each state and each character. This server has a key chain generating unit for generating a key chain for each combination of index, character and state expressing the position of each character in a string, the key chain having encrypted keys for the next index corresponding to the subsequent state of transition from the current state in accordance with the character on the basis of the key corresponding to the current state, and a providing unit for communicating with a client and providing to the client a key chain corresponding to each inputted key among a set of key chains for each index in a state concealing the inputted characters from the client. | 01-29-2015 |
20150033019 | CRYPTOGRAPHIC COMMUNICATION SYSTEM, COMMUNICATION DEVICE, KEY DISTRIBUTION DEVICE, AND CRYPTOGRAPHIC COMMUNICATION METHOD - A cryptographic communication system constituted by a first communication device, and a second communication device that stores a master key serving as an encryption key, the cryptographic communication system being characterized in that said first communication device has a common key storing unit configured to store a key pair constituted by a first key serving as a common key used to communicate with said second communication device and a second key obtained by encrypting said first key by using said master key held by said second communication device, and also has a common key transmitting unit configured to transmit said second key to said second communication device, and said second communication device has common key obtaining unit configured to receive said second key and obtaining said first key by decrypting said received second key by using said master key. | 01-29-2015 |
20150033020 | Protocol for Controlling Access to Encryption Keys - A secure remote-data-storage system stores encrypted data and both plaintext and encrypted keys at a server, where data at the server is inadequate to recover the plaintext of the encrypted data; and stores at least one encrypted key at a client system. To decrypt the data, the client must obtain a copy of the encrypted data from the server, and a key to decrypt its locally-stored encrypted key. Once decrypted, the locally-stored key can be used to decrypt the encrypted data, or to decrypt an encrypted key from the server, which may then be used decrypt the encrypted data. | 01-29-2015 |
20150033021 | REMOTE ACCESS TO LOCAL NETWORK VIA SECURITY GATEWAY - Multiple protocol tunnels (e.g., IPsec tunnels) are deployed to enable an access terminal that is connected to a network to access a local network associated with a femto access point. A first protocol tunnel is established between a security gateway and the femto access point. A second protocol tunnel is then established in either of two ways. In some implementations the second protocol tunnel is established between the access terminal and the security gateway. In other implementations the second protocol tunnel is established between the access terminal and the femto access point, whereby a portion of the tunnel is routed through the first tunnel. | 01-29-2015 |
20150039890 | METHOD AND DEVICE FOR SECURE COMMUNICATIONS OVER A NETWORK USING A HARDWARE SECURITY ENGINE - A method, device, and system for establishing a secure communication session with a server includes initiating a request for a secure communication session, such as a Secure Sockets Layer (SLL) communication session with a server using a nonce value generated in a security engine of a system-on-a-chip (SOC) of a client device. Additionally, a cryptographic key exchange is performed between the client and the server to generate a symmetric session key, which is stored in a secure storage of the security engine. The cryptographic key exchange may be, for example, a Rivest-Shamir-Adleman (RSA) key exchange or a Diffie-Hellman key exchange. Private keys and other data generated during the cryptographic key exchange may be generated and/or stored in the security engine. | 02-05-2015 |
20150039891 | Secure Server on a System with Virtual Machines - A system, an apparatus and a method for providing a secure computing environment may be provided. In one aspect, an apparatus may comprise a communication port and a computer processor coupled to the communication port. The computer processor may be configured to initialize a hypervisor, establish a first virtual machine under control of the hypervisor and execute code for a secure zone on the first virtual machine. To execute code for the secure zone, the computer processor may be further configured to verify an administrative task and execute the administrative task, which may include: establish a connection with an administrator device, ensure that the administrator device is one of a set of intended administrator devices, receive a command through the connection with the administrator device and establish a second virtual machine under control of the hypervisor. The command may relate to executing a task on the second virtual machine. | 02-05-2015 |
20150039892 | ELECTRONIC KEY SYSTEM - In a network to which a plurality of electronic devices and a server are connected, an electronic key system controls locking and unlocking of ID information output of each electronic device. Each electronic device includes a switching device that locks or unlocks output of ID information of each electronic device. The server includes an availability changing unit and a management unit. The availability changing unit unlocks only one of the plurality of electronic devices and locks the other electronic devices. The management unit updates a state at which the locking of ID information output and the unlocking of ID information output are swapped between a pair of the electronic devices. | 02-05-2015 |
20150046713 | Systems, Methods, and Computer-Readable Media for Secure Digital Communications and Networks - Provided are system, methods, and computer-readable media for systems, methods, and computer-readable media for secure digital communications and networks. The system provides for secure communication between nodes through the use of a subscription between two nodes based on unique identifiers that are unique to each node, and communication between nodes without a subscription may be blocked. Additionally, secure communications between a node and a remote node are dynamically encrypted using asymmetric and symmetric encryption. The encryption algorithms and key lengths may be changed at each subsequent negotiation between a node and a remote node. | 02-12-2015 |
20150046714 | Extending data confidentiality into a player application - In a content protection scheme, and in response to a request for a content segment received by a server, the server generates and associates with the segment a message that confers entitlement to a session-specific key from which one or more decryption keys may be derived. The decryption keys are useful to decrypt the segment at runtime as it is about to be rendered by a player. Before delivery, the server encrypts the segment to generate an encrypted fragment, and it then serves the encrypted fragment (and the message) in response to the request. At the client, information in the message is used to obtain the session-specific key. Using that key, the decryption keys are derived, and those keys are then used to decrypt the received encrypted fragment. The decryption occurs at runtime. The approach protects content while in transit to and at rest in the client browser environment. | 02-12-2015 |
20150052358 | KEY GENERATION AND BROADCASTING - Embodiments provide techniques generating and managing encryption keys within a computing infrastructure. Embodiments provide a key publisher that generates and maintains key pairs in a list at a configurable interval. In addition, the key publisher publishes the list to other components within the computing infrastructure. Embodiments also provide a key consumer that downloads the list of encrypted key pairs and maintains an active window of keys to can be accepted from client devices that communicate sensitive data to the computing infrastructure. If the key consumer receives a key from a client device that is outside of the active window yet that corresponds to a future key pair in the list, the key consumer advances the active window towards the future key pair. | 02-19-2015 |
20150052359 | METHOD FOR ASYNCHRONOUSLY PROVISIONING KEYS FROM ONE SECURE DEVICE TO ANOTHER - The present invention relates to a method to securely and asynchronously provisioning keys from one source secure device to a target secure device through a key provisioning server for which the keys to be provisioned through the method remain unknown. | 02-19-2015 |
20150052360 | METHOD AND SYSTEM FOR PROVIDING ENHANCED DATA ENCRYPTION PROTOCOLS IN A MOBILE SATELLITE COMMUNICATIONS SYSTEM - An approach for improved security protocols in a mobile satellite system is provided. A remote terminal performs a key establishment function, including determination of a first encryption key for encrypting data for transmission over the satellite communications channels, and determination of an authentication key for authenticating entities communicating over the communications channels. The remote terminal receives a security mode command including a key indicator, and determines a second encryption key for enhanced session data security over communications channels. The second encryption key is determined based on the key indicator and a key generation algorithm. The remote terminal further determines a key indicator response and transmits a security mode complete command including the key indicator response to a satellite base station subsystem (SBSS). The key indicator response is constructed for the SBSS to determine the second encryption key based on the key indicator response and a key generation algorithm. | 02-19-2015 |
20150052361 | METHOD FOR SETTING UP AN ENCRYPTED CONNECTION BETWEEN TWO COMMUNICATION APPLIANCES FOLLOWING PRIOR KEY INTERCHANGE VIA A SHORTHAUL CONNECTION - In order to set up an encrypted communication link between two mobile appliances, it is proposed that the identification data and keys that are required therefor be interchanged in a one-off identification step and that, as part of the setup of the actual communication link, an unencrypted connection first of all be set up for reciprocal identification and then a connection encrypted with the initial interchanged keys be set up. | 02-19-2015 |
20150058629 | Processing Data Privately in the Cloud - While cloud services can offer processing from personal devices or synthesized data from multiple sources, many users prefer their data to remain private. According to some embodiments, private user data may be processed in the cloud without revealing the user identity to the cloud service provider. Only the user or an authorized agent of the user and the service's hardware platform have access to certain keys. The service application software and operating system only have access to encrypted data. | 02-26-2015 |
20150058630 | ELECTRONIC DEVICE AND METHOD FOR EXTRACTING ENCRYPTED MESSAGE - A method of an electronic device is provided. The method includes generating a key code by receiving a selection on at least one area from among areas of an image displayed, decrypting an encrypted message included in the image by using the generated key code, and determining whether to output the encrypted message by determining whether a hash code for the decrypted message is identical to a hash code for inputted text information. | 02-26-2015 |
20150058631 | CONTENT DISTRIBUTION SERVICE PROVIDING SYSTEM AND CONTENT DISTRIBUTION DEVICE AND USER TERMINAL DEVICE THEREOF - A content distribution device carries out distribution services of contents whose copyright protection is required via a communication line, to a user terminal device that enables to record contents to an information storage medium in which medium information is written, when receiving a content distribution request from the user terminal device, distributes a content list, and receives content selection information. At that moment, the content distribution device acquires the medium information from the user terminal device, sends this medium information to an encoded content key issuing device and receives an encoded content key based on the medium information concerned, and encodes contents by this encoded content key and distributes them to the user terminal device as distribution request source. The encoded content key is to be distributed at every viewing and/or listening request from the user terminal device, and when viewing and/or listening valid period expires, key distribution is stopped. | 02-26-2015 |
20150058632 | SYSTEM AND METHOD FOR AUTHENTICATING A COMMUNICATION DEVICE - A system that incorporates teachings of the present disclosure may include, for example, a communication device having a controller to transmit to a communication system a PKI certificate, and engage in encrypted communications responsive to receiving a public key from the communication system. The communication system can have a plurality of network elements that integrate operations of a circuit-switched communication network and a packet-switched communication network. Other embodiments are disclosed. | 02-26-2015 |
20150067333 | METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR UTILIZING PREDETERMINED ENCRYPTION KEYS IN A TEST SIMULATION ENVIRONMENT - Methods, systems, and computer readable media for utilizing predetermined encryption keys in a test simulation environment are disclosed. In one embodiment, a method includes generating, prior to an initiation of an Internet protocol security (IPsec) test session, a private key and a public key at a traffic emulation device and storing the private key and the public key in a local storage associated with the traffic emulation device. The method further includes retrieving, from the local storage, the private key and the public key upon the initiation of the IPsec test session between the traffic emulation device and a device under test (DUT) and generating a shared secret key utilizing the retrieved private key and a DUT public key received from the DUT. | 03-05-2015 |
20150067334 | DELIVERING DATA OVER A NETWORK - A method and system for storing and delivering content data over a network comprising receiving a request over a network for content data from a requester ( | 03-05-2015 |
20150067335 | TETHERED DEVICE SYSTEMS AND METHODS - Systems and methods are described for applying digital rights management techniques to tethered devices. In one embodiment, a host device is operable to translate a relatively sophisticated license into a simpler format for use on a relatively low-capability device. In another embodiment, a method of using extended SCSI commands to communicate over a USB connection is provided. | 03-05-2015 |
20150067336 | New Cryptographic Systems Using Pairing with Errors - Using the same mathematical principle of paring with errors, which can be viewed as an extension of the idea of the LWE problem, this invention gives constructions of a new key exchanges system, a new key distribution system and a new identity-based encryption system. These new systems are efficient and have very strong security property including provable security and resistance to quantum computer attacks. | 03-05-2015 |
20150067337 | Techniques to Classify Virtual Private Network Traffic Based on Identity - Techniques are provided for obtaining first and second digital certificates from a certificate authority database for establishing a secure exchange between network devices. The first digital certificate contains identity information of a first network device, and the second digital certificate contains classification information of the first network device. In one embodiment, a secure key exchange is initiated with the second network device, and the first and second digital certificates are transmitted as a part of the secure key exchange to the second network device. In another embodiment, the first and second digital certificates are received by an intermediate network device. The first digital certificate is encrypted and is not evaluated by the intermediate network device. The second digital certificate is evaluated for classification information of the first network device. Source information associated with the first network device is stored, and encrypted traffic is processed between the network devices. | 03-05-2015 |
20150067338 | Providing forward secrecy in a terminating SSL/TLS connection proxy using ephemeral Diffie-Hellman key exchange - An infrastructure delivery platform provides a proxy service as an enhancement to the TLS/SSL protocol to off-load to an external server the generation of a digital signature, the digital signature being generated using a private key that would otherwise have to be maintained on a terminating server. Using this service, instead of digitally signing (using the private key) “locally,” the terminating server proxies given public portions of ephemeral key exchange material to the external server and receives, in response, a signature validating the terminating server is authorized to continue with the key exchange. In this manner, a private key used to generate the digital signature (or, more generally, to facilitate the key exchange) does not need to be stored in association with the terminating server. Rather, that private key is stored only at the external server, and there is no requirement for the pre-master secret to travel (on the wire). | 03-05-2015 |
20150067339 | SINGLE-PASS DATA COMPRESSION AND ENCRYPTION - Embodiments compress and encrypt data in a single pass to reduce inefficiencies that occur from compression and encrypting data separately. Typically, compression and encryption are implemented in separate functional units. This has a few disadvantages: 1) encryption cannot make use of compression state to further secure the message, 2) processed data is read and written twice, 3) additional space, time, and resources are consumed, and 4) it is more prone to potential cipher-attacks since the encryption stage is independent from compression. Embodiments overcome these disadvantages by structuring these operations so that both compression and encryption is executed within the same processing loop. Thus: 1) encryption is stronger due to the dependence on the compression state, 2) I/O buffers are accessed only once reducing overhead, 3) system footprint is reduced, and 4) cipher analysis is more complex since the decryption process cannot be separated from the decompression process. | 03-05-2015 |
20150074406 | MEMORY DEVICE AND MEMORY SYSTEM - For authentication of the host device, the memory device is configured to output the encrypted second key information (FKB) to the host device, output the encrypted identification information (E-SecretID) to the host device, generate third third key information (Hkey) using information (HC) received from the host device and the first key information, generate a session key (Skey) using a random number (RN) received from the host device, and the third key information,
| 03-12-2015 |
20150074407 | FEDERATED AUTHENTICATION OF CLIENT COMPUTERS IN NETWORKED DATA COMMUNICATIONS SERVICES CALLABLE BY APPLICATIONS - A data processing method providing improved and efficient authentication of client computers by server computers, the method comprising: using authentication logic of a server computer, establishing a secure socket connection with a client computer; receiving, from the client computer, a request to use a communications service that is implemented at the server computer, and in response to the request, determining that the client computer is unauthenticated; providing a nonce value to the client computer; receiving from the client computer an encrypted identity token that includes the nonce and a user identifier, wherein the identity token has been encrypted using a provider computer and an encryption key of the provider computer, wherein the encryption key is known at the server computer; validating the identity token and obtaining the user identifier therein; creating and storing a session token that is uniquely associated with the client computer and that includes a session identifier, the user identifier, and a binding to the secure socket connection. | 03-12-2015 |
20150074408 | SYSTEM AND METHOD FOR CENTRALIZED KEY DISTRIBUTION - A system and method for distributing key pair credentials that includes receiving a public key message at a key master service, wherein the public key message originates from a first client application; associating a key identifier with the public key; storing the public key at the key master service indexed at least by a key identifier; receiving a request for a public key from an outside service, wherein the request specifies a key identifier; and responding to the request with a public key according to the key identifier. | 03-12-2015 |
20150074409 | SYSTEM AND METHOD FOR SECURELY STORING AND SHARING INFORMATION - A method for any community of interest to conduct secure exchange of encrypted data using a three-party security mechanism consisting of key masters, registries and cloud lockboxes. The registries establish unique identities, verify authenticity, and create directories of individuals, members, cloud lockboxes and other registries. The registries manage permissions lists communicated to the cloud lockboxes as well as detecting and halting anomalous activity. The key masters operated by members to manage keys for individuals, handle encryption and decryption and conduct key exchanges with other members. The cloud lockboxes manage file storage, retrieval and access control. Related application programming interfaces support multiple levels of integration and generate metadata specific to the needs of the community of interest. Community of interest establishes operating parameters including: selecting an encryption algorithm, establishing identity verification processes and selecting a security level. The design supports several other key features. | 03-12-2015 |
20150074410 | SYSTEM, PROCESSING DEVICE, COMPUTER PROGRAM AND METHOD, TO TRANSPARENTLY ENCRYPT AND STORE DATA OBJECTS SUCH THAT OWNERS OF THE DATA OBJECT AND PERMITTED VIEWERS ARE ABLE TO VIEW DECRYPTED DATA OBJECTS AFTER ENTERING USER SELECTED PASSWORDS - A cryptographic system makes everyday data objects, such as a document or conversation, unreadable to anyone other than the owner or those currently having permission to access the data objects. The cryptographic system is transparent by requiring no additional effort on the part of any user in the encryption/decryption process other than entering a user identifier and password. Each document is encrypted with a unique encryption key. Changes to data object access permissions are immediately honored and enforced by enabling or disabling access to certain decryption keys. Decryption of data objects requires information known only to the owner of the data object or those permitted to access the data object. This decryption information is not stored anywhere in the system. | 03-12-2015 |
20150074411 | ENHANCED SECURITY FOR DIRECT LINK COMMUNICATIONS - A method and apparatus for secure direct link communication between multiple wireless transmit/receive units (WTRUs) are disclosed. The WTRUs may exchange nonces that are used for generating a common nonce. Group identification information may be generated from at least the common nonce and is forwarded to an authentication server. The authentication server may generate a master key from the group identification information to match WTRUs as part of a key agreement group. The common nonce may be a session key and be refreshed during communication with the second WTRU. A group key encryption key (GKEK) and a group key confirmation key (GKCK) may also be generated based on the common nonce and used to encrypt and sign the master key so that base stations do not have access to the master key. A first WTRU may generate a group direct link temporal key (GDLTK) for communicating with the second WTRU. | 03-12-2015 |
20150082039 | NETWORK CONNECTION AUTOMATION - A computing resource service provider receives a request from a customer to establish a physical connection between a provider network device and a customer network device in a colocation center. Once the connection has been established, the customer may transmit cryptographic authentication information, through the physical connection, to the provider network device. The provider network device transmits this information to an authentication service operated by the computing resource service provider to verify the authenticity of the information. If the information is authentic, the authentication service may re-configure the provider network device to allow the customer to access one or more services provided by the computing resource service provider. The authentication service may transmit cryptographic authentication information to the customer to verify the identity of the computing resource service provider. | 03-19-2015 |
20150082040 | METHOD, INFORMATION SERVICE SYSTEM AND PROGRAM FOR INFORMATION ENCRYPTION/DECRYPTION - With a portal server, a request for information from a terminal of a second user that is an agent for a first user is received, and an encrypted data directed to a terminal of the first user, stored in an encrypted-data memory unit, is re-encrypted using a re-encryption key for the second user, stored in a first encryption-key memory unit, arid is transmitted to the terminal of the second user, with the terminal of the second user, the re-encrypted data received is decrypted using an encryption key for the second user, stored in a second encryption-key memory unit, and time keys specified by the terminal of the first user, related to a time-period during which browsing of the information is permitted. | 03-19-2015 |
20150082041 | MULTI - REPOSITORY KEY STORAGE AND SELECTION - System for performing a cryptographic operation, comprising a client system and a server system; said server comprising a multi-repository manager, repositories of cryptographic keys,a processor and a memory; and said client comprising a processor and a memory; wherein said two memories store computer executable instructions that, when executed, cause the client and the server to perform a method comprising: the client sending a request of the cryptographic operation to the server;the multi-repository manager obtaining a set of references to cryptographic keys allowed to the request from the repositories of cryptographic keys; the multi-repository manager establishing a cryptographic key referenced in said set of references as the cryptographic key to be used; the multi-repository manager requesting performance of the cryptographic operation to the repository wherein the cryptographic key to be used is stored; the multi-repository manager obtaining the result of the cryptographic operation from the repository that has performed the cryptographic operation; and the server sending the result of the cryptographic operation to the client. | 03-19-2015 |
20150089231 | SYSTEMS AND METHODS FOR ESTABLISHING AND USING DISTRIBUTED KEY SERVERS - Systems and methods in which multiple key servers operate cooperatively to securely provide authorization codes to requesting devices. In one embodiment, a server cloud receives a device authorization code request and selects an “A server”. The “A server” requests authorization from one or more “B servers” and authorizes the “B servers” to respond. The “B servers” provide authorization to the “A server”, and may provide threshold key inputs to enable decryption of device authorization codes. The “A server” cannot provide the requested device authorization code without authorization from the “B server(s)”, and the “B server(s)” cannot provide the requested server authorization code and threshold inputs without a valid request from the “A server”. After the “A server” receives authorization from the “B server(s)”, it can provide the initially requested device authorization code to the requesting device. | 03-26-2015 |
20150095649 | COMMUNITY OF INTEREST-BASED SECURED COMMUNICATIONS OVER IPSEC - A method and system for establishing secure communications between endpoints includes transmitting a first message including a token having one or more entries each corresponding to a community of interest associated with a user of the first endpoint and including an encryption key and a validation key associated with the first endpoint. The method includes receiving a second message including a second authorization token including one or more entries, each entry corresponding to a community of interest associated with a second user and including an encryption key and a validation key associated with the second endpoint. The method includes, for each community of interest associated with both users, decrypting an associated entry in the second authorization token to obtain the encryption key and validation key associated with the second endpoint. The method also includes generating a shared secret based on the key pair, transmitting a third message including the created key pair to the second endpoint, and initializing tunnel using the shared secret to derive encryption keys used for IPsec-secured communications between the endpoints. | 04-02-2015 |
20150100790 | PROTOCOL LINK LAYER - A link is a software abstraction that represents a direct connection between two CoCo nodes. The link layer detects the presence of neighboring devices and establishes links to them. A protocol abstraction layer converts data frames that arrive on network interfaces into packet objects used by the COCO Protocol Suite. | 04-09-2015 |
20150106623 | METHODS, SYSTEMS, AND DEVICES FOR HANDLING IMAGE DATA FROM CAPTURED IMAGES - Computationally implemented methods and systems include acquiring an image, wherein said image includes at least one representation of a feature of at least one entity, detecting a presence of a privacy beacon in the acquired image, wherein further image process operation on image data unrelated to detection of the presence of the privacy beacon is avoided prior to encryption of the acquired image data, said privacy beacon associated with the at least one entity, and encrypting the acquired image, through use of a unique device encryption key that is unique to a particular device. In addition to the foregoing, other aspects are described in the claims, drawings, and text. | 04-16-2015 |
20150106624 | Providing forward secrecy in a terminating TLS connection proxy - An infrastructure delivery platform provides a RSA proxy service as an enhancement to the TLS/SSL protocol to off-load, from an edge server to an external cryptographic server, the decryption of an encrypted pre-master secret. The technique provides forward secrecy in the event that the edge server is compromised, preferably through the use of a cryptographically strong hash function that is implemented separately at both the edge server and the cryptographic server. To provide the forward secrecy for this particular leg, the edge server selects an ephemeral value, and applies a cryptographic hash the value to compute a server random value, which is then transmitted back to the requesting client. That server random value is later re-generated at the cryptographic server to enable the cryptographic server to compute a master secret. The forward secrecy is enabled by ensuring that the ephemeral value does not travel on the wire. | 04-16-2015 |
20150106625 | Group Key Management and Authentication Schemes for Mesh Networks - According to one embodiment, techniques are provided to enable secure communication among devices in a mesh network using a group temporal key. An authenticator device associated with a mesh network stores a pairwise master key for each of a plurality of devices in a mesh network upon authentication of the respective devices. Using the pairwise master key, the authenticator device initiates a handshake procedure with a particular device in the mesh network to mutually derive a pairwise temporal key from the pairwise master key. The authenticator device encrypts and signs a group temporal key using the pairwise temporal key for the particular device and sends the group temporal key encrypted and signed with the pairwise temporal key to the particular device. | 04-16-2015 |
20150113276 | Distributing Keys for Decrypting Client Data - In some embodiments, a server can establish a session with a remote client. The server can generate a session key portion for the session and a client key portion for the remote client. The server can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key can be generated from a static key portion accessible by the server, the session key portion, and the client key portion. The server can associate the session key portion with the session. The session key portion is accessible by the server during the session. The server can delete the client key portion after providing the client key portion to the remote client. The server can obtain the client key portion from the remote client in response to determining that subsequent transactions during the session involve decrypting the encrypted client data. | 04-23-2015 |
20150113277 | Provisioning Devices For Secure Wireless Local Area Networks - Before establishing a connection between a first and a second devices, the first device determines whether a third device is a trusted or untrusted device. If it is a trusted device, the first device receives from the third device a public key and information indicating the public key of the second device; and, uses the public key by combining its own private key and the public key of the second device to generate a shared secret, and using the shared secret to communicate to the second device. Otherwise, the first device refrains from communications with the third device. Also, the second device combines its private key with the public key of the first device received from the trusted third device to generate the same shared secret, and uses the shared secret to provision the first device to access a secured wireless network provided by the second device. | 04-23-2015 |
20150113278 | BLACKBOX SECURITY PROVIDER PROGRAMMING SYSTEM PERMITTING MULTIPLE CUSTOMER USE AND IN FIELD CONDITIONAL ACCESS SWITCHING - A method, apparatus, article of manufacture, and a memory structure for securely providing data for use by a hardware device of a receiver. The method utilizes a product provisioning key (PPV) held secure from other entities that can be unlocked and used with a secret value securely and unchangeably stored in the hardware device. | 04-23-2015 |
20150113279 | METHOD FOR SECURE STORING AND SHARING OF A DATA FILE VIA A COMPUTER COMMUNICATION NETWORK AND OPEN CLOUD SERVICES - A computer implemented method, server computer and computer program for securely storing a data file via a computer communication network and open cloud services. The method includes: providing a user's computer with code for providing a unique user name; asking the user for a password; generating an asymmetric key pair having one public key and one private key; encrypting the private key via a hash of the password; generating a file-specific symmetric key specific for the data file; encrypting the data file via the file-specific symmetric key; encrypting the file-specific symmetric key via the public key; where the code is executed by a web browser on the computer; storing the encrypted file-specific symmetric key as a header part of the encrypted data file, and interacting with the file exchange interface of a cloud service which receives the encrypted data file, and storing the encrypted data file and header part. | 04-23-2015 |
20150113280 | COMPUTER PRODUCT, RECORDING MEDIUM, COMMUNICATIONS APPARATUS, AND COMMUNICATIONS METHOD - Improvement of the security of communication is facilitated. A server receives from an on-vehicle device, encrypted data obtained by encrypting ECU information using key information ( | 04-23-2015 |
20150121076 | SIMPLIFYING IKE PROCESS IN A GATEWAY TO ENABLE DATAPATH SCALING USING A TWO TIER CACHE CONFIGURATION - Computational complexity, specifically, cryptographic operations, is removed from the IKE(Internet Key Exchange) process in a VPN gateway appliance, thereby enabling scaling of the number of datapaths that can be managed by a single IKE process. A two-tier cache configuration enables necessary cryptographic operations on packets in the gateway but does so without placing additional computational burdens on the IKE process. One cache containing security association data is local to the IPSec component of the datapath instance. The second cache is higher level and is populated by IKE with security association data upon completion of IKE Phase 2 negotiations. The local cache is searched first for security policy data and if found is used to encrypt/decrypt the data packet. If not found locally, the IKE centralized cache is searched and if found, the local cache is updated with the security association data. | 04-30-2015 |
20150127946 | DATA PROTECTION IN A STORAGE SYSTEM USING EXTERNAL SECRETS - A system, method, and computer-readable storage medium for protecting a set of storage devices using a secret sharing scheme in combination with an external secret. An initial master secret is generated and then transformed into a final master secret using an external secret. A plurality of shares are generated from the initial master secret and distributed to the storage devices. The data of each storage device is encrypted with a device-specific key, and this key is encrypted using the final master secret. In order to read the data on a given storage device, the initial master secret reconstructed from a threshold number of shares and the external secret is retrieved. Next, the initial master secret is transformed into the final master secret using the external secret, and then the final master secret is used to decrypt the encrypted key of a given storage device. | 05-07-2015 |
20150127947 | COMMUNICATION SYSTEM, COMMUNICATION APPARATUS, COMMUNICATION METHOD, AND COMPUTER PROGRAM - A source apparatus and a conditional access apparatus are disclosed. The source apparatus may transmit a command to the conditional access apparatus. The conditional access apparatus may transmit a response to the command to the source apparatus. When a time elapsed between transmission of the command by the source apparatus and reception of the response by the source apparatus does not exceed a predetermined round trip time (RTT), a first authorization signal to permit the conditional access apparatus to decrypt encrypted content may be generated. Additionally, whenever a non-RTT condition is met, a second authorization signal to permit the conditional access apparatus to decrypt the content may be generated. | 05-07-2015 |
20150134959 | Instant Communication Method and System - An instant communication method comprises: (a) obtaining the fingerprint information of an instant communication receiving terminal, and performing identity authentication on the instant communication receiving terminal utilizing the fingerprint information at an instant communication transmitting terminal; (b) generating and encrypting audio and video information to obtain encrypted information at the instant communication transmitting terminal, after successful authentication of the instant communication receiving terminal; and (c) transmitting the encrypted information from the instant communication transmitting terminal to the receiving terminal, and receiving and decrypting the encrypted audio and video information at the receiving terminal to obtain and display the audio and video information. An instant communication system comprises an instant communication transmitting terminal. Therefore, the privacy of instant messages such as audio, video and the like can be ensured powerfully, and the communication security is greatly improved with the present invention. | 05-14-2015 |
20150134960 | DETERMINATION OF CRYPTOGRAPHIC KEYS - A first communication unit ( | 05-14-2015 |
20150134961 | A METHOD FOR IDENTIFYING POTENTIALLY MALICIOUS NETWORK ELEMENTS WITHIN A NETWORK USING CROSS-DOMAIN COLLABORATIVE DATA SHARING - A method for identifying potentially malicious network elements within a network is useable in a network which includes a plurality of domains administrated by different operators P1, . . . , Pn. In the method, a functional entity receives qualifying information regarding at least one network element that has been transmitted by at least some of the operators P1, . . . , Pn. The at least one network element is qualified as being potentially malicious. The functional entity provides at least one of an alarm information and an alarm activity based on a predefined number of the operators P1, . . . , Pn having transmitted the qualifying information regarding a same potentially malicious network element to the functional entity. | 05-14-2015 |
20150134962 | BIN ENABLED DATA OBJECT ENCRYPTION AND STORAGE APPARATUSES, METHODS AND SYSTEMS - The BIN ENABLED DATA OBJECT ENCRYPTION AND STORAGE APPARATUSES, METHODS AND SYSTEMS (“MBIN”) transforms bin creation requests, bin templates and unencrypted object storage inputs, using MBIN components, into encrypted object storage bins and encrypted bin objects. A method comprises the creation of encrypted object storage bins, the storage of encrypted bin objects, and an application framework that allows privileged applications to leverage the capabilities of and data stored in the encrypted object storage bins. | 05-14-2015 |
20150134963 | NODE DEVICE AND COMMUNICATION METHOD - A node device in a network system includes a memory and a processor. The node device is identified with a first value related to a first element and a second value related to a second element. The processor identifies a relay node device capable of cryptographic communications with the node device based on status information in the memory when a first common key is not shared by the node device and a first sharing destination node device not identified with the first value related to the first element and the second value related to the second element, and transmit to the relay node device a request for transfer of the first common key to the first sharing destination node device. | 05-14-2015 |
20150134964 | NODE DEVICE, COMMUNICATION METHOD AND NETWORK SYSTEM - A node device in a network system includes a memory and a processor. The node device is identified with a first value related to a first element and a second value related to a second element. The memory stores a first key corresponding to the first value, a second key corresponding to the second value, first information on a first range of values and second information on a second range of values, at least one of the first key and the second key being shared by at least three or more node devices in the network system. The processor communicates with one of at least three or more node devices indicated by the first value related to the first element and the second value related to the second element using one of the first key and the second key. | 05-14-2015 |
20150143123 | SYSTEMS AND METHODS FOR FUEL DISPENSER SECURITY - Systems and methods for fuel dispenser security are disclosed herein. In some embodiments, a user seeking access to a protected function of the fuel dispenser is presented with a challenge that is encrypted using a secret key that is unique to the fuel dispenser. To access the secured function, the user must obtain a session password from a server which authenticates the user, decrypts the challenge using a counterpart of the secret key, determines whether the user is authorized to access the secured function, and returns the session password extracted from the challenge only when the user is authorized. The server can thus control access to certain fuel dispenser functions according to a set of user access privileges. The challenge can also include additional information which can be used by the fuel dispenser and/or by the server to store a log of access activity. | 05-21-2015 |
20150143124 | SYSTEMS AND METHODS FOR FUEL DISPENSER SECURITY - Systems and methods for fuel dispenser security are disclosed herein. In some embodiments, a user seeking access to a protected function of the fuel dispenser is presented with a challenge that is encrypted using a secret key that is unique to the fuel dispenser. To access the secured function, the user must obtain a session password from a server which authenticates the user, decrypts the challenge using a counterpart of the secret key, determines whether the user is authorized to access the secured function, and returns the session password extracted from the challenge only when the user is authorized. The server can thus control access to certain fuel dispenser functions according to a set of user access privileges. The challenge can also include additional information which can be used by the fuel dispenser and/or by the server to store a log of access activity. | 05-21-2015 |
20150143125 | Key Derivation for a Module using an Embedded Universal Integrated Circuit Card - A module with an embedded universal integrated circuit card (eUICC) can include a received eUICC profile and a set of cryptographic algorithms. The received eUICC profile can include an initial shared secret key for authentication with a wireless network. The module can receive a key K network token and send a key K module token to the wireless network. The module can use the key K network token, a derived module private key, and a key derivation function to derive a secret shared network key K that supports communication with the wireless network. The wireless network can use the received key K module token, a network private key, and the key derivation function in order to derive the same secret shared network key K derived by the module. The module and the wireless network can subsequently use the mutually derived key K to communicate using traditional wireless network standards. | 05-21-2015 |
20150143126 | METHOD AND APPARATUS FOR ESTABLISHING A SECURITY ASSOCIATION - A method for establishing a security association between a client and a service node for the purpose of pushing information from the service node to the client, where the client and a key server share a base secret. The method comprises sending a request for generation and provision of a service key from the service node to a key server, the request identifying the client and the service node, generating a service key at the key server using the identities of the client and the service node, the base secret, and additional information, and sending the service key to the service node together with said additional information, forwarding said additional information from the service node to the client, and at the client, generating said service key using the received additional information and the base key. A similar approach may be used to provide p2p key management. | 05-21-2015 |
20150149779 | Secure Transmission of a Message - The embodiments relate to methods and apparatuses for producing secure transmission of a message. The methods are based on production of a basic key that is used for producing respective transmitter keys for a plurality of transmitters. For the ascertainment of the receiver keys by respective receivers, the basic key is transmitted to the receivers, which for their part are able to ascertain a receiver key for checking the integrity of the message from a respective transmitter on the basis of the basic key and an identifier for the transmitter. The receiver ascertains a cryptographic checksum, which, in the course of the integrity check, is compared with a cryptographic checksum that has been produced by the transmitter and sent along by the respective message. The embodiments may be used within the context of automation and sensor networks. | 05-28-2015 |
20150149780 | MEDIATOR DEVICE MONITORING AND CONTROLLING ACCESS TO ELECTRONIC CONTENT - Methods, systems and apparatuses for a mediator controlling access to an electronic content, are disclosed. One method includes receiving, by a mediator device of a mediator, a second share SK | 05-28-2015 |
20150149781 | AUTHENTICATED SESSION ESTABLISHMENT - Methods, devices, and machine-readable media are provided to provide secure communications between entities. As provided in this disclosure, this may include receiving a request to begin a new communication session, determining one or more desired parameters of the session, and determining whether the desired parameters of the message match proposed parameters provided by the entity requesting the new communication session. When the one or more proposed parameters match the one or more desired parameters, a secure communication session is established between the entities. | 05-28-2015 |
20150295713 | SYSTEM AND METHOD FOR AN EFFICIENT AUTHENTICATION AND KEY EXCHANGE PROTOCOL - Embodiments of systems and methods disclosed herein provide a simple and effective method for authentication and key exchange that is secure from man-in-the-middle attacks and is characterized by perfect forward secrecy. More specifically, in certain embodiments, the systems and methods are disclosed that enable secure communications between a local device and a remote device(s) via a protocol that uses a Central Licensing Authority that shares derived secrets with the endpoints, without sharing the secrets themselves. The derived secrets may be comprised of public information, taking the form of nonces, in order to protect the system against replay-style attacks. Each endpoint can generate its own nonce with sufficient entropy such that neither endpoint is dependent on the trustworthiness of the other. | 10-15-2015 |
20150295896 | METHOD AND APPARATUS FOR TRANSMITTING AN NFC APPLICATION VIA A SECURE CHANNEL INCLUDING A PROXY AND COMPUTING DEVICE - In a method for transmitting an NFC application, a secure channel is established by way of a proxy between a Trusted Service Manager and an NFC device via a computing device including the proxy and via an RFID reader being a part of the computing device. The NFC application received at the computing device from the Trusted Service Manager is channeled through the secure channel to the NFC device utilizing the proxy. | 10-15-2015 |
20150295904 | EARLY CONTENT ENGINE RECEIVER SYNCHRONIZATION - An HDCP receiver device that receives frames from an HDCP transmitter device. The receiver device has a frame counter that is updated for each frame that is received from the transmitter device and that includes encrypted content, while the receiver device is in a pre-authorization mode. During the pre-authorization mode, the receiver device does not decrypt any received frame bearing encrypted content. While the receiver device waits to transition from the pre-authorization mode to a post-authorization mode in which the receiver device can begin to decrypt any received frames that include encrypted content, the frame counter is updated for each frame received that includes encrypted content. In the post-authorization mode, the frame counter has a nonzero value if frames including encrypted content were received by the receiver device during the pre-authorization mode. | 10-15-2015 |
20150295908 | SYSTEMS AND METHODS FOR SECURING DATA USING MULTI-FACTOR OR KEYED DISPERSAL - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. A keyed information dispersal algorithm (keyed IDA) may also be used. The key for the keyed IDA may additionally be protected by an external workgroup key, resulting in a multi-factor secret sharing scheme. | 10-15-2015 |
20150296379 | Embedded Universal Integrated Circuit Card Supporting Two-Factor Authentication - A module with an embedded universal integrated circuit card (eUICC) can include a profile for the eUICC. The profile can include a first and second shared secret key K for authenticating with a wireless network. The first shared secret key K can be encrypted with a first key, and the second shared secret key K can be encrypted with a second key. The module can (i) receive the first key, (ii) decrypt the first shared secret key K with the first key, and (iii) subsequently authenticate with the wireless network using the plaintext first shared secret key K. The wireless network can authenticate the user of the module using a second factor. The module can then (i) receive the second key, (ii) decrypt the second shared secret key K, and (iii) authenticate with the wireless network using the second shared secret key K. The module can comprise a mobile phone. | 10-15-2015 |
20150304286 | SYMMETRIC KEY DISTRIBUTION FRAMEWORK FOR THE INTERNET - A method, device, and system are disclosed. In one embodiment the method includes receiving measured health information from a client on a key distribution server. Once the measured health information is received the server is capable of validating the measured health information to see if it is authentic. The server is also capable of sending a session key to the client when the measured health information is validated. When the client receives the session key, the client is capable of initiating an encrypted and authenticated connection with an application server in the domain using the session key. | 10-22-2015 |
20150304287 | SYSTEM AND METHOD FOR MERGING ENCRYPTION DATA WITHOUT SHARING A PRIVATE KEY - A method for data privacy in a distributed communication system including a plurality of client terminals merges encrypted streaming data using tree-like encryption key switching and without sharing any private keys in a distributed communication system. The merged data is then sent to client terminals to be further process by respective client terminals. | 10-22-2015 |
20150304302 | METHOD AND APPARATUS OF DETECTING WEAK PASSWORD - A method and an apparatus of detecting a weak password are disclosed The method comprises: receiving a password to be detected; acquiring an identity information set of a user of the password to be detected, the identity information set including a plurality of pieces of identity information of the user and associated users thereof; detecting whether identity information associated with the password to be detected exists in the identity information set; and determining that the password to be detected is a weak password if the identity information associated with the password to be detected exists in the identity information set. The technical solution of the present disclosure can detect whether a password to be detected is set up by a user using identity information thereof or identity information of a user who be closely associated therewith, thus determining whether the password to be detected is prone to cracking, and thereby further improving the security of the password of the user. | 10-22-2015 |
20150304306 | STORAGE SYSTEM AND METHOD OF STORING AND MANAGING DATA - A system for and method of storing data comprising: encoding a file into a plurality of fragments; retrieving storage configuration data from a data management store including data associated with a plurality of remote storage volumes, the storage configuration data comprising an indication of a predefined data transmission size corresponding to each remote storage volume; using the storage configuration data to identify a storage strategy associating each fragment with a remote storage volume, wherein using the storage configuration data includes using the indications of the pre defined data transmission sizes; packaging one or more fragments each associated with a common identified remote storage volume as identified by the storage strategy to form a data bundle; communicating the data bundle to the respective common identified remote storage volume associated with the fragments in the data bundle; and storing the fragments at that identified remote storage volume. | 10-22-2015 |
20150304320 | SECRET DATA MATCHING DEVICE, SECRET DATA MATCHING METHOD, AND RECORDING MEDIUM - A secret data matching device includes: a memory; and a processor coupled to the memory. The processor executes a process including: storing a first secret vector obtained by concealing first data and key data based on a first random number and a first linear combination of row vectors of a determination matrix which is different for each system including the secret data matching device and which is generated by attaching a random number vector as a last column to a matrix including diagonal components including a threshold value to determine whether the first data and second data are approximate to each other and a threshold value related to the key data; acquiring a second secret vector obtained by concealing the second data based on a second linear combination of row vectors of the determination matrix and a second random number. | 10-22-2015 |
20150312222 | DIGITAL ENCRYPTION SHREDDER AND DOCUMENT CUBE REBUILDER - A method of storing a document includes converting the document into a table of symbols and shredding the table into a plurality of randomly selected strips of symbols. The method further includes randomly selecting a plurality of storage locations and storing the strips of data in the plurality of locations. The method generates a key including pointers to the plurality of locations and encrypts the key. | 10-29-2015 |
20150312230 | APPARATUS AND METHOD FOR TRANSFERRING NETWORK ACCESS INFORMATION OF SMART HOUSEHOLD APPLIANCES - An apparatus and method for transferring network access information of smart household appliances are provided. The apparatus includes a detection unit for detecting whether a public IP address of an external interface of an indoor IP sharer has changed. An extraction unit is configured to, if the public IP address of the external interface has changed, extract network access information of a smart household appliance connected to an internal interface of the indoor IP sharer, the network access information being updated together with change in the public IP address. An encryption and generation unit encrypts the network access information using a pre-stored encryption key, and generates data to be transmitted to a smart grid service provider server using the encrypted information and an ID of a customer user. A transmission unit transmits the data generated by the encryption and generation unit to the smart grid service provider server. | 10-29-2015 |
20150312231 | SECURELY CONNECTING CONTROL DEVICE TO TARGET DEVICE - In an approach, a target computing device receives a pairing request from a controller computing device, the pairing request including controller credentials that were previously received by the controller computing device from an authentication server computer and encrypted under a service key. The target computing device forwards the pairing request to the authentication server, the authentication server computer being configured to return a pairing response based at least in part on the controller credentials. The target computing device receives the pairing which includes a shared secret encrypted under a target device key and the same shared secret encrypted under a controller key. The target computing device decrypts the shared secret encrypted under the target device key and forwards the shared secret encrypted under the controller key to the controller device. Using the decrypted shared secret, the target computing device establishes a secure connection to the controller computing device. | 10-29-2015 |
20150312233 | System and Method to Enable PKI- and PMI- Based Distributed Locking of Content and Distributed Unlocking of Protected Content and/or Scoring of Users and/or Scoring of End-Entity Access Means - Added - A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files. These are auditable, brokered, trusted-relationships where such relationships/digital agreements can each stand-alone (for privacy) or can leverage build-up of identity confidence levels across relationships. The service is agnostic to how encrypted user content is transported or stored. | 10-29-2015 |
20150312300 | METHOD AND APPARATUS FOR EXCHANGING BIDIRECTIONAL STREAMS OVER A CONTENT CENTRIC NETWORK - A data-streaming system facilitates establishing a bidirectional data stream over a content centric network (CCN). During operation, the system determines a first routable name prefix associated with a service provider to which the network device desires to establish the bidirectional streaming session. The system also generates a client stream name to provide to the service provider. The client stream name includes a second routable prefix to a local network device, and includes a client stream identifier for a first data stream from the service provider. The system then disseminates an Interest message whose name includes the first routable name prefix and the client stream name. After receiving a Content Object that includes the remote device's response, the system can then communicate with the service provider using a bidirectional stream over the CCN based on the client stream name and the provider stream name. | 10-29-2015 |
20150312763 | Security Authentication Method, Device, and System - A security authentication method, device, and system are provided. A first device and a second device perform security authentication by using a first mapping key and a second mapping key, where the first mapping key is generated according to an initial key of the first device and a first predetermined algorithm, the second mapping key is generated according to an initial key of the second device and the first predetermined algorithm. A device in embodiments of the present invention performs security authentication by using a mapped initial key, which can increase the difficulty for an attacker to acquire a key, thereby improving security of a wireless network connection. | 10-29-2015 |
20150318998 | METHODS AND SYSTEMS FOR CLIENT-ENHANCED CHALLENGE-RESPONSE AUTHENTICATION - Methods, systems and apparatus for performing client-server authentication using a device authentication and optional user authentication approach. In a device authentication stage, the client is unlocked to provide access to a cryptographic key used for authentication. In a user authentication stage, the user provides a personal data credential used to generate an additional cryptographic key. | 11-05-2015 |
20150319142 | DEVICE CONFIGURATION FOR SECURE COMMUNICATION - A method including generating a mapping in response to an enrollment message received from a customer device. The enrollment message includes a device identification number (device ID) of the customer device. The mapping includes a one-time password (OTP) encrypted using the device ID. The method includes generating a quick response (QR) code including a uniform resource locator (URL), a provider certificate (CRT), and certificate signing request (CSR) content. The method includes receiving a confirmation message at a website identified by the URL. The confirmation message includes a generated public key, a CSR, and a decrypted OTP. The method includes verifying the decrypted OTP against the mapping and communicating one or more application configuration settings. The method includes securely communicating information using the one or more application configuration settings, a provider public key, a provider private key, the generated public key, and a generated private key. | 11-05-2015 |
20150319143 | SECURE MOBILE APP CONNECTION BUS - A secure mobile application connection bus is disclosed. First encryption information and an identifier associated with a data storage location on a mobile device are provided from a first application to a second application. Second encryption information associated with the second mobile application is retrieved from the data storage location. The second mobile application is configured to provide data to the data storage location. Data is transferred securely between the first mobile application and the second mobile application via the data storage location. | 11-05-2015 |
20150319146 | System and Method for Security Key Transmission With Strong Pairing to Destination Client - Systems and methods for security key transmission with strong pairing to a destination client are disclosed. A security key may be generated by an on-chip key generator, an off-chip device, and/or software. A rule may then be paired with the security key and an address associated with the security key. The rule may define permissible usage by a destination module, which is defined by the associated address. The rule may comprise a command word, which may be implemented using a data structure associated with a permissible algorithm type, a security key size, and/or a security key source. | 11-05-2015 |
20150319149 | CRYPTOGRAPHIC METHOD AND SYSTEM FOR SECURE AUTHENTICATION AND KEY EXCHANGE - A method and algorithm of authentication between parties includes receiving a randomly generated binary string. A shared secret of the parties is combined with the randomly generated binary string to form a new binary string. A binary pair (A, B) is initiated; a first bit of the new binary string is read. A current value of B is added to A when the read bit is zero, and a current value of A is added to B when the read bit is one. A next bit of the new binary string is read. The steps of adding the current values and reading a next bit are repeated until all bits have been read. A resulting binary pair (A, B) is returned after all of the bits have been read. Ephemeral Diffie-Hellman public keys are securely exchanged between the parties. Challenge responses are exchanged and a session key is agreed upon. | 11-05-2015 |
20150319150 | DEVICE, METHOD, AND SYSTEM FOR SECURE TRUST ANCHOR PROVISIONING AND PROTECTION USING TAMPER-RESISTANT HARDWARE - A method and device for securely provisioning trust anchors includes generating a database wrapper key as a function of computing device hardware. The database wrapper key encrypts a key database when it is not in use by a trusted execution environment and may be generated using a Physical Unclonable Function (PUF). A local computing device establishes a secure connection and security protocols with a remote computing device. In establishing the secure connection, the local computing device and remote computing device may exchange and/or authenticate cryptographic keys, including Enhanced Privacy Identification (EPID) keys, and establish a session key and device identifier(s). One or more trust anchors are then provisioned depending on whether unilateral, bilateral, or multilateral trust is established. The local computing device may act as a group or domain controller in establishing multilateral trust. Any of the devices may also require user presence to be verified. | 11-05-2015 |
20150319151 | APPARATUS AND METHOD FOR SECURE DELIVERY OF DATA UTILIZING ENCRYPTION KEY MANAGEMENT - A device that incorporates the subject disclosure may perform, for example, receiving a derived encryption key from a remote management server without receiving a master key from which the derived encryption key was generated, applying a one-way function to the derived encryption key and a nonce to generate a temporary encryption key, obtaining data for transmission to a recipient device, encrypting the data using the temporary encryption key to generate encrypted data, and providing the encrypted data over a network to the recipient device. Other embodiments are disclosed. | 11-05-2015 |
20150319171 | OFF-HOST AUTHENTICATION SYSTEM - An off-host authentication system includes a network. An off-host processing system is coupled to the network and sends an encrypted authentication item through the network in response to validating a user. An authentication information handling system (IHS) is coupled to the network and receives the encrypted authentication item from the off-host processing system through the network, decrypts the encrypted authentication item to produce a decrypted authentication item, validates the decrypted authentication item, and sends an approval message through the network. A directory system is coupled to the network and receives the approval message through the network and, in response, sends a user approval through the network. A host processing system, which is located in a user IHS that includes the off-host processing system and which is coupled to the network, logs a user into the user IHS in response to receiving the user approval through the network. | 11-05-2015 |
20150326397 | HOST DEVICE AND AUTHENTICATION METHOD FOR HOST DEVICE - A first data generation unit generates identification key information (FKey) that may be decrypted from the identification key information (IDKey) using key management information (FKB) read from an authenticatee. A decryption unit decrypts encrypted secret identification information (E-SecretID) using the identification key information (FKey) to generate secret identification information (SecretID). A second data generation unit generates a first session key (Skey) using the first key information (Hkey) and a random number. A one-way conversion unit performs a one-way conversion process on the secret identification information (SecretID) using the generated first session key (SKey) to generate first one-way conversion data (Oneway-ID). | 11-12-2015 |
20150326400 | INFORMATION RECORDING DEVICE - A controller is provided with a controller key and a first controller identification information unique to the controller. The controller generates a controller unique key unique to a respective controller based on the controller key and the first controller identification information, and a second controller identification information based on the first controller identification information. A decryptor decrypts the encrypted medium device key using the controller unique key to obtain a medium device key. An authentication/key exchange process unit performs authentication/key exchange process with the host device through an interface unit using the medium device key and the medium device key certificate to establish the secure channel. | 11-12-2015 |
20150326544 | METHOD OF PROCESSING DATA IN DISTRIBUTED STORAGE SYSTEM - The invention relates to a method of processing data in a system including a first device (PC) able to require a second device to perform an operation on a datum, the first device storing both a private key and a public key, the second device being able to store at least one encrypted datum (A′) using the public key, characterized in that it includes:
| 11-12-2015 |
20150326545 | SECURE KEY ROTATION FOR AN ISSUER SECURITY DOMAIN OF AN ELECTRONIC DEVICE - Systems, methods, and computer-readable media for securely rotating keys for an issuer security domain of an electronic device are provided. In one example embodiment, an electronic device may include a communications component that receives encrypted issuer data from a commercial entity subsystem. The electronic device may also include a secure element that, inter alia, decrypts the encrypted issuer data with a first key that is stored in an issuer security domain of the secure element and stores a second key in the issuer security domain based on the decrypted issuer data. Additional embodiments are also provided. | 11-12-2015 |
20150326547 | METHOD FOR SECURE COMMUNICATION USING ASYMMETRIC & SYMMETRIC ENCRYPTION OVER INSECURE COMMUNICATIONS - Data may be protected using a combination of symmetric and asymmetric cryptography. A symmetric key may be generated and the data may be encrypted with the symmetric key. The symmetric key and a only a portion of the symmetrically encrypted data may then be encrypted with an asymmetric public key. The entire set of encrypted data, including the asymmetrically encrypted symmetric key, the doubly encrypted portion of data, and the remainder of the symmetrically encrypted data may then be sent to a remote device using insecure communications. | 11-12-2015 |
20150326569 | Secure information storage and retrieval apparatus and method - A user using a client computer registers with a server computer over a computer network by submitting a biometric scan of a body part of the user. The user commands the client computer to encrypt an electronic file. The client computer generates a private key, encrypts the electronic file and transmits the key to the server computer. The client computer saves the encrypted file. The encrypted file and the key are saved at different physical locations. The owner of the file is able to grant permission to other registered users to unlock the encrypted file. | 11-12-2015 |
20150326692 | TERMINAL DEVICE, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing method includes receiving a request for user data that is related to an external service, and retrieving the user data segments based on the request. The user data segments are then combined to generate the user data, which is then provided to the client device that requested the user data. After receiving the user data, the client device uses the user data to access the external service to which the data relates. | 11-12-2015 |
20150333907 | METHOD AND SYSTEM FOR ENCRYPTION OF BLOCKS OF DATA - A method for encryption of blocks of data ( | 11-19-2015 |
20150334093 | method for generating a key in a network and user on a network and network - A method for generating a key in a network. The network includes at least one first user and one second user having a secured communication link to one another, and a third user, to which a secured communication link is to be established. The first user and the third user each generate a first partial value sequence from properties of the transmission channel between the first user and the third user. The second user and the third user each generate a second partial value sequence from properties of the transmission channel between the second user and the third user. In a secured part of the network, which includes at least the first and the second user, but not the third user, the key is ascertained from at least the first partial value sequence of the first user and the second partial value sequence of the second user. The key is also generated in the third user from at least the first partial value sequence and the second partial value sequence. | 11-19-2015 |
20150334095 | SYSTEM AND METHOD FOR SECURING DATA EXCHANGES, PORTABLE USER OBJECT AND REMOTE DEVICE FOR DOWNLOADING DATA - The technical problem to be solved is securing data exchange between at least two connected devices, regardless of the device type. The present invention is intended for at least partially solving the disadvantages of the prior art by providing a data exchange system including devices connected therebetween, part of the secret information contained in the memory of the devices never being sent. The data is thus exchanged between the connected devices with complete security and complete integrity. | 11-19-2015 |
20150334096 | METHOD AND ARRANGEMENT FOR SECURE COMMUNICATION BETWEEN NETWORK UNITS IN A COMMUNICATION NETWORK - The invention relates to a first network unit (See) which comprises a secure hardware component (HK) for saving and running software. A second network unit (P) comprises a secure software component (SK) for saving and running software. A method for secure communication comprises: saving a first common secret, a first algorithm and a second algorithm on the network units; sending a first date from the second network unit to the first network unit; running the first algorithm on the first network unit and on the second network unit wherein the input is in each case formed by the second common secret and the first date; sending of a second date from the first network unit to the second network unit; running the second algorithm on the first network unit and on the second network unit; wherein the input is formed in each case by the second common secret and the second date; and use of the third common secret for a secure communication. | 11-19-2015 |
20150334097 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR SECURE PEER-TO-PEER TRANSACTIONS - A system, method, and computer program product are provided for secure peer to peer transactions. In use, a peer to peer secured transaction is initiated between a first device and a second device. A request is prepared with signed keys at the first device, and the request may be received at the second device. Next, signed keys at the second device are validated and a response is prepared with signed keys at the second device and sent to the first device. Further, the response is cleared via issuer/broker/clearing house at the first device. Lastly, a receipt is prepared and signed at the first device, and the signed receipt is sent to the second device. Additional systems, methods, and computer program products are also presented. | 11-19-2015 |
20150334121 | SYSTEM AND METHOD FOR COLLECTING AND STREAMING BUSINESS REVIEWS - The present invention generally relates to the collection and distribution of business reviews. Specifically, this invention relates to a system and method for collecting business reviews in a manner that improves the granularity of information that can be collected, allows for the needs of various different third-party review providers to be met, and prevents tampering and falsification of business reviews. Reviews with various levels of verification or validation are kept in a central database that can be accessed by multiple external business review providers. Review providers can choose which level of validation they find acceptable and use only reviews from the database that meet their requirements. | 11-19-2015 |
20150334562 | SYSTEM AND METHOD FOR ELECTRONIC KEY PROVISIONING AND ACCESS MANAGEMENT IN CONNECTION WITH MOBILE DEVICES - Novel systems and methods are disclosed for electronic key provisioning and access management in connection with mobile devices. The electronic keys can be time-denominated and event-denominated, thereby increasing the security and ease of use of access management for physical or virtual resources. The access management is granted in a protocol based on biometric features, contextual data, electronic keys, or a combination thereof. | 11-19-2015 |
20150341313 | COMPUTERIZED SYSTEM AND METHOD FOR DEPLOYMENT OF MANAGEMENT TUNNELS - Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, the use of PKI-authenticated serial numbers within network devices manufactured by a particular manufacturer enables one-step provisioning of one or more managed devices. A managed device is provisioned with the serial number of a management device manufactured by the particular manufacturer. When the managed device is installed within a network, the management device is located by the managed device with the assistance of a locator server and the managed device initiates establishment of an encrypted management tunnel with the management device. Prior to allowing the management device to use the management tunnel to perform management functionality in relation to the managed device, credentials of the management device are verified by the managed device by comparing the PKI-authenticated unique identifier of the management device to that which is stored within the managed device. | 11-26-2015 |
20150341326 | System And Method For A Practical, Secure And Verifiable Cloud Computing For Mobile Systems - Disclosed are systems and methods for delegating computations of resource-constrained mobile clients, in which multiple servers interact to construct an encrypted program representing a garbled circuit. Implementing the garbled circuit, garbled outputs are returned. Such implementations ensure privacy of each mobile client's data, even if an executing server has been colluded. The garbled circuit provides secure cloud computing for mobile systems by incorporating cryptographically secure pseudo random number generation that enables a mobile client to efficiently retrieve a result of a computation, as well as verify that an evaluator actually performed the computation. Cloud computation and communication complexity are analyzed to demonstrate the feasibility of the proposed system for mobile systems. | 11-26-2015 |
20150341332 | Privacy Enhanced Key Management For A Web Service Provider Using A Converged Security Engine - In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed. | 11-26-2015 |
20150341792 | NETWORK AUTHENTICATION SYSTEM WITH DYNAMIC KEY GENERATION - A network authentication system with dynamic key generation that facilitates the establishment of both endpoint identity, as well as a secure communication channel using a dynamically-generated key between two end devices (potentially on separate local area networks). An interactive or noninteractive authentication protocol is used to establish the identity of the target end device, and dynamic key generation is used to establish a shared symmetric session key for creating an encrypted communication channel between the end devices. | 11-26-2015 |
20150349952 | Systems and Methods for Controlling Media Distribution - Media file distribution is be controlled by encrypting the media file by an application executed on a mobile device of the media file owner. The media file is encrypted using a media file encryption key. The media file encryption key is then separately encrypted using a public key of each intended recipient, and the encrypted media file encryption key is appended to the encrypted media file. Accordingly, only intended recipients will have the complementary private key to allow decryption of the encrypted media file encryption key, which once decrypted can be used to decrypt the encrypted media file itself. | 12-03-2015 |
20150349953 | SERVER-CLIENT SECRET GENERATION WITH CACHED DATA - Technologies are provided for shared secret generation between a server and a client using cached data. In some examples, a server may send a number of encrypted secrets to a client that caches a number of data blocks previously provided by the server. Each of the encrypted secrets may be encrypted using a data block that may or may not be cached at the client. The client may then identify the encrypted secrets that correspond to data blocks in its cache and use those data blocks to recover those secrets. The client may then encrypt a message for the server using the recovered secrets. Upon reception of the message, the server may then recover the message using its knowledge of the data blocks cached at the client. | 12-03-2015 |
20150350072 | Apparatus and Method for Transmitting Data - An apparatus ( | 12-03-2015 |
20150350170 | Secure authentication of mobile users with no connectivity between authentication service and requesting entity - A method and system for secure authentication of a mobile device user in the absence of a connection between the authentication service and the entity that is requesting authentication. A mobile device scans and decodes a signal that is presented as a challenge whereby the mobile device obtains response requirements of the challenge. The mobile device transmits encrypted and signed response information to the authentication service for authentication, re-encryption and transmission to the presenting device as an encrypted, authenticated response to the initial challenge. | 12-03-2015 |
20150350172 | ENCRYPTION ON COMPUTING DEVICE - A first component of a cryptographic key is received from a user via a user interface of a user computing device. A second component of the cryptographic key is received via a short-range communication interface that communicatively couples the user computing device to a physically separate storage device. The cryptographic key is generated based at least on the first component and the second component. The cryptographic key is then used to encrypt and/or decrypt data. | 12-03-2015 |
20150350375 | Information Processing Method, Trusted Server, and Cloud Server - An information processing method, a trusted server, and a cloud server. The method includes acquiring user data of a user terminal, extracting summary information of the user data, where the summary information includes privacy information and non-privacy information of a user, generating a unique identifier (UID) for the privacy information, and transmitting the non-privacy information and the UID to a cloud server, so that the cloud server saves a correspondence between the non-privacy information and the UID. | 12-03-2015 |
20150358158 | SECURELY SHARING INFORMATION VIA A PUBLIC KEY-VALUE DATA STORE - In some embodiments, each client device in the network has a private key and a public key. For two client devices to securely exchange information, each computes a shared secret based on its own private key and the other's public key. The client devices use the shared secret to generate a shared secret key pair. The shared secret public key is used as a key by each client device to store data in a public key-value data store to share with the other client device. The shared data is signed using the shared secret key pair. The shared data may also be encrypted using the shared secret key pair. Each client device uses the shared secret public key to retrieve the data from the public key-value data store. Each client device uses the shared secret key pair to verify and decrypt the shared data. | 12-10-2015 |
20150358301 | Dynamic Configuration of Trusted Executed Environment Resources - Systems and methods for dynamic trusted execution environment (TEE) hardware configuration are provided. A key update message including key update information is received and authenticated for a key stored in the TEE of a mobile computing device. The stored key may define access to hardware resources of the mobile computing device. The hardware configuration for the stored key in the TEE may be changed based upon the key update information. | 12-10-2015 |
20150358302 | APPARATUS AND METHOD FOR SECURE TRANSMISSION AVOIDING DUPLICATE DATA - A first communication device determines whether an encryption key is stored in a first memory in association with an identifier of data requested to transmit, and transmits the identifier of data requested to transmit and the encryption key associated therewith to a second communication device, when it is determined that the encryption key is stored in the first memory in association with the identifier of data requested to transmit. The second communication device determines whether encrypted data is stored in a second memory in association with the identifier contained in data received from the first communication device, decodes, when it is determined that the encrypted data is stored in the second memory in association with the identifier contained in the received data, the encrypted data with the encryption key contained in the received data, and outputs the decoded data. | 12-10-2015 |
20150360932 | Systems and Methods for Fuel Dispenser Security - Systems and methods for fuel dispenser security are disclosed herein. In some embodiments, a user seeking access to a protected function of the fuel dispenser is presented with a challenge that is encrypted using a secret key that is unique to the fuel dispenser. To access the secured function, the user must obtain a session password from a server which authenticates the user, decrypts the challenge using a counterpart of the secret key, determines whether the user is authorized to access the secured function, and returns the session password extracted from the challenge only when the user is authorized. The server can thus control access to certain fuel dispenser functions according to a set of user access privileges. The challenge can also include additional information which can be used by the fuel dispenser and/or by the server to store a log of access activity. | 12-17-2015 |
20150365386 | CONCURRENT DEVICE CONTROL - Methods, systems, and devices for controlling a plurality of electronic devices are disclosed. An accessory device may monitor one or more frequency bands to capture data transmitted between two devices during a pairing process. The accessory device may utilize data to capture subsequent RF signals transmitted from one of the devices. The accessory device may then intercept commands and data from multiple devices, establish pairing relationships with computing devices, and operatively control computing devices in accordance with the intercepted commands. | 12-17-2015 |
20150365389 | AUTHENTICATION OF DEVICES HAVING UNEQUAL CAPABILITIES - A system authenticates in-vehicle electronic devices having unequal capabilities such as having varying different communication and processing capabilities. A Connected Vehicle Gateway portion of a selected in-vehicle device acts as an onboard authentication proxy and onboard key server functionality for other in-vehicle devices, and serves as an interface between an in-vehicle network and one or more associated external networks, thereby eliminating the need for explicit peer discovery protocol and the requirement of devices to perform key establishment with each individual communication peer. Instead, each in-vehicle device establishes the group keys as a result of its authentication with the onboard key server and uses the group keys to locally generate and update its session keys. The onboard key server selectively obtains the keys from one or more off-board authentication servers and distributes them to selected in-vehicle devices. | 12-17-2015 |
20150372990 | System and Method for Authorized Digital Content Distribution - A digital content distribution system uses a Digital Rights Management Controller that performs a set of arbitrary tests against the transfer request from one user to another such as user A to user B. Assuming these tests are successful, the DRM sends an encryption key to transferring user A. This encryption key E is taken from a table of encryption key/hash pairs which have been provided to the DRM Controller by an external authority such as the content rights holder. User A encrypts the content using they key provided by the DRM controller and then optionally calculates a hash over the encrypted form of the content E(X) and returns this value to the DRM Controller. On checking the returned hash against the hash from the table the DRM controller knows that user A does indeed have the digital content X in good condition. The DRM Controller then instructs both users A and B that the transfer may proceed. The encrypted form of the content E(X) is transferred from A to B. Once the content transfer has completed B ensures that the received content has been physically written to non-volatile storage (to account for crashes etc. during the next step). B then calculates a hash over the received content and returns this value to the DRM Controller. If this value matches the value previously given then the transfer has been successful and the DRM Controller updates whatever central records are appropriate, while also returning a decrypt key to B to allow it to decrypt the content. | 12-24-2015 |
20150372995 | ASSET GUARDIAN - An asset guardian system may comprise a server including a processor with memory and a database. The processor may be configured to receive asset information regarding a plurality of assets and update the database with the received asset information. A mobile device may be configured to change at least one of the assets from a disabled condition to an enabled condition in response to an asset code from the server. At least one of the plurality of assets may be configured to authenticate the asset code and register the asset code with the server thereby updating the asset information on the database. At least one of the plurality of assets may further be configured to be operatively paired with a respective socket. | 12-24-2015 |
20150372996 | SLOTTED MESSAGE ACCESS PROTOCOL FOR POWERLINE COMMUNICATION NETWORKS - A slotted message access protocol can be implemented for transmitting messages in a communication network. A beacon period may be divided into multiple communication slots. A master network device may register a first client network device and provide registration information to the first client network device. The registration information may include one or more encryption keys to allow the first client network device to securely transmit messages in the communication network. The client network device may use an encryption key associated with a second client network device to decrypt messages received from the second client network device. Furthermore, the first client network device may use a contention-based communication slot to request allocation of contention-free communication slots for subsequent transmissions. The master network device may temporarily allocate contention-free communication slots to the client network device for a specified duration. | 12-24-2015 |
20150372997 | DEVICE, SYSTEM AND METHOD PROVIDING DATA SECURITY AND ATTRIBUTE BASED DATA ACCESS IN PARTICIPATORY SENSING - Disclosed are devices, systems, and methods for securing data using attribute based data access. The data may correspond to a sensory environment, and the data is secured at the device. The device secures the data by segmenting the data into number of segments and defining an access policy, further submitting the access policy to a PKG of system for generating Access Tree having attributes at different level for accessing the data. These Access Trees are securely stored on the device using IBE mechanism. Further, the data after being secured, is uploaded to a system for analysis. At the system, an access request may be received for accessing the data. The access request further includes a request attribute, whereby the system verifies if the attribute satisfies the Access Policy. If the verification is positive, an access may be provided to the data accessor for accessing the data. | 12-24-2015 |
20150381572 | AUGMENTED REALITY BASED PRIVACY AND DECRYPTION - A method, non-transitory computer readable medium and apparatus for decrypting a document are disclosed. For example, the method captures a tag on an encrypted document, transmits the tag to an application server of a communication network to request a per-document decryption key, receives the per-document decryption key if the tag is authenticated, and decrypts a portion of the encrypted document using a temporary decryption key contained in the tag, the tag decrypted with the per-document decryption key. | 12-31-2015 |
20150381573 | Systems, Methods, and Computer-Readable Media for Secure Digital Communications and Networks - Provided are system, methods, and computer-readable media for systems, methods, and computer-readable media for secure digital communications and networks. The system provides for secure communication between nodes through the use of a subscription between two nodes based on unique identifiers that are unique to each node, and communication between nodes without a subscription may be blocked. Additionally, secure communications between a node and a remote node are dynamically encrypted using asymmetric and symmetric encryption. The encryption algorithms and key lengths may be changed at each subsequent negotiation between a node and a remote node. | 12-31-2015 |
20150381585 | CRYPTOGRAPHIC WEB SERVICE - A system that supports cryptographic web services is provided. A program running on program computing equipment may call a local cryptographic function. A web services interface such as a simple object access protocol interface on the program computing equipment makes a corresponding remote cryptographic function call to a web services interface such as a simple object access protocol interface at a cryptographic web service over a communications network such as the internet. At the cryptographic web service, a cryptographic engine implements cryptographic operations such as encryption and decryption operations. After successful authentication of the calling program, the cryptographic engine produces results for the remotely cryptographic function and returns the results to the program over the communications network. | 12-31-2015 |
20150381590 | Multi-tenant secure separation of data in a cloud-based application - Multi-tenant and single-tenant methodologies are blended into a single solution to provide cost savings of multi-tenancy along with data security and privacy of a single-tenant environment. The cloud infrastructure is partitioned to include a first set of servers, and a second set of servers. The first set of servers are dedicated to a first operation, such as data presentation, while the second set of servers are dedicated to a second operation, such as data processing. The first set is operated in a multi-tenant operating mode, while the second set is operated in a single-tenant operating mode. Thus, the first set is available for general use, presenting data from any of the server(s) in the second set. The second set, in contrast, is dedicated to individual tenants. Preferably, each tenant has dedicated server(s) in the second set, which functions like a traditional, single-tenant environment providing inherent security and privacy guarantees. | 12-31-2015 |
20150381592 | CRYPTOGRAPHY AND KEY MANAGEMENT DEVICE AND ARCHITECTURE - A method for operating a secure device having a plurality of mutually exclusive circuit zones, including a first circuit zone having a first level of security and a second circuit zone having a second level of security less than the first level of security, the method including unpacking a key exchange package including receiving a key exchange package in the second circuit zone, the key exchange package including encrypted key data and processing the encrypted key data using a content key in the first circuit zone to generate decrypted key data and storing the decrypted key data in the first circuit zone without disclosing the decrypted key data into the second circuit zone. | 12-31-2015 |
20150381716 | METHOD AND SYSTEM FOR SHARING FILES OVER P2P - A method of sharing files over Peer-to-Peer (P2P) is provided. The method includes transmitting, at a transmitter terminal, sharing registration information for sharing at least one file with another terminal, receiving, at the transmitter terminal, a virtual link as a response to the sharing registration information, sharing, at the transmitter terminal, the virtual link, receiving, at the transmitter terminal, a sharing request signal from a receiver terminal accessing the transmitter terminal via the virtual link and transmitting, at the transmitter terminal, the at least one file to the receiver terminal as a response to the sharing request signal. | 12-31-2015 |
20160006565 | ID-BASED CONTROL UNIT-KEY FOB PAIRING - A key fob includes a transceiver to send and receive signals, a memory to store a key fob identification (KFID), and a processor coupled to said transceiver and memory. The processor is to execute, along with a pairing device, an identification (ID) authenticated key agreement protocol based on the KFID to authenticate a pairing device and to generate a common secret encryption key known only by the processor and the pairing device. The Processor receives a control unit identification (CUID) encrypted by the pairing device with the common secret encryption key, execute along with the control unit associated with the CUID an ID authenticated key agreement protocol based on the CUID to authenticate the control unit, generates a second common secret encryption key known only by the processor and the control unit, and receives an operation key encrypted by the control unit with the second common secret encryption key. | 01-07-2016 |
20160006726 | USING COOKIES TO IDENTIFY SECURITY CONTEXTS FOR CONNECTIONLESS SERVICE - A mobility management entity (MME) receives a request for a key to establish a security context for communication between a base station and a user equipment in response to the user equipment requesting connectionless service with the base station. In response to receiving the request, the MME transmits a cookie to identify the security context stored by the base station. | 01-07-2016 |
20160006735 | SYSTEMS AND METHODS OF DEVICE AUTHENTICATION INCLUDING FEATURES OF CIRCUIT TESTING AND VERIFICATION IN CONNECTION WITH KNOWN BOARD INFORMATION - A method and system for authenticating a device, board, assembly or system includes obtaining or processing test/scan information provided via extraction of ECID or other unique identifying information regarding a board. | 01-07-2016 |
20160013934 | VEHICLE SOFTWARE UPDATE VERIFICATION | 01-14-2016 |
20160013935 | SECURE SESSION CAPABILITY USING PUBLIC-KEY CRYPTOGRAPHY WITHOUT ACCESS TO THE PRIVATE KEY | 01-14-2016 |
20160014101 | SYSTEM AND METHOD FOR SECURE MESSAGING IN A HYBRID PEER-TO-PEER NETWORK | 01-14-2016 |
20160014131 | NETWORKED ACCESS CONTROL SYSTEM | 01-14-2016 |
20160021066 | ENCRYPTION KEY UPDATES IN WIRELESS COMMUNICATION SYSTEMS - In an aspect, a wireless communication between a transmitter and a receiver involves determining updated keys according to a key management process for MAC layer encryption. Such key is propagated to a transmitter MAC and though a receiver key management process to a receiver MAC. After a delay, transmitter MAC device begins using the updated key, instead of a prior key, for payload encryption. Receiver MAC continues to use the prior key until a packet that was accurately received fails a message integrity/authentication check. Then, the receiver MAC swaps in the updated key and continues to process received packets. The packet data that failed the message integrity check is discarded. Transmitter MAC retries the failed packet at a later time, and if the packet was accurately received and was encrypted by the transmitter MAC using the updated key, then the receiver will determine that the message is authentic and will receive it and acknowledge it. | 01-21-2016 |
20160021075 | EFFICIENT KEY GENERATOR FOR DISTRIBUTION OF SENSITIVE MATERIAL FROM MULTIPLE APPLICATION SERVICE PROVIDERS TO A SECURE ELEMENT SUCH AS A UNIVERSAL INTEGRATED CIRCUIT CARD (UICC) - A method provides end-to-end security for transport of a profile to a target device (e.g., a mobile computing device) over at least one communications network that includes a plurality of nodes. In accordance with the method, the profile is encrypted for transport between the target device and an initial node of the network through which the profile is transported. The encryption is an end-to-end inner layer encryption performed prior to hop-to-hop encryption. The encrypting uses a public key of a public, private key pair. The private key is derivable from a seed securely provisioned in the target device using a public key algorithm. The encrypted profile is transmitted over the communications network to the target device. | 01-21-2016 |
20160021076 | ELECTRONIC COMMUNICATION SYSTEM AND METHOD FOR COMMUNICATION OF THE SAME IN AN OPEN ENVIRONMENT - An electronic communication system and a method allowing communication to be performed in an open environment are provided for a server to authenticate a user that has no account with the server and to allow the user to perform operations with the server. Users having accounts with different servers in different electronic communication systems may authenticate each other and then communicate with common communication protocols across different application systems. An inviter may invite an invitee to access the inviter's resources saved on a server that the invitee has no account with. Other than the inviter and invitee, no one including the server can access the inviter's resources. | 01-21-2016 |
20160021078 | OPTIMIZING SECURE COMMUNICATIONS BETWEEN A CLIENT AUTHENTICATING SERVER AND A MOBILE CLIENT - Systems and techniques are described for optimizing secure communications. Specifically, a first intermediary and a second intermediary can split-terminate a secure connection handshake or a handshake renegotiation between two computing devices. The first and second intermediaries can then optimize secure communications between the two computing devices. | 01-21-2016 |
20160021079 | Sending Encrypted Data to a Service Provider - Sending encrypted data to a service provider includes exchanging an encryption key between an entity and a service provider without retaining the encryption key and while hiding an identity of said entity from the service provider and forwarding encrypted data based on the encryption key to the service provider from the entity while hiding the identity of the entity from the service provider. | 01-21-2016 |
20160021101 | METHOD FOR BACKING UP A USER SECRET AND METHOD FOR RECOVERING A USER SECRET - A method for backing a user secret and recovering a user secret. A set of mandatory trustees possessing a public key and a set of non-mandatory trustees possessing a public key are determined. A predetermined limit value of a number of partitions necessary for recovering the secret is selected by the user. A number of primary partitions equal to the number of mandatory trustees is generated in response to the determination that the set of non-mandatory trustees is empty. A number of primary partitions equal to the number of mandatory trustees plus one is generated in response to the determination that the set of non-mandatory trustees is not empty. Each partition is encrypted using the public key of the corresponding trustee and each encrypted partition is stored in a server. | 01-21-2016 |
20160028539 | KEY MANAGEMENT METHOD AND SYSTEM - Disclosed are a key management method and system. A master key is remotely downloaded to avoid the problem that the master key is not issued to a merchant until the master key needs be downloaded on a POS terminal, so as to reduce logistics costs and maintenance costs. When a key is remotely downloaded, a KMS system uses a symmetric algorithm to encrypt the key to be transmitted to ensure that the encrypted key can only be decrypted by a corresponding POS terminal, thereby ensuring the security of data transmission. During bidirectional authentication, an application program of the POS terminal can only contact an encrypted text form of the key instead of a plain text key needing to be remotely downloaded to the POS terminal, thereby ensuring security in reproduction. | 01-28-2016 |
20160028700 | METHOD AND SYSTEM FOR DIGITAL RIGHTS MANAGEMENT OF DOCUMENTS - A method and system for transmission of digital content via e-mail with point of use digital rights management is disclosed. The secured access rights to the digital content may be customized for individual recipients by the sender, and may evolve over time. The access rights are enforced according to a time-dependent scheme. A key server is used to arbitrate session keys for the encrypted content, eliminating the requirement to exchange public keys prior to transmission of the digital content. During the entire process of transmitting and receiving e-mail messages and documents, the exchange of cryptographic keys remains totally transparent to the users of the system. Additionally, electronic documents may be digitally signed with authentication of the signature. | 01-28-2016 |
20160036784 | CONTROLLING WRITE ACCESS TO A RESOURCE IN A RELOAD NETWORK - Methods and apparatus for controlling write access by one or more accessing nodes to a resource within a Resource Location And Discovery, RELOAD, network. The methods and apparatus configured to: at a node owning the resource, obtain a public key of a peer responsible for the resource, encrypt a write key using the obtained public key and send the encrypted write key to the peer responsible for the resource; at the peer responsible for the resource, decrypt the write key; at an accessing node, sign data to be written to the resource using the write key and send a request to the peer responsible for the resource to write the signed data to the resource; and at the peer responsible for the resource, control write access to the resource based on the decrypted write key and the signed data. | 02-04-2016 |
20160036789 | SECURE HOST AUTHENTICATION USING SYMMETRIC KEY CRYTOGRAPHY - Methods of securely authenticating a host to a storage system are provided. A series of authentication sessions are illustratively performed. Each of the authentication sessions includes the host transmitting an authentication request to the storage system. The storage system authenticates the host based at least in part upon a content of the authentication request. After each successful authentication of the host to the storage system, an encryption key that was utilized in encrypting the authentication request that was transmitted to the storage system is deleted. After each encryption key deletion, a new encryption key that is different than the previous key is optionally stored and is utilized in the next authentication session. | 02-04-2016 |
20160036791 | SYSTEM AND METHOD FOR WIRELESS DATA PROTECTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change. | 02-04-2016 |
20160036793 | KEY DOWNLOADING METHOD, MANAGEMENT METHOD, DOWNLOADING MANAGEMENT METHOD, DEVICE AND SYSTEM - Disclosed is a key downloading method. The method comprises: sending a hardware series number (SN) and a first random number (Rnd | 02-04-2016 |
20160036813 | EMULATE VLANS USING MACSEC - Emulating virtual local area networks (VLAN)s using media access control security (MACsec) can include a network controller to provision a first client device of a plurality of client devices within a network with a MACsec key associated with a MACsec flow. The network controller can provision a second client device with the MACsec key associated with the MACsec flow to emulate a VLAN with secure communication between the first and the second client devices. | 02-04-2016 |
20160036814 | WIRELESS FIRMWARE UPDATES - Disclosed are methods and devices for securely updating firmware of locking devices. One method includes receiving a lock identifier from a locking device; determining that the lock identifier is associated with a user profile by comparing the lock identifier to a set of lock identifiers; receiving a firmware update packet from a server, wherein the firmware packet is encrypted by a lock key; transmitting the firmware update packet to the lock; decrypting the firmware update using the lock key; validating the encrypted firmware update; and installing the firmware update. | 02-04-2016 |
20160037347 | METHOD FOR GRANTING A PLURALITY OF ELECTRONIC COMMUNICATION DEVICES ACCESS TO A LOCAL AREA NETWORK - Method for granting a plurality of electronic communication devices access to a local area network (LAN) via an access point using a single cryptographic key to secure communications exchanged through the LAN. The method comprising an activation phase performed once at initialization of the LAN and an operating phase wherein the electronic communication devices accesses the LAN. The activation phase comprising: providing the cryptographic key in a digital form by the access point; transferring the cryptographic key to a master device, switching the access point into a secure mode in which any further communication with the access point is secured with the cryptographic key. The operating phase comprising: transferring the cryptographic key from the master device to the electronic communication devices. The cryptographic key is converted from its digital form into a graphic form and then transferred in the graphic form to the electronic communication devices during the operating phase. | 02-04-2016 |
20160043871 | Wireless Connections to a Wireless Access Point - A method and apparatus for establishing a wireless connection. A digital certificate having a second name is obtained by a processor unit in response to receiving a selection of a network using a first name broadcast by a wireless access point. A determination is made by the processor unit as to whether the digital certificate is valid. A determination is made by the processor unit as to whether the second name in the digital certificate matches the first name broadcast by the wireless access point. The processor unit establishes the wireless connection to the wireless access point in response to the digital certificate being valid and the second name in the digital certificate matching the first name broadcast by the wireless access point. | 02-11-2016 |
20160044007 | METHOD AND DEVICE FOR ESTABLISHING SESSION KEYS - A method and a device for setting up a session key between a source entity and a target entity in a communication network comprises a plurality of communicating entities. The method, which relies on the use of symmetrical cryptographic primitives, provides each entity in the session with protection against denial of service attacks by setting up a session in four or five message exchanges. | 02-11-2016 |
20160044009 | Method and Apparatus for MoCA Network With Protected Set-Up - Systems and methods are disclosed for securing a network, for admitting new nodes into an existing network, and/or for securely forming a new network. As a non-limiting example, an existing node may be triggered by a user, in response to which the existing node communicates with a network coordinator node. Thereafter, if a new node attempts to enter the network, and also for example has been triggered by a user, the network coordinator may determine, based at least in part on parameters within the new node and the network coordinator, whether the new node can enter the network. | 02-11-2016 |
20160044010 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM - There is provided an information processing system, information processing apparatus, and a method of controlling the same. Upon receiving an encrypted application and encrypted license information, the information processing apparatus decrypts the encrypted license information and the encrypted application. It is determined whether or not the decrypted application is a web application, and in the case where the application is determined to be a web application, a URL contained in the application and information contained in the license information are registered, and a display item corresponding to the application is displayed in a menu screen. | 02-11-2016 |
20160050067 | SYSTEM AND METHOD FOR SHARED KEY AGREEMENT OVER UNTRUSTED COMMUNICATION CHANNELS - A method of generating cryptographic keys includes generating, with a first processor in a first computing device, error correction data corresponding to first sensor data that are stored in a memory, generating a first cryptographic key with reference to a first hashed value of the first sensor data, generating a first message authentication code (MAC) with reference to the first cryptographic key and the error correction data, and transmitting with a first I/O device in the first computing device the error correction data and the first MAC through a communication channel to a second computing device. The transmitted data enable the second computing device to generate a second cryptographic key with reference to second sensor data. | 02-18-2016 |
20160050184 | METHOD FOR SECURE E-MAIL EXCHANGE - The invention relates to a secure telecommunication method for communicating information in an e-mail between a telecommunication device of a first user and a telecommunication device of a second user. The method comprises the steps of:
| 02-18-2016 |
20160050188 | SYSTEMS AND METHODS FOR PROTECTING INTERNET ADVERTISING DATA - Systems and methods are disclosed for protecting user privacy in, for example, online advertising environments. The method includes receiving data related to a user in a first communication session between a host server and a client device, and generating a user profile associated with the user. The method further may include encrypting the user profile to produce encrypted user profile data and generating a decryption key for decrypting the encrypted user profile data. Thereafter, either the decryption key or a portion of the encrypted user profile data may be transmitted to the client device and then deleted from host server before ending the first communication session. The method further may include establishing a second communication session between the host server and the client device and retrieving the transmitted content. Then targeted advertising may be provided by decrypting the encrypted user profile data. | 02-18-2016 |
20160050562 | MACHINE-TO-MACHINE CELLULAR COMMUNICATION SECURITY - Facilitating authentication on communication between a mobile terminal and a server is achieved. The communication is made through a Serving GPRS Support Node (SGSN) of a network in which the mobile terminal is operating. A Home Public Land Mobile Network (PLMN) of the mobile terminal generates a ciphering key for encryption of packet-switched data between the mobile terminal and the server. As part of a message from a network entity in the Home PLMN to the SGSN in which the SGSN expects to receive the ciphering key, alternative data is communicated in place of the ciphering key. Secure communication between the mobile terminal and the server is performed by applying encryption using a ciphering key generated by a network entity in a Home PLMN of the mobile terminal in messages between the mobile terminal and the server. | 02-18-2016 |
20160056956 | SYSTEMS AND METHODS FOR SECURE WORKGROUP MANAGEMENT AND COMMUNICATION - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser. | 02-25-2016 |
20160057114 | CRYPTOGRAPHIC COMMUNICATION DEVICE, CRYPTOGRAPHIC COMMUNICATION METHOD, AND NON-TRANSITORY STORAGE MEDIUM STORING PROGRAM - When a device is connected to a home gateway, if a common connection method is selected, a not-high-security connection method is inevitably selected even for a connection of a high-capability device. In a cryptographic communication system according to the present disclosure, it is possible to select a high-security connection method taking into account a processing capability of the device. Furthermore, the connection method is allowed to be updated and thus when the security level of the connection method hitherto selected is imperiled, the connection method may be updated so as to maintain a high security level. | 02-25-2016 |
20160057117 | SYSTEM AND METHOD FOR MANAGING SECURE COMMUNICATIONS IN AN AD-HOC NETWORK - The present invention provides a system and method for managing secure communications in an ad-hoc network having three or more users including a first user, a second user and a third user. Each user is associated with at least one communication device, and has a set of keys associated with the user for managing secure communications between the at least one communication device of the user and the at least one communication device of another one of the three or more users. Each set of keys includes a private key and a public key, where the public key is shared with the communication device of the other ones of the three or more users with which the user has been authenticated, and the private key is used to decrypt communications encrypted using the corresponding public key from the same set of keys. When the second user of the three or more users has been authenticated by the first user, in addition to receiving the associated public key of the second user, the first user receives a value defining a share authority level, which defines the authority of the first user relative to the second user to provide peer key sharing with the third user. | 02-25-2016 |
20160057118 | COMMUNICATION SECURITY SYSTEM AND METHOD - A communication security system includes a secure communication application module and a chip module. The communication security system is installed in a mobile device. Accordingly, the communication security system of the present invention allows mobile devices of users to encrypt and decrypt communication data between the users. A communication security method includes the steps of generating keys, requesting a key exchange by a first mobile device, receiving a key exchange by a second mobile device, receiving a key exchange by the first mobile device, activating a key by the second mobile device, activating a key by the first mobile device, and starting secure communication between the first and second devices. Thus, the encrypted communication can avoid theft and unauthorized falsification. | 02-25-2016 |
20160057119 | METHOD AND APPARATUS FOR SECURE DELEGATION OF COMPUTATION - A method for delegating a computational burden from a computationally limited party to a computationally superior party is disclosed. Computations that can be delegated include inversion and exponentiation modulo any number m. This can be then used for sending encrypted messages by a computationally limited party in a standard cryptographic framework, such as RSA. Security of delegating computation is not based on any computational hardness assumptions, but instead on the presence of numerous decoys of the actual secrets. | 02-25-2016 |
20160057120 | SYSTEM AND METHOD TO ENABLE PKI- AND PMI- BASED DISTRIBUTED LOCKING OF CONTENT AND DISTRIBUTED UNLOCKING OF PROTECTED CONTENT AND/OR SCORING OF USERS AND/OR SCORING OF END-ENTITY ACCESS MEANS - ADDED - A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files. These are auditable, brokered, trusted-relationships where such relationships/digital agreements can each stand-alone (for privacy) or can leverage build-up of identity confidence levels across relationships. The service is agnostic to how encrypted user content is transported or stored. | 02-25-2016 |
20160065376 | VIRALLY DISTRIBUTABLE TRUSTED MESSAGING - Technologies for utilizing trusted messaging include a local computing device including a message client and a local trusted message module established in a trusted execution environment. The local trusted message module performs attestation of a remote computing device based on communication with a corresponding remote trusted message module established in a trusted execution environment of the remote computing device. The local trusted message module further exchanges, with the remote trusted message module, cryptographic keys in response to successful attestation of the remote computing device. The message client forwards outgoing messages to the local trusted message module and receives incoming messages from the local trusted message module. To securely transmit an outgoing message to the remote computing device, the local trusted message module receives the outgoing message from the message client, encrypts the outgoing message, and cryptographically signs the outgoing message, prior to transmittal to the remote trusted message module of the remote computing device. To securely receive an incoming message from the remote computing device, the local trusted message module receives the incoming message from the remote trusted message module of the remote computing device, decrypts the incoming message, and verifies a cryptographic signature of the incoming message, based on the exchanged cryptographic keys and prior to transmittal of the incoming message to the message client. | 03-03-2016 |
20160065540 | Shared Data Encryption and Confidentiality - Embodiments of the invention relate to deduplication and compression on data performed downstream from where the data is encrypted. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported. Data to be written to a storage system is separated into data chunks. Each data chunk is decrypted into a plaintext data format with a master encryption key of an owning entity. Once decrypted, one or more advanced data functions may be performed on the plaintext. A private key is created and used to encrypt the plaintext of the data chunk(s), which are stored as an encryption unit. Thereafter, a first wrapped key is created by encrypting the private key with the master key. The wrapped key is stored as metadata of the data chunk. Access to each data chunk is limited to one or more entities that have been granted access. | 03-03-2016 |
20160065545 | CRYPTOGRAPHIC KEY PAIR GENERATION SYSTEM - In certain embodiments, a system communicates a request for a user to provide a thought to facilitate generating a cryptographic key pair. The system receives a string of characters corresponding to the thought. The string of characters may be generated based at least in part upon electromagnetic signals, which the user generates by developing the thought. The system generates a cryptographic key pair based at least in part upon the string of characters. The generated cryptographic key pair may be configured to encrypt and decrypt messages. | 03-03-2016 |
20160065547 | COMPUTER SYSTEM AND METHOD FOR ENCRYPTED REMOTE STORAGE - A method for remotely storing data is provided. The method comprises providing a first data file on a client computer; splitting, on the client computer, the first data file into at least two partial files; encrypting the at least two partial files with an encryption algorithm; distributing the at least two encrypted partial files in at least two remote storage locations; storing information about the at least two storage locations of the at least two encrypted partial files for a later retrieval of the at least two encrypted partial files; and storing decryption information for the decryption of the at least two encrypted partial files on the client computer. Further, a computer software product adapted for executing, when run on a computer, a method for remotely storing data is provided, and a client computer for executing the method for remotely storing data. | 03-03-2016 |
20160065548 | KEYCHAIN SYNCING - Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of keychains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels. | 03-03-2016 |
20160066180 | METHOD, APPARATUS AND SYSTEM OF COMMUNICATION OVER MULTIPLE FREQUENCY BANDS - Devices, systems and methods of communication over multiple wireless communication frequency bands. For example, a multiple frequency band (multi-band) wireless communication device may include at least two radios to communicate over at least two different frequency bands; and a common station management entity (SME) operably coupled to the at least two radios, and configured to manage parallel and simultaneous operation of the at least two radios. | 03-03-2016 |
20160072775 | SYSTEM AND METHOD FOR KEY EXCHANGE BASED ON AUTHENTICATION INFORMATION - Disclosed are a system and method for exchanging a key based on user authentication information. The system for exchanging a key based on user authentication information includes a terminal configured to generate an ID-based ciphertext corresponding to authentication information of a user of the terminal using a terminal-side random number and a server ID and a server configured to decrypt the ID-based ciphertext that is received from the terminal using a server-side private key corresponding to the server ID to restore the authentication information, authenticate the terminal using the restored authentication information, and generate a server-side session key corresponding to the authenticated terminal. | 03-10-2016 |
20160072778 | METHODS AND SYSTEMS FOR ESTABLISHING SECURE COMMUNICATION BETWEEN DEVICES VIA AT LEAST ONE INTERMEDIATE DEVICE - Methods to establish communication between a first and second device via at least one intermediate deice comprise, at the first device, generating an offer data packet comprising a second device address, which includes a first identifier indicating a public key associated with the second device; transmitting the offer data packet to it first intermediate device for transmission to the second device based upon the address of the second device; receiving an answer data packet via the first intermediate device, the answer data packet including network information associated with the second device; establishing a communication channel with the second device based on the network information received; receiving over the communication channel a first handshake data packet including a public key; calculating a second identifier based upon the public key; comparing the first identifier with the second identifier; and warning if a relationship between the first identifier and the second identifier is not an expected relationship. | 03-10-2016 |
20160072779 | SECURING A CRYPTOGRAPHIC DEVICE AGAINST IMPLEMENTATION ATTACKS - Methods of securing a cryptographic device against implementation attacks, are described. A disclosed method comprises the steps of obtaining a key ( | 03-10-2016 |
20160072807 | METHODS FOR SECURITY SYSTEM-AGNOSTIC UNIFORM DEVICE IDENTIFICATION - Systems and methods can comprise receiving an authentication request according to a first security protocol from a user device. Responsive to a determination that the authentication request is trustworthy according to the first security protocol, a device identifier and information related to a shared key are transmitted to the user device. A content request to access content secured according to a second security protocol is received from the user device. The content request can comprise the device identifier and can be encrypted using a shared key derived from the information related to the shared key. The content request can be decrypted using the shared key, and authenticated based on the device identifier. | 03-10-2016 |
20160080145 | Distributing Keys for Decrypting Client Data - In some embodiments, a server can establish a session with a remote client. The server can generate a session key portion for the session and a client key portion for the remote client. The server can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key can be generated from a static key portion accessible by the server, the session key portion, and the client key portion. The server can associate the session key portion with the session. The session key portion is accessible by the server during the session. The server can delete the client key portion after providing the client key portion to the remote client. The server can obtain the client key portion from the remote client in response to determining that subsequent transactions during the session involve decrypting the encrypted client data. | 03-17-2016 |
20160080335 | METHOD AND SYSTEM FOR TRAFFIC ENGINEERING IN SECURED NETWORKS - Aspects of a method and system for traffic engineering in an IPSec secured network are provided. In this regard, a node in a network may be authenticated as a trusted third party and that trusted third party may be enabled to acquire security information shared between or among a plurality of network entities. In this manner, the trusted third party may parse, access and operate on IPSec encrypted traffic communicated between or among the plurality of network entities. Shared security information may comprise one or more session keys utilized for encrypting and/or decrypting the IPSec secured traffic. The node may parse IPSec traffic and identify a flow associated with the IPsec traffic. In this manner, the node may generate and/or communicate statistics pertaining to said IPSec secured traffic based on the flow with which the traffic is associated. | 03-17-2016 |
20160080336 | Key Usage Detection - Key usage detection, and in particular, methods and systems for a recipient of an encrypted message to detect usage of the recipient's secret key. | 03-17-2016 |
20160080337 | SECURE SESSION CAPABILITY USING PUBLIC-KEY CRYPTOGRAPHY WITHOUT ACCESS TO THE PRIVATE KEY - A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret and session keys for the secure session. The different server decrypts the encrypted premaster secret, generates the master secret, and generates session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server and transmits those session keys to that server. | 03-17-2016 |
20160080338 | METHOD FOR SECURING A REQUEST FOR EXECUTING A FIRST APPLICATION, BY A SECOND APPLICATION - The invention relates to a method for securing a request for executing a first application (P | 03-17-2016 |
20160080375 | METHOD AND DEVICE FOR PROCESSING DATA - A method for processing data is suggested, and includes (i) conveying input data from a safety component to a security component, and (ii) calculating, at the security component, a second identifier based on the input data. The method further includes (iii) conveying the second identifier to the safety component, and (iv) verifying, at the safety component, a first identifier based on the second identifier. | 03-17-2016 |
20160080377 | SYSTEMS AND METHODS FOR PROVIDING SECURE PRE-BOOT AND ROOT AUTHENTICATION TO AN INFORMATION HANDLING SYSTEM - In accordance with embodiments of the present disclosure, a method may include receiving a unique identifier associated with a host information handling system. The method may also include, responsive to receiving the unique identifier, communicating a signed unique identifier to the host information handling system, the signed unique identifier comprising the unique identifier signed with a private key. The method may further include enabling at least one of pre-boot access and root access by a client information handling system to an access controller responsive to the access controller decrypting the signed unique identifier with a public key corresponding to the private key and determining that the decrypted signed unique identifier and the unique identifier match. | 03-17-2016 |
20160087797 | SECURE REMOTE PASSWORD - Aspects of the present disclosure pertain to system and method of securing mobile devices using virtual certificates at a computer processor. A method may include receiving a request for access to a computer network associated with a computing device to an application associated with a network connected server processor; electronically receiving, at the server processor, a first security key fragment from the computing device; the first security key fragment being paired with a verifier key fragment unknown to the computing device; generating a conditional seed key fragment at the server processor associated with the verifier key fragment; comparing a first hash parameter to a second hash parameter at the server processor; transmitting, at the server processor, a session security key for enabling network access to the application associated with the server processor. | 03-24-2016 |
20160087946 | FILE SECURITY METHOD AND APPARATUS FOR SAME - Disclosed is a file security method for reinforcing file security, which includes: by a first communication device, detecting an access to a file stored in a virtual drive; by the first communication device, requesting a decryption key of the file to a second communication device and receiving the decryption key; and by the first communication device, decrypting the access-detected file by using the decryption key. | 03-24-2016 |
20160087947 | Systems and Methods for Data Gathering Without Internet - Systems and methods are provided in which external key devices are used for sealing and unsealing data-gathering devices without Internet, wherein the data-gathering devices invalidate the external key devices upon completing data collection in order to seal removable storage. Further, a sealed removable storage is transported to same location of a key server, where the key server uses a multi-factor sealing routine to unlock the sealed removable storage. The routine seals and unseals uses multiple factors including a location of the key server, hardware attributes of the removable storage, hardware attributes of the external key devices, and a private key of the key server. The data-gathering device may be used to support workers collecting data in disconnected parts in the world that are without Internet. The workers may collect data by using mobile devices to transfer data to a shared data-gathering device. | 03-24-2016 |
20160087950 | METHOD OF SECURING MOBILE APPLICATIONS USING DISTRIBUTED KEYS - Aspects of the present disclosure are directed to methods and systems for securing mobile computing applications with distributed keys. In one aspect, a computer implemented method or computer readable media include steps electronically receiving, at a computer processor of a computing device, a first security key fragment based on a user input to the computing device; electronically receiving, at the computer processor, a second security key fragment from a network connected storage entity; and electronically concatenating, at the computer processor, the first security key fragment and the second security key fragment to generate a third security key. | 03-24-2016 |
20160087959 | ELECTRONIC DEVICE AND METHOD FOR PROCESSING DATA IN ELECTRONIC DEVICE - Provided are an electronic device and a method for processing data in the electronic device. The electronic device may receive server registration time-related information—that is, information related to a time when at least one beacon device becomes registered in a server, and decrypt at least one beacon signal received from the at least one beacon device based on the received server registration time-related information. | 03-24-2016 |
20160088472 | Method for Negotiating Security Capability when Terminal Moves - Methods of security negotiation for idle state mobility from a first network to a long term evolution (LTE) network are disclosed. In one embodiment, a service general packet radio service (GPRS) support node (SGSN) of the first network transmits an authentication vector-related key to a mobility management entity (MME). A user equipment (UE) sends its security capabilities including non-access stratum (NAS) security capabilities to the MME. The MME selects a NAS security algorithm, in accordance with the NAS security capabilities of the UE, and sends a message that indicates the selected NAS security algorithm to the UE. The MME also derives, in accordance with the selected NAS security algorithm, a NAS protection key from an authentication vector-related key so as to security communication between the UE and the LTE network. | 03-24-2016 |
20160088480 | TRANSFERRING APPLICATION DATA BETWEEN DEVICES - Methods, systems, and apparatus are described for transferring application data between devices. In one aspect, a method includes causing, by a first service running on a first device, the first device to establish a wireless connection with a second device; receiving, from a second service running on the second device, data specifying applications that are installed on the second device and supported by the second service, each of the applications being separate from the second service; determining, by the first service, that a first application installed on the first device matches one of the applications installed on the second device, the first application being separate from the first service; receiving, by the first service, first application data from the first application; and causing, by the first service, the first device to send the first application data to the second service running on the second device using the wireless connection. | 03-24-2016 |
20160094521 | DATA ENCRYPTION, TRANSPORT, AND STORAGE SERVICE FOR CARRIER-GRADE NETWORKS - A method, a system, and a non-transitory storage medium for storing user preferences pertaining to a data encryption service that provides on-demand encryption for data in-flight and at rest; receiving data from a user device; determining whether to invoke the data encryption service based on the data and the user preferences; generating a key to encrypt the data based on determining that the data encryption service is to be invoked; generating a first message that includes the data, the key, and data indicating where encrypted data is to be stored; establishing a secure connection with a device; and transmitting the first message to the device via the secure connection. | 03-31-2016 |
20160094525 | INFORMATION INTERACTION METHODS AND DEVICES - An information interaction method and device are provided. In the method, the device establishes a connection with a wearable device. The device sends information to be interacted corresponding to a logged-in ID to the wearable device via the connection. The device receives a first encrypted result returned by the wearable device. The device generates a first verifying factor corresponding to the first encrypted result with a predetermined algorithm. The device sends the information to be interacted and the first verifying factor in an associated manner to a server. The device receives a message indicating that an interaction is finished, where the message is sent if the server determines that a second verifying factor generated with the predetermined algorithm and corresponding to a second encrypted result matches the first verifying factor. The second encrypted result is obtained by encrypting the information to be interacted by the server with the pre-stored encryption key. | 03-31-2016 |
20160094552 | CREATING STACK POSITION DEPENDENT CRYPTOGRAPHIC RETURN ADDRESS TO MITIGATE RETURN ORIENTED PROGRAMMING ATTACKS - A computing device includes technologies for securing return addresses that are used by a processor to control the flow of execution of a program. The computing device uses a cryptographic algorithm to provide security for a return address in a manner that binds the return address to a location in a stack. | 03-31-2016 |
20160094558 | SECURING SENSOR DATA - Systems and methods include establishing a secure communication between an application module and a sensor module. The application module is executing on an information-handling machine, and the sensor module is coupled to the information-handling machine. The establishment of the secure communication is at least partially facilitated by a mutually trusted module. | 03-31-2016 |
20160094990 | ENHANCED TWO-FACTOR VERIFICATION FOR DEVICE PAIRING - A novel method for out-of-band key verification that improves on both the usability and the security of the numeric-code method is provided. The method use portions of the generated keys as inputs to perform procedural image generation to produce a visualization at each of the two devices that the user can visually compare and confirm. This visualization can be a static image or a motion animation. The method can uses more of the key data to generate visualizations with more features to reduce the likelihood of false matches. The method can also use less key data to allow for quicker comparison and confirmation. | 03-31-2016 |
20160099814 | SECURE PAIRING FOR SECURE COMMUNICATION ACROSS DEVICES - Technologies for securely pairing a first computing device with a second computing device include the first computg device to generate a session message key based on a key exchange with the second computing device. The first computing device receives a message including a hardware key certificate, | 04-07-2016 |
20160099922 | SECURE SHARED KEY SHARING SYSTEMS AND METHODS - Systems and methods used to securely communicate a shared key to devices. One embodiment describes a method to securely communicate a shared key to a first device and a second device that includes receiving, using the first device, a shared key and unique identifier pairing associated with the first device from a key generator; receiving, using a trusted third party, the shared key and unique identifier pairing from the key generator; generating, using the first device, a signature using the unique identifier and the shared key; transmitting, using the first device, the signature and the unique identifier to the trusted third party; verifying, using the trusted third party, the unique identifier based on the signature; determining, using the trusted third party, the shared key when the unique identifier is verified; and transmitting, using the trusted third party, the shared key to the second device to enable the first device and the second device to communicate securely by encoding and decoding communicated data using the shared key. | 04-07-2016 |
20160099923 | CLIENT ACCESSIBLE SECURE AREA IN A MOBILE DEVICE SECURITY MODULE - A security module has an assigned unique electronic identifier. The security module has a communication interface, a non-volatile memory, and a processing unit coupled to the communication interface and the non-volatile memory. One or more unassigned secure domains are formed in the non-volatile memory, and each of the unassigned secure domains has an assigned unique application identifier (AID). Each of the unassigned secure domains is accessible via a respective first security value, and using the respective first security value, each of the unassigned secure domains can be assigned to a service provider before or after the security module is deployed. | 04-07-2016 |
20160100310 | METHOD AND APPARATUS FOR PERFORMING PAIRING PROCESS IN WIRELESS COMMUNICATION SYSTEM - The present disclosure relates to a sensor network, machine type communication (MTC), machine-to-machine (M2M) communication, and technology for interne of things (IoT). The present disclosure may be applied to intelligent services based on the above technologies, such as smart homes, smart buildings, smart cities, smart cars, connected cars, health care, digital education, smart retail, security and safety services. A method for performing a pairing process in a wireless device in a wireless communication system is provided. The method includes transmitting a signal including an encryption key to a terminal, receiving an authentication success message which is encrypted based on the encryption key from the terminal, and performing the pairing process with a coordinator based on the encryption key. | 04-07-2016 |
20160105279 | DATA DISTRIBUTING OVER NETWORK TO USER DEVICES - A data device controls distribution of data to user devices through an edge router via an encryption scheme. The data device encrypts data using a first key and a public key, and sends the data to the edge router. The edge router encrypts the encrypted data with a second key and sends the re-encrypted data to a user device. The data device then authenticates the user device and issues a decryption key derived from a private key corresponding to the public key, the first key, and the second key to the user device. The user device uses the decryption key to decrypt and access the data. | 04-14-2016 |
20160105405 | MULTI-KEY GRAPHIC CRYPTOGRAPHY FOR ENCRYPTING FILE SYSTEM ACCELERATION - Embodiments of methods and systems for encrypting and decrypting with encryption attributes are presented. An encryption attribute contains information to identify one or more segments of a file to be encrypted. An encryption process encrypts those one or more segments to generate a partly encrypted file instead of encrypting the entire file. That is, the file includes some data that are encrypted and some data that are not. In one embodiment, at least three encryption keys are used such that the encryption attribute is encrypted with using a third key. | 04-14-2016 |
20160105406 | NETWORKED SECURITY SYSTEM - A method of securing communications between a security device and a security server include receiving, at the security server, a registration request from the security device, the registration request being encrypted using an initial registration key. A device identifier and rotation key unique to the security device are transmitted to the security device. A first session key request is received at the security server from the security device, the request being encrypted using the rotation key. A first session key is transmitted to the security device in response. One or more communications, encrypted using the first session key, is received at the security server from the security device. A second session key request is received at the security server from the security device after the first session key has expired, the request encrypted using the rotation key. A second session key is transmitted to the security device in response. | 04-14-2016 |
20160105407 | INFORMATION PROCESSING APPARATUS, TERMINAL, INFORMATION PROCESSING SYSTEM, AND INFORMATION PROCESSING METHOD - An information processing apparatus includes a storage that stores status data indicating past usage of an access point by a terminal and a processor that executes a process. The process includes receiving encrypted status data via a network from the terminal, decrypting the encrypted status data received from the terminal, determining whether the decrypted status data is valid based on the status data stored in the storage, and when the decrypted status data is valid, establishing a peer-to-peer communication channel with the terminal via the network. | 04-14-2016 |
20160105429 | CONTROLLED USE OF A HARDWARE SECURITY MODULE - Methods are provided for using a hardware module connectable to multiple computer systems, where the multiple computer systems are connectable to a server within a common network. The method includes: providing a network address of the server in persistent memory of the hardware security module; providing an encrypted secret entity in the persistent memory of the hardware security module; providing a private key in the persistent memory of the hardware security module; and based on the hardware security module being connectable to one of the computer systems, the method includes: establishing a secure connection between the hardware security module and the server; retrieving, via the secure connection, a wrapping key from the server and storing it in volatile memory of the hardware security module; and decrypting the encrypted secret entity with the wrapping key and storing the decrypted secret entity in the volatile memory of the hardware security module. | 04-14-2016 |
20160105430 | SYSTEMS AND METHODS FOR DISTRIBUTED TRUST COMPUTING AND KEY MANAGEMENT - Devices, systems, and methods for conducting trusted computing tasks on a distributed computer system are described. In some embodiments, a client device initiates a trusted task for execution within a trusted execution environment of a remote service provider. The devices, systems, and methods may permit the client to evaluate the trusted execution capabilities of the service provider via a planning and attestation process, prior to sending data/code associated with the trusted task to the service provider for execution. Execution of the trusted task may be performed while enforcing security and/or compartmentalization context on the data/code. Systems and methods for managing and exchanging encryption keys are also described. Such systems and methods may be used to maintain the security of the data/code before during, and/or after the execution of the trusted task. | 04-14-2016 |
20160110560 | AUGMENTED REALITY BASED PRIVACY AND DECRYPTION - A method, non-transitory computer readable medium and apparatus for decrypting a document are disclosed. For example, the method captures a tag on an encrypted document, transmits the tag to an application server of a communication network to request a per-document decryption key, receives the per-document decryption key if the tag is authenticated, and decrypts a portion of the encrypted document using a temporary decryption key contained in the tag, the tag decrypted with the per-document decryption key. | 04-21-2016 |
20160112379 | APPARATUS FOR AND METHOD OF PLAYING BACK CONTENT - A method of playing back streaming content includes decoding the content based on a first decryption circuit configured based on a first key and outputting the content; requesting a second key from a server; receiving the second key and configuring a second decryption circuit based on the second key; and decoding the content based on a second decryption circuit and outputting the content, wherein the decoding of the content based on the first decryption circuit and outputting the content is performed until the second decryption circuit is configured. | 04-21-2016 |
20160112380 | TECHNIQUE FOR DISTRIBUTING A PIECE OF CONTENT IN A CONTENT DISTRIBUTION NETWORK - A method for distributing a piece of content in a content distribution network, provided by a source entity of which the integrity is ensured by means of a private key, said method comprising the following steps implemented by a content distribution entity:—receiving a request to access said piece of content from a user device;—sending, to a proxy entity, a request to have at least one piece of data signed by means of the private key;—receiving said at least one piece of signed data, said at least one piece of signed data certifying the integrity of said distribution entity for the user device;—sending a public key associated with the private key to the user device;—sending said at least one piece of signed data to the user device and distributing the content to the user device. | 04-21-2016 |
20160112381 | Computer Implemented System and Method for Secure Session Establishment and Encrypted Exchange of Data - A system(s) and method(s) for secure session establishment and secure encrypted exchange of data is disclosed. The system satisfies authentication requirement of general networking/communication systems. It provides an easy integration with systems already using schemes like DTLS-PSK. The system follows a cross layer approach in which session establishment is performed in a lightweight higher layer like the application layer. The system then passes resultant parameters of such session establishment including the session keys to a lower layer. The lower layer like the transport layer is then used by the system to perform channel encryption to allow exchange of encrypted data based on a cross layer approach, over a secure session. As the exchange of data becomes the responsibility of the lower layer like the transport layer, the data is protected from replay attacks since the transport layer record encryption mechanism provides that kind of protection. | 04-21-2016 |
20160112383 | TRUSTED COMMUNICATIONS BETWEEN UNTRUSTING PARTIES - A system and method is disclosed for assuring that networked communications between parties playing a game on a network (e.g., the Internet) are not tampered with by either of the parties for illicitly gaining an advantage over the other party. An initial sequence of tokens (e.g., card representations) for playing the game are doubly encrypted using an encryption key from each of the parties. Accordingly, during play of the game neither party can modify the initial sequence of game tokens during the game. At termination of the game, at least one of the parties can fully decrypt the initial sequence of tokens, and thereby, if desired, compare the played token sequence with the corresponding the initial token sequence. | 04-21-2016 |
20160112386 | Device and Method for Secure Connection - An electronic device is provided. The electronic device includes a first short-range communication module configured to execute short-range communication with a second electronic device, a security module configured to store security information, and a processor configured to receive, from the second electronic device, a pairing key that registers the electronic device as being linked to the second electronic device, transmit session key generation information to the second electronic device when authentication with the second electronic device is completed based on the pairing key, generate a session key based on the session key generation information, encrypt the security information based on the session key, and transmit the encrypted information to the second electronic device. | 04-21-2016 |
20160112387 | SECURE DATA DESTRUCTION IN A DISTRIBUTED ENVIRONMENT USING KEY PROTECTION MECHANISMS - Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys. | 04-21-2016 |
20160112388 | GENERATION OF SHORT KEY FOR COMMUNICATIONS - Systems and methods for generation and use of short keys are disclosed. The systems and methods include the generation of a short kev based on the location of a first device that requests the generation of the key. The short key is sent to the first device, which in turn communicates the short key to a second device, through a display, print receipt, direct communication, or other means. The short key is entered into the second device, which in turn communicates the entered short key to a server along with location information corresponding to the second device. The server authorizes communication between the first and second devices after it determines that the short key sent by the second device matches one of the keys active in a region corresponding to the location of the second device. | 04-21-2016 |
20160112413 | Method for controlling security of cloud storage - A method for controlling security of cloud storage is developed to solve the problem in the prior art that the private key has a low security since the provider of the cloud storage service needs to control the private key in the case of sharing storage. The method comprises: encrypting a private key assigned to a user with two different encryption modes to obtain a first key and a second key and storing the first key and the second key; receiving an answer to a security question inputted by the user when decrypting the first key with a user password fails, and decrypting the second key with the answer to the security question to obtain the private key; and resetting the user password, encrypting the private key obtained by decryption with the answer to the security question to obtain a new first key. | 04-21-2016 |
20160112869 | METHODS AND SYSTEMS FOR AUTHENTICATION INTEROPERABILITY - Systems, methods, and computer readable mediums for authenticating a device perform a method of receiving, at a second device, a first authentication protocol reauthentication response for the device, the authentication response including a reauthentication master session key (rMSK), transmitting, at the second device, a second first authentication protocol reauthentication response to a first access point based on the reauthentication master session key, generating, at the second device, a first pairwise master key (PMK) based on the reauthentication master session key, generating, at the second device, a key message to include the first pairwise master key, and transmitting, at the second device, the key message to the second access point. | 04-21-2016 |
20160117263 | STORAGE DEVICE AND CONTROL METHOD FOR STORAGE DEVICE - Key information that is currently in use is archived in a management server to prevent the key information from being lost. A storage device | 04-28-2016 |
20160117521 | COMPUTER SYSTEM FOR STORING AND RETRIEVAL OF ENCRYPTED DATA ITEMS, CLIENT COMPUTER, COMPUTER PROGRAM PRODUCT AND COMPUTER-IMPLEMENTED METHOD - The invention relates to a computer system comprising a client computer ( | 04-28-2016 |
20160119134 | ENCRYPTION METHOD, ENCRYPTOR, AND ENCRYPTION SYSTEM FOR ENCRYPTING ELECTRONIC DATA BY SPLITTING ELECTRONIC DATA - An encryption method includes displaying encryption target data on a display screen as an image, performing first acceptance in which designation of an at least partial region of the displayed image is accepted, performing second acceptance in which designation regarding splitting of the designated at least partial region is accepted, and splitting data that is included in the encryption target data and corresponds to the designated at least partial region in accordance with the designation regarding the splitting under a secret sharing scheme. | 04-28-2016 |
20160119291 | SECURE COMMUNICATION CHANNEL WITH TOKEN RENEWAL MECHANISM - One embodiment of the present invention includes a server machine configured to establish a secure communication channel with a client machine via renewable tokens. The server machine receives a plurality of messages from a client machine over a secure communication channel, where the plurality of messages includes a first message that includes at least two of user authentication data, entity authentication data, first key exchange data, and encrypted message data. The server machine transmits, to the client machine, a second message that includes a master token comprising second key exchange data associated with the first key exchange data and at least one of a renewal time and an expiration time. | 04-28-2016 |
20160119300 | METHOD FOR THE ADMINISTRATION OF MEDIA FOR WIRELESS COMMUNICATION - A method is provided for carrying out a reading and/or writing process, using a first actively operated medium, from or on a passively operated second medium wherein the first medium has a secured environment. The method includes providing a reading and/or writing applet in the secured environment, providing an application outside of the secured environment, transmitting a reading and/or writing command to the applet using the application, converting the reading and/or writing command into a reading and/or writing signal using the applet, and transmitting the reading and/or writing signal to the passively operated second medium. | 04-28-2016 |
20160119302 | Authentication Engine and Stream Cipher Engine Sharing in Digital Content Protection Architectures - A system for receiving and decrypting media content encrypted according to the HDCP protocol is described herein. A receiving device coupled to a plurality of content channels includes an authentication engine to authenticate each content channel and to generate an initial session key associated with each authenticated content channel. The content channels can be, for example, an HDMI channel or an MHL3 channel. A session key indicator indicating a session key used to encrypt media content is received, and an updated session key is generated. The receiving device also includes a stream cipher engine configured to decrypt received encrypted media content using the updated session key. Decrypted media content can then be displayed, for instance on a display of the receiving device. | 04-28-2016 |
20160119312 | ENCRYPTION METHODS AND APPARATUS - The embodiments discussed herein relate to updating and encrypting passwords for one or more computing devices. The computing devices can be associated with a common user account. According to the embodiments discussed herein, the user the can update a password of the user account at one computing device, and log into another computing device using the updated password without having to provide the current password for the other computing device. The embodiments incorporate a variety of encryption and key generation methods in order to safely transmit password updates between local computing devices. Specifically, the embodiments set forth methods and apparatus for generating and storing breadcrumbs that allow for decrypting a current password of a computing device using a new password. | 04-28-2016 |
20160119316 | WIRELESS NETWORK AUTHENTICATION METHOD AND WIRELESS NETWORK AUTHENTICATION APPARATUS - Embodiments of the present application provide a wireless network authentication method and wireless network authentication apparatuses, and relate to the field of network security technologies. The method comprises: generating a to-be-verified address according to history access information related to a target access point (AP), wherein the to-be-verified address is used to identify an identity of a client device; and sending an authentication request comprising the to-be-verified address to the target AP. By using the method and the apparatuses in the embodiments of the present application, a client device generates a to-be-verified address by using history access information, and an AP identifies and verifies a real identity of a corresponding client device according to the history access information, so as to provide a network service for a history access device, such that a history access client device can also obtain fast network access in the case of not knowing an access password. | 04-28-2016 |
20160119317 | SECURED DATA CHANNEL AUTHENTICATION IMPLYING A SHARED SECRET - The invention solves the way of authentication of secured data channel between two sides (A, B) when there is at first established a non-authenticated protected data channel ( | 04-28-2016 |
20160119318 | EFFICIENT START-UP FOR SECURED CONNECTIONS AND RELATED SERVICES - One embodiment of the present invention includes an approach for efficient start-up for secured connections and related services. A client machine receives, via an application program, a request to send a secure message to a server machine. The client machine transmits a plurality of messages to the server machine that includes a first message comprising at least two of user authentication data, entity authentication data, key exchange data, and encrypted message data. The client machine receives, from the server machine, a second message that includes a first master token comprising a first set of session keys for encrypting and authenticating messages exchanged with the server machine. | 04-28-2016 |
20160119322 | AUTO-USER REGISTRATION AND UNLOCKING OF A COMPUTING DEVICE - A first computing device provides an indication that the first computing device accepts dynamic user registration of user accounts over a wireless connection. A second computing device automatically connects to the first computing device and passes an account token to the first computing device over the wireless connection, all without physical interaction with the first computing device. The first computing device automatically contacts a remote account server to retrieve a user account associated with the account token and registers the user account with the first computing device. | 04-28-2016 |
20160119339 | DATA SECURITY SYSTEM WITH ENCRYPTION - A data security system, and method of operation thereof, is provided that includes: an electronic authentication subsystem for verifying a user identification against an authentication key and for employing the authentication key for retrieving an encryption key, the authentication key only accessible from inside the electronic authentication subsystem, and the user identification supplied from outside the data security system to a receiver within the electronic authentication subsystem; and a storage subsystem employing the encryption key for allowing unencrypted communication through the storage subsystem between a host computer system and a storage media. | 04-28-2016 |
20160119345 | STORAGE COUNT VERIFICATION SYSTEM - A storage count verification system is provided in which a client can verify the number of identical data items stored by a server without the server being notified of the results. A storage count verification system verifies whether a user device and a server device have identical data where search data requested by a user device is used to search data to be searched on a server device. The server device generates a public parameter for searching the data to be searched and transmits the generated public parameter to the user device. The user device is provided with a user generation unit for generating, on the basis of the public parameter received from the server device, a secret parameter that is for the search data and corresponds to the public parameter and a user encryption unit for encrypting the search data on the basis of the generated secret parameter. | 04-28-2016 |
20160119406 | TRANSFER OF FILES WITH ARRAYS OF STRINGS IN SOAP MESSAGES - A method of transferring files in a data-processing network using a current node within the network includes reading an outbound content and outbound characteristics of an outbound file. An outbound message is created having outbound strings including a first set of the outbound strings representing the outbound characteristics and a second set of the outbound strings representing the outbound content. The outbound message is sent to a receiver node within the network. An inbound message is received from a sender node within the network. The inbound message has inbound strings including a first set of the inbound strings representing inbound characteristics and a second set of the inbound strings representing inbound content. An inbound file having the inbound content is stored, and the inbound characteristics are applied to the inbound file. | 04-28-2016 |
20160127126 | APPARATUS AND METHOD FOR MESSAGE COMMUNICATION - There are provided a message communication device and method. A message communication device according to an exemplary embodiment includes a header modifying unit configured to modify a message header by adding additional information used together with an identity when a public key corresponding to the identity of a recipient is generated to be the message header, and a message transmitting unit configured to transmit a message including data encrypted based on the public key and the modified message header. | 05-05-2016 |
20160127127 | MOBILE SECRET COMMUNICATIONS METHOD BASED ON QUANTUM KEY DISTRIBUTION NETWORK - A mobile secret communications method based on a quantum key distribution network, comprises the following steps: a mobile terminal registering to access the network and establishing a binding relationship with a certain centralized control station in the quantum key distribution network; after a communication service is initiated, the mobile terminals participating in the current communication applying for service keys from the quantum key distribution network; the quantum key distribution network obtaining addresses of the centralized control stations participating in service key distribution during the current communication, designating a service key generation centralized control station according to a current state indicator of each centralized control station; the service key generation centralized control station generating service keys required in the current communication and distributing the keys to the mobile terminals participating in the current communication. | 05-05-2016 |
20160127326 | TELECOMMUNICATION METHOD FOR SECURELY EXCHANGING DATA - The invention provides for a telecommunication method of securely exchanging unencrypted data between a telecommunications device and a first server computer system via a digital cellular wireless telecommunications network, wherein the telecommunications device is a battery powered mobile end user telecommunications device, wherein the method comprises the steps of: encrypting the unencrypted data using a first encryption algorithm into first encrypted data, sending the first encrypted data to a second server computer system via a first network connection of the digital cellular wireless telecommunications network, storing the first encrypted data by the second server computer system, sending an order request to the first server computer system via a second network connection of the digital cellular wireless telecommunications network by the telecommunications device, sending a data publishing request to the second server computer system, generating a cryptographic key pair, sending the first encrypted data, the public key, and the private key to the telecommunications device, decrypting the first encrypted data into the unencrypted data, encrypting the unencrypted data into second encrypted data using the public key, sending the second encrypted data to the second, generating a web service for providing the second encrypted data via an URL, sending the URL to the telecommunications device, sending the URL and the private key, requesting the second encrypted data from the second server computer system, sending the second encrypted data to the first server computer system by the second server computer system using the wired network connection, decrypting the second encrypted data by the first server computer system into the unencrypted data, and combining the order request with the unencrypted data. | 05-05-2016 |
20160127331 | METHOD AND SYSTEM FOR ENCRYPTED COMMUNICATIONS - Method and device of encrypting communication between a server and a peripheral device are disclosed. The method includes: a server receiving a session request from a control device, the session request including a predetermined device ID of a peripheral device associated with the control device; generating a first session key for encrypting and decrypting future communication between the peripheral device and the server; identifying a pre-stored encryption key corresponding to the predetermined device ID from a database, wherein the pre-stored encryption key is also pre-stored in the peripheral device; encrypting the first session key using the pre-stored encryption key; sending the encrypted first session key to the peripheral device via the control device; and encrypting communication to the peripheral device in a respective communication session using the first session key. | 05-05-2016 |
20160127334 | RESUMPTION OF PLAY FOR A CONTENT-DELIVERY SESSION - Multimedia content may be delivered to content consumer devices via a content-delivery network. Encrypted content and cryptography keys for decrypting the content may be distributed from a data center to various nodes of the content-delivery network, each node acting as a semi-independent content-delivery system. Each content-delivery system is capable of delivering received content to end-users and implementing a key-management scheme to facilitate secure content-delivery and usage tracking, even when the content-delivery system is disconnected from the data center. Further, each content-delivery system may generate an authorization-token that can be transmitted to other systems in the content-delivery network, enabling the other systems to quickly determine that a request to resume a previous content-delivery session has already been authorized. | 05-05-2016 |
20160127335 | DIRECTORY SERVICE DEVICE, CLIENT DEVICE, KEY CLOUD SYSTEM, METHOD THEREOF, AND PROGRAM - Name information which is generated by using a value corresponding to a decryption key and address information of a key cloud device which provides a cloud-key management type decryption service in which the decryption key is used are stored in a storage of a directory service device in a manner to associate the name information with the address information, and a searching unit of the directory service device searches the storage by using the inputted name information to obtain address information corresponding to the inputted name information. | 05-05-2016 |
20160127336 | PREVENTING PERSISTENT STORAGE OF CRYPTOGRAPHIC INFORMATION USING SIGNALING - Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. Signaling methods are used to notify virtual machine instances of serialization events in order to prevent keying material from being stored persistently. | 05-05-2016 |
20160127903 | METHODS AND SYSTEMS FOR AUTHENTICATION INTEROPERABILITY - Systems, methods, and computer readable mediums for authenticating a device are disclosed. In some aspects, a method includes determining, using a second device, a key shared with the first device, generating, by the second device, a first pairwise master key (PMK) based on the key shared with the first device. The method may also include generating, by the second device, a second pairwise master key (PMK) for a first access point based on the first pairwise master key, and one or more properties of the first access point. The method then transmits the second pairwise master key to the first access point. The first access point may use the second pairwise master key to facilitate secure communication with the first device. For example, the first access point may encode/encrypt and/or decode/decrypt messages exchanged with the first device based on the second pairwise master key. | 05-05-2016 |
20160134418 | Methods and Apparatus for Generating Keys in Device-to-Device Communications - Methods and apparatus are provided for securing device-to-device communications. A method can comprise: at an access network apparatus, obtaining from a core network apparatus and storing a first key shared between a first user equipment and the core network apparatus for device-to-device communications of the first user equipment; receiving from a second user equipment, a request for generating a second key for a device-to-device communication between the first user equipment and the second user equipment; in response to the request, generating the second key based on the first key and security parameters; and sending the second key to the second user equipment. | 05-12-2016 |
20160134594 | METHOD PERFORMED BY AT LEAST ONE SERVER FOR PROCESSING A DATA PACKET FROM A FIRST COMPUTING DEVICE TO A SECOND COMPUTING DEVICE TO PERMIT END-TO-END ENCRYPTION COMMUNICATION - A method (500) performed by at least one server for processing a data packet from a first computing device to be transmitted to a second computing device is disclosed, in which the data packet includes a message encrypted using a first encryption key to form an encrypted message, identification data of the second computing device encrypted using a second encryption key to form encrypted identification data, and encrypted first and second encryption keys. The method comprises decrypting (504) the encrypted second encryption key; encryption key; decrypting (506) the encrypted identification data using the decrypted second encryption key; and transmitting (508) the data packet based on the decrypted identification data, wherein the encrypted message and first encryption key are arranged to be undecryptable by the server to permit end-to-end encryption communication between the first and recipient info encryption key end-to-end encryption communication between the first and second computing devices. A related system is also disclosed. | 05-12-2016 |
20160134602 | SECURE SHARING OF USER ANNOTATED SUBSCRIPTION MEDIA WITH TRUSTED DEVICES - Generally, this disclosure provides systems, methods and computer readable media for secure sharing of user annotated subscription media content with trusted devices. The shared content may include user specified snapshots of the media along with user supplied annotations. The system may include a host processor configured to arrange a secure session with a server and to receive the subscription media content from the server in an encrypted format. The system may also include a trusted execution environment (TEE) comprising a secure processor and secure storage configured to decrypt and store the media content, based on a content encryption key obtained from the server. The system may further be configured to: receive a snapshot frame request and annotations from the user; generate a composite image of the snapshot and an overlay including the annotations; and encrypt the composite image for sharing with other users. | 05-12-2016 |
20160142373 | Control of Out-of-Band Multipath Connections - An intermediate device (such as a firewall) is disposed between first and second devices (such as a client and a server device, respectively). Communications between the first and second devices are intercepted in both directions by the intermediate device, which spoofs the receiving device by modifying messages sent by the transmitting device. The modified message uses a key held by the intermediate device instead of a key belonging to the sending device. | 05-19-2016 |
20160142386 | APPARATUS AND METHOD FOR A MULTI-ENTITY SECURE SOFTWARE TRANSFER - A method and a system embodying the method for a multi-entity secure software transfer, comprising, configuring a communication interface controller at each trusted hardware entity of a first hardware entity and a second hardware entity to disallow all external access except a communication link configuration access; establishing the communication link between the first hardware entity and the second hardware entity; configuring write access from the second hardware entity to only a first storage at the first hardware entity; and writing the secure software received from the second hardware entity via the communication link to the first storage at the first hardware entity, are disclosed. | 05-19-2016 |
20160142387 | STORAGE FOR ENCRYPTED DATA WITH ENHANCED SECURITY - Technologies described herein provide enhanced security for encrypted data. In some configurations, encrypted data may be generated at a client computing device by encrypting data with an encryption key. The encrypted data may be communicated from the client computing device to a secret store managed by a first entity for storage of the encrypted data in the secret store. The encryption key may be communicated from the client computing device to a key store managed by a second entity for storage of the encryption key in the key store. The secret store may be managed by a first set of administrative access control rights that are exclusive to the secret store. The key store may be managed by a second set of administrative access control rights that are exclusive to the key store. | 05-19-2016 |
20160142438 | METHOD OF IDENTIFYING AND COUNTERACTING INTERNET ATTACKS - The present disclosure relates to a method of identifying and counteracting Internet attacks, of Man-in-the-Browser and/or Man-in-the-Middle and/or Bot attack types, comprising the steps of: generating a request by a Web browser, concerning a Web application residing in a Web server; sending the request by the Web browser to a box server, which is in signal communication with the Web server; receiving a server DOM code by the box server, which code has been automatically generated by the Web server according to the request; sending a service page code by the box server to the Web browser, in response to the request, the service page code comprising an obfuscated and polymorphic javascript code and/or HTML code; receiving and processing the javascript code and/or HTML code, by the Web browser, to automatically generate an asynchronous request, such that environment data of the Web server may be transmitted to the box server; processing the environment data by the box server, to identify Internet attacks; performing an encryption function on the server DOM code by the box server to generate an obfuscated DOM code, and sending the obfuscated DOM code to the Web browser in response to the asynchronous request; performing a decryption function on the obfuscated DOM code by the service page code, to obtain the server DOM code; rendering the server DOM code by the Web browser. | 05-19-2016 |
20160147471 | GATEWAY FOR CLOUD-BASED SECURE STORAGE - The systems and methods disclosed herein transparently provide an improved scalable cloud-based dynamically adjustable or configurable storage volume. In one aspect, a gateway provides a dynamically or configurably adjustable storage volume, including a local cache. The storage volume may be transparently adjusted for the amount of data that needs to be stored using available local or cloud-based storage. The gateway may use caching techniques and block clustering to provide gains in access latency compared to existing gateway systems, while providing scalable off-premises storage. | 05-26-2016 |
20160147979 | INFORMATION PROCESSING SYSTEM, READING APPARATUS, INFORMATION PROCESSING APPARATUS, AND INFORMATION PROCESSING METHOD - According to an embodiment, a reading apparatus is connectable with an information processing apparatus connected to a server apparatus. The reading apparatus includes an authenticator, a cryptographic processor, and a transmitter. The authenticator acquires a shared key by performing an authentication/key exchanging process with the server apparatus. The cryptographic processor acquires secret information and encrypts the secret information using the shared key. The transmitter transmits the encrypted secret information to the server apparatus. | 05-26-2016 |
20160149868 | CONTENT TRANSMISSION DEVICE AND CONTENT TRANSMISSION METHOD, CONTENT RECEPTION DEVICE AND CONTENT RECEPTION METHOD, COMPUTER PROGRAM, AND CONTENT TRANSMISSION SYSTEM - To reduce a load of time and cost at the time of transition to a safer system in which an encryption scheme is newly set. By allowing a device of a transition step which implements a predetermined security reinforcement measure to handle high-value content only for a given system transition period, a problem of a time necessary for the transition can be avoided and the transition to the safer system can be performed smoothly. The device mentioned herein which implements the predetermined security reinforcement measure is, for example, a device which supports only an existing encryption algorithm and for which security of a weaker portion other than the encryption scheme is ensured. | 05-26-2016 |
20160149873 | ELECTRONIC COMMERCE WITH CRYPTOGRAPHIC AUTHENTICATION - A method for facilitating an authentication related to an electronic transaction between a first and a second user is provided. Authentication data is received from the first user along with transaction data defining the first user and the electronic transaction to be authenticated. This authentication data is compared to enrollment authentication data associated with the first user in order to verify the identity of the first user. When the user is properly verified, access to at least one private cryptographic key stored on a secure server is available for use in securing the electronic transaction. The particular private cryptographic key need not be released from the secure server. Data indicating the status of the authentication may then be sent to one of either the first or second user. | 05-26-2016 |
20160149874 | PRIMITIVE FUNCTIONS FOR USE IN REMOTE COMPUTER MANAGEMENT - The invention facilitates remote management of a computer via a network. Remote computer management capability can be expanded beyond that previously available through the addition of one or more new primitive functions that can be performed on a managed computer. | 05-26-2016 |
20160149877 | SYSTEMS AND METHODS FOR CLOUD-BASED WEB SERVICE SECURITY MANAGEMENT BASEDON HARDWARE SECURITY MODULE - A new approach is proposed that contemplates systems and methods to support security management for a plurality of web services hosted in a cloud at a data center to offload their crypto operations to one or more hardware security modules (HSMs) deployed in the cloud. Each HSM is a high-performance, Federal Information Processing Standards (FIPS) 140-compliant security solution for crypto acceleration of the web services. Each HSM includes multiple partitions, wherein each HSM partition is dedicated to support one of the web service hosts/servers to offload their crypto operations via one of a plurality of HSM virtual machine (VM) over the network. An HSM managing VM can also be deployed to monitor and manage the operations of the HSM-VMs to support a plurality of web services. | 05-26-2016 |
20160149899 | SYSTEM AND METHOD FOR NON-REPLAYABLE COMMUNICATION SESSIONS - Systems, methods, and non-transitory computer-readable storage media for a non-replayable communication system are disclosed. A first device associated with a first user may have a public identity key and a corresponding private identity. The first device may register the first user with an authenticator by posting the public identity key to the authenticator. The first device may perform a key exchange with a second device associated with a second user, whereby the public identity key and a public session key are transmitted to the second device. During a communication session, the second device may transmit to the first device messages encrypted with the public identity key and/or the public session key. The first device can decrypt the messages with the private identity key and the private session key. The session keys may expire during or upon completion of the communication session. | 05-26-2016 |
20160149910 | MANAGING SOFTWARE KEYS FOR NETWORK ELEMENTS - Methods and systems for managing software keys include distributing software keys from a vendor to a customer key manager at a secure customer network that includes network elements comprising a transport network operated by a customer. Responsive to a provisioning event involving a network element, the network element may request a software key from the customer key manager for a network service associated with the provisioning event. The customer key manager may manage the software keys issued to network elements within the secure customer network. The software key may be provided as a key file that may be encrypted. | 05-26-2016 |
20160156463 | INFORMATION PROCESSING DEVICE, WIRELESS COMMUNICATION SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM | 06-02-2016 |
20160156464 | ENCRYPTING AND STORING DATA | 06-02-2016 |
20160156467 | ELECTRONIC DEVICE AND METHOD OF TRANSMITTING AND RECEIVING INFORMATION BY ELECTRONIC DEVICE | 06-02-2016 |
20160156597 | Method, System and Device for Sending Configuration Information | 06-02-2016 |
20160162417 | STORING DATA IN A SERVER COMPUTER WITH DEPLOYABLE ENCRYPTION/DECRYPTION INFRASTRUCTURE - For storing data in a data-storage structure of a server computer, an infrastructure is deployed to a server computer. The infrastructure has a forwarder module to receive data from an application and to identify a data portion, a crypto module to encrypt the data portion with a key and key control module adapted to generate and to store the key. The infrastructure is also able to process data in the opposite direction. The key is provided into the key control module upon receiving a key trigger from the client computer. | 06-09-2016 |
20160164677 | SELECTIVE REVOCATION OF CERTIFICATES - A method for validating a set of payload data by means of said servers. The method includes validating information related to a set of payload data, based on which a check code has been calculated and encrypted by means of an asymmetric cryptographic key pair (A). The encrypted check code ( | 06-09-2016 |
20160164848 | Detection of Stale Encryption Policy By Group Members - Various techniques that allow group members to detect the use of stale encryption policy by other group members are disclosed. One method involves receiving a message from a first group member via a network. The message is received by a second group member. The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to information in the message. In response, a notification message can be sent from the second group member. The notification message indicates that at least one group member is not using the most recently policy update. The notification message can be sent to the key server or towards the first group member. | 06-09-2016 |
20160173281 | SECURE STORAGE | 06-16-2016 |
20160173462 | APPARATUS FOR SECURE HEARING DEVICE COMMUNICATION AND RELATED METHOD | 06-16-2016 |
20160173463 | LOCAL SECURITY KEY GENERATION | 06-16-2016 |
20160173464 | Media Session Resumption in Web Session Restoration | 06-16-2016 |
20160173495 | SYSTEM AND METHOD FOR PROVIDING AUTHENTICATION SERVICE FOR INTERNET OF THINGS SECURITY | 06-16-2016 |
20160182228 | DIFFIE-HELLMAN KEY AGREEMENT USING AN M-OF-N THRESHOLD SCHEME | 06-23-2016 |
20160182238 | PARTITIONING ACCESS TO SYSTEM RESOURCES | 06-23-2016 |
20160182459 | SYSTEM AND METHOD FOR SECURELY CONNECTING NETWORK DEVICES | 06-23-2016 |
20160182462 | DATA VIEW BASED ON CONTEXT | 06-23-2016 |
20160182465 | Client-side encryption with DRM | 06-23-2016 |
20160182472 | Binding White-Box Implementation To Reduced Secure Element | 06-23-2016 |
20160182473 | MULTI-FACETED COMPUTE INSTANCE IDENTITY | 06-23-2016 |
20160182475 | LOW-COST AUTHENTICATED SIGNING DELEGATION IN CONTENT CENTRIC NETWORKING | 06-23-2016 |
20160182490 | SENDING AUTHENTICATION CODES TO MULTIPLE RECIPIENTS | 06-23-2016 |
20160182517 | WEB FORM PROTECTION | 06-23-2016 |
20160191236 | HYBRID INTEGRATION OF SOFTWARE DEVELOPMENT KIT WITH SECURE EXECUTION ENVIRONMENT - A portable communication device may include a mobile application executing in an application execution environment and a secure application executing in a trusted execution environment. The secure application may receive, from the mobile application, a storage request to store sensitive data. The storage request may include an encrypted data type identifier and an encrypted sensitive data. The secure application may decrypt the encrypted data type identifier and the encrypted sensitive data using a transport key, and re-encrypt the sensitive data using a storage key. The re-encrypted sensitive data can then be stored in a memory of the portable communication device which is outside the trusted execution environment. | 06-30-2016 |
20160191470 | Method and apparatus for securely transmitting communication between multiple users - A computer driven apparatus comprising at least one client device, where this client device is capable of managing and storing data. The apparatus further comprises a central location for managing subscriptions, addresses and public encryption keys. The central location does not store or come in contact with any of the client communication but serves to provide logistical support for connected clients. The apparatus uses symmetric and asymmetric encryption to encrypt messages and symmetric and asymmetric decryption decrypt messages by the receiver. Only one portion of the encryption mechanism is stored by a third party. The apparatus uses a discovery mechanism to determine the appropriate encryption key for each recipient, or to identify whether encryption is supported by the intended recipient. The apparatus further comprises support for sorting messages by sender and other extended options, as well as extended forwarding choices with respect to attachments and plurality of recipients. | 06-30-2016 |
20160191473 | Method And Apparatus For Securing An Application Using A Measurement Of A Location Dependent Physical Property Of The Environment - Methods, apparatus, and systems for authenticating a user taking into account measurement values of characteristics of the purported environment of the user are described. | 06-30-2016 |
20160191478 | METHOD AND COMPUTING DEVICE FOR INTEGRATING A KEY MANAGEMENT SYSTEM WITH PRE-SHARED KEY (PSK)-AUTHENTICATED INTERNET KEY EXCHANGE (IKE) - A method and computing device for integrating a key management system with a Pre-Shared Key (PSK)-authenticated Internet Key Exchange (IKE). The method comprises the following: An IKE Identification Payload including an Identification Data field is generated via a first computing device. The Identification Data field comprises: a user identifier (ID) field uniquely identifying one or more of a user of the first computing device and the first computing device; a key ID field uniquely identifying a PSK; and a separator between the user ID field and the key ID field. The IKE Identification Payload is transmitted from the first computing device to a second computing device as part of the IKE. | 06-30-2016 |
20160191480 | RECORDING DATA AND USING THE RECORDED DATA - A method and system for recording data including content in a recording medium on a computer apparatus. First encrypted data, obtained by encrypting the data using a medium key created for each recording medium, is recorded in a recording medium. Second encrypted data, obtained by encrypting the medium key using a public key, is recorded in the recording medium. A private key corresponding to the public key is not recorded in the recording medium. | 06-30-2016 |
20160191499 | Shared Secret Vault for Applications with Single Sign On - Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again. | 06-30-2016 |
20160191544 | USER TERMINAL, SERVICE PROVIDING APPARATUS, DRIVING METHOD OF USER TERMINAL, DRIVING METHOD OF SERVICE PROVIDING APPARATUS, AND ENCRYPTION INDEXING-BASED SEARCH SYSTEM - A user terminal, a service providing apparatus, a driving method of a user terminal, a driving method of a service providing apparatus, and an encryption indexing-based search system are provided. The user terminal includes a storage configured to store content and an indexing information processor configured to generate indexing information for searching the stored content, encrypt the generated indexing information, and provide the encrypted indexing information to a service providing apparatus which manages the encrypted indexing information. | 06-30-2016 |
20160191558 | ACCELERATED THREAT MITIGATION SYSTEM - An intrusion detection and prevention system and method for dealing with threats to computers and computer networks, and in particular to computers and networks connected to the Internet, is disclosed. A sensor receives network traffic. The sensor includes a first processor for managing the network traffic that is received, a first path for the traffic that is received for storing the traffic in a memory for subsequent use, a second path for analyzing the traffic that is received, and for processing the traffic at a speed that is at least as fast as speed of the first path. The second processor is associated with the second path so that some of the traffic is allowed along the first path and other of the traffic is rate limited or not allowed along the first path. The system and method use four tiers of threat detection to successively mitigate a large variety of threats. | 06-30-2016 |
20160192194 | Secure way to build internet credit system and protect private information - A method includes building trust system among internet users, signing up in websites without password and protecting personal data in mobile device. Global Unique Identifier (GUID) is used to identify and accumulate internet credit for users and websites. First, user applies for GUID together with asymmetric-key, then the internet credit of this GUID can be accumulated based on transactions. Also, user can sign on or log in websites via GUID without using password and user name. In addition, dual data encryption and unpredictable random number is presented to anti-surveillance of communication. The personal information in mobile device are protected by asymmetric-key pairs and destroyed automatically after being stolen and mobile device's device-ID is used to chasing the stolen devices. In summary, the present invention is a securer way to build a trust system among internet users and protect data in mobile device. | 06-30-2016 |
20160197721 | MULTI-KEY ENCRYPTION METHOD | 07-07-2016 |
20160197922 | METHOD AND APPARATUS FOR PROVIDING BOOTSTRAPPING PROCEDURES IN A COMMUNICATION NETWORK | 07-07-2016 |
20160203300 | REAL-TIME AND SECURED PICTURE/VIDEO UPLOAD VIA A CONTENT DELIVERY NETWORK | 07-14-2016 |
20160204933 | PERSONAL INFORMATION MANAGEMENT SYSTEM, METHOD AND SERVICE | 07-14-2016 |
20160204934 | SYSTEMS AND METHODS FOR DEPLOYMENT OF MISSION PLANS USING ACCESS CONTROL TECHNOLOGIES | 07-14-2016 |
20160205074 | CRYPTOGRAPHIC SYSTEMS AND METHODS | 07-14-2016 |
20160205078 | SYSTEMS AND METHODS FOR REGISTERING, MANAGING, AND COMMUNICATING WITH IOT DEVICES USING DOMAIN NAME SYSTEM PROCESSES | 07-14-2016 |
20160254917 | EXTERNAL INDEXING AND SEARCH FOR A SECURE CLOUD COLLABORATION SYSTEM | 09-01-2016 |
20160255061 | ADAPTIVE AND EFFICIENT DATABASE PROTECTION AND MIGRATION WITH DEVICE STATE CHANGES | 09-01-2016 |
20160255070 | COMMUNICATION BETWEEN A COMMUNICATION DEVICE AND A NETWORK DEVICE | 09-01-2016 |
20160255502 | METHOD AND APPARATUS TO PERFORM DEVICE TO DEVICE COMMUNICATION IN WIRELESS COMMUNICATION NETWORK | 09-01-2016 |
20160255555 | Wireless Communication Device as Context Forwarding Entity | 09-01-2016 |
20160378689 | SYSTEMS AND METHODS FOR SECURE MULTI-TENANT DATA STORAGE - Systems and methods are provided for transmitting data for secure storage. For each of two or more data sets, a plurality of shares are generated containing a distribution of data from an encrypted version of the data set. The shares are then stored in a shared memory device, wherein a data set may be reconstructed from a threshold number of the associated plurality of shares using an associated key. Also provided are systems and methods for providing access to secured data. A plurality of shares containing a distribution of data from an encrypted version of a data set are stored in a memory device. A client is provided with a virtual machine that indicates the plurality of shares, and the capability to reconstruct the data set from the plurality of shares using an associated key. | 12-29-2016 |
20160380762 | DEVICE, SYSTEM, AND METHOD FOR PROVIDING DATA SECURITY, AND PROGRAM FOR ALLOWING COMPUTER TO EXECUTE THE METHOD - The present invention provides data security by which a management burden on a client can be lessened. | 12-29-2016 |
20160380985 | BINDING A TRUSTED INPUT SESSION TO A TRUSTED OUTPUT SESSION - According to an embodiment provided herein, there is provided a system that binds a trusted output session to a trusted input session. The system includes a processor to execute an enclave application in an architecturally protected memory. The system includes at least one logic unit forming a trusted entity to, responsive to a request to set up a trusted I/O session, generate a unique session identifier logically associated with the trusted I/O session and set a trusted I/O session indicator to a first state. The system includes at least one logic unit forming a cryptographic module to, responsive to the request to set up the trusted I/O session, receive an encrypted encryption key and the unique session identifier from the enclave application; verify the unique session identifier; and responsive a successful verification, decrypt and save the decrypted encryption key in an encryption key register. | 12-29-2016 |
20160380986 | COMMUNICATING PRIVATE DATA AND DATA OBJECTS - In some implementations, a method includes establishing a communication channel with a server via an internet protocol (IP) network interface. The method also includes communicating client private data with the server via the communication channel. The method further includes transmitting one or more interest messages to the server via an information centric networking (ICN) network interface based on the client private data. In other implementations, a method includes establishing a communication channel with a client device via an internet protocol (IP) network interface. The method also includes communicating client private data with the client device via the communication channel. The method further includes receiving one or more interest messages from the client device via an information centric networking (ICN) network interface. | 12-29-2016 |
20160380987 | PROTECTING SENSITIVE DATA IN A SECURITY AREA - Managing data security on a mobile device. Data associated with a mobile device is received; the data includes an identification (ID) of the mobile device and a location of the mobile device relative to one or more location sensor devices. A path is determined, relative to the one or more location sensor devices, through which the mobile device has travelled. An electronic security key is communicated to the mobile device based on determining that the path corresponds to a defined path associated with the mobile device. | 12-29-2016 |
20160381010 | HOST CARD EMULATION SYSTEMS AND METHODS - A system is configured for detecting a point of sale, receiving a personal identification number (PIN), generating a PIN based key using a message digest of the PIN, decrypting a data encryption key (DEK) using the PIN based key, and generating a DEK based dynamic key using the PIN based key. The system may also decrypt a session key using the DEK based dynamic key, generate a cryptogram from the session key, and send the cryptogram to the point of sale. | 12-29-2016 |
20170237554 | METHODS AND SYSTEMS FOR USING DIGITAL SIGNATURES TO CREATE TRUSTED DIGITAL ASSET TRANSFERS | 08-17-2017 |
20170237565 | METHOD AND APPARATUS FOR LOGGING INTO MEDICAL DEVICES | 08-17-2017 |
20170237569 | SECURE REVISIONING AUDITING SYSTEM FOR ELECTRONIC DOCUMENT FILES | 08-17-2017 |
20170237725 | Password-Based Authentication | 08-17-2017 |
20170238181 | MOBILE TERMINAL TO REQUEST AN AUTHENTICATION TO RECEIVE AN EXCHANGING KEY FOR REMOTELY ACCESSING CONTENT | 08-17-2017 |
20180026784 | SECURE CHANNEL ESTABLISHMENT | 01-25-2018 |
20180026953 | ENCRYPTION ON COMPUTING DEVICE | 01-25-2018 |
20190146932 | CRYPTOGRAPHIC POINTER ADDRESS ENCODING | 05-16-2019 |
20190147157 | Smart Lock System | 05-16-2019 |
20190149324 | SYSTEMS AND METHODS FOR A CRYPTOGRAPHICALLY GUARANTEED VEHICLE IDENTITY | 05-16-2019 |
20190149328 | SYSTEM FOR DIGITAL IDENTITY AUTHENTICATION AND METHODS OF USE | 05-16-2019 |
20190149521 | PRIVACY MANAGING ENTITY SELECTION IN COMMUNICATION SYSTEM | 05-16-2019 |
20190149525 | PERFORMING CONTEXT-RICH ATTRIBUTE-BASED ENCRYPTION ON A HOST | 05-16-2019 |
20190149527 | DYNAMIC OFFLINE ENCRYPTION | 05-16-2019 |
20190149537 | METHOD AND SYSTEM FOR AUTHENTICATED LOGIN USING STATIC OR DYNAMIC CODES | 05-16-2019 |
20190149564 | SYSTEMS AND METHODS FOR SECURE PROPOGATION OF STATISTICAL MODELS WITHIN THREAT INTELLIGENCE COMMUNITIES | 05-16-2019 |
20220141009 | METHOD FOR PROVIDING END-TO-END SECURITY OVER SIGNALING PLANE IN MISSION CRITICAL DATA COMMUNICATION SYSTEM - The present disclosure relates to a pre-5 | 05-05-2022 |
20220141015 | Secure Apparatus Enabled Secure Platform Integration - In accordance with some embodiments, a secure modular apparatus providing a first platform for secure platform integration includes communication device(s) and a key store for storing encryption keys. The apparatus additionally includes a crypto engine operable to use the encryption keys for cryptographic operations. The apparatus also includes a controller and a housing arranged to at least partially support the communication device(s), the key store, the crypto engine, and the controller. The controller, via the communication device(s), exchanges encrypted messages prepared or processed by the crypto engine with a second platform provided by a personal communication device, where the second platform is distinct from the first platform and has a plurality of layers including at least one layer between a hardware layer and high level layers, and the encrypted messages control one or more of a hardware unit in the hardware layer and a component in the high level layers. | 05-05-2022 |