Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


KEY MANAGEMENT

Subclass of:

380 - Cryptography

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
380044000 Having particular key generator 469
380278000 Key distribution 458
380286000 Key escrow or recovery 26
Entries
DocumentTitleDate
20110176680Method of Handling Security in SRVCC Handover and Related Communication Device - A method for handling security in an SRVCC handover for a mobile device in a wireless communication device is disclosed. The method includes having an active Circuit-Switched (CS) service or a Radio Resource Control (RRC) connection in a CS domain when the mobile device is served by a first network, wherein the first network supports the CS domain and a Packet-Switched (PS) domain; receiving a handover command to handover from the first network to a second network, wherein the second network supports the PS domain; deriving a plurality of security keys used in the second network from a plurality of CS domain keys used in the first network; and applying the plurality of security keys for transmission and reception in the second network.07-21-2011
20090003607ALTERING THE SIZE OF WINDOWS IN PUBLIC KEY CRYPTOGRAPHIC COMPUTATIONS - In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase. Then an exponentiation phase is performed, wherein the exponentiation phase includes two or more parsing steps, wherein each of the parsing steps includes parsing a part of a cryptographic key into a window of size n, wherein n is a difficult to predict number.01-01-2009
20120163602Method and Apparatus for Providing Seamless File System Encryption from a Pre-Boot Environment Into a Firmware Interface Aware Operating System - Methods and apparatus for providing seamless functionality in a computer are disclosed. For example, an encrypted file system manager is included to layer an encoded File Allocation Table on top of a disk and to pass to the operating system an Embedded Root Key to provide access to an encrypted Firmware Interface System Partition.06-28-2012
20130044878Extending credential type to group key management interoperability protocol (KMIP) clients - A key management protocol (such as KMIP) is extended to provide an extended credential type to pass information from clients to the server to enable the server to deduce pre-provisioned cryptographic materials for the individual clients. Preferably, KMIP client code communicates device information to a key management server in a value in the headers of KMIP requests that flow to the server. In this manner, KMIP requests are associated with pre-provisioned cryptographic materials for particular devices or device groups.02-21-2013
20130044879SECURE KEY MANAGEMENT - Secure key management includes populating a section of information associated with a key, the section of information being populated with information relating to a level of protection of the key accumulated over time. Secure key management further includes securely binding the section of information to the key, wherein the key is encrypted.02-21-2013
20130044880KEY MANAGEMENT POLICIES FOR CRYPTOGRAPHIC KEYS - A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method. The method includes creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to management of the key material populating one or more key management fields that define attributes that limit distribution of the key material.02-21-2013
20100150350Method and Apparatus for Key Expansion to Encode Data - An encoder according to the present invention embodiments employs a key expansion module to expand an encryption key by using logic and available clock cycles of an encryption process or loop. The key expansion module generates control signals to enable key expansion data to be injected at appropriate times into the encryption loop (e.g., during available clock cycles of the encryption loop) to perform the key expansion, thereby utilizing the resources of the encryption loop for key expansion. The key expansion module dynamically accounts for varying key lengths, and enables the encryption loop to combine the data being encrypted with proper portions of the expanded key. The use of encryption logic and available clock cycles of the encryption loop for the key expansion reduces the area needed by the encoder on a chip and enhances encoder throughput.06-17-2010
20080260159Computer system, storage system, and data management method for updating encryption key - A computer system encrypts write-data to be written to the volume in response to a write command. The system transmits a rekey command from host computer system to the storage system when the key data stored in the host key data memory is changed to second key data. The storage system receives the rekey command transmitted from host computer system and stores the first and second key data contained in the received rekey command to a volume key data memory of the storage system. The storage system reads out data encrypted with the first key data from an original block address in the volume. The storage system decrypts the data read out from the volume using the first key data. The storage system encrypts the data decrypted by the first key data using the second key data, and writs the data encrypted with the second key data to the original block address.10-23-2008
20100014676PRIVACY MANAGEMENT FOR TRACKED DEVICES - A device, method, system and computer readable medium for the protection of private data while permitting the monitoring or tracking of electronic devices that are shared for both business and private purposes.01-21-2010
20090122987Enhanced transmission systems for use in wireless personal area networks - Method and computer program products for enhancing wireless communication in a wireless network are disclosed. In the wireless network, frames of data are transmitted in bursts. Wireless communication is enhanced by transmitting a first frame of source data that is scrambled using a scrambling sequence in a first burst, storing an indicator corresponding to the scrambling sequence for the first frame, identifying the scrambling sequence of the first frame for retransmission of the first frame, retransmitting the first frame (which is scrambled using the identified scrambling sequence) in a subsequent burst, receiving the transmitted and retransmitted first frames, and processing the received transmitted and retransmitted first frames to recover the source data.05-14-2009
20130039495SECURE KEY MANAGEMENT - According to one embodiment, a method for implementing computer security is provided. The method includes creating a token and populating a payload section of the token with key material and selecting a wrapping method that specifies how the key material is securely bound to key control information, wherein a structure of the key control information in the token is independent of the wrapping method. The method also includes wrapping the key material and binding key control information to the key material in the token, wherein the key control information includes information relating to usage and management of the key material.02-14-2013
20130039494SECURE KEY MANAGEMENT - According to one embodiment, a method for implementing secure key management is provided. The method includes populating a section of information associated with a key, the section being populated with information relating to how the key was created. The method also includes populating the section with information relating to how the key was acquired by a secure module; and binding the section to the key, wherein the key is encrypted.02-14-2013
20100034388DATA PROTECTION SYSTEM THAT PROTECTS DATA BY ENCRYPTING THE DATA - A data protection system is provided that reduces, to a degree, the amount of encrypted data that is distributed to a plurality of terminals. In the data protection system a terminal whose decryption keys are exposed by a dishonest party is made to be unable to decrypt the data correctly, while other terminals are able to decrypt the data correctly.02-11-2010
20100046757Electronic Data Communication System - There is described an electronic mail messaging system in which a plurality of user computers are connected to a mail registration server via the Internet. The mail registration server stores plural sets of decryption data, each set being required to decrypt a corresponding encrypted electronic mail message. Following receipt of an encrypted electronic mail message, a user computer communicates with the mailed registration server to effect decryption of the encrypted electronic mail message using the corresponding decryption data stored by the mail registration server. In this way, the accessing of the electronic mail message can be monitored by the mail registration server.02-25-2010
20130077791REVOCATION LIST GENERATION DEVICE, REVOCATION LIST GENERATION METHOD, AND CONTENT MANAGEMENT SYSTEM - Provided is a revocation list generation device that can suppress an increase in the amount of data of a revocation list. A revocation list generation device 03-28-2013
20130077790ENCRYPTION PROCESSING APPARATUS - According to an embodiment, a first linear transformation unit performs a linear transformation from mask data to first mask data. A second linear transformation unit performs a linear transformation from mask data to second mask data. A first calculator calculates first data based upon data to be processed and the first mask data. A selecting unit selects the first data or the second mask data. A non-linear transformation unit performs a non-linear transformation on the selected first data or second mask data. A second calculator calculates second data based upon the first data after the non-linear transformation and the mask data. A third linear transformation unit performs a linear transformation on the second data. The second data after the linear transformation by the third linear transformation unit is retained as new data to be processed, and the second mask data after the non-linear transformation is retained as new mask data.03-28-2013
20090175452Key Management and User Authentication for Quantum Cryptography Networks - Key management and user authentication systems and methods for quantum cryptography networks that allow for users securely communicate over a traditional communication link (TC-link). The method includes securely linking a centralized quantum key certificate authority (QKCA) to each network user via respective secure quantum links or “Q-links” that encrypt and decrypt data based on quantum keys (“Q-keys”). When two users (Alice and Bob) wish to communicate, the QKCA sends a set of true random bits (R) to each user over the respective Q-links. They then use R as a key to encode and decode data they send to each other over the TC-link.07-09-2009
20100098256Decryption Key Management - Provided are, among other things, systems, methods and techniques for decryption key management. In one implementation, a decryption key is managed within a computer processing system by (a) creating within the computer system an association between an access token and retrieval information, the access token being a specified function of an identifier for a data object, and the retrieval information including (1) a first entry that corresponds to a value generated by encrypting a decryption key for the data object using a symmetric encryption/decryption key, and (2) a second entry that corresponds to a value generated by encrypting the symmetric encryption/decryption key using an asymmetric public key; and (b) repeating step (a) for a number of different data objects, keeping the symmetric encryption/decryption key identical across repetitions.04-22-2010
20100104102Systems and Methods to Securely Generate Shared Keys - A method for secure bidirectional communication between two systems is described. A first key pair and a second key pair are generated, the latter including a second public key that is generated based upon a shared secret. First and second public keys are sent to a second system, and third and fourth public keys are received from the second system. The fourth public key is generated based upon the shared secret. A master key for encrypting messages is calculated based upon a first private key, a second private key, the third public key and the fourth public key. For re-keying, a new second key pair having a new second public key and a new second private key is generated, and a new fourth public key is received. A new master key is calculated using elliptic curve calculations using the new second private key and the new fourth public key.04-29-2010
20100104101CRYPTOGRAPHIC SERVER WITH PROVISIONS FOR INTEROPERABILITY BETWEEN CRYPTOGRAPHIC SYSTEMS - The invention is a cryptographic server providing interoperability over multiple algorithms, keys, standards, certificate types and issuers, protocols, and the like. Another aspect of the invention is to provide a secure server, or trust engine, having server-centric keys, or in other words, storing cryptographic keys on a server. The server-centric storage of keys provides for user-independent security, portability, availability, and straightforwardness, along with a wide variety of implementation possibilities.04-29-2010
20090154705Apparatus and Method for Facilitating Cryptographic Key Management Services - A cryptographic key management system includes executable instructions to control access to keys based on permissions for users and groups. Executable instructions support cryptographic operations on the keys through a network application program interface. The cryptographic operations are controlled by the permissions. The cryptographic operations are distributed between the servers and the clients in accordance with criteria specifying optimal execution of cryptographic operations between the servers and the clients.06-18-2009
20090154703Content Protection Using Encryption Keys Where only part of the private key is associated with end user data - The current invention addresses the problem of securely encrypting video content or any other content where a secret symmetrical key is used to decrypt the data by a hardware device such as a DVD player. The invention uses the same length of symmetrical key as used by current technology but the key is changed for every dataset encrypted. The symmetrical key is itself contained inside a packet attached to the first encryption data set where the packet is encrypted with a device's public key. The invention further adds to the security of the asymmetrical private key where the device itself only has part of the private key and the user has the other part of the private key.06-18-2009
20090154704Method and apparatus for securing content using encryption with embedded key in content - Method and apparatus enabled by computer (or equivalent) hardware and software for protection of content such as audio and video to be downloaded or streamed over a computer network such as the Internet. The content is provided to the user via streaming or downloads in encrypted form. The encryption is such that the content key decryption information is transmitted so that it itself is encrypted to be both device and session unique. That is, the key information can be used only to extract the content decryption key for a particular session and for a particular client device such as an audio or video consumer playing device. This prevents any further use or copying of the content other than in that session and for that particular client. The specificity is accomplished by using a device unique identifier and antireplay information which is session specific for encrypting the content key. A typical application is Internet streaming of audio or video to consumers.06-18-2009
20100034389CONDITIONAL ACCESS SYSTEM AND METHOD FOR LIMITING ACCESS TO CONTENT IN BROADCASTING AND RECEIVING SYSTEMS - A conditional access system and method provides conditional access by a subscriber's network terminal over a computer network to encrypted content of a content provider. The conditional access system includes a content stream adapting server that receives streams of encrypted content from the content provider, reformats the encrypted content streams using session keys into a format suitable for transmission by IP addressing, and assigns a unique IP address in the computer network to the reformatted encrypted content streams. An access control server provides access to the encrypted content streams under control of an operator of the computer network. A validating server provides the session keys to the content stream adapting server, receives from a subscriber a request for an encrypted content stream, validates the subscriber for access to the requested encrypted content stream and, upon validation of the subscriber, provides the subscriber's network terminal with the session keys for the selected encrypted content stream through a secure network channel and authorizes the access control server to provide access to the selected encrypted content stream by the network terminal of the subscriber. The content provider maintains control over distribution of the selected encrypted content stream through selective validation of subscribers at the validating server and may be paid directly for the selected content by the subscriber using a prepaid PIN code card issued by the content provider.02-11-2010
20120183143METHOD FOR A COMMUNICATION DEVICE TO OPERATE WITH MULTIPLE KEY MANAGEMENT FACILITIES - A method for operating with KMFs includes a communication device having a memory device: receiving a designation of a primary KMF for the communication device, wherein only one primary KMF is designated for the communication device at any given time instance; receiving a designation of a secondary KMF for the communication device; storing, within the memory device, a first and a second set of crypto groups, wherein each crypto group within each set of crypto groups comprises at least one keyset, wherein each set of crypto groups is associated, within the memory device, to only one KMF identifier; associating, within the memory device, the first set of crypto groups to an identifier for the primary KMF; and associating, within the memory device, the second set of crypto groups to an identifier for the secondary KMF.07-19-2012
20090097657Constructive Channel Key - A method of generating a constructive channel key includes providing an issuer with a card public key as the keying part of a CKM credential. An ephemeral key pair is computed by the issuer using pre-established enterprise domain parameters. A shared value for the ephemeral private key and the card public key is computed using D-H key agreement. The ephemeral private key is destroyed. The shared value is combined with a static key value. The static key value is split into four blocks. The first block is truncated to be used for a session encryption key. The second block is truncated to be used for a session MAC key. The third block is truncated to be used for a session key encryption key. The fourth block is truncated to be used for an initial IVEC.04-16-2009
20120219152KEY INFORMATION MANAGEMENT SYSTEM, RECORD REPRODUCTION APPARATUS, AND KEY INFORMATION MANAGEMENT APPARATUS - A key information management system includes one or more record reproduction apparatuses and a key information management server. Each record reproduction apparatus has a substrate which can be replaced, and a nonvolatile storage unit which is mounted on the substrate and stores substrate identification information and key information of an encryption key. The key information management server includes a storage unit for storing the substrate identification information and the key information of the substrate in association with product identification information of the record reproduction apparatus, and the key information management server permits access to the storage unit through authentication. The record reproduction apparatus accesses the key information management server through the authentication after the substrate is replaced, and then rewrites substrate identification information and key information of the substrate after the replacement using the substrate identification information and key information of the substrate before replacement.08-30-2012
20090041251Method and Device for Agreeing Shared Key Between First Communication Device and Second Communication Device - Based on security parameters previously agreed upon by first and second communication devices, a first security value is determined by the second communication device and transmitted to the first communication device. The first communication device determines second and third security values based on the security parameters and the first security value and transmits the second and third security values to the second communication device. The second communication device determines a fourth security value based on the security parameters and, if the second security value matches the fourth security value, authenticates the first communication device. Upon successful authentication of the first communication device, a shared key is determined by both communication devices based on the third security value and the security parameters.02-12-2009
20090041250Authentication method in communication system - An authentication method is provided in which a first portable device generates and transmits a first random number and a first timestamp to a first USIM in the first portable device; the first USIM calculates a first sign for the first portable device; the first portable device requests authentication for authenticated communication from a second portable device through transmission of the first random number, the first timestamp, and the first sign to the second portable device; the second portable device generates a second random number and a second timestamp and transmits the information to a second USIM in the second portable device; the second USIM generates a second sign for the second portable device and a second personal key which the second portable device transmits to the first portable device; the first portable device then transmits the information to the first USIM which generates a first personal key for authenticated communication.02-12-2009
20090041248RECORDING MEDIUM, AUTHORING DEVICE, AND AUTHORING METHOD - A recording medium has authoring data recorded thereon. The authoring data has a plurality of formats. Data items common to all the plurality of formats include, a content, a content key for encrypting the content, a hash value of the content, a media key for encrypting the content key, and revocation information for revoking an unauthorized device from using the media key. The plurality of formats include a first format and a second format. In the first format, the content is not encrypted and each of the content key, the hash value, the media key, the revocation information is dummy data. In the second format, the content is encrypted and each of the media key and the revocation information is dummy data.02-12-2009
20090092252Method and System for Identifying and Managing Keys - A system and method for managing encryption keys, wherein one of more of they keys incorporates a disabled state, and wherein the system further incorporates a namespace.04-09-2009
20130058487METHOD OF BUILDING OPTIONAL BLOCKS - A computer program product is provided and includes a tangible storage medium readable by a processing circuit and on which instructions are stored for execution by the processing circuit for performing a method. The method includes verifying conditions for iterative building of optional blocks in a standardized key block, parsing optional block data to validate the optional block data and to determine a length of the optional block data and a number of optional blocks contained in the optional block data, validating an optional block identification to be added, determining a storage location, inserting the optional block into the storage location, updating a value of the optional block data and returning the updated value of the optional block data.03-07-2013
20130058486METHOD OF PROTECTING A CONTROL VECTOR IN AN OPTIONAL BLOCK OF A STANDARD KEY BLOCK - A computer program product is provided and includes a tangible storage medium readable by a processing circuit and on which instructions are stored for execution by the processing circuit for performing a method. The method includes validating parameters passed to a parameter database, computing a length required for control vector CV data, preparing an optional block in accordance with a result of the computation, converting the CV to a format for a standardized key block while copying the converted CV into the optional block and updating optional block data in the standardized key block.03-07-2013
20110038481HIERARCHIZATION OF CRYTOGRAPHIC KEYS IN AN ELECTRONIC CIRCUIT - A method of obtaining, in an electronic circuit, at least one first key intended to be used in a cryptographic mechanism, on the basis of at least one second key contained in the same circuit, the first key being stored in at least one first storage element of the circuit, the first storage element being reinitialized automatically after a duration independent of the fact that the circuit is or is not powered. Also described are applications of this method to encrypted transmissions, usage controls, as well as an electronic circuit implementing these methods.02-17-2011
20110058675CONTROLLING ACCESS TO COPIES OF MEDIA CONTENT BY A CLIENT DEVICE - A key server for controlling access of a client device to a subset of different quality copies of media content to be delivered over a network to the client device. In one embodiment, a key server receives a request for playback permission of media content by a client device, and applies a set of one or more business rules to determine which copies of the media content, if any, can be played by the client device, and allows access to a subset of the copies that can be played back by the client device and restricts access to the copies that are not part of the subset.03-10-2011
20090232311METHOD FOR SECURELY AND AUTOMATICALLY CONFIGURING ACCESS POINTS - The present invention is contemplates an automatic, secure AP configuration protocol. Public/private keys and public key (PK) methods are used to automatically establish a mutual trust relationship and a secure channel between an AP and at least one configuration server. An AP automatically forwards a location identifier to the configuration server, and the configuration server delivers common, AP specific, and location specific configuration parameters to the AP.09-17-2009
20090232310Method, Apparatus and Computer Program Product for Providing Key Management for a Mobile Authentication Architecture - An apparatus for providing key management for a mobile authentication architecture may include a processor. The processor may be configured to provide a request for key revocation over an interface otherwise defined for sharing key acquisition information between a bootstrapping server function and a network application function, and cancel key information associated with the request for key revocation.09-17-2009
20090010438Security mechanism for wireless video area networks - A device is disclosed including a security module to generate and update cryptographic keys to establish a secure relationship between the device and one or more station devices in a wireless video area network (WVAN) and a domain manager to maintain a list of the station devices that are authorized to operate in the WVAN.01-08-2009
20090010437INFORMATION PROCESSING DEVICE, INFORMATION RECORDING MEDIUM, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM - A data placement configuration which ensures seamless playback of contents having segment portions including multiple different variations of encrypted data is provided. With regard to contents having segment portions configured of multiple different variations of encrypted data to which individual segment keys have been applied, and non-segment portions serving as encrypted data to which a unit key has been applied, the placement of segment data and non-segment portion configuration data is determined such that the maximum jump distance executed at the time of playback processing is equal to or less than a maximum jump distance set beforehand. Data placement has been determined based on seek time, ECC block processing time, sequence key usage time which is key switchover time, and so forth.01-08-2009
20100086135GENERATING UNIQUE ALIASES FOR KEYS USED WITH TAPE LIBRARIES - Unique key aliases are generated for tape libraries. According to one embodiment, a first library identifier associated with a first tape library, which does not conflict with a second library identifier associated with a second tape library, is generated. One library identifier is associated with each of the tape libraries. A unique key alias, which does not conflict with any key aliases associated with the first tape library and does not conflict with any key aliases associated with the second tape library, is generated based on the first library identifier. Tape data is encrypted based on a data key that is identified with the unique key alias as a part of writing the tape data to the first tape library.04-08-2010
20130163763PC Secure Video Path - A system and method are disclosed for creating a secure video content path, or a protected media content bus, within an unsecure personal computer. A portable security module, or electronic key safe, may be inserted into a personal computer that has different internal components for processing secure and unsecured content. The security module may establish a secure encrypted link with a secure video processor of the personal computer, and may use the personal computer's network interface to request authority to receive secured content. The security module may provide content keys to the secure video processor to access secured content received over an external network.06-27-2013
20120237035KEY SCHEDULING DEVICE AND KEY SCHEDULING METHOD - According to one embodiment, in a key scheduling device, a non-linear transformation unit non-linearly transforms at least one of partial keys resulting from dividing an expanded key. A first linear transformation unit includes first and second circuits. The second circuit linearly transforms the partial key by directly using a transformation result from the non-linear transformation unit. A first storage stores the partial key linearly transformed by the first linear transformation unit. A second linear transformation unit linearly transforms, inversely to the first linear transformation unit, each of partial keys other than the partial key linearly transformed by the second circuit out of the partial keys stored in the first storage, and outputs inversely transformed partial keys. A second storage stores one of inputs to the second circuit. An outputting unit connects the respective inversely transformed partial keys and the input stored in the second storage to be output as a second key.09-20-2012
20120281839KEY USAGE POLICIES FOR CRYPTOGRAPHIC KEYS - A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to usage of the key material populating one or more key usage fields that define attributes that limit actions that may be performed with the key material.11-08-2012
20110280402METHODS AND SYSTEMS FOR UTILIZING CRYPTOGRAPHIC FUNCTIONS OF A CRYPTOGRAPHIC CO-PROCESSOR - A computer platform is provided that comprises a processor and a cryptographic co-processor coupled to the processor. The computer platform further comprises a platform entity coupled to the processor. The platform entity establishes a secure relationship with the cryptographic co-processor that enables the platform entity to utilize cryptographic functions provided by the cryptographic co-processor.11-17-2011
20090316906METHOD OF VERIFYING THE INTEGRITY OF AN ENCRYPTION KEY OBTAINED BY COMBINING KEY PARTS - The method of verifying the integrity of an encryption key (K) obtained by combining at least two key portions (KM, M) in a protected zone (12-24-2009
20090016534METHOD AND SYSTEM OF GENERATING IMMUTABLE AUDIT LOGS - This method and system uses means of cryptographic techniques reproducing the functionality of a continuous roll of paper. The audit logs can contain any kind of data information (text, voice, video, actions . . . ) and this invention provides full guarantees for data integrity: order of data logged can't be altered and content can't be modified neither added nor deleted without detection. Authenticity of the IAL is guaranteed by the use of digital signatures. Confidentiality is also guaranteed by encrypting the data information. By using PKI encryption the invention also guarantees that only authorized auditors will be able to check the integrity of the IAL and access to the data content.01-15-2009
20080260157Recording Apparatus and Recording Medium - A recording apparatus includes an encryption/decryption section for encrypting first and second contents obtained from the same content, using first and second keys, respectively, and outputting the results as first and second encrypted contents, respectively, and a recording medium. The encryption/decryption section encrypts the first and second keys using the second and first keys, respectively, and outputs the results as first and second encrypted keys, respectively, to the recording medium. The recording medium records the first and second encrypted contents and the first and second encrypted keys.10-23-2008
20090208016DOMAIN DIGITAL RIGHTS MANAGEMENT SYSTEM, LICENSE SHARING METHOD FOR DOMAIN DIGITAL RIGHTS MANAGEMENT SYSTEM, AND LICENSE SERVER - Disclosed is a domain DRM system, a license sharing method for the domain DRM system, and a license server. The domain DRM system includes at least one domain including at least one user module adapted for encryption or decryption using a provided encryption key and a domain manager adapted for decryption using a provided encryption key, and a license server for creating encryption keys corresponding to the domain manager and the one user module, respectively, and providing them with the created contents, respectively, so that, when at least one user module requests contents, a contents encryption key used to encrypt the contents is encrypted by using an encryption key of the user module and an encryption key of the domain manager according to a commutative encryption scheme, and one of the domain manager and the user module is provided with a shared license obtained as a result of encryption.08-20-2009
20090208015OFFLINE CONSUMPTION OF PROTECTED INFORMATION - The offline consumption and publication of protected information in a networked environment. The offline consumption of protected information is accomplished by having the consuming user maintain a store of asymmetric encryption keys. The protected information is encrypted by the publishing user using a symmetric key and the symmetric key is then encrypted using a public asymmetric key associated with the consuming user. The consuming user received the protected information and a usage policy containing the encrypted symmetric key. The consuming user verifies that it can decrypt the symmetric key using a private asymmetric key maintained by the consumer. The user then decrypts the symmetric key and accesses the content of the protected information.08-20-2009
20090208014METHOD AND APPARATUS FOR VERIFYING AND DIVERSIFYING RANDOMNESS - Method and apparatus for ensuring randomness of pseudo-random numbers generated by a conventional computer operating system or electronic device. Typically pseudo-random number generators used in computer operating systems or electronic devices may be penetrated by a hacker (pirate), who penetrates a cryptographic or other supposedly secure process using the random numbers by tampering with the input random numbers, thus making them nonrandom. The present method and apparatus are intended to verify such random numbers to make sure that they are indeed random enough, by applying suitable random tests. Only if the values pass the test are they passed on for use in the cryptographic or other process. If they fail the test, a new set of random numbers is requested from the pseudo-random number generator. These are again tested. Further a diversity function may be applied to the random numbers even if they have passed the random number test in order to improve their randomness. This diversity function is for instance double encryption. An anti-replay feature is also included by which the pool of random numbers is subject to a check on each cycle to make sure that there has been no duplication of the input random numbers.08-20-2009
20090086974Support for Multiple Security Policies on a Unified Authentication Architecture - A method, computer program product, and data processing system are disclosed for ensuring that applications executed in the data processing system originate only from trusted sources are disclosed. In a preferred embodiment, a secure operating kernel maintains a “key ring” containing keys corresponding to trusted software vendors. The secure kernel uses vendor keys to verify that a given application was signed by an approved vendor. To make it possible for independent developers to develop software for the herein-described platform, a “global key pair” is provided in which both the public and private keys of the pair are publicly known, so that anyone may sign an application with the global key. Such an application may be allowed to execute by including the global key pair's public key in the key ring as a “vendor key” or, conversely, it may be disallowed by excluding the global public key from the key ring.04-02-2009
20100061555DEVICE WITH PRIVILEGED MEMORY AND APPLICATIONS THEREOF - A device includes a key store memory, a rule set memory, a plurality of cryptographic clients, and a key store arbitration module. The key store memory stores a plurality of cryptographic keys and the rule set memory stores a set of rules for accessing the cryptographic keys. A cryptographic client is operable to issue a request to access a cryptographic key(s) and, when access to the cryptographic key is granted, execute a cryptographic function regarding at least a portion of the cryptographic key to produce a cryptographic result. The key store arbitration module is operable to determine whether the request to access the cryptographic key is valid; when the request is valid, interpret the request to produce an interpreted request; access the rule set memory based on the interpreted request to retrieve a rule of the set of rules; and grant access to the cryptographic key in accordance with the rule.03-11-2010
20110299687AUTOMATED KEY MANAGEMENT SYSTEM AND METHOD - A system and method for automatic key and certificate management is disclosed. In particular, a key store in a base computer contains both new and previously viewed cryptographic keys. In one embodiment, for each new key, if a corresponding certificate matches an existing certificate, the new certificate may be automatically downloaded to a mobile communications device without prompting a user.12-08-2011
20110286598INFORMATION PROCESSING APPARATUS, METHOD, AND PROGRAM - An information processing apparatus includes a key retaining section retaining a key for use in writing data in a data storage area of another information processing apparatus or reading data stored in the data storage area, and a storage section that stores data. The information processing apparatus is used by being combined with the other information processing apparatus. The key retained in the key retaining section is protected with a key retained in the other information processing apparatus. The storage section is protected with the key retained in the other information processing apparatus.11-24-2011
20090202077APPARATUS AND METHOD FOR SECURE DATA PROCESSING - A method for secure processing of a data stream using a secret key stored in a key storage, with the data stream including content data and context information, with the key storage holding several secret keys, the method including: extracting the context information from the content data stream; generating address information based on the context information for accessing one of the several secret keys stored in the key storage; retrieving from the key storage the one of the several secret keys using the address information; processing the content data using the retrieved secret key. Further disclosed is an apparatus for secure data processing.08-13-2009
20090296934METHODS AND SYSTEMS FOR MAINTAINING SECURITY KEYS FOR WIRELESS COMMUNICATION - Certain embodiments allow security keys to be maintained across mobile device states, or communication events, such as hand-over, and system idle and sleep power savings modes. By monitoring the lifetime of security keys, keys may be refreshed in an effort to ensure key lifetimes will not expire during a hand-over process or other device unavailable state.12-03-2009
20090296935DECODING AND ENCODING DATA - Various example embodiments are disclosed. According to an example embodiment, a method may include receiving data which has been encoded according to a first higher complexity protection scheme and compressed. The method may also include decompressing the data. The method may also include decoding the data according to the first higher complexity protection scheme using a first higher complexity key. The method may also include encoding at least the first portion of the data according to a second higher complexity protection scheme using a second higher complexity key. The method may also include encoding at least a second portion of the data according to a lower complexity protection scheme using a lower complexity key.12-03-2009
20090296933INTEGRATED CIRCUIT AND A METHOD FOR SECURE TESTING - An integrated circuit that includes a controller and multiple internal circuitries, whereas the integrated circuit is characterized by further including a security mode determination unit that includes multiple one time programmable components for defining a security mode out of multiple possible security modes, whereas a selected circuitry mode affects access to an internal circuitry.12-03-2009
20100111307CONTROLLING SESSION KEYS THROUGH IN-BAND SIGNALING - The present invention employs in-band signaling between PTEs to provision and control session keys, which are used by the PTEs for encrypting and decrypting traffic that is carried from one PTE to another over a transport network. In operation, a first PTE will receive incoming traffic from a first edge network, map the traffic to frames, encrypt the traffic with a session key, and send the frames with the encrypted traffic over the transport network to a second PTE. The second PTE will extract the encrypted traffic from the frames, decrypt the encrypted traffic with a session key, and send the recovered traffic over a second edge network toward an intended destination. If symmetric encryption is employed, the session key used by the first PTE to encrypt the traffic will be identical to the session key used by the second PTE to decrypt the traffic.05-06-2010
20090190762METHOD AND SYSTEM FOR PREVENTING GENERATION OF DECRYPTION KEYS VIA SAMPLE GATHERING - Methods and systems for preventing generation of decryption keys via statistical sample gathering may include verifying a one-key message authentication code (OMAC) decryption key in received data and inserting a delay time before subsequent OMAC verifications upon a failure of the verifying. The delay time may be increased, doubled, for example, with each failure of the subsequent OMAC verifications. The cryptographic system may be disabled upon reaching a defined number of OMAC verification failures. The delay time may be reset upon an OMAC verification pass. A number of OMAC verification failures may be stored in non-volatile memory. The OMAC verification may be one of a plurality of key verifications in a key ladder system. A service provider may be required to reset the cryptographic system when the cryptographic system may be disabled due to multiple OMAC failures. The received data may be AES, DES or 3-DES encrypted.07-30-2009
20090196424Method for security handling in a wireless access system supporting multicast broadcast services - One object of the present invention is a method for security handling in a wireless access system supporting Multicast Broadcast Services MBS, said method comprising the steps of: 08-06-2009
20090196423METHODS TO DEFEND AGAINST TAMPERING OF AUDIT RECORDS - Embodiments of the invention provide systems and methods for detection of tampering with an audit record for a database. According to one embodiment, a method for detection of tampering with an audit record for a database can comprise reading one or more audit records for a time period from an audit table. The one or more audit records can each include a time stamp and reading the one or more audit records can comprise reading audit records having a timestamp within the time period. An encrypted record, such as a message digest record, for the time period can be generated based on the one or more audit records and including the time stamps. The message digest record can be stored in a message digest table. In some cases, the message digest table can be maintained in a trusted data store.08-06-2009
20100054475VALIDATING ENCRYPTED ARCHIVE KEYS - An apparatus and a method for validating encrypted archive keys is described. In one embodiment, a passphrase is enciphered. An archive key used to encipher an archive is enciphered with the enciphered passphrase. A first enciphered block is computed by enciphering a random block with the archive key. A second enciphered block is computed by enciphering the same random block with a Message Authentication Code (MAC) key. The MAC key is derived from the archive key and the passphrase. The validity of keys is determined by comparing the decrypted first block with the decrypted second block.03-04-2010
20100040233PROTOCOL FOR DEVICE TO STATION ASSOCIATION - A technique that enables a portable device to be automatically associated with a plurality of computers. Information that a computer can use to authenticate a portable device and establish a trusted relationship prior to creating an association with the portable device is created and stored in a data store that is accessible by a plurality of computers and is associated with a user of the portable device. When a computer discovers such a portable device with which it is not yet associated, the computer can identify a user logged into the computer and use information identifying the user to retrieve authentication information that is device independent and is expected to be presented by the portable device to authenticate it and allow automatic association.02-18-2010
20090296937DATA PROTECTION SYSTEM, DATA PROTECTION METHOD, AND MEMORY CARD - This data protection system encrypts and stores data in a memory card, using a double encryption key scheme for encrypting the data with a data key and further encrypting the data key with a user key. This system provides data to a particular host device from the memory card and limits provision of the data to other host devices. The host device includes DPS program that governs control of writing data to, and reading data from the memory card. The memory card includes a first non-volatile memory and a memory controller that controls the first non-volatile memory. DPSA program is implemented in the memory controller that manages ID information for identifying a user capable of decrypting the encrypted data with the user key.12-03-2009
20100104100METHOD AND APPARATUS FOR ADJUSTING DECRYPTION KEYS - In a digital cinema system, a Secure Clock can drift over time, possibly presenting the ability to playout a digital cinema presentation near the end of the validity interval of a decryption key. To accommodate for the drift in the Secure Clock, the validity interval of the decryption key is adjusted in accordance with the time difference between a secure time value and a present time value.04-29-2010
20090074188MEMBER CERTIFICATE ACQUIRING DEVICE, MEMBER CERTIFICATE ISSUING DEVICE, GROUP SIGNING DEVICE, AND GROUP SIGNATURE VERIFYING DEVICE - It is an object of the present invention to enhance the security and reduce the data amount of data to be handled in a group signing system, in which when the group public key which includes: a description for four groups: group 1, group 2, group T, and group E of the same order number; a description of bilinear mapping from group 1 and group 2 to group T; each generator of group 1, group 2, group T, and group E; and a signature public key of a signature scheme using group 1, group 2, and group T, is input, the member secret key including an integer not larger than the order number, member evidence which is a value given by multiplying the generator of group E by the member secret key, and an element of group 1 or group 2 which is a value given by multiplying the generator of the group 1 or the group 2 by the member secret key are sent to the member-certificate issuing device, and thereafter upon receipt of a signature for the member secret key, which is verifiable by the signature public key, from the member-certificate issuing device, the signature is used as the member certificate.03-19-2009
20090097656ELECTRONIC DEVICE AND ENCRYPTION METHOD THEREOF - An electronic device and an encryption method thereof are provided. The electronic device includes a control unit which encrypts an encryption key using an inherent key, and transmits the encrypted encryption key and a key index corresponding to the inherent key to a recording medium. Accordingly, encrypted content stored in a recording medium can be decrypted when an electronic device is malfunctioning or replaced with a new one.04-16-2009
20090052671SYSTEM AND METHOD FOR CONTENT PROTECTION - The invention provides a system and method for content protection. A system in accordance with an embodiment includes a media center connectable to a mobile master memory unit associated with an identifier, the media center including: a protection key; storage means for storing files identified by respective file identifiers; a processing unit comprising file encryption for encrypting each file before storage, using a title key computed from the protection key of the media center and for encrypting the title key using the protection key of the master storage device and the identifier of the master memory unit, the master storage device being further provided to write the encrypted title key in association with the corresponding file identifier to the master memory unit.02-26-2009
20120140928METHOD AND APPARATUS FOR EXTENDING A KEY-MANAGEMENT PROTOCOL - A method and apparatus for modifying the Multimedia Internet KEYing (MIKEY) protocol to support an extended key-management message (KMM), wherein the apparatus programs a computer to perform the method, which includes: determining that a KMM is directed to a target device; determining that the KMM is an extended KMM related to a key-management operation that is not supported by the standard MIKEY protocol; signaling the extended KMM in at least one field of a MIKEY message; and sending the MIKEY message to the target device.06-07-2012
20090323960METHOD AND SYSTEM FOR HIDING THE DECRYPTION KEY IN A DISPERSIVE WAY - A method for hiding the decryption key in a dispersive way is disclosed. A decryption key corresponding to content to be accessed is decomposed into at least two partial decryption keys, comprising first partial decryption key and second partial decryption key. The first partial decryption key is stored in a memory device. The second partial decryption key is stored in a hidden area of the memory device. When the memory device is installed on an electronic device, an application installed in the electronic device is activated. The application retrieves the first partial decryption key from the memory device and the second partial decryption key from the hidden area of the memory device, re-organizes and codes the first and second partial decryption keys to recover the decryption key, and decrypts the content using the decryption key, enabling the electronic device to access the content.12-31-2009
20080260160Opt-in process and nameserver system for IETF DNSSEC - The process of signing and then publishing a DNS zone according to the IETF DNSSEC protocols is improved by the present invention, in order to facilitate the DNSSEC deployment until most of the DNS zones are signed. The prior art situation is that a second-level domain, e.g. example.com, often faces an unwanted status of “DNSSEC island of security,” and a challenging task of “trust anchor key” out-of-band distribution. The invention somehow fixes such broken DNSSEC chains of trust, e.g. it fills the gap between a DNSSEC island of security and its signed grandparent or ancestor. The invention is deemed useful for the introduction of DNS root nameservice substitution for DNSSEC support purposes, and allows opt-in while NSEC10-23-2008
20090208019METHOD AND APPARATUS FOR ENCRYPTING/DECRYPTING DATA - The present invention relates to a method and apparatus for encrypting data (08-20-2009
20090208018DATA TRANSFER DEVICE - A data transfer device for transferring data to a removable data storage item. The data transfer device receives content data to be stored to the removable data storage item, encrypts the content data using an encryption key, and transforms at least one of predetermined reference data and the encryption key. The data transfer device also encrypts the transformed predetermined reference data using the encryption key or encrypts the predetermined reference data using the transformed encryption key, and then stores the encrypted content data and the encrypted transformed/predetermined reference data to the removable data storage item.08-20-2009
20090208017VALIDATION OF ENCRYPTION KEY - A label corresponding to a cryptographic key is stored at a first computational device. A user provided label is received at a second computational device. The user provided label is sent from the second computational device to the first computational device. The user provided label is compared to the label stored at the first computational device. The cryptographic key is used to perform cryptographic operations on data, in response to determining that the user provided label matches the label stored at the first computational device.08-20-2009
20100086134FULL VOLUME ENCRYPTION IN A CLUSTERED ENVIRONMENT - Full volume encryption can be applied to volumes in a clustering environment. To simplify the maintenance of keys relevant to such encrypted volumes, a cluster key table construct can be utilized, where each entry of the cluster key table corresponds to an encrypted volume and comprises an identification of the encrypted volume and a key needed to access that volume. Keys can be protected by encrypting them with a key specific to each computing device storing the cluster key table. Updates can be propagated among the computing devices in the cluster by first decrypting the keys and then reencrypting them with a key specific to each computing device as they are stored on those computing devices. Access control requirements can also be added to the entries in the cluster key table. Alternative access control requirements can be accommodated by assigning multiple independent entries to a single encrypted volume.04-08-2010
20100080392Key Management In Storage Libraries - Embodiments include methods, apparatus, and systems for managing encryption keys in a storage library. One method includes using a tape library to determine which key manager is selected for data encryption operations to a tape drive when multiple different key managers exist in a storage system.04-01-2010
20090086976SUBSTITUTION TABLE MASKING FOR CRYPTOGRAPHIC PROCESSES - A computing device-implemented method and system is provided for obtaining an interim masked substitution table value for a given input component in a cryptographic round, such as an AES cryptographic round, using a substitution table and a self-cancelling mask. A mask with a length equal to an entry in the substitution table is provided, wherein the mask comprises a plurality of mask components of equal length such that a bitwise logical inequality operation such as NOR on the mask components equals zero, and the substitution table is masked with this mask. For each of input component, an interim masked substitution table value is obtained from the substitution table thus masked.04-02-2009
20090086975Flexible format media content and method for providing same - There is presented a method for providing a media content, one embodiment comprising recording a first version of a movie on a first content medium in a first format, encrypting one or more content supplement to the movie, each content supplement having a format different from the first format, embedding at least one encryption key in each content supplement, providing a retrieval code for key data enabling playback of the content supplement, and bundling the content supplement and the retrieval code for distribution with the first content medium. In one embodiment, a flexible format media bundle comprises a first content medium, a first version of a media content recorded on the first content medium in a first format, at least one content supplement having a different format, at least one encryption key, and a retrieval code enabling access to the content supplement.04-02-2009
20100080391Auditing Data Integrity - Various approaches are described for auditing integrity of stored data. In one approach, a data set is provided from a client to a storage provider, and the data set is stored at a first storage arrangement by the storage provider. An auditor determines whether the data set stored at the first storage arrangement is corrupt without reliance on any part of the data set and any derivative of any part of the data set stored by the client. While the auditor is determining whether the data set stored at the first storage arrangement is corrupt, the auditor is prevented from being exposed to information specified by the data set. The auditor outputs data indicative of data corruption in response to determining that the data set stored at the first storage arrangement is corrupt.04-01-2010
20090141901TERMINAL AND METHOD OF INCLUDING PLURALITY OF CONDITIONAL ACCESS APPLICATIONS IN BROADCASTING SYSTEM - A method of selectively using a CA application of a terminal, the method including: searching a CA application table when a service of fee-based contents is requested, and determining whether a corresponding CA application is installed; and extracting a key required for descrambling a broadcasting signal using the CA application, when the CA application is installed based on a result of the determining.06-04-2009
20100098255SYSTEM AND METHOD FOR A DERIVATION FUNCTION FOR KEY PER PAGE - Disclosed herein are systems, methods and computer-readable media to perform data encryption and decryption using a derivation function to obtain a key per page of data in a white-box environment. The method includes sharing a master key with the sender and receiver, splitting the input data into blocks and sub-blocks, and utilizing a set of keys and a master key to derive a page key. In another aspect of this disclosure, the key validation and shuffling operations are included. This method allows for the derivation of a key instead of storing a predetermined key, thus maintaining system security in a white-box environment.04-22-2010
20090046862METHOD AND DEVICE FOR SPEEDING UP KEY USE IN KEY MANAGEMENT SOFTWARE WITH TREE STRUCTURE - In the key management software having a key database with a tree structure, a high-speed data encryption/decryption process is achieved by changing the tree structure without reducing the security strength when deleting or adding a key from/to the tree structure. The key management software 02-19-2009
20120106741METHOD FOR CREATING AN ENHANDED DATA STREAM - The present invention provides a method for secure communication of digital information between a transmission entity and at least one reception entity. The method may be applied in the domain of audio/video data transmission, where stuffing data packets comprising random payloads are inserted into a transport stream along with true data packets comprising the audio/video data. The dummy data packets are detectable by an authorized reception entity but not detectable by unauthorized reception entities. A large number of stuffing data packets are included in the transmission to occupy bandwidth and to further render the job difficult for an unauthorized reception entity which tries to intercept the transmission.05-03-2012
20090262941TECHNIQUES FOR MANAGING KEYS USING A KEY SERVER IN A NETWORK SEGMENT - The election of a key server is provided. The key server is a single device that broadcasts an encryption key to other devices in a network segment. Also, automatic reelection of a new key server is provided when a current key server becomes unavailable. Key receivers may separately detect that a new key server is needed and separately determine from state information which key receiver should be elected the new key server. The state information may have been received in previously sent messages. Thus, further messaging is not needed to elect a new key server.10-22-2009
20090262940MEMORY CONTROLLER AND MEMORY DEVICE INCLUDING THE MEMORY CONTROLLER - A memory controller includes a security key and parameter storage unit and a security engine. The security key and parameter storage unit stores at least one security key and at least one parameter that are used during encryption or decryption. The security engine receives encrypted data stored in an external boot memory, decrypts the received encrypted data by using the security key and the parameter, and outputs the decrypted data to a central processing unit (CPU), in a security operation mode.10-22-2009
20090202078DEVICE, SYSTEM, AND METHOD OF SECURELY EXECUTING APPLICATIONS - Device, system, and method of executing secure-processing (SEP) applications. Some demonstrative embodiments include a secure-processing (SEP) hardware module including a processor capable of executing at least one SEP application, wherein the SEP hardware module is configured to perform at least one of encrypting and decrypting data handled by the SEP application using an application-specific application-key corresponding to the SEP application, only if the processor begins execution of the SEP application at an approved entry point of the SEP application, and wherein the application-key corresponding to the SEP application is based at least on an internal key internally stored by the SEP hardware module and on application-specific information corresponding to the SEP application. Other embodiments are described and claimed.08-13-2009
20110170693STATELESS METHOD AND SYSTEM FOR PROVIDING LOCATION INFORMATION OF TARGET DEVICE - A method of providing a location of a target device includes receiving a first location reference request from the target device at a first location server, generating a first location reference in response to the first request, and including the first location reference in a second location reference request to a second location server. The second location server generates a second location reference in response to the second request, where the second location reference is stateless and refers to the first location reference. The second location reference is received from the second location server, and provided to the target device to be provided to an application requesting location information of the target device from the second location server. The stateless second location reference includes information necessary for the second location server to serve a request for the location of the target device without maintaining state specific to the location reference.07-14-2011
20080304668SYSTEM AND METHOD FOR LOST DATA DESTRUCTION OF ELECTRONIC DATA STORED ON A PORTABLE ELECTRONIC DEVICE USING A SECURITY INTERVAL - A data security system and method protects stored data from unauthorized access. According to one aspect of the invention, a client computing device communicates periodically with a server. If communications is not established between the client and the server for a selected activation interval and a subsequent grace period, the data is determined to be lost, and programmed security rules are automatically executed.12-11-2008
20090285397MEDIA PROCESSOR AND RECORDING MEDIUM CONTROL METHOD - In a media processor for reading data from or writing data into a recording medium with which mutual authentication has been performed, an authentication processing section generates key information of the recording medium and obtains authentication information of attributes of data stored in the recording medium. An identification information retrieval section obtains identification information of the recording medium. A control section associates the key information, the authentication information, and the identification information with each other to store them in a storage section. In a case in which the recording medium is changed to anther one, if the identification information of the another recording medium matches the identification information stored in the storage section, the media processor uses the key information and the authentication information stored in the storage section.11-19-2009
20090285396Database processing on externally encrypted data - Various techniques are described for processing externally encrypted data by database management system. Specifically, techniques are described for incorporating encrypted data stored in a first database that was encrypted by a first database management system into a second database where the encrypted data is accessed by a second database management system. When accessing externally encrypted data incorporated into the second database, the second database management system can decrypt portions of the data as needed. Because of the manner of incorporation of externally encrypted data into the second database, specifically because the externally encrypted data need not be decrypted before being incorporated into the second database, the computational overhead and security concerns associated with conventional approaches for migrating encrypted data from one database management system to another are avoided.11-19-2009
20100278344System, Portable Object and Terminal for Decrypting Encrypted Audio and/or Video Data - The invention relates to a system (11-04-2010
20090290713Privacy-aware content protection system - A method for preventing rendering of content at overlapping time periods on more rendering devices than permitted by a license associated with the content is disclosed. The method includes: transmitting the following to a rendering device of a user: the content, first software that is operative to receive the content and to associate keys with the content, identification information (ID) that is associated with the user, and second software that comprises a player for rendering the content, receiving the following information from the rendering device during rendering of the content: a number representation X which comprises a number representation in bits of a result obtained from encrypting together a number representation of a present time interval and the ID, both encrypted with a public key of a key pair generated at the rendering device, and a number representation which comprises a number representation in bits of a share (SH) of a private key of the key pair generated at the rendering device, and detecting an attempt to render the content at overlapping time periods on more rendering devices than permitted by the license associated with the content based on a determination that number representations X received from separate rendering devices are identical, and number representations Y received from the separate rendering devices and paired with the number representations X received from the separate rendering devices are different. Related apparatus and methods are also disclosed.11-26-2009
20090290712ON-DIE CRYPTOGRAPHIC APPARATUS IN A SECURE MICROPROCESSOR - An apparatus providing for a secure execution environment, including a secure non-volatile memory and a microprocessor. The secure non-volatile memory stores a secure application program. The secure application program is encrypted according to a cryptographic algorithm. The microprocessor is coupled to the secure non-volatile memory via a private bus and to a system memory via a system bus. The microprocessor executes non-secure application programs and the secure application program. The non-secure application programs are accessed from the system memory via the system bus. Transactions over the private bus are isolated from the system bus and corresponding system bus resources within the microprocessor. The microprocessor has a cryptographic unit, disposed within execution logic. The cryptographic unit is configured to encrypt the secure application program for storage in the secure non-volatile memory, and is configured to decrypt the secure application program for execution by the microprocessor.11-26-2009
20090103733METHOD AND SYSTEM FOR THE MANIPULATION-PROTECTED GENERATION OF A CRYPTOGRAPHIC KEY - The embodiments relate to a near field communication system including a plurality of near field communication devices which communicate with each other via a radio interface. During generation of a common cryptographic key between the near field communication devices of the near field communication system, at least one of the two near field communication devices monitors during generation of the cryptographic key via the radio interface in a generation period whether an additional near field communication device which could be a potential active attacker communicates with one of the near field communication devices via the radio interface. If such a suspicious type of communication is detected, generation of the common cryptographic key is optionally terminated.04-23-2009
20090041249METHOD AND SYSTEM FOR MANAGING A KEY FOR ENCRYPTION OR DECRYPTION OF DATA - A user private key is stored in a database of the user terminal. A user public key and user information are stored in the user management DB. The encryption/decryption unit encrypts an authority private key specific to a first authority given to a user, by using a user public key associated with user information to indicate a user. The secret sharing unit shares in secret an authority private key into two or more shared authority private keys. The encryption/decryption unit encrypts the shared authority private keys, by using an authority public key specific to each of second authorities to manage the first authority in a shared manner. The authority management DB stores the encrypted authority private key and authority public key in association with the first authority, and stores the encrypted shared authority private keys in association with the second authorities.02-12-2009
20110200193METHOD AND APPARATUS FOR CONTROLLING THE RECHARGING OF ELECTRIC VEHICLES AND DETECTING STOLEN VEHICLES AND VEHICULAR COMPONENTS - In a system for preventing automobile theft, select automotive components are embedded with digital information and devices, including a unique public key, a unique private key, a decryption/encryption module, and a network address. Upon assembly of a vehicle, the components form addressable nodes of that vehicle. Relevant digital information of all components is recorded in a proprietary, highly secure data base at the time of manufacture, and updated for vehicular repairs. Only registered agents may access the data base or submit updates to the federal network. During refueling or re-charging of a vehicle, a digital handshake compares public keys of the vehicular components to the proprietary data base, and confirms the integrity of at least some components by a public-key/private-key challenge and response. If components have been reported stolen, or other irregularities are detected in the vehicle's network of components during the hand shake process, the vehicle is disabled, and a message is automatically transmitted to one or more law enforcement agencies, identifying the vehicle and its location.08-18-2011
20080212782Approach For Managing Access to Messages Using Encryption Key Management Policies - Controlling access to disseminated messages includes implementing one or more key management policies that specify how various encryption keys are maintained and in particular, when encryption keys are made inaccessible. Deleting a particular key renders inaccessible all copies of messages, known or unknown, associated with the particular key, regardless of the location of the associated messages. A message may be directly or indirectly associated with a deleted key. Any number of levels of indirection are possible and either situation makes the message unrecoverable. The approach is applicable to any type of data in any format and the invention is not limited to any type of data or any type of data format.09-04-2008
20080212779Ordering Content by Mobile Phone to be Played on Consumer Devices09-04-2008
20080212778Communication System and Communication Apparatus - A communication system and communication apparatus that can improve the stability and security of communication. In this communication system, a communication apparatus (09-04-2008
20090169014DISTRIBUTION AND AUTHENTICATION OF PUBLIC KEYS USING RANDOM NUMBERS AND DIFFIE-HELLMAN PUBLIC KEYS - A system to exchange and authenticate public cryptographic keys between parties that share a common but secret password, using a pair of random numbers, a pair of Diffie-Hellman public keys computed from the random numbers and the password, a Diffie-Hellman symmetric secret key computed from the Diffie-Hellman public keys and the random numbers, and hashed values of arguments that depend upon these elements.07-02-2009
20090169011APPARATUS AND METHOD FOR NEGOTIATING PAIRWISE MASTER KEY FOR SECURING PEER LINKS IN WIRELESS MESH NETWORKS - A system and method for negotiating a pairwise master key (“PMK”) in wireless mesh networks. The system includes a plurality of mesh points that are configured to perform an abbreviated handshake protocol in negotiating a PMK and establishing a secure connection. The method for establishing a negotiated PMK is based on selecting a PMK before transmitting any data, and arranging available PMKs in a predetermined list so that a PMK can be negotiated in a limited number of exchanges.07-02-2009
20080253571METHOD AND A SYSTEM FOR PROTECTING PATH AND DATA OF A MOBILE AGENT WITHIN A NETWORK SYSTEM - Secure message transfer of at least one message from a sender to a receiver within a network system may be provided. For example, a message structure information regarding the at least one message may be computed on a sender-side and according to a pre-given scheme. The computed message structure information may be added as message account information into the at least one message to be sent. The message account information may be protected by a signature. The at least one message may be transferred through the network system to the receiver. On a receiver-side, the message account information may be validated after reception of the at least one message and according to the pre-given scheme.10-16-2008
20080253570SYSTEM AND METHOD FOR PROCESSING USER DATA IN AN ENCRYPTION PIPELINE - A method, system and program are disclosed for efficiently processing host data which comprises encrypted and non-encrypted data and is to be written to a storage medium. The encrypted data is written to the storage medium in encrypted form. The non-encrypted data is encrypted by a storage device using a well known encryption key and written to the storage medium. In this way, the data that is processed by the storage device to and from the storage medium can always be processed through a single encryption engine.10-16-2008
20100135496METHOD OF MODIFYING SECRETS INCLUDED IN A CRYPTOGRAPHIC MODULE, NOTABLY IN AN UNPROTECTED ENVIRONMENT - The invention relates to a method for modifying a set of secrets in a crypto-graphic module. The cryptographic module ensures that the loading of a secret is either complete or null and void. The module enables a reading of a version number for each secret. The module includes information indicating a version number corresponding to the set of secrets. The method of the invention includes a first step during which, if the version number of the set of secrets is equal to a version number that requires the loading of a set of new secrets, the version number of the set of secrets in the cryptographic module is made equal to a distinctive number that determines that the cryptographic module is being uploaded. The method comprises a second step during which, for each secret and if the version number of said secret is different from the version number of the corresponding new secret to be downloaded, the new secret and the version number thereof are loaded. The method comprises a third step during which the version number of the set of secrets in the cryptographic module is made equal to the version umber of the set of new secrets. The invention can be used particularly for downloading access keys included in a set of smart cards in a non-protected environment.06-03-2010
20090147959KEY STATUS DETECTING CIRCUIT - The present invention provides a key status detecting circuit for detecting key statuses of a plurality of key modules, wherein the key modules respectively include a plurality of key units. The key status detecting circuit includes a plurality of first logic units, a plurality of first signal registering units, a plurality of second logic units, a second signal registering unit, and a control unit. The key status detecting circuit provided by the present invention does not have to connect each key to different pins of the control unit respectively and does not have to have the control unit regularly poll a data bus to detect which key is pressed, and thus the pin amount and loading of the control unit can be reduced, and efficiency of the control unit can be improved.06-11-2009
20090169010METHOD AND SYSTEM FOR PROVIDING DATA FIELD ENCRYPTION AND STORAGE - An approach is provided for securely storing and managing sensitive data. A system and method are provided that include a central device that receives an actual data value from a requester, encrypts the actual data value, obtains a replacement value for the encrypted actual data value, obtains a secondary replacement value based on the encrypted actual data value, and transmits the replacement value to the requester for storage by the requester. The system and method also includes a storage device for storing the secondary replacement value in association with the encrypted actual data value at a secure location. The requester can later use the replacement value to retrieve the actual data value from the central device.07-02-2009
20080273701Secure Paper Comprising a Fiber Layer and an Electronic Chip - The present invention relates to secure paper (11-06-2008
20080279383METHOD AND APPARATUS OF ENCIPHERING AND DECIPHERING DATA USING MULTIPLE KEYS - On a recording medium, first information obtained by enciphering data with the first key and second information obtained by enciphering the first key with each of the predetermined second keys are recorded. A deciphering method is characterized by comprising the steps of inputting the first and second information, deciphering the first key using at least one of the second keys, determining by a specific method that the obtained first key is correct, and then deciphering the data using the first key to obtain the data.11-13-2008
20080279382SECURE AND SCALABLE SOLID STATE DISK SYSTEM - A solid state disk system is disclosed. The system comprises a user token and at least one level secure virtual storage controller, coupled to the host system. The system includes a plurality of virtual storage devices coupled to at least one secure virtual storage controller. A system and method in accordance with the present invention could be utilized in flash based storage, disk storage systems, portable storage devices, corporate storage systems, PCs, servers, wireless storage, and multimedia storage systems.11-13-2008
20080285756RANDOM SHARED KEY - A key server is configured to execute on a computer. The key server is further configured to programmatically respond to a request by a sender by generating a message identifier connected with a message to be communicated and a random shared key for encrypting the message by the sender if the sender has registered with the key server. The key server is yet further configured to programmatically respond to a receiver by extracting the random shared key for decrypting the message if the receiver has registered with the key server, the receiver provides the message identifier to the key server, and the receiver is an intended recipient of the message.11-20-2008
20080292103METHOD AND APPARATUS FOR ENCRYPTING AND TRANSMITTING CONTENTS, AND METHOD AND APPARATUS FOR DECRYPTING ENCRYPTED CONTENTS - Provided are a method and apparatus for encrypting and transmitting contents and decrypting the encrypted contents in order to improve security for authority of use of the contents in a contents used environment by installing various content protection software in a content device. The method of encrypting and transmitting the contents includes: receiving contents to be transmitted; encrypting the contents using a content key which is an encryption key according to the received contents; encrypting the content key using an external device key of an external device which is permitted to receive the encrypted contents to be used and a software key of a software program which is executed in the external device and permitted to decrypt the encrypted contents; and transmitting the encrypted contents and the encrypted content key to the external device. Therefore, security for authority of use of the contents, and more particularly, security for the content key are improved so that illegal distribution of the contents can be prevented.11-27-2008
20080310636ACCESS-CONTROLLED ENCRYPTED RECORDING SYSTEM FOR SITE, INTERACTION AND PROCESS MONITORING - A high level of security for access to recorded information is provided by provision of a trusted/protected communication linkage such as a tamper-resistant or tamper evident enclosure, a physical close coupling between information source and encryption processor and/or obfuscated code or end-to-end network encryption and encryption, possibly symmetrical, of the information to be recorded by a preferably random session key or segment key. The session key or segment key may then be encrypted, preferably asymmetrically, by a secure key which may be shared or access thereto shared in accordance with any desired security policy. Use of a public key or public key/private key infrastructure also provides for authentication of the recorded information.12-18-2008
20080310635APPARATUS, SYSTEM, AND METHOD FOR MANAGING LICENSE KEYS - An apparatus, system, and method are disclosed for managing license keys. A license key service module creates a license key service object of a license key service class. The license key service class extends a SMI-S CIM CIM_Service class. The license key service object comprises a plurality of management operations. A hosted license key service module creates a hosted license key service object of a hosted license key service class. A license key module creates a license key object of a license key class. The license key class extends a SMI-S CIM CIM_ManagedElement class. The license key object comprises a license key and employs the plurality of management operations. A management module manages the license key using the license key object, license key service object, and hosted license key service object.12-18-2008
20130010964System and Method for Multi-Carrier Network Operation - A system and method for configuring a component carrier is presented. A component carrier assignment message is received. The component carrier assignment message may be configured to identify the component carrier and include at least one of, at least one of a downlink carrier frequency, a carrier frequency of a paired uplink carrier, a bandwidth of the component carrier, and a bandwidth of the paired uplink carrier, an indication of whether the component carrier is a control channel monitoring component carrier configured to signal data channel assignment information for the component carrier, and a logical index of the component carrier. The component carrier assignment message may then be used to configure the component carrier on a user equipment (UE).01-10-2013
20080212781System, Method and Apparatus for Decrypting Data Stored on Remobable Media - A technique that decrypts data stored on removable media, if the device on which the encryption was performed is lost, unavailable, or the user credentials are lost. In example embodiment, this is achieved by using the administrator UID, the administrator UDID, the removable media, the names of one or more data files to be decrypted, the administrator Pswd, and a KeyID to decrypt data stored on the removable media associated with a lost or unavailable mobile device on which encryption was performed.09-04-2008
20080292104Recovery of Expired Decryption Keys - At least one expired decryption key intended to be used for asymmetrical decryption of encrypted data is recovered in a terminal after generation of a cryptographic encryption key/decryption key pair stored in a cryptographic medium such as a microchip card. The expired decryption key is stored in a database accessible to a user of the terminal and encrypted beforehand as a function of the new generated encryption key. In the terminal connected to the cryptographic medium, the encrypted expired encryption key is decrypted as a function of the decryption key stored in the cryptographic medium so that the encrypted data is decrypted as a function of the thus decrypted expired decryption key.11-27-2008
20080247549Remote diagnostic system for robots - A remote diagnostic system for robots including a number of at least two robots, wherein a controller of each robot of the system is locally connected to a service unit provided with local processing power, a remote service center provided with a connector server is arranged, and a communications infrastructure for transferring packets of information between a controller of a robot of the system and connector server via the service unit is arranged for performing remote monitoring and diagnostics at the remote service center, wherein the communications infrastructure uses internet and/or GPRS communication lines.10-09-2008
20080232596DATA PROCESSING APPARATUS AND PROGRAM - A data processing apparatus capable of updating and writing a plurality of distributed information items generated based on to-be-held secret information with respect to a data storage device in which access is not limited includes a secret distribution processing portion which generates a plurality of distributed information items updated this time according to secret information to be held this time based on a threshold value secret distribution method, and a distributed information management portion which selects recording positions of distributed information items updated this time to leave behind distributed information items of a number less than a threshold value among a plurality of distributed information items updated last time with respect to a plurality of distributed information items updated and stored in the data storage device and writes distributed information items updated this time to the data storage device based on the selected recording positions.09-25-2008
20130216044HOMOMORPHIC EVALUATION INCLUDING KEY SWITCHING, MODULUS SWITCHING, AND DYNAMIC NOISE MANAGEMENT - Homomorphic evaluations of functions are performed. The functions include operation(s). Variants of key switching and modulus switching are described and are performed prior to or after the operation(s). A key switching transformation converts a ciphertext with respect to a first secret key and a first modulus to a ciphertext with respect to a second secret key and a second modulus. A key switching transformation converts a first version of a ciphertext with respect to a first secret key and with some number r bits of precision to a second version of the selected ciphertext with respect to a second keys and with some other number r′ bits of precision. The ciphertexts may be operated on as polynomials represented using evaluation representation, which has benefits for multiplication and automorphism. Further, ciphertexts are associated with an estimate of noise, which is used to determine when to perform modulus switching on the ciphertexts.08-22-2013
20080273702METHOD, SYSTEM AND PROGRAM PRODUCT FOR ATTACHING A TITLE KEY TO ENCRYPTED CONTENT FOR SYNCHRONIZED TRANSMISSION TO A RECIPIENT - A method and system for attaching a title key to encrypted content for synchronized transmission to, or storage by, a recipient is provided. Specifically, under the present invention, an elementary media stream is parceled into content units that each include a content packet and a header. The content packets are encrypted with one or more title keys. Once the content packets have been encrypted, the title keys are themselves encrypted with a key encrypting key. The encrypted title keys are then attached to the corresponding encrypted content packets for synchronized transmission to a recipient.11-06-2008
20100142710ENHANCED RELATIONAL DATABASE SECURITY THROUGH ENCRYPTION OF TABLE INDICES06-10-2010
20090190763Processing Multi-Key Content - Multi-key content processing systems and methods, for processing content with at least one distribution target position. Each of the distribution target positions corresponds to an authorization key. An example method includes the steps of: encrypting said content with a content key; forming a key link based on said content key and the authorization key of said at least one distribution target position; and attaching said key link to the encrypted content.07-30-2009
20080240442Managing copy protecting information of encrypted data - The present invention provides according to an embodiment a method of reproducing digital content, comprising the steps of: (a) reading a position information where a sample data is present, the sample data being same as a portion of digital content and not encrypted; and (b) reproducing the sample data based on the read position information without a key information, the key information required for decrypting an encrypted digital content.10-02-2008
20080240445DEVICE, METHOD AND PROGRAM FOR PROVIDING MATCHING SERVICE - A computer for a service provider receives from each member of two groups who is a user of a service via a mediating computer, a priority list in which member IDs of the other group is permuted in the priority order of a user and processing information that are encrypted so as not to be decrypted by the mediating computer. The ID of the priority list is encrypted with an encrypting key that is common to all members. The computer for a service provider performs matching, with ID in the priority list being left encrypted when the list is decrypted. The computer for a service provider decrypts the processing information, makes it in a state in which the matching result can be decrypted based on the processing information by only a person concerned, and sends it to each member via the mediating computer.10-02-2008
20080240444METHOD OF DISTRIBUTING A DECRYPTION KEY IN FIXED-CONTENT DATA - Secondary content in encrypted for distribution to client terminals by selecting at least a portion of raw encrypted audio-video data (REAVD) that is provided on a media article as an encryption key, encrypting secondary content using the encryption key, and storing encrypted secondary content at a remotely located host. The media article can then be used for providing access to the encrypted secondary content to client terminals by receiving encrypted secondary content at a client terminal, extracting a decryption key from a media article encoded with REAVD, the decryption key being determined by at least a portion of the REAVD, using the decryption key to decrypt the secondary content, and outputting the decrypted secondary content from the client terminal.10-02-2008
20080240440SYNCHRONIZATION TEST FOR DEVICE AUTHENTICATION - Device authentication is based on the ability of a human to synchronize the movements of his or her fingers. A pairing procedure for two wireless devices may thus involve a synchronization test that is based on the relative timing of actuations of input devices on each of the wireless devices. In some aspects a synchronization test involves determining whether actuations of user input devices on two different wireless devices occurred within a defined time interval. In some aspects a synchronization test involves comparing time intervals defined by multiple actuations of user input devices on two wireless devices.10-02-2008
20090122988METHOD AND APPARATUS FOR SECURELY REGISTERING HARDWARE AND/OR SOFTWARE COMPONENTS IN A COMPUTER SYSTEM - A system that securely registers components in a first system is presented. During operation, the first system receives a request from an intermediary system to obtain configuration information related to the components in the first system. In response to the request, the first system: (1) encrypts configuration information for the first system using a first encryption key; (2) encrypts the first encryption key using a second encryption key; and (3) sends the encrypted configuration information and the encrypted first encryption key to the intermediary system so that the intermediary system can forward the encrypted configuration information and the encrypted first encryption key to the second system, whereby the encrypted configuration information is cryptographically opaque to the intermediary system. Next, the second system uses the configuration information to register the components in the first system.05-14-2009
20090161874Key Management Method for Security and Device for Controlling Security Channel In Epon - A key management method for encrypting a frame in an Ethernet passive optical network (EPON) is provided. In the method, secure parameters including secure keys and their association numbers which are used in the present or will be used in the next by each secure channel are managed by composing a key information table. Then, it determines whether an association number of a received encryption frame is valid or not with reference to the key information table if the encryption frame of which association number has been changed is received. A secure key changes if the association number is determined to be valid, and the secure key does not change if the association number is not valid.06-25-2009
20090161875Mini Time Key Creation Memory Medium and System - To provide a method and a system for creating a mini time key from a time key, a plurality of mini time keys are created within a unit time period. First, a unit time decryption key is prepared immediately after the unit time is created. Then, the last mini time key is created by applying a one-way function to the unit time decryption key. A desired mini time key is created by applying the one-way function to a mini time key following the desired mini time key. In other words, the mini time keys are created as a timed series arranged in a descending order beginning with the last mini time key. In this manner, even when a specific mini time key is externally leaked for a specific reason, a following mini time key in a timed series can not be created by using this mini time key. In addition, even when the mini time keys are sequentially published, the security of the unit time decryption key is maintained.06-25-2009
20090161873METHOD AND APPARATUS FOR KEY MANAGEMENT IN AN END-TO-END ENCRYPTION SYSTEM - A method executed by a first network entity in communication with a second network entity. The method comprises maintaining a first key bank containing a key designated as an active key for the first network entity; maintaining a second key bank containing a key designated as a standby key for the first network entity; encrypting data for transmission to the second network entity using the active key for the first network entity; attempting to detect a match between (i) a representation of the standby key for the first network entity and (ii) a representation of a standby key for the second network entity received from the second network entity; and upon detecting a match, causing the active key for the first network entity to designate thereafter the key contained in the second key bank.06-25-2009
20090129597REMOTE PROVISIONING UTILIZING DEVICE IDENTIFIER - Embodiments of the present invention provide for remote provisioning using a device identifier. In some embodiments, a client device may transmit the device identifier to a provisioning server and, sometime after an association of the device identifier and the client device has been authenticated, receive an operating system boot image from the provisioning server. Other embodiments may be described and claimed.05-21-2009
20090129596System and Method for Controlling Comments in a Collaborative Document - A system, method, and program product is provided that operates when opening a word processing document that includes document content inserted at various insertion points within the document. The document is opened by a user that corresponds to a particular user identifier. The comments included in the document include recipient identifiers. A first set of comments are selected where the user's identifier is included in the recipient identifiers of the corresponding comments, and a second set of comments are selected where the user's identifier is not included in the recipient identifiers of the corresponding comments. The word processor displays the first set of comments at their respective insertion points within the document content and does not present the second set of comments.05-21-2009
20120070002PROTECTING INFORMATION IN AN UNTETHERED ASSET - The technology described herein for protecting secure information includes a method. The method includes storing, by a plurality of data store devices, the secure information. Each of the data store devices stores at least one part of the secure information. The method further includes receiving, by at least one of a plurality of embedded sensors, a notification associated with a compromise of at least one part of the secure information. The method further includes destroying one or more parts of the secure information based on the notification. The method further includes processing, by a plurality of intelligent agent modules, one or more parts of the secure information received from one or more of the data store devices if no parts of the one or more parts of the secure information are destroyed.03-22-2012
20090003608BLOCK-LEVEL STORAGE DEVICE WITH CONTENT SECURITY - A block-level storage device is provided that implements a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key.01-01-2009
20090003606CHANGING THE ORDER OF PUBLIC KEY CRYPTOGRAPHIC COMPUTATIONS - In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase. This may be accomplished by creating a permutation of an order of powers and then performing a table initiation phase using a part of a key and the permuted order of powers to populate a data structure.01-01-2009
20090185688DELIVERING ENHANCED MULTIMEDIA CONTENT ON PHYSICAL MEDIA - Enhanced multimedia content on physical media interacts with the user through a media player and the Internet. Enhanced multimedia utilizes IDs for pieces of content on the media and a media key block. On the enhanced media is a file with a list of URLs. As the enhanced media plays a section requiring a set of keys for decryption, the media player accesses the URL for that section and obtains the decryption key. The decryption key may be purchased or provided for free. Secure encryption and transmission of these keys is accomplished by broadcast encryption using a media key block. Each media has a unique set of keys that allow the media player to process the media key block; however, each media follows a unique path through the media key block. All legitimate media players obtain the media key; circumvention devices cannot decipher the media key block.07-23-2009
20090080656METHODS AND COMPUTER PROGRAM PRODUCTS FOR PERFORMING CRYPTOGRAPHIC PROVIDER FAILOVER - Performing cryptographic provider failover utilizing an integrated cryptographic provider to register for each of a plurality of service type—algorithm pairs already registered by each of a plurality of underlying cryptographic providers, such that the integrated cryptographic provider specifies failover support for all registered service type—algorithm pairs using the one or more underlying cryptographic providers. Upon receipt of a first security request, the integrated cryptographic provider constructs a table including a list of cryptographic providers for each of the plurality of service type—algorithm pairs, wherein the table identifies a temporal order in which two or more of the plurality of underlying cryptographic providers were registered for each of the plurality of service type—algorithm pairs. In response to a subsequent security request received from an application, the list of cryptographic providers is used to identify a second cryptographic provider to which the request will be routed if a first cryptographic provider fails.03-26-2009
20090052669METHOD AND SYSTEM FOR DISASTER RECOVERY OF DATA FROM A STORAGE DEVICE - Aspects of the invention provide a method and system for securely managing the storage and retrieval of data. Securely managing the storage and retrieval of data may include receiving a first disaster recovery code and acquiring a first password corresponding to the first disaster recovery code. A first disaster recovery key may be generated based on the first disaster recovery code and the first password. Another aspect of the invention may also include generating the received first disaster recovery code based on said first password and the first disaster recovery key. The generated disaster recovery code may be securely stored on at least a portion of a storage device or a removable media. Data stored on the storage device may be encrypted using the first generated disaster recovery key. Additionally, data read from the storage device may be decrypted using the generated first disaster recovery key.02-26-2009
20090080658METHOD AND APPARATUS FOR ENCRYPTING DATA FOR FINE-GRAINED ACCESS CONTROL - In one embodiment, the present invention is a method and apparatus for encrypting data for fine-grained access control. One embodiment of a method for encrypting data includes encrypting the data as a ciphertext, labeling the ciphertext with a set of one or more descriptive attributes, generating a decryption key for decrypting the ciphertext, associating an access structure with the decryption key, such that the data is recoverable from the ciphertext using the decryption key only if the set of one or more descriptive attributes satisfies the access structure, and outputting the ciphertext and the decryption key.03-26-2009
20090097653ENCRYPTION KEY STORED AND CARRIED BY A TAPE CARTRIDGE - In a cartridge key carrier, a data processing system employing an encryption key carrier, and a method for communicating an encryption key, an empty cartridge housing is provided that has a standardized form factor allowing insertion of the cartridge into a standardized magnetic tape drive. A memory chip is permanently attached to the cartridge housing, and has an encryption key stored therein. The memory chip has a chip configuration that allows readout of the encryption key from the memory chip when the housing is inserted into the tape drive.04-16-2009
20090097655Storage system and storage system management method - An object of the present invention is to prevent data from being tampered with, and to prevent operation mistakes, when sending and receiving data between a management software managing storage devices.04-16-2009
20090185686METHOD TO TRACE TRACEABLE PARTS OF ORIGINAL PRIVATE KEYS IN A PUBLIC-KEY CRYPTOSYSTEM - The aim of the present invention is to propose a very fast alternative mechanism to the traitor tracing algorithm introduced by Boneh and Franklin to trace private keys in a public-key cryptosystem. This invention concerns a method to trace traceable parts of original private keys in a public-key cryptosystem consisting of one public key and l corresponding private keys, a private key being formed by a traceable array of 207-23-2009
20090208020Methods for Protecting from Pharming and Spyware Using an Enhanced Password Manager - Methods implemented by enhanced Password Manager for protecting against Pharming and Spyware comprising matching a saved record with certificate of website and withholding saved record's data if a match is not found. Further comprising, scrambling of retrieved data with a scrambling key wherein said key is synchronized with website.08-20-2009
20090220090TAMPER RESISTANT METHOD, APPARATUS AND SYSTEM FOR SECURE PORTABILITY OF DIGITAL RIGHTS MANAGEMENT-PROTECTED CONTENT - An apparatus and system provide a tamper-resistant scheme for portability of DRM-protected digital content. According to embodiments of the invention, a portable crypto unit may be utilized in conjunction with a VT integrity services (VIS) scheme as well as a Virtual Machine Manager (VMM) and a TPM to provide a secure scheme to protect digital content. Additionally, in one embodiment, the digital content may be partitioned into blocks comprising multiple segments to further enhance the security of the scheme.09-03-2009
20090220089METHOD AND APPARATUS FOR MAPPING ENCRYPTED AND DECRYPTED DATA VIA A MULTIPLE KEY MANAGEMENT SYSTEM - A method, apparatus and program product for encryption/decryption of data on a volume of data storage media including dividing the volume into a plurality of locations, assigning a unique key to each location for encryption/decryption of data in the respective location of the volume, mapping the locations and keys in the key manager, and encrypting/decrypting data on the volume based on the data's physical location on the volume. The owning entity owning each location on the volume may also be mapped, and the keys for each location owned by the same owning entity may be the same.09-03-2009
20090220088AUTONOMIC DEFENSE FOR PROTECTING DATA WHEN DATA TAMPERING IS DETECTED - A computer implemented method, data processing system, and computer program product for providing an autonomic defense when data tampering is detected in a data processing system where data is maintained and transmitted in unencrypted form. When notification of data tampering activity in the data processing system is received, a determination is made as to whether the data tampering activity meets or exceeds a threshold. If the threshold is met or exceeded, an encryption key is read from a persistent storage location into memory. The key is erased from the persistent storage location. The data in the data processing system is encrypted using the key to form encrypted data. The key is then erased from memory.09-03-2009
20090245519RENEWAL MANAGEMENT FOR DATA ITEMS - A system, method apparatus, and computer readable medium for managing renewal of a dynamic set of data items. Each data item has an associated renewal deadline, in a data item management system. A renewal schedule allocates to each data item a renewal interval for renewal of the data item. On addition of a new data item, if a potential renewal interval having a duration required for renewal of the data item, and having an ending at the renewal deadline for that item does not overlap a time period in the schedule during which the system is busy, the renewal schedule is automatically updated by allocating the potential renewal interval to the new data item. If the potential renewal interval does overlap a busy period, the renewal schedule is automatically updated by selecting an earlier renewal interval for at least one data item in the set.10-01-2009
20090220091COMMUNICATION SECURITY - The current IMS security architecture only protects data transmitted in the IMS control plane. Embodiments are described which provide end-to-end encryption of data transmitted in the IMS media plane but which also allow lawful interception and interpretation of such end-to-end communications under the control of the relevant IMS core (09-03-2009
20080260158Methods and apparatus for initialization vector pressing - Methods and apparatus are provided for using explicit initialization vectors in both encryption and decryption processing. In one example, a sender generates an initialization vector, identifies cryptographic keys, encrypts data using the initialization vectors and the cryptographic keys, and transmits the encrypted data in a packet along with the initialization vector. A receiver identifies cryptographic keys, extracts the initialization vector from the received packet, and decrypts the encrypted data using the cryptographic keys and the initialization vector extracted from the received packet.10-23-2008
20080260156Management Service Device, Backup Service Device, Communication Terminal Device, and Storage Medium - It is an object to provide a method for invalidation and new registration of a storage medium, a method for backup of data stored in a storage medium and for restoration of backup data to a storage medium, and a method for encryption of and application of an electronic signature to data to be backed up, and for decryption of backup data to be restored and verification of a signature. A service device includes a reception unit for receiving a request for data processing regarding a storage medium from a communication terminal device connected to the storage medium, an authentication unit for performing authentication of whether or not the storage medium connected to the communication terminal device is valid, and a database for storing a public key of the storage medium, wherein, when the reception unit receives a request for invalidation of the first storage medium from the communication terminal device, and the authentication unit authenticates the second storage medium connected to the communication terminal device as a valid storage medium, the database deletes the public key of the first storage medium stored in the database.10-23-2008
20080260155Storage Medium Processing Method, Storage Medium Processing Device, and Program - Spread of a forged storage medium is prevented suppressing an authentic storage medium's damage and trouble of a owner to the minimum. When there is an update request of user key data, the update history of the user key data concerning the shown above-mentioned medium identifier IDm is referred to. When judged that the update of the user key data concerning the shown medium identifier IDm not being performed within a predetermined period, the update of user key data is performed. The request of a update is refused when judged that the update of the user key data concerning the shown medium identifier IDm being performed within a predetermined period.10-23-2008
20090252327COMBINATION WHITE BOX/BLACK BOX CRYPTOGRAPHIC PROCESSES AND APPARATUS - Method and apparatus for increasing security of a cryptographic algorithm such as deciphering, enciphering, or a digital signature. A cryptographic algorithm and a key are provided such that a deciphering process, for instance, is partitioned between two portions. The portion of the cryptographic algorithm carried out in the first portion is implemented in a “white box” model such that it is highly secure even against an attack by the user who has full access to internal operations, code execution and memory of the user device, such as a hacker or attacker. The remaining portion of the algorithm is carried out in the second portion. Since this second portion has relaxed security constraints, its code may be implemented using a “black box” approach where its code execution may be more efficient and faster, not requiring the code obfuscation of the white box implementation in the user device. This partitioning may be achieved using a delegation protocol. The chief advantage is that even given a limited code size for the cryptographic process, the security of the system is improved by carrying out the more computationally intensive functions more efficiently in the black box portion and executing the less computationally intensive function in the white box portion.10-08-2009
20090257594SECURE DEBUG INTERFACE AND MEMORY OF A MEDIA SECURITY CIRCUIT AND METHOD - A method, system and apparatus of a secure debug interface and memory of a media security circuit and method are disclosed. In one embodiment, a host processor, an external hardware circuit to encrypt an incoming data bit communicated to a debug interface using a debug master key stored at a pointer location of a memory (e.g., the memory may be any one of a flash memory and/or an Electrically Erasable Programmable Read-Only Memory (EEPROM)) and to decrypt an outgoing data bit from the debug interface using the debug master key, and a media security circuit having the debug interface to provide the pointer location of the memory having the debug master key to the external hardware circuit.10-15-2009
20090257595Single Security Model In Booting A Computing Device - A method and apparatus for securely booting software components in an electronic device to establish an operating environment are described herein. According to an aspect of the invention, software components are to be executed in sequence in order to establish an operating environment of a device. For each software component, a security code is executed to authenticate and verify an executable code image associated with each software component using one or more keys embedded within a secure ROM (read-only memory) of the device and one or more hardware configuration settings of the device. The security code for each software component includes a common functionality to authenticate and verify the executable code image associated with each software component. In response to successfully authenticating and verifying the executable code image, the executable code image is then executed in a main memory of the device to launch the associated software component.10-15-2009
20100150351Method of Delivering Direct Proof Private Keys to Devices Using an On-Line Service - Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.06-17-2010
20090285398VERIFICATION OF THE INTEGRITY OF A CIPHERING KEY - A method for verifying the integrity of a key implemented in a symmetrical ciphering or deciphering algorithm, including the steps of complementing to one at least the key; and verifying the coherence between two executions of the algorithm, respectively with the key and with the key complemented to one.11-19-2009
20090116649REVOCATION OF A SYSTEM ADMINISTRATOR IN AN ENCRYPTED FILE SYSTEM - A method of securely storing electronic information includes a step in which target electronically stored information is encrypted with a first encryption key and then partitioned into a first set of encrypted ESI partitions a subset of which is able to reconstruct the unpartitioned encrypted ESI. This first set of encrypted ESI partitions is then encrypted with a first set of user encryption keys to form a first set of user-associated encrypted ESI partitions that are made available to a first set of users. When access to the target electronically stored information is changed, the target electronically stored information is accessed and then re-encrypted with a second encryption key to form a second encrypted ESI. This second encrypted ESI is then partitioned and distributed to a second set of users.05-07-2009
20090116648Key production system - A key production system to determine a cryptographic key for a selected cryptoperiod being later than or equal to a cryptoperiod-A, and earlier than or equal to a different cryptoperiod-B, the system including a first receiver to receive a first key-component, associated with cryptoperiod-A, forming part of a first hash-chain progressing via a first one-way function, progressive key-components corresponding to later cryptoperiods, a second receiver to receive a second key-component, associated with cryptoperiod-B, forming part of a second hash-chain progressing via a second one-way function, progressive key-components corresponding to earlier cryptoperiods, first and second key-component determination modules to determine key-components in the first hash-chain and the second hash-chain, respectively, for the selected cryptoperiod, and a key determination module to determine the cryptographic key based on the key-components in the first and second hash chain for the selected cryptoperiod. Related methods and apparatus are also included. 05-07-2009
20100183153METHOD OF ESTABLISHING ROUTING PATH OF SENSOR NETWORK FOR IMPROVING SECURITY AND SENSOR NODE FOR IMPLEMENTING THE SAME - Disclosed herein is a method of establishing the routing path of a sensor network and a sensor node for implementing the method. Each of a plurality of sensors belonging to a sensor network is assigned a key index and a key corresponding to the key index. The sensor node acquires information about key indices possessed by sensor nodes existing on a candidate routing path. The sensor node selects a final routing path from among a plurality of candidate routing paths using the information about the key indices. Accordingly, the present invention can implement a sensor network having improved security.07-22-2010
20100215178KEY SELECTION VECTOR, MOBILE DEVICE AND METHOD FOR PROCESSING THE KEY SELECTION VECTOR, DIGITAL CONTENT OUTPUT DEVICE, AND REVOCATION LIST - A key selection vector for a revocation list in an HDCP system as well as a mobile device and a method for processing a key selection vector, a digital content output device using a key selection vector and a revocation list for use in an HDCP system comprising a key selection vector are described. It is desired to improve handling of key selection vectors of revocation lists. A structured key selection vector for a revocation list is provided. The key selection vector is structured to contain at least one bit field with a predetermined number of bits and at a predetermined location in the key selection vector. The bit field contains information relating to a group property of a device, which group property allows to process as a group a plurality of key selection vectors storing the same or similar group property information in said at least one bit field.08-26-2010
20090296936SYSTEM AND METHOD FOR CREATING A SECURE BILLING IDENTITY FOR AN END USER USING AN IDENTITY ASSOCIATION - A system and method include a device connectable to a private network and designed to access to a public network, the device used to control identity associations for end user devices in the private network, wherein the device has an associated device key and is operable to receive additional keys associated with service providers, and a conditional access system associated with the device, the conditional access system operated by a key authority to manage the device key and to authenticate the service provider keys thereby allowing identity associations between the private network and the service providers.12-03-2009
20090169012VIRTUAL TPM KEY MIGRATION USING HARDWARE KEYS - The present subject matter is related to trusted computing, and more particularly to migration of virtual trusted platform module keys that are rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module that may perform one or more of inbound and outbound trusted platform module key migrations. Such migrations may be performed between a virtual trusted platform module and either a hardware or a virtual trusted platform module.07-02-2009
20120140929INTEGRATED CIRCUITS SECURE FROM INVASION AND METHODS OF MANUFACTURING THE SAME - An integrated circuit device that is secure from invasion and related methods are disclosed herein. Other embodiments are also disclosed herein.06-07-2012
20100195834Image generating apparatus, image processing apparatus, image forming apparatus, and recording medium - Additional image data of an additional image, which is based on first data and second data concerning security of obtained data, is added to image data that is based on the obtained data, and an image based on the image data to which the additional image data is added is outputted onto a recording medium, for example. Furthermore, when the additional image data is added to image data of the image obtained from the recording medium, the first data and second data are separated from the additional image data, and reference is made to these pieces of data to perform subsequent processing of the image data.08-05-2010
20090274304LICENSE MANAGEMENT APPARATUS AND METHOD AND LICENSE MANAGEMENT SYSTEM - When a function inactivation process is instructed on an MFP A, all the functions are inactivated and a function inactivation certification key is issued, and then resources related to the functions are transmitted to an MFP-B. When reception of the resources is completed on the MFP-B, a function duplication completion certification key is issued. When these keys are input to a licensing server, a database is updated, and a function activation key is issued. When the function activation key is input to the MFP B, the functions related to the transmitted resources are carried out.11-05-2009
20090074191GAMING MACHINE HAVING MULTI-STAGE FAILURE RECOVERY FEATURE AND METHOD OF OPERATING SAME - A gaming machine may include memory, a software program loaded into the memory and a trusted cache. The trusted cache may include a context data save engine, a context data recovery engine and a restart engine. The context data save engine may be configured to save the context and state of the gaming machine at least upon sensing a failure condition. The context data recovery engine may be configured to load the context and state from the context data save engine back into memory, and the restart engine may be configured to restart the gaming machine and restore execution of the software program, and may be further configured to carry out a multi-stage recovery process that may include a soft reboot, a hardware reset and a power-off and, after a predetermined delay, a power-on of the gaming machine, attempting to restart the software program between each stage of the process.03-19-2009
20090074190Method and Apparatus for Cryptographic Conversion in a Data Storage System - When data is encrypted and stored for a long time, encryption key(s) and/or algorithm(s) should be updated so as not to be compromised due to malicious attack. To that end, stored encrypted data is converted in the storage system with new set of cryptographic criteria. During this process, read and write requests can be serviced.03-19-2009
20090074189METHOD OF PROVIDING SECURITY FOR RELAY STATION - A method of providing security of a relay station is disclosed, by which the security can he provided for the relay station in a broadband wireless access system having the relay station. In a mobile communication system to relay a signal transfer between a base station and a mobile station, the present invention includes the steps of performing a relay station authentication from an authentication server using an authentication protocol, receiving a master key from the authentication server, deriving an authentication key from the received master key, deriving a message authentication code (MAC) key using the derived authentication key, and relaying a signal exchanged between the mobile station and the base station using the derived message authentication code key.03-19-2009
20110026712CONCEALING PLAIN TEXT IN SCRAMBLED BLOCKS - An apparatus generally having a first circuit and a second circuit is disclosed. The first circuit may be configured to (i) divide a plain text into at least three input blocks and (ii) generate at least three scrambled blocks by scrambling the input blocks using a first cipher process. The first cipher process may be configured such that a first of the input blocks does not affect the generation of a last scrambled block. The second circuit may be configured to (i) generate at least three output blocks by de-scrambling the scrambled blocks using a second cipher process and (ii) reconstruct the plain text from the output blocks. The second cipher process may be configured such that a first of the scrambled blocks affects the generation of all of the output blocks.02-03-2011
20110026713Efficient Rebinding of Partitioned Content Encrypted Using Broadcast Encryption - Provided is a method for rendering media content wherein a request to render a first media content stored in a first partition is received, wherein the first partition stores the first and a second media content; the media content is correlated to a first management key block (MKB), binding ID (IDb) and authorization table (AT); the first MKB, IDb and AT are compared to a current MKB, IDb and AT; and if any of the first MKB, IDb or AT do not correspond to the current MKB, IDb or AT, respectively, generating a second partition by rebinding the first media content with respect to the current MKB, IDb and AT to generate a title key; and associating the first media content, the current MKB, IDb, AT and title key with the second partition, wherein the second media content remains associated with the first MKB, IDb, AT and partition.02-03-2011
20090136038APPARATUS FOR RECEIVING ENCRYPTED DIGITAL DATA AND CRYPTOGRAPHIC KEY STORAGE UNIT THEREOF - An apparatus for receiving encrypted digital data is provided. The apparatus includes a decryption circuit, a controller, an NVM, and a one-way device. The decryption circuit receives a piece of encrypted digital data and decrypts the encrypted digital data into a piece of decrypted digital data. The controller is coupled to the decryption circuit for controlling the flow of the decryption performed by the decryption circuit. The NVM is coupled to the decryption circuit for storing and providing a cryptographic key required in the decryption. The one-way device is coupled between an input bus and the NVM. The one-way device blocks read requests received from the input bus. Besides, the one-way device translates write requests received from the input bus into access signals compatible with the NVM and then outputs the access signals to the NVM.05-28-2009
20090169013SYSTEM FOR AND METHOD OF CRYPTOGRAPHIC PROVISIONING - A system for and method of securely provisioning a module with cryptographic parameters, such as cryptographic keys and key tables, is presented. Such modules may be used to enable encrypted communications between mobile phones to which they are coupled. The system and method prevent a malevolent individual involved in manufacturing the modules from compromising the security of the module. In particular, the modules are provisioned by an entity different from the manufacturer.07-02-2009
20100220863Key Recovery Mechanism for Cryptographic Systems - A cryptographic system can include a register containing a key and a processor coupled to the register. The processor can be operable for performing a first encrypting operation, where the encrypting operation includes computing a key schedule using the register as a workspace. At the end of the first encrypting operation, the key is recovered from the register for use in a second encrypting operation.09-02-2010
20090147960CONTENT SEARCH DEVICE - A content search device calculates the number of valid encrypted contents as comparison objects contained in encrypted content databases and the number of valid decryption keys contained in decryption key databases. The database having the smaller number is decided to be a reference database. By successively reading out entries contained in the reference database, a combination of an encrypted content and a corresponding decryption key is searched.06-11-2009
20090110198METHOD AND APPARATUS FOR RESTORING ENCRYPTED FILES TO AN ENCRYPTING FILE SYSTEM BASED ON DEPRECATED KEYSTORES - The present invention provides a computer implemented method, data processing system, and computer program product to restore an encrypted file. A computer receives a command to restore an encrypted file, wherein the encrypted file was previously backed up. The computer identifies a user associated with the encrypted file. The computer looks up a first keystore of the user based on the user, the first keystore having an active private key. The computer determines that a public key of the encrypted file fails to match an active public key of the first keystore. The computer restores a second keystore of the user to form a restored private key, wherein the second keystore was previously backed up. The computer responsive to a determination that the public key of the encrypted file fails to match the active public key of the first keystore, decrypts the encrypted file encryption key based on the restored private key to form a file encryption key. The computer encrypts the file encryption key with the active private key of the first keystore.04-30-2009
20080279384Information delivery system, information delivery method, node device, key data management device, and recording medium - Provided is an information distribution system capable of acquiring the program information failed to be recorded, reliably and by a simple operation, without burdening a server device with heavy loads. The system includes plural node devices capable of communicating with each other through a network. The node device receiving the program information broadcasted from a broadcasting station creates the identification information corresponding to the program code intrinsic to the program information stored, and sends a message to register the node device storing the program information, based on the identification information, to the node device managing that identification information. The node device desiring to acquire the program information creates the identification information corresponding to the program code, and sends a message requesting the program information, on the basis of the identification information, to the node device having managed the identification information, thereby to acquire that program information from the node device.11-13-2008
20080267407Method and Apparatus for New Key Derivation Upon Handoff in Wireless Networks - A novel key management approach is provided for securing communication handoffs between an access terminal and two access points. As an access terminal moves from a current access point to a new access point, the access terminal sends a short handoff request to the new access point. The short handoff request may include the access terminal ID; it does not include the access point ID. The new access point may then send its identifier and the access terminal's identifier to the authenticator. Using a previously generated master transient key, the access point identifier and the access terminal identifier, an authenticator may generate a master session key. The master session key may then be sent to the access point by the authenticator. The access terminal independently generates the same new security key with which it can securely communicate with the new access point.10-30-2008
20120243688METHOD AND SYSTEM FOR DELETING DATA - A computer system having at least first and second documents, a plurality of decryption keys, and a plurality of data segments stored therein is provided. Each of the plurality of data segments is decryptable by a selected one of the decryption keys. The decryption keys include a first set of decryption keys associated with the first document and not associated with the second document, a second set of decryption keys associated with the second document and not associated with the first document, and a third set of decryption keys associated with the first document and the second document. The first document is deleted, and in response, the first set of decryption keys is rendered unusable, and the second set of decryption keys and the third set of decryption keys are not rendered unusable.09-27-2012
20100303241AUTOMATIC CHANGE OF SYMMETRICAL ENCRYPTION KEY - An encryption system and a method for automatically changing an encryption key. The key is changed in response to an amount of data that has been encrypted. When the amount of data encrypted with a first key reaches or exceeds a byte count threshold, the first key is deactivated and a new key is generated and used for subsequent data encryption.12-02-2010
20100303239METHOD AND APPARATUS FOR PROTECTING ROOT KEY IN CONTROL SYSTEM - A system-on-chip control system includes a processor for generating a root key for protecting data stored in a memory device connected to the control system, a root key storage unit for storing the root key, and a debug port configured to enable an external device to access the control system. The processor keeps the debug port locked to prevent the external device from accessing the control system if a root key is stored in the storage unit, and unlocks the debug port to enable the external device to access the control system after the root key is erased.12-02-2010
20100303240KEY MANAGEMENT TO PROTECT ENCRYPTED DATA OF AN ENDPOINT COMPUTING DEVICE - Methods and apparatus involve protecting encrypted data of endpoint computing assets by managing decryption keys. The endpoint has both a traditional operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the pre-boot operating system prevents users of the endpoint from accessing the encrypted data and the key. Upon determining the encrypted data has been compromised, the key is disassociated from the encrypted data. Disassociation can occur in a variety of ways including deleting or scrambling the key and/or data or re-encrypting the encrypted data with a new key. Key escrowing and updating through the pre-boot is further contemplated. The pre-boot phase also contemplates a limited computing connection between the endpoint and a specified authentication server and approved networking ports, USB devices and biometric equipment. Security policies and enforcement modules are also disclosed as are computer program products, computing arrangements, etc.12-02-2010
20090129598Microprocessor locking circuit and locking method therefor with locking function - A microprocessor locking circuit for use in a microprocessor comprising at least one program code is provided. The microprocessor locking circuit includes a predetermined key, wherein the microprocessor locking circuit receives an input key and compares the input key with the predetermined key after a reset period starts, wherein the program code is unlocked if the input key is identical to the predetermined key, and the program code is locked if the input key is different from the predetermined key.05-21-2009
20100322427METHOD FOR MANAGING ENCRYPTION KEYS IN A COMMUNICATION NETWORK - The invention provides for a method for managing encryption keys in a communication network (12-23-2010
20090067632Circuit updating system - An information processing apparatus is provided with a reconfigurable unit (03-12-2009
20090067631MEMORY EFFICIENT STORAGE OF LARGE NUMBERS OF KEY VALUE PAIRS - In one embodiment of the present invention, storing a plurality of key value pairs may be accomplished by first, for each of two or more quantities of most significant bits, determining how much overall memory usage will be saved upon removal of the corresponding quantity of most significant bits from each key in the plurality of key value pairs. Then, for the quantity of most significant bits determined to have the most overall memory usage savings, the quantity of most significant bits may be removed from each key in the plurality of key value pairs. Then a first auxiliary data structure may be formed, wherein the first auxiliary data structure contains the removed quantity of most significant bits from each key in the plurality of key value pairs and pointers to the remaining bits of each key of the plurality of keys in a primary data structure.03-12-2009
20090067630RECORDING OF A KEY IN AN INTEGRATED CIRCUIT - The invention concerns a method and a system for customizing electronic components (03-12-2009
20100177900METHOD FOR PROVIDING CONFIDENTIALITY PROTECTION OF CONTROL SIGNALING USING CERTIFICATE - A method of enabling a mobile station (MS) to perform initial ranging in a wireless communication system includes transmitting a first message to a base station (BS), the first message comprising an identifier which is digitally signed by using a private key corresponding to a public key included in a certificate of the MS and receiving a second message including a temporary session key that is digitally signed by using a private key corresponding to a public key included in a certificate of the BS. A security threat due to exposure of control signaling can be prevented by securely exchanging session keys between the BS and the MS.07-15-2010
20090034734Multi-Level Key Manager - A cryptographic device and method are disclosed for processing different levels of classified information. A memory caches keys for use in a cryptographic processor. The cryptographic processor requests a key associated with a particular classification level when processing a packet of the particular classification level. The cryptographic device confirms that the key and the packet are of the same classification level in a high-assurance manner. Checking header information of the keys one or more times is performed in one embodiment. Some embodiments authenticate the stored key in a high-assurance manner prior to providing the key to the cryptographic device.02-05-2009
20090034733Management of cryptographic keys for securing stored data - Systems and methods secure data in storage. A management system generates a sequence of keys and an identifier of each key in the sequence. A current key in the sequence and the identifier of the current key are transferred from the management system to a storage system. The storage system encrypts the data into encrypted data using the current key. The storage system stores the identifier and the encrypted data. The identifier and the encrypted data are retrieved from the storage system. The key in the sequence identified by the identifier is transferred from the management system to the storage system. The storage system decrypts the encrypted data using the decryption key.02-05-2009
20110116634METHOD AND SYSTEM FOR INSTALLING SOUND SETS ON ELECTRONIC INSTRUMENTS - A method and system of installing a sound set on an electronic instrument is disclosed. The method and system includes an electronic instrument having a serial number, a sound set having a plurality of sampled sounds, and an encrypted key having a matching serial number and a signature of the sound set. A first step includes comparing the serial number of the electronic instrument with the serial number stored in the encrypted key to ensure they match. A second step includes comparing the signature of the encrypted key and the sound set. A fourth step includes installing the sound set on the electronic instrument only if the signature matches the sound set and the matching serial number matches the serial number of the electronic instrument.05-19-2011
20090052672SYSTEM AND METHOD FOR PROTECTION OF CONTENT STORED IN A STORAGE DEVICE - The invention provides a system and method for content protection. A system according to an embodiment includes a media center connectable to a mobile secure and protection keyring associated with an identifier and with a media Key block MKB. The media center includes: a unique identifier identifying the media center MC_UID, a set of device keys DK; storage means for storing files identified by respective file identifiers; and a processing unit comprising file encryption means for encrypting each file before storage in the storage means, using a title key (Kt) computed from the identifier MC_UID of the media center and for encrypting the title key Kt from the set of device keys DK of the media center, and from the identifier and the media key block MKB of the mobile secure and protection keyring, the media center being further provided to write the encrypted title key (eKt) in association with the file identifier of the file to the mobile secure and protection keyring.02-26-2009
20100142711GROUP KEY MANAGEMENT RE-REGISTRATION METHOD - In an embodiment, a fast group key management re-registration is described. One computer-implemented method comprises, at a key server: receiving a registration request from a network element to join a group of network elements managed by the key server; generating and storing a group member registration state comprising information identifying the network element within the group of network elements; generating a token using information from the group member registration state, wherein the token identifies the network element within the group; deleting the group member registration state for the network element at the key server; generating an encrypted token by encrypting the token using a secret key that is local to the key server; sending the encrypted token to the network element; receiving the encrypted token along with a re-registration request from the network element to re-join the group of network elements; and re-registering the network element using the encrypted token.06-10-2010
20110085664SYSTEMS AND METHODS FOR MANAGING MULTIPLE KEYS FOR FILE ENCRYPTION AND DECRYPTION - Systems and methods for managing multiple keys for file encryption and decryption may provide an encrypted list of previously used keys. The list itself may be encrypted using a current key. To decrypt files that are encrypted in one or more of the previous keys, the list can be decrypted, and the appropriate previous key can be retrieved. To re-key files, an automated process can decrypt any files using previous keys and encrypt them using the current key. If a new current key is introduced, the prior current key can be used to decrypt the list of keys, the prior current key can be added to the list, and the list can be re-encrypted using the new current key.04-14-2011
20120243687ENCRYPTION KEY FRAGMENT DISTRIBUTION - An encryption key may be fragmented into n encryption key fragments such that k09-27-2012
20090214041Image forming apparatus, data processing method, and computer readable recording medium - A disclosed image forming apparatus has a cryptographic unit for performing a cryptographic function. The image forming apparatus includes a first managing unit for managing data representing first lists of cryptographic strengths authorized to be used separately for each subject that uses the cryptographic function; and a second managing unit for managing data representing a second list of cryptographic strengths set for the image forming apparatus. The cryptographic unit obtains the first list of the cryptographic strengths authorized to be used for the subject attempting to use the cryptographic function from the first managing unit. The obtained first list of the cryptographic strengths and the second list of the cryptographic strengths are logically multiplied to produce one or more first logical multiplication cryptographic strengths. The one or more first logical multiplication cryptographic strengths are usable to perform the cryptographic function.08-27-2009
20090214040Method and Apparatus for Protecting Encryption Keys in a Logically Partitioned Computer System Environment - In a logically partitioned computer system, a partition manager maintains and controls master encryption keys for the different partitions. Preferably, processes executing within a partition have no direct access to real memory, addresses in the partition's memory space being mapped to real memory by the partition manager. The partition manager maintains master keys at real memory addresses inaccessible to processes executing in the partitions. Preferably, a special hardware register stores a pointer to the current key, and is read only by a hardware crypto-engine to encrypt/decrypt data. The crypto-engine returns the encrypted/decrypted data, but does not output the key itself or its location.08-27-2009
20090097658Method and System for Archiving Communication Data by Means of Data Tracing - In a method for operating a computer system connected to a telecommunication network and provided with a data memory for storing communication data, a data trace is compiled from parameters selected from time, at least one position designation, and at least one content. A communication data set together with the data trace is stored as a data set that is retrievable by authorized persons.04-16-2009
20090323963Methods and Media for Recovering Lost Encryption Keys - An information handing system provides a method for recovering encryption keys. The method includes providing a first recording medium of a plurality of recording media in a first drive of a plurality of drives. A first key is requested from a primary key manager (PKM) associated with the first drive, wherein the first drive provides a first key identifier (ID) to the PKM. If it is determined that the PKM provides the first key corresponding to the first key ID, a first identifying information for the PKM is stored in a memory for the first recording medium.12-31-2009
20090323964SYSTEM AND METHOD OF UPDATING KEY BASED ON COMMUNICATION COST AND SECURITY DAMAGE COST - A system and method of updating a key based on communication and security damage costs are provided. The key updating system for group communication between a plurality of group members, includes a key update cycle determining unit to determine a key update cycle based on a communication cost and a security damage cost, and a key updating unit to perform a key updating with respect to one or more group members of the group communication based on the determined key update cycle.12-31-2009
20090323959Method for producing two-dimensional code reader for reading the two-dimensional code - A method of producing a two-dimensional code having a code area in which data codes coded as codewords are mapped. First type of data codes is mapped in the code area. The first type of data codes are coded as the codewords and indicating data to be disclosed. An end identification code is added to an end of a code string composed of the first type of data codes, the end identification code showing the end. Second type of data codes are mapped after the end identification code in the code area, the second type of data codes being coded as the codewords and indicating data to be kept in secret. Filler codes showing no data after the second type of data codes are mapped to fill up the code area, when a total amount of the codewords in the code area is less than a capacity of the code area.12-31-2009
20090323958EXTENDING A SECRET BIT STRING TO SAFEGUARD THE SECRET - A method and system extends a secret bit string to safeguard the secret. In one embodiment, the method comprises adding a secret bit string of length s to a product of two random bit strings using arithmetic defined for polynomials over GF(2) to produce an extended bit string. The extended bit string has a length m that is longer than s. A total of n shares are generated from the extended bit string, of which at least k shares are needed to reconstruct the secret bit string. The n shares are distributed to a plurality of cooperating computing entities for secret sharing.12-31-2009
20090323962SECURE MULTICAST CONTENT DELIVERY - In one embodiment, a method for establishing a secure multicast channel between a service provider and a terminal is provided. A request is received from the service provider for a configuration of the terminal. A configuration of the terminal at a first time is sent to the service provider. A security key is obtained, wherein the security is bound to the configuration of the terminal at the first time. Then the security key is decrypted using a configuration of the terminal at a second time, wherein the decryption fails if the configuration of the terminal at the second time is not identical to the configuration of the terminal at the first time. A secure multicast channel is then established with the service provider using the security key.12-31-2009
20090323961DATA ENCRYPTION AND/OR DECRYPTION BY INTEGRATED CIRCUIT - In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, in at least in part, stored in and/or retrieved from, respectively, at least one region of the at least one storage device. The at least one region and a second key may be associated with at least one access privilege authorized, at least in part, by an administrator. The second key may be stored, at least in part, externally to the at least one storage device. The first key may be obtainable, at least in part, based, at least in part, upon at least one operation involving the second key. Of course, many alternatives, modifications, and variations are possible without departing from this embodiment.12-31-2009
20100014675Appraising Systems With Zero Knowledge Proofs - A system, method, and computer program product are provided for requesting a proof of a security policy in a client system. Additionally, a system, method, and computer program product are provided for proving a security policy to an interrogator system.01-21-2010
20090034735AUDITING SECRET KEY CRYPTOGRAPHIC OPERATIONS - In a cryptographic system, the unlocking of secret keys on a user system is audited and correlated with other events that typically occur after the secret key is used to perform a cryptographic operation. Audit evidence of secret key cryptographic operations is recorded for later review and/or analysis, for use as stored evidence of unauthorized activity and/or for use in refuting false claims of repudiation of authorized activity. Some systems might also provide users with user activity reports that can alert a user to suspicious or unauthorized activity using that user's access.02-05-2009
20090034732MANUFACTURING EMBEDDED UNIQUE KEYS USING A BUILT IN RANDOM NUMBER GENERATOR - A method of manufacturing a device containing a key is disclosed. The method generally includes the steps of (A) fabricating a chip comprising a random number generator, a nonvolatile memory and a circuit, (B) applying electrical power to the chip to cause the random number generator to generate a signal conveying a sequence of random numbers, (C) commanding the chip to program a first arbitrary value among the random numbers into the nonvolatile memory, wherein the device is configured such that the first arbitrary value as stored in the nonvolatile memory is unreadable from external to the device and (D) packaging the chip.02-05-2009
20100054474SHARING A SECRET USING HYPERPLANES OVER GF(2m) - A method and system distributes N shares of a secret among cooperating entities using hyperplanes over GF(203-04-2010
20100054477ACCELERATED CRYPTOGRAPHY WITH AN ENCRYPTION ATTRIBUTE - Methods and systems for encrypting and decrypting are presented. In one embodiment, the method comprises encrypting one or more segments of a data with a key. The data is associated with at least one encryption attribute and having a plurality of segments. The encryption attribute includes information to identify one or more segments of the data to encrypt. The method further comprises encrypting the encryption attribute and storing the data including the partly encrypted data and the encrypted encryption attribute.03-04-2010
20100054476VALIDATING ENCRYPTED ARCHIVE KEYS WITH MAC VALUE - An apparatus and a method for validating encrypted archive keys is described. In one embodiment, a passphrase is received. An archive key is recovered with the passphrase. A Message Authentication Code (MAC) value is computed with the recovered archive key. The computed MAC value is compared with a MAC value stored in an archive to determine the validity of the passphrase. The stored MAC value is originally computed with an original passphrase using the archive key as a MAC key.03-04-2010
20090028337Method and Apparatus for Providing Security in a Radio Frequency Identification System - A method and apparatus involve storing in a tag a selected digital certificate that permits secure access to said tag from externally thereof.01-29-2009
20090028338SOFTWARE PRODUCT AUTHENTICATION - The present application discloses a method and a system for authenticating software products. Computer software is often sold with a unique validation number. In order to register the product a user has to connect to a remote server and he is then asked to enter the validation number. The disadvantage of this is that it can take time, and further the verification can be delayed or entirely prevented due to network problems. The invention solves this problem by supplying a validator (01-29-2009
20090028336Encryption Key Path Diagnostic - A method and a computer program product are provided to perform a key path diagnostic that aids in isolating an error within the encryption storage system. A first communication test is performed on a path between the key proxy and the drive. The first communication test verifies that the path between the drive and the key proxy is operational. A second communication test is performed on a path between the key proxy and the key server. The second communication test verifies that the path between the key proxy and the key server is operational. In addition, the drive or the key proxy sends a command to the key manager to attempt communication with the key manager. The communication attempt verifies the installation and configuration parameters related to the key manager.01-29-2009
20110103587DATA CONCEALING APPARATUS, DATA DECRYPTION APPARATUS AND IMAGE FORMING APPARATUS HAVING DATA ENCRYPTING FUNCTION - Disclosed is a data concealing apparatus, which makes it possible to heighten the strength of the encryption processing that employs such the data cryptography method in which the encryption of compressed image data is achieved by destroying a part of the compressed image data concerned. The data concealing apparatus includes: an establishing section to establish a data size of a portion of compressed data in a changeable manner; a cryptography key extracting section to extract the portion of compressed data from the compressed data as the cryptography key data, while making a data size of the cryptography key data coincide with the data size established by the establishing section; and an encrypting section to encrypt the compressed data by replacing the portion of compressed data, extracted as the cryptography key data by the cryptography key extracting section, with certain data being different from the cryptography key data.05-05-2011
20090097654METHOD AND SYSTEM FOR PERFORMING EXACT MATCH SEARCHES USING MULTIPLE HASH TABLES - A method and system to perform exact match searches for fixed- or variable-length keys stored in a search database. The method is implemented using a plurality of hash tables, each indexed using an independent hash function. A system implementing this method provides deterministic search time, independent of the number of keys in the search database. The method permits two basic implementations; one which minimizes memory storage, and another which minimizes search time. The latter requires only two memory accesses to locate a key.04-16-2009
20110150225ENCRYPTION DEVICES FOR BLOCK HAVING DOUBLE BLOCK LENGTH, DECRYPTION DEVICES, ENCRYPTION METHOD, DECRYPTION METHOD, AND PROGRAMS THEREOF - An encryption device for a block having double block length permutates a plaintext of 2 n bits based on a universal hash function so as to generate first and second intermediate variables of n bits each, encrypts the first intermediate variable with a tweak that is a result in which the second intermediate variable is shortened to m bits using an encryption function for m-bit tweak n-bit block cipher so as to generate a third intermediate variable of n bits, encrypts the second intermediate variable with a tweak that is a result in which the third intermediate variable is shortened to m bits using the encryption function so as to generate a fourth intermediate variable of n bits, concatenates the third and fourth intermediate variables and inversely mingles the concatenated result based on a universal hash function so as to generate a ciphertext of 2 n bits.06-23-2011
20110150224KEY TREE CONSTRUCTION AND KEY DISTRIBUTION METHOD FOR HIERARCHICAL ROLE-BASED ACCESS CONTROL - A key tree construction and key distribution method for hierarchical role-based access control, includes: constructing a key tree including relationships between a hierarchical structure of role groups and data; performing encryption and decryption of data keys and role keys; and generating a key table, in which the data keys required to decrypt encrypted data and the role keys required to decrypt encrypted data keys are stored, with reference to the key tree. Further, the key tree construction and key distribution method for hierarchical role-based access control includes performing management such that a specific role group can obtain a data key by performing decryption based on its own role key by using both the key tree and the key table.06-23-2011
20090022318CONTENT DATA DISTRIBUTION TERMINAL AND CONTENT DATA DISTRIBUTION SYSTEM - A content distribution terminal includes a user key data generation unit generating new user key data representing a new version of the user key data; a user key update unit capturing, from the recordable medium, already-recorded user key data that has already been recorded on the recordable medium, and ordering the user key data generation unit to generate the new user key data when a predetermined situation is identified in the already-recorded user key data to execute an update procedure for the user key data; an erase control unit erasing, when a predetermined situation is identified in the already-recorded user key data, the first encrypted content key data that is encrypted with the already-recorded user key data and stored in the recordable medium; an encryption/decryption unit decrypting, with terminal-unique key, second encrypted content key data resulting from encryption of the content key data with different terminal-unique keys for different terminals, encrypting again content key data resulting from decryption of the second encrypted content key data with the new user key data to generate the first encrypted content key data, and encrypting the content data with the content key data to generate the encrypted content data; a write control unit writing the data to the recordable medium.01-22-2009
20090022317VEHICLE SECURITY SYSTEM - A vehicle security system includes a reception device that is mounted on a vehicle, and a transmission device that remotely operates the vehicle. The transmission device includes an encryption section that encrypts identification information that identifies the transmission device with a first encryption key, and a transmission section that transmits to the reception device instruction information that includes the identification information encrypted and gives an operation instruction to the reception device. The reception device includes a FeRAM that stores a second encryption key to pair with the first encryption key, wherein the second encryption key is erased from the FeRAM when the second encryption key is read out from the FeRAM, a reception section that receives the instruction information transmitted from the transmission device, a decoding section that decodes the identification information received, which is encrypted with the first encryption key and included in the received instruction information, with the second encryption key that is supposed to be stored in the FeRAM, and a judgment section that judges based on the decoded identification information as to whether the transmission device matches with the reception device.01-22-2009
20080247548CONTENT PROCESSING APPARATUS AND ENCRYPTION PROCESSING METHOD - A content processing apparatus includes a read unit which reads encrypted key information from a recording medium, a decryption unit which decrypts the encrypted key information with a device key and dynamic information to obtain key information containing content keys, an update unit which updates the dynamic information, a key information processing unit which updates the key information by extracting a content key corresponding to a move target content from the key information, and removing the content key from the key information, a first encryption unit which encrypts the updated key information with the device key and the updated dynamic information, a second encryption unit which encrypts the content key with a shared key, and a write unit which overwrites the updated encrypted key information on the encrypted key information in the medium and writes the encrypted content key in the medium.10-09-2008
20090016536DATA ENCRYPTION SYSTEM AND METHOD - A data encryption system implemented by running on a cache-equipped computer an encryption program including transformation tables each of which contains a predetermined number of entries. All or necessary ones of the transformation tables are loaded into the cache memory before encryption/decryption process. This causes encryption/decryption time to be made substantially equal independently of the number of operation entries for the transformation table. It is very difficult to extract plain texts used to determine a key differential, resulting in difficulties in cryptanalysis.01-15-2009
20090052670METHOD AND APPARATUS FOR STORING DIGITAL CONTENT IN STORAGE DEVICE - Disclosed are a method and apparatus for storing digital content in a storage device. A content key, which is a key used by a host for encrypting content when the content is stored to a storage device connected to the host, is encrypted by using a storage key of the storage device. The encrypted content key and encrypted content are stored in the storage device, and the host only stores storage keys. Thus, quantity of information maintained by the host can be reduced. Also, when a storage key is stored in a portable security component (PSC), portability and mobility of content bound to a single host may be improved.02-26-2009
20080267406Method and Device for Verifying The Integrity of Platform Software of an Electronic Device - A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.10-30-2008
20120148047DETECTING KEY CORRUPTION - Corruption in a key stored in a memory is detected by reading a key from a key memory and determining if detection bits of the key read from the key memory correspond to an expected value. The expected value is a value of the detection bits of the key when the key is written to the key memory.06-14-2012
20080205652CONTENT PROTECTION SYSTEM, KEY DATA GENERATION APPARATUS, AND TERMINAL APPARATUS - A content protection system prevents illegal key acquisition, without checking uniqueness of device keys. The content protection system includes a key data generation apparatus and a user terminal. The key data generation apparatus converts first key data, which is for using content, based on a predetermined conversion rule, thereby generating second key data, encrypts the second key data using a device key held by valid terminals, and outputs the encrypted key data. The user terminal obtains the encrypted key data, decrypts the encrypted key data using a device key held by the user terminal, thereby generating second key data, converts the second key data based on a re-conversion rule corresponding to the conversion rule, thereby generating the first key data, and uses the content with use of the generated first key data.08-28-2008
20110164752Detection of Stale Encryption Policy By Group Members - Various techniques that allow group members to detect the use of stale encryption policy by other group members are disclosed. One method involves receiving a message from a first group member via a network. The message is received by a second group member. The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to information in the message. In response, a notification message can be sent from the second group member. The notification message indicates that at least one group member is not using the most recently policy update. The notification message can be sent to the key server or towards the first group member.07-07-2011
20110255694ENCODING/DECODING CIRCUIT - An encoding/decoding operation portion includes an encoding/decoding operation circuit and an avoiding path for detouring the encoding decoding operation circuit and can select between encoding or decoding input data in the encoding/decoding operation circuit and detouring the encoding/decoding operation circuit to output the input data without change. Only one wire has to be provided from a selector to a key storage portion and an initialization-vector storage portion. With this construction, it is possible to realize an encoding/decoding circuit which can suppress an increase in the number of wires used to transmit a content of key data to the key storage portion and the initialization-vector storage portion and does not cause complication of circuit layout.10-20-2011
20110261961REDUCTION IN BEARER SETUP TIME - A method and apparatus are provided for reducing latency and/or delays in performing a security activation exchange between a communication device and a network entity. The communication device may pre-compute a plurality of possible keys using a base key and a plurality of possible inputs in anticipation of receiving an indicator from the network entity that identifies a selected input to be used in generating a corresponding selected key. An indicator is then received from the network entity, where the indicator identifies the selected input from among the plurality of possible inputs. The communication device then selects a first key among the pre-computed plurality of possible keys as the selected key upon receipt of the indicator, wherein the first key is selected because it was pre-computed using the selected input. Because the first key is pre-computed, delays in responding to the network entity are reduced.10-27-2011
20100284538Control of an Entity to be Controlled by a Control Entity - A control entity communicates with an entity to be controlled so as to effect a control, a secret key being associated with the control entity. These entities share public parameters, a second public parameter being a combination of a first public parameter of the said plurality with the secret key. At the level of the entity to be controlled, a random value is generated, a first message is transmitted to the control entity, this first message comprising at least one value obtained by combining the first public parameter with the random value; and a second message is transmitted to the control entity, this second message comprising at least one value obtained by combining the first random value, a secret key of the entity to be controlled and a value received from the control entity. One of the values included in the first or the second message is based on the second public parameter.11-11-2010
20100284537Method for efficiently decoding a number of data channels - The present invention relates to a method for efficiently decoding a plurality of ciphertexts comprising the steps of: (a) receiving at least one cipher key associated with said ciphertexts; (b) expanding said at least one cipher key for producing its corresponding subkeys; (c) storing said subkeys in a memory; (d) loading said subkeys from said memory; and (e) decoding said ciphertexts using said loaded subkeys.11-11-2010
20120148049Handling Medical Prescriptions in a Secure Fashion - Techniques for secure automated dispensing of prescription medications utilize broadcast encryption to encrypt a prescription for storage on a machine-readable medium that is pre-written with a key management block (KMB). The KMB encodes a session key needed to read from or write to the medium. Each prescription-writing device and medication dispensing device is assigned a unique set of device keys, which are used to recover the session key from the medium. Only authorized devices are able to recover the session key from a medium's KMB. Thus, only authorized devices may read or validly write prescriptions from/to the machine-readable medium. In this manner, only authorized providers can write fillable prescriptions and only authorized dispensers can dispense medications to fill those prescriptions.06-14-2012
20080219450Methods And Apparatus For Performing An Elliptic Curve Scalar Multiplication Operation Using Splitting - For an Elliptic Curve Scalar Multiplication (ECSM) operation to be performed on a scalar and a base point, a given previous set of parameters that was used to split the scalar for a previous ECSM operation and a selected random integer are used to determine a new set of parameters for splitting the scalar. By basing the new set of parameters on the previous set of parameters, repeated use of the scalar to determine key-splitting parameters is avoided and susceptibility to a Differential Power Analysis Side Channel attack is minimized.09-11-2008
20080219449Cryptographic key management for stored data - A method is provided for performing application-transparent key management in a storage library associated with an encrypting removable storage device. Encryption and decryption is performed by a key manager and the removable storage device, and is transparent to the application. Data is encrypted using keys that are managed by the storage key manager. An administrative interface allows an administrator to specify and manage encryption keys. A key identifier is associated with each key, and the key identifier is written to the tape along with the encrypted data. When reading encrypted data, the removable storage device reads the key identifier from the tape and requests the corresponding encryption key from the key manager. The removable storage device then provides the decrypted data to the application. The encryption key may be exported from the key manager or library in an encrypted XML format. Encrypted tapes can therefore be decrypted in different libraries by exporting the keys from one library to another.09-11-2008
20080219448Multiple-layers encryption/decryption and distribution of copyrighted contents - A method and an apparatus for providing multiple-layers of encryption/decryption of contents and the transferring of protected content between devices based on each device's multiple IDs. Furthermore, it related to a two-way secure communication between two or more devices. The encryption/decryption is based on a common content ID that is used for providing multiple layers of encryption that can be used by hardware and software. Each byte of the digital stream is XORed with each byte of the content ID thus providing the encryption strength. The same process is applied to the encrypted content (ciphertext) thus reproducing the plaintext. As well, means for encrypting/decrypting digital content using its plain byte values as part of the content private key's registers.09-11-2008
20100166185Delivering Specific Contents to Specific Recipients Using Broadcast Networks - Systems and methods for delivering specific contents to specific recipients using broadcast networks. The methods include receiving an AV signal of a broadcast program and supplementary content which contains a tag identifying a specific recipient and specific contents. The specific contents are encrypted with a public key associated with the specific recipient. The supplementary content is combined with the AV signal to form a data-augmented signal which is subsequently encoded and modulated with a carrier signal to form a transmit signal for broadcasting to receivers. Each receiver includes a supplementary decoder for extracting the supplementary content, decrypting the specific contents with a private key corresponding to the public key, and providing the decrypted specific contents to the intended recipient.07-01-2010
20100091994Encryption Validation Systems and Related Methods and Computer Program Products for Verifying the Validity of an Encryption Keystore - Methods for verifying the operability of an encryption keystore are provided. Pursuant to these methods, the keystore may be periodically checked to verify that it has each required CA authority. If one or more of the required CA authorities are missing from the keystore, then an alert is automatically issued. The methods may also include periodically checking the keystore to verify that the keystore has each required digital certificate and that each digital certificate operates properly. The methods can further include periodically checking the keystore to determine if any of the required CA authorities and/or digital certificates have expired and/or are set to expire within a predetermined time period. Related encryption validation systems and computer program products are also provided.04-15-2010
20100067699INTEROPERABLE SYSTEMS AND METHODS FOR PEER-TO-PEER SERVICE ORCHESTRATION - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.03-18-2010
20090175454WIRELESS NETWORK HANDOFF KEY - The present invention provides a method and system for handoff in a wireless communication network. In one embodiment, a common handoff encryption key is generated by an authentication server and transmitted to a first access point and a second access point. The first access point transmits the handoff encryption key to a wireless terminal. The wireless terminal encrypts output data with the handoff encryption key. When the wireless terminal is associated with the second access point, the second access point decrypts data from the wireless terminal with the handoff encryption key. In a second embodiment, a handoff WEP key generation secret parameter is provided to a first and a second access point. Both access points generate a handoff WEP key as a function of the handoff WEP key generation secret parameter and an address of a wireless terminal. The first access point transmits the handoff WEP key to the wireless terminal. The second access point communicates data packets encrypted with the handoff WEP key with the wireless terminal.07-09-2009
20090175453STORAGE APPARATUS AND ENCRYPTED DATA PROCESSING METHOD - A storage apparatus has an encryption key updater for configuring an updated encryption key and identification information thereof, an encryptor for encrypting data by a specific unit according to the encryption key, a storage for adding the identification information to the encrypted data and storing the data and the identification information onto a recording medium, a reader for reading the encrypted data and the identification information, a judge for judging whether the identification information read by the reader matches the identification information configured by the encryption key updater, and a decryptor for decrypting the encrypted data and outputting the decrypted data where the judge judges that the identification information matches the identification information configured by the encryption key updater.07-09-2009
20090175451Target Of Opportunity Recognition During An Encryption Related Process - A method, system, and computer program product are provided for utilizing target of opportunity to perform at least one special operation while a key session is opened with a key manager for another purpose. The method of recognizing a target of opportunity includes receiving a command to be performed on a removable storage medium and determining if the command requires interaction with the encryption key manager. If it is determined that the command requires interaction with the key manager the command is held off. A request is sent to the encryption key manager. A target of opportunity is recognized by determining if at least one special operation may be performed. If it is determined that at least one special operation may be performed then the at least one special operation and the request are performed.07-09-2009
20100027797Playing Apparatus and Management Method - According to one embodiment, a playing apparatus reading a encrypted content and a content key configured to decrypt the encrypted content with use conditions set therein from a storage medium with the encrypted content and the content key for decrypting the encrypted content stored therein, decrypting the encrypted content by using the content key, and playing decrypted content, the apparatus includes a deletion module configured to delete the content key and the encrypted content from the storage medium with reference to the use conditions of the content key when the encrypted content is unable to be decrypted by using the content key.02-04-2010
20080232595Vehicle Segment Certificate Management Using Short-Lived, Unlinked Certificate Schemes - The present invention advantageously provides a system and method for management of cryptographic keys and certificates for a plurality of vehicles. Each vehicle of the plurality of vehicles generates public/private key pairs, requests multiple time-distributed certificates, creates an encrypted identity, and surrenders expired certificates. An assigning authority receives the public/private key pairs, the request for multiple time-distributed certificates, the encrypted identity, and the expired certificates from said vehicle. The assigning authority authorizes the vehicle with an authorizing authority, validates the expired certificates, proves ownership, and distributes the requested time-distributed certificates to said vehicle. Validation can comprise checking expired certificates against misused, compromised and/or previously surrendered certificates. Time-distributed certificates can have lifetimes adjustable based on certificate misuse detection system algorithms, amount of malicious activity detected, and/or certificate authority capacity.09-25-2008
20120308010Method and Apparatus for Processing Entitlement Control Message Packets - A method for processing Entitlement Control Message (ECM) packets is disclosed in the present invention. The method includes: a terminal receiving a broadcast code stream multiplexing frame and obtaining ECM packets from the received broadcast code stream multiplexing frame; and analyzing the ECM packet if the indicator of the ECM packet is judged to be inconsistent with the indicator of the locally stored ECM packet. An apparatus for processing ECM packets is also disclosed in the present invention, and the apparatus includes: a receiving module, an obtaining module, a judging module and an analyzing module. With the present invention, the efficiency of the terminal processing ECM packets is improved, and the limited resources of the terminal can be saved.12-06-2012
20120148048METHOD FOR ENCRYPTING CONTENT, METHOD FOR DECRYPTING CONTENT AND ELECTRONIC APPARATUS APPLYING THE SAME - A method for encrypting content includes using a plurality of different encryption schemes to produce encrypted content. Encryption information is provided so as to indicate which of the plurality of different encryption schemes is used on portions of the content that was encrypted. Encryption information and the encrypted content are both sent as a content stream to another device. The decryption involves using the encryption information to help control the decryption so that the correct one of a plurality of different decryption schemes is applied to the proper portions of the encrypted content.06-14-2012
20090060197Method and Apparatus for Hardware-Accelerated Encryption/Decryption - An integrated circuit for data encryption/decryption and secure key management is disclosed. The integrated circuit may be used in conjunction with other integrated circuits, processors, and software to construct a wide variety of secure data processing, storage, and communication systems. A preferred embodiment of the integrated circuit includes a symmetric block cipher that may be scaled to strike a favorable balance among processing throughput and power consumption. The modular architecture also supports multiple encryption modes and key management functions such as one-way cryptographic hash and random number generator functions that leverage the scalable symmetric block cipher. The integrated circuit may also include a key management processor that can be programmed to support a wide variety of asymmetric key cryptography functions for secure key exchange with remote key storage devices and enterprise key management servers. Internal data and key buffers enable the device to re-key encrypted data without exposing data. The key management functions allow the device to function as a cryptographic domain bridge in a federated security architecture.03-05-2009
20090304185METHOD OF TRACING DEVICE KEYS FOR BROADCAST ENCRYPTION - Provided are a method of tracing a device key in a user key management system using a hierarchical hash chain broadcast encryption scheme (HBES) algorithm, a user key management system for executing the method of tracing a device key, and a computer program for executing the method of tracing a device key. The method of tracing a device key of an illegal decoder in a user key management system for broadcast encryption includes: tracing a device key using a binary search; and revoking the traced device key. The technology according to the present invention can be applied to prevent exposure of the device keys to hacking. The present invention provides a method of tracing which can be applied to an HBES algorithm structure.12-10-2009
20120039473Efficient Implementation Of Fully Homomorphic Encryption - In one exemplary embodiment of the invention, a method for homomorphic decryption, including: providing a ciphertext with element c, there exists a big set B having N elements z02-16-2012
20130010965METHOD AND DEVICE FOR PROVIDING AT LEAST ONE SECURE CRYPTOGRAPHIC KEY - A device is configured for providing at least one secure cryptographic key for performing a cryptographic security function using a control device which requires a cryptographic key therefor. A configured key provided for the security function is selected from a first configuration memory and is tested using the read configured key whether a secure replacement key associated with the read configured key is memorised in a second configuration memory, said replacement key is provided for the control device for performing the security function instead of the configured key.01-10-2013
20130010963MULTIPLICATIVE SPLITS TO PROTECT CIPHER KEYS - In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of rounds, the cipher is hardened against an attack by a protection process which obscures the round keys using the properties of group field automorphisms and applying masks to the states of the cipher, for encryption or decryption. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during its execution. This method and the associated computing apparatus are useful for protection against known attacks on “White Box” ciphers, by eliminating S-box operations, together with improved masking techniques and increasing the cipher's complexity against reverse engineering and key storage attacks.01-10-2013
20090185687Systems and Methods for Mutual Authentication Using One Time Codes - Methods and systems for mutual authentication and personalizing a transaction device, such as a payment, transaction, or identity card. Successively generated one time codes are calculated by a first and second entity. One of the codes is transmitted to the second entity, which verifies the code is proper, then encrypts a second one time code using a third one time code and transmits the encrypted data to the first entity. The first entity decrypts the data using the third one time code, verifies the encrypted second one time code is proper, thereby mutually authenticating, and establishing a shared encryption key for subsequent communications, including transmission of personalization data.07-23-2009
20120099728Protocol Based Key Management - A method, system, and computer usable program product for protocol based key management are provided in the illustrative embodiments. A key management protocol associated with a key request is identified, the key request being a request for data usable in cryptographic security. A first subset is selected from a set of policies using the key management protocol. A set of permissions is computed based on the first subset of policies, the set of permissions indicating whether the key request is permitted under the key management protocol. The set of permissions is cached in a cache in a data storage device.04-26-2012
20090016535Fuzzy Keys - A method can be provided for performing encryption using a fuzzy key. The method can comprise generating a message, dividing a fuzzy key into a plurality of blocks; and generating an encrypted message by selecting a block from the fuzzy key corresponding to a bit position or bit pattern in the message.01-15-2009
20110064224DUPLICATION MEANS FOR AN ELECTRONICALLY CODED KEY AND RELATED METHOD - Procedure/method for the duplication of original electronic keys used in the road vehicle transport sector provided with coded and encrypted electronic authentication means, comprising: 03-17-2011
20110064225SECURITY COUNTERMEASURE FOR POWER ANALYSIS ATTACKS - A countermeasure for differential power analysis attacks on computing devices. The countermeasure includes the definition of a set of split mask values. The split mask values are applied to a key value used in conjunction with a masked table defined with reference to a table mask value. The set of n split mask values are defined by randomly generating n−1 split mask values and defining an nth split mask value by exclusive or'ing the table mask value with the n−1 randomly generated split mask values.03-17-2011
20110317840SYSTEM AND METHOD OF PERFORMING AUTHENTICATION - Disclosed herein are systems, method and computer readable medium for providing authentication of an entity B by an entity A. In the method, entity A selects a value p, a range [a, b] and a granularity epsilon. Entity A sends p, [a, b], and epsilon to entity B. Entity B initializes a value y12-29-2011
20090080657ACTIVE-ACTIVE HIERARCHICAL KEY SERVERS - In one embodiment, group member devices may be divided into at least one cluster, wherein each cluster includes a primary key server designated to synchronize with a master key server. Each cluster further includes at least one registration server configured to communicate with member devices in the group within the cluster and to synchronize with the primary key server.03-26-2009
20120045063Techniques for Managing Keys Using a Key Server in a Network Segment - The election of a key server is provided. The key server is a single device that broadcasts an encryption key to other devices in a network segment. Also, automatic reelection of a new key server is provided when a current key server becomes unavailable. Key receivers may separately detect that a new key server is needed and separately determine from state information which key receiver should be elected the new key server. The state information may have been received in previously sent messages. Thus, further messaging is not needed to elect a new key server.02-23-2012
20120045062INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing device including: a data processing unit that generates an encryption key of content; and a communication unit that transmits an encryption key generated by the data processing unit, wherein the data processing unit generates, as the encryption key, individual keys that are different for each new content recording processing on a recording medium in a content recording device, and transmits the individual keys through the communication unit.02-23-2012
20120045061CRYPTOGRAPHY CIRCUIT PARTICULARLY PROTECTED AGAINST INFORMATION-LEAK OBSERVATION ATTACKS BY THE CIPHERING THEREOF - A cryptography circuit, protected notably against information-leak observation attacks, comprises a functional key k02-23-2012
20120014523Key Validation Scheme - A system and method for validating digital information transmitted by one correspondent to another in a data communication system. The method comprising the steps of generating a public key in accordance with a predetermined, generating a public key in accordance with a predetermined cryptographic scheme having predetermined arithmetic properties and system parameters. The verifying said public key conforms to said arithmetic properties of said scheme, transmitting said verified public key to a recipient.01-19-2012
20120057707METHOD OF ABOLISHING UNAUTHORIZED COPYING OF DIGITAL DATA STORED ON AN OPTICAL DISC - A method of abolishing unauthorized copying of digital data stored on an optical disc includes the steps of distributing overwrite modules of a copy protection module into a data file that is to be protected against illegal copying, so as to form a copy-protected data file; and writing the copy-protected data file into a non-rewriteable optical storage media. The overwrite modules are respectively located between any two adjacent data blocks of the data file, such that each data block and a following overwrite module together form a group and the copy-protected data file includes a plurality of sequentially arranged groups of data block and overwrite module. With the overwrite modules, data blocks read out by a readout device are repeatedly overwritten by subsequent data blocks in a specified register, so that no data file from the optical storage media will be stored in the specified register and be illegally copied or pirated.03-08-2012
20080212780Homomorphic Encryption For Secure Watermarking - A method and a system for embedding a watermark in a media signal x are disclosed. The method comprises providing an at least partially encrypted media signal c09-04-2008
20120250862METHOD AND APPARATUS OF SECURELY PROCESSING DATA FOR FILE BACKUP, DE-DUPLICATION, AND RESTORATION - Disclosed are an apparatus and method of de-duplicating at least one data file. One example method may include requesting a list of data rows stored in a database to be de-duplicated, receiving the list of the data rows based on a single filekey associated with the at least one data file, copying the at least one data file to a data storage memory, and deleting the data rows entries from a file registry of the database.10-04-2012
20090136040INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - Encrypted text data c05-28-2009
20090136039SYSTEM AND METHOD OF RESTRICTING RECORDING OF CONTENTS USING DEVICE KEY OF CONTENT PLAYBACK DEVICE - The present invention relates to a system and method for restricting recording of contents using a device key of a content reproduction device. A content recording device includes a content recording unit for encrypting contents using a Content Encryption Key (CEK) and recording the encrypted contents in a recording medium; a CEK transmitting/receiving unit for transmitting the CEK to at least one content reproduction device, and receiving, from the at least one content reproduction device, an encrypted CEK being encrypted using a device key of each of the at least one content reproduction device; and a CEK recording unit for recording the encrypted CEK in the recording medium.05-28-2009
20090129595Verification of a product identifier - A system and method for enabling the verification of the authenticity of a product identification circuit, wherein the checking is based on an encryption key (05-21-2009
20100172502SYSTEMS AND METHODS FOR SECURE SUPPLY CHAIN MANAGEMENT AND INVENTORY CONTROL - Systems for encoding and reading RFID tags on a collection of items are shown. One embodiment of the invention includes a plurality of items, where each item possesses an item identifier string, and a plurality of RFID tags, where an RFID tag is affixed to each of the items and each RFID tag is encoded with a code word element generated using at least all of the item identifier strings. In many embodiments, the collection is a plurality of goods contained within a case, pallet, container or storage area.07-08-2010
20100172501Secure key system - A secure key system includes a key provider for partitioning and converting a private key into a plurality of key components, and a plurality of key holders storing the key components therein respectively for enhancing a security level of the private key, wherein all of the key holders are united to synthesize back the private key from the key components in order for completing a confirmation process so as to ensure the confirmation process being verified by all of the key holders.07-08-2010
20110103588Key Agreement and Re-keying over a Bidirectional Communication Path - A key agreement method is carried out by a first system in conjunction with a second system over a bidirectional communication path, including generating a first key pair having a first public key and a first private key, sending the first public key to the second system, receiving a second public key generated by the second system, and calculating a master key based upon the first private key, the second public key, a long-term private key, and a long-term public key. The long-term private key was generated by the first system during a previous key-agreement method as part of a long-term key pair. The long-term public key was generated by the second system and received during the previous key-agreement method. The previous key-agreement method required a secret to be known to the first system and the second system, thus conferring authentication based on the secret to the long-term public key.05-05-2011
20120121090CONTENT PROTECTION METHOD AND APPARATUS - There is disclosed a content protection method and apparatus. The content protection method and apparatus further improves such related schemes by facilitating spatial as well as temporal management of content. This is achieved by storing encrypted content and a corresponding decryption key and destroying the decryption key when suitable. In order to further facilitate the content protection, the decryption key may be received periodically, which allows for a large number of people to connect to the network at different times.05-17-2012
20100290624Key Management System and Method - Methods and systems are disclosed for providing secured data transmission and for managing cryptographic keys. One embodiment of the invention provides secure key management when separate devices are used for generating and utilizing the keys. One embodiment of the invention provides secure storage of keys stored in an unsecured database. One embodiment of the invention provides key security in conjunction with high speed decryption and encryption, without degrading the performance of the data network.11-18-2010
20100290623PROTECTION OF ENCRYPTION KEYS IN A DATABASE - System, method, computer program product embodiments and combinations and sub-combinations thereof for protection of encryption keys in a database are described herein. An embodiment includes a master key and a dual master key, both of which are used to encrypt encryption keys in a database. To access encrypted data, the master key and dual master key must be supplied to a database server by two separate entities, thus requiring dual control of the master and dual master keys. Furthermore, passwords for the master and dual master keys must be supplied separately and independently, thus requiring split knowledge to access the master and dual master keys. In another embodiment, a master key and a key encryption key derived from a user password is used for dual control. An embodiment also includes supplying the secrets for the master key and dual master key through server-private files.11-18-2010
20100246826Digital cinema management device and digital cinema management method - A digital cinema management device includes a control unit that manages keys used when exhibiting contents with playback devices and controls a representation of a management window for performing the key management, in which the control unit displays an arrangement representation in the management window and provides a representation at an arrangement position defined by a playback device and content exhibited by the playback device, the representation representing a status of a key used when decoding content corresponding to the arrangement position with a playback device corresponding to the arrangement position.09-30-2010
20110182430NAME ENCRYPTION DEVICE, PSEUDONYMIZATION DEVICE, NAME ENCRYPTION METHOD, AND PSEUDONYMIZATION METHOD - Provided is a name encryption device which suppresses leak and facilities the zero-knowledge proof by making the pseudonymization process to be a simple algebraic calculation. The name encryption device converts an encrypted name text into a pseudonym-encrypted text by dispersing the encrypted name text. The encryption device disperses a name into a plurality of name parts to generate a commitment for each of the parts and encrypts disclosure information and each of the name parts by respective public keys. The encryption device outputs the disclosure information relating to the respective commitments and encrypted texts obtained by the respective public keys of the name parts.07-28-2011
20120213369SECURE MANAGEMENT OF KEYS IN A KEY REPOSITORY - A method for managing keys in a computer memory including receiving a request to store a first key to a first key repository, storing the first key to a second key repository in response to the request, and storing the first key from the second key repository to the first key repository within said computer memory based on a predetermined periodicity.08-23-2012
20120170750SYSTEMS AND METHODS FOR MANAGING CRYPTOGRAPHIC KEYS - A common interface for managing cryptographic keys is provided. A request to manage a cryptographic key may be received in a first interface format, translated to a common interface format, and then executed remotely from the first interface. Return arguments may then be translated from the common interface format to a format compatible with the first interface and communicated securely to the first interface. The cryptographic keys may be used in connection with a secure data parser that secures data by randomly distributing data within a data set into two or more shares.07-05-2012
20120170749SECURE MANAGEMENT OF KEYS IN A KEY REPOSITORY - A method, system or computer usable program product for managing keys in a computer memory including receiving a request to store a first key to a first key repository, storing the first key to a second key repository in response to the request, and storing the first key from the second key repository to the first key repository within said computer memory based on a predetermined periodicity.07-05-2012
20100272265SYSTEM AND METHOD TO CONTROL ONE TIME PROGRAMMABLE MEMORY - Systems and methods to control one time programmable (OTP) memory are disclosed. A method may include determining a functionality for a hardware capability bus in an integrated circuit. The method may also include storing data in a first register of the integrated circuit based on the functionality. The method may also include disabling the functionality in the integrated circuit by setting at least one bit in a one time programmable memory bank in the integrated circuit based on the data.10-28-2010
20100272264METHOD FOR MAKING SAFE AN ELECTRONIC CRYPTOGRAPHY ASSEMBLY WITH A SECRET KEY - An aim of this invention is to eliminate the risks of aggression “DPA of the n order” attacks, for all n values, of cryptography electronic assemblies or systems with a secret or private key. The process according to this invention concerns a securing process for an electronic system using a cryptographic calculation procedure using a secret key. The process consists of masking intermediate results in input or output of at least one critical function for the said procedure.10-28-2010
20090060196TRANSMITTING APPARATUS, RECEIVING APPARATUS, AND CONTENT TRANSMITTING METHOD - A transmitting apparatus includes a transaction transmitting unit configured to transmit to a receiving apparatus a content to be moved to the receiving apparatus, by using a first transaction established with the receiving apparatus, a counter unit configured to count a progress quantity representing a degree of progress of the transmission of the content from a given point of time with respect to the transmission of the content corresponding to the first transaction to obtain a count value, and a transaction switching unit configured to switch the first transaction used for the transmission of the content to a second transaction, if the count value of the counter unit reaches a predetermined value and the transmission of the content is not completed.03-05-2009
20090060195Storage apparatus and data managament method - Provided is a storage system that includes a first storage apparatus and a second storage apparatus each connected to a host computer. The first and second storage apparatuses each include a controller and a disk drive. The controller manages an encryption status and an encryption key for each of a data volume and a journal volume in the disk drive. The controller in the first storage apparatus receives a write request from the host computer, creates a journal based on write data, encrypts the journal, and stores in an order the journal in a storage area in the journal volume. The controller in the order the encrypted journal stored in the journal volume, decrypts the journal, and transmits the decrypted journal to the second storage apparatus.03-05-2009
20090060194ADAPTABLE MICROCONTROLLER BASED SECURITY MONITOR - A method is provided for protecting embedded cryptographic processing circuits (03-05-2009
20090016533Controlling With Rights Objects Delivery Of Broadcast Encryption Content For A Network Cluster From A Content Server Outside The Cluster - Methods, systems, and products are disclosed for controlling with rights objects delivery of broadcast encryption content for a network cluster from a content server outside the cluster that include receiving in the content server from a network device a key management block for the cluster, a unique data token for the cluster, and an encrypted cluster id; calculating a binding key for the cluster in dependence upon the key management block for the cluster, the unique data token for the cluster, and the encrypted cluster id; inserting a title key into a rights object defining rights for the broadcast encryption content; and sending the rights object to the cluster. In typical embodiments, the rights for content include an authorization for a play period and an authorized number of copies of the broadcast encryption content to devices outside the cluster.01-15-2009
20090016532Portable data carrier featuring secure data processing - Disclosed is a method for securely processing data in a portable data carrier. Said method is characterized by the following steps: a) the data to be processed is requested; b) the data to be processed is encoded; c) the encoded data is temporarily stored in a buffer storage zone of the data carrier; d) the temporarily stored, encoded data is decoded by means of a decoding key; and e) the decoded data is processed.01-15-2009
20120230492ENCRYPTION DEVICE - According to an embodiment, an encryption device includes a symmetric-key operation unit; a division unit; an exclusive OR operation unit; a multiplication unit that performs multiplication on a Galois field; and a control unit that controls the above units. When the input data is divided into blocks, with the predetermined length, and the first mode of operation is designated on a (j−1)-th block, the control unit performs control such that the multiplication unit performs multiplication with a predetermined value based on the (j−1)-th block, performs control such that the exclusive OR operation unit sums a multiplication result and data of a j-th block, and performs control such that the exclusive OR operation unit sums an operation result of the exclusive OR operation unit and an operation result of the multiplication unit on the (j−1)-th block.09-13-2012
20080298591Interoperable Systems and Methods for Peer-to-Peer Service Orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.12-04-2008
20120321085Data Expansion Using an Approximate Method - A method for computation is described, the method including configuring a processor to expand input seed values into respective output data values using an approximated expansion process such that the output data values are not guaranteed to satisfy a required output data criterion, selecting a seed value so that an output data value generated by the processor by application of the approximated expansion process to the selected seed value will yield an output data value that satisfies the required output data criterion, and storing the selected seed value in a non-volatile memory to be accessed by the processor. Related apparatus and systems are also described.12-20-2012
20100189262SECURE KEY ACCESS WITH ONE-TIME PROGRAMMABLE MEMORY AND APPLICATIONS THEREOF - A device includes a key store memory that stores one or more cryptographic keys. A rule set memory stores a set of rules for accessing the cryptographic keys. A key store arbitration module grants access to the cryptographic keys in accordance with the set of rules. The device can be used in conjunction with a key ladder. The device can include a one-time programmable memory and a load module that transfers the cryptographic keys from the one one-time programmable memory to the key store memory and the set of rules to the rule set memory. A validation module can validate the cryptographic keys and the set of rules stored in the key store and rule set memories, based on a signature defined by a signature rule.07-29-2010
20120321084REVOCATION STATUS USING OTHER CREDENTIALS - Providing revocation status of at least one associated credential includes providing a primary credential that is at least initially independent of the associated credential, binding the at least one associated credential to the primary credential, and deeming the at least one associated credential to be revoked if the primary credential is revoked. Providing revocation status of at least one associated credential may also include deeming the at least one associated credential to be not revoked if the primary credential is not revoked. Binding may be independent of the contents of the credentials and may be independent of whether any of the credentials authenticate any other ones of the credentials. The at least one associated credential may be provided on an integrated circuit card (ICC). The ICC may be part of a mobile phone or a smart card.12-20-2012
20110293096Multi-Level Key Management - A key manager provides a way to separate out the management of encryption keys and policies from application domains. The key manager may create cipher objects that may be used by the domains to perform encryption or decryption, without exposing the keys or encryption/decryption algorithms to the domains. A master key managed by the key manager may be used to encrypt and decrypt the domain keys that are stored under the control of the key manager. The key manager supports the rekeying of both the master key and the domain keys based on policy. Multiple versions of domain keys may be supported, allowing domains to access data encrypted with a previous version of a domain key after a rekeying.12-01-2011
20120328105TECHNIQUES FOR ACHIEVING TENANT DATA CONFIDENTIALITY FROM CLOUD SERVICE PROVIDER ADMINISTRATORS - Techniques for achieving tenant data confidentiality in a cloud environment are presented. A daemon process within a Tenant Storage Machine (TSM) manages a key store for a particular tenant of a cloud storage environment having multiple other tenants. Just TSM storage processes are given access to the key store. Data is decrypted for the particular tenant when access is needed and data is encrypted using encryption keys of the key store when written in the cloud storage environment.12-27-2012
20120328104INPUT CONTENT DATA MANAGING SYSTEM AND METHOD OF MANAGING INPUT CONTENT DATA - An input content data managing system, includes a first storing unit that stores encoded content data generated by encoding content data with a cryptographic key; a second storing unit that stores the cryptographic key with reference value data of the encoded content data capable of identifying sameness of the encoded content data in corresponded with each other; a matching unit that matches the encoded content data stored in the first storing unit and the cryptographic key stored in the second storing unit using reference value data of the encoded content data obtained from the encoded content data stored in the first storing unit and the reference value data of the encoded content data stored in the second storing unit as a matching key at a predetermined time to obtain the content data by decoding the encoded content data by the matched cryptographic key.12-27-2012
20090310787Image Forming Apparatus, Key Management Server, Activation System, and Deactivation System - The image forming apparatus has: a network communication unit capable of communicating with a web server via a network; a web browser that accesses the web server via communication by the network communication unit, and acquires an activation key from the web server; and an activating unit that activates an optional function with the activation key. The key management server machine has: an activation key generating unit that generates an activation key corresponding to an optional function of an image forming apparatus; and a web server that receives identification information on the image forming apparatus and identification information on the optional function, and transmits an activation key to the image forming apparatus, the activation key corresponding to an optional function specified by the identification information on the optional function.12-17-2009
20100202618Method and apparatus for updating key in an active state - A method for updating a key in an active state is disclosed according to the embodiments of the present invention. The method includes steps of: initiating a key update by a user equipment in the active state or a network side when a pre-defined condition is met; updating the key by the network side and the user equipment, and negotiating an activation time of the new keys. An apparatus for updating a key in an active state is also disclosed according to the present invention. With the present invention, the user equipment in an active state and the network side may actively initiate the key update procedure in different cases, thereby solving the problem concerning the key update for a session in an active state.08-12-2010
20100202617System and Method for Recovery Key Management - A system and method for managing the recovery key of a computer system is disclosed. The computer system includes a security layer, and the recovery key is stored locally to a memory location on the computer system, including, as examples, flash memory on the motherboard of the computer system or a USB port on the computer system. In operation, when it becomes necessary for the computer system to authenticate the recovery key, the recovery key may be retrieved from the local memory. The retrieval and storage of the recovery key may be managed by a remote administrator. The recovery key may be stored in a hidden partition in the storage location, and the recovery key may be cryptographically wrapped to add an additional layer of security.08-12-2010
20100202616METHOD OF SECURING AND AUTHENTICATING DATA USING MICRO-CERTIFICATES - A method of securing wireless communications includes storing a recipient's micro-certificate at a vehicle, a call center, or a certificate authority, transmitting the micro-certificate from its place of storage, extracting the public key from the micro-certificate, encrypting the vehicle communication using the public key, transmitting the encrypted vehicle communication to the recipient, and decrypting the vehicle communication using a private key after receiving the vehicle communication. The micro-certificate can include identifying data for the recipient and can have a length that is less than twice the length of the public key contained in the micro-certificate.08-12-2010
20090316905KEY EXCHANGE THROUGH A SCRAMBLE METHODOLOGY AND SYSTEM - The method, system, and apparatus of key exchange through a scramble methodology and system is disclosed. In one embodiment, the method includes generating a security key associated with a protected media content, disassembling the security key (e.g., may be an unencrypted key) into a set of key bits, generating non-key bits (e.g., may be arbitrarily and/or randomly created binary numbers), placing the non-key bits disbursed between at least some of the set of key bits based on an algorithm of a control register module of a scatter module, algorithmically specifying a number of the set of key bits and the non-key bits in a packet, and communicating the packet and other packets each having the non-key bits disbursed between at least some the set of key bits of each of the packet and the other packets to a gather module.12-24-2009
20080240443METHOD AND APPARATUS FOR SECURELY PROCESSING SECRET DATA - Using the same secret key for different secret operations in the frame of public key cryptosystems raises security problems because attackers can gain statistical information about the secret key. Indeed, when randomization techniques are used, the same secret key is randomized differently for every new operation, and since information leakage sums up, eventually, the attacker is able to recover the secret key.10-02-2008
20080240441STORAGE CONTROLLER COMPRISING ENCRYPTION FUNCTION, DATA ENCRYPTION METHOD, AND STORAGE SYSTEM - Proposed are a storage controller equipped with an encryption function, a data encryption method, and a storage system enabling a user to apply one's desired encryption policy to data received from a computer or the like. This storage controller includes a storage apparatus for storing data from a computer, and a controller for controlling the input and output of data stored in the storage apparatus. The controller has a configuration information management unit for managing configuration information of attributes concerning an encryption function as information for encrypting data, and an encryption execution unit for performing encryption of data from the computer and data stored in the storage apparatus based on the configuration information of attributes concerning the encryption function.10-02-2008
20130170644Mechanism for Managing Authentication Device Lifecycles - An authentication device is used to authenticate a component to a product using a secret key. The life cycle of the authentication device is controlled by selective deletion of the secret key. An attestation message is sent by the authentication device upon deletion of the secret key. Authentication devices from faulty components or over supply of the authentication devices ma}′ be rendered inoperable and audited.07-04-2013
20080232594SYMMETRIC KEY SUBSCRIPTION - A method and system for symmetric key subscription. A register R issues to a subject A a possession that stores a first symmetric key X or comprises a deriving means configured to derive the first symmetric key X. The register R receives from a counterparty B a request for a subscription to a symmetric key with respect to the subject A. In response to the received request, the register R derives a second symmetric key Y from both the first symmetric key X and a first value N. The register R transmits to the counterparty B the second symmetric key Y derived by the register R.09-25-2008
20080232593SYSTEM AND METHOD FOR LOGICAL SHREDDING OF DATA STORED ON WORM MEDIA - Files are encrypted and stored on a WORM media device along with their encryption keys, the binary values of which are stored as a combination of written and unwritten sectors in a key storage portion of the media. To shred a file, the associated key is destroyed simply by writing into the unwritten sectors that are associated with the key.09-25-2008
20080232592Method and apparatus for performing selective encryption/decryption in a data storage system - One embodiment of the present invention provides a system for performing selective encryption/decryption in a data storage system. During operation, the system receives a data block from a storage medium at an input/output layer, wherein the input/output layer serves as an interface between the storage medium and a buffer cache. Next, the system determines whether the data block is an encrypted data block. If not, the system stores the data block in the buffer cache. Otherwise, if the data block is an encrypted data block, the system retrieves a storage-key, wherein the storage-key is associated with a subset of storage, which is associated with the encrypted data block. Using the storage-key, the system then decrypts the encrypted data block to produce a decrypted data block. Finally, the system stores the decrypted data block in the buffer cache, wherein the data block remains encrypted in the storage medium.09-25-2008
20080232591SIMPLE AND EFFICIENT ONE-PASS AUTHENTICATED ENCRYPTION SCHEME - The present invention provides encryption schemes and apparatus, which are more efficient than the existing single pass authenticated encryption schemes, while providing the same level of security. The initial vectors, which are an essential part of these schemes, are chosen in an incremental and safe fashion. This also leads to an incremental method for generating the pair-wise differentially uniform sequences or XOR-universal sequences which are another essential part of such schemes. The incrementality of the generation of these sequences extends to even across different plain-text messages being encrypted, leading to substantial savings in time to encrypt. A further step of encryption is shown to be redundant and leads to savings over earlier schemes. Another embodiment describes splitting the plain-text blocks into two sets, and using the block-cipher in encrypt mode on one set and the block-cipher in decrypt mode on the other set, leading to beneficial hardware solutions.09-25-2008
20080232590Micropayment Processing Method and System - A method of producing an offer package includes defining, within the offer package, a description of an offered product. The cost of the offered product and the merchant making the offer are also defined within the offer package, which includes an encrypted version of the offered product.09-25-2008
20080226082Systems and methods for secure data backup - Systems and methods are provided for securely backing up data files of a computing system onto a backup device. An encryption key is generated using some identification found on and unique to the computing system. The encryption key is used to encrypt the data which is then stored on the backup device as encrypted backed up data. The encrypted backed up data stored on the backup device can later be accessed, e.g., for data recovery purposes, by once again using the computing system unique identification to generate the encryption key which can then be used to decrypt the encrypted backed up data. In this way, the backed up data remains secure even if the backup device is lost or stolen.09-18-2008
20080226081DATA RECOVERY METHOD, IMAGE PROCESSING APPARATUS, CONTROLLER BOARD, AND DATA RECOVERY PROGRAM - A disclosed data recovery method, image processing apparatus, controller board, and data recovery program enable data stored encrypted in a storage unit within an information processing apparatus to be recovered when an internal encryption key of the apparatus becomes unavailable. A first encryption key is stored in a secure memory, a second encryption key is stored in a first storage unit, and data is stored in a second storage unit. The second encryption key is decrypted with the first encryption key. The second encryption key is backed up outside the information processing apparatus as a backup key, such as by printing it on a sheet with a plotter. When the first encryption key becomes unavailable, the backup key is restored back in the information processing apparatus. The data stored in the second storage unit is then decrypted with the restored backup key.09-18-2008
20080226080ENCRYPTION KEY RESTORING METHOD, INFORMATION PROCESSING APPARATUS, AND ENCRYPTION KEY RESTORING PROGRAM - A disclosed encryption key restoring method enables restoration of an encryption key in the event of inability to use the encryption key stored in a secure memory of an information processing apparatus, in which data encrypted by the encryption key is stored in an internal storage unit. A disclosed information processing apparatus includes a key management module that checks the validity of the encryption key. If the encryption key is not valid, the key management module acquires a restore key for the encryption key from outside the information processing apparatus, and checks the validity of the restore key. If the restore key is valid, the key management module stores it in the secure memory, and reboots the information processing apparatus in a normal mode.09-18-2008
20080226079METHOD AND APPARATUS FOR CONDITIONALLY DECRYPTING CONTENT - Provided is a method of conditionally decrypting content. In the method, whether a content key for encrypting and/or decrypting content is revoked is determined, and encrypted content is selectively decrypted using the content key.09-18-2008
20080226078ENABLING RECORDING AND COPYING DATA - A data encryption key may be generated for encrypting data content. The data encryption key includes multiple portions. For example, the data encryption key may be generated by combining a drive seed and a media seed where the drive seed includes a value that is unique to the drive reading data content or a group of drives sharing the same drive seed. The media seed may include a value unique to the media from which data content may be read. The data encryption key thus generated may be unique to a combination of a specific drive or group of drives and a media or group of media.09-18-2008
20080226077Apparatus, Method, and Computer Program Product for Playing Back Content - A content playback apparatus includes an SKF selecting unit that selects one segment key file from plural segment key files recorded in a DVD media at a time of playback of a content of the sequence key section, a data selecting unit that selects each content corresponding to a segment number of each key entry registered in the selected segment key file, a moving picture data decrypting unit that decrypts the selected moving picture data by a segment key corresponding to the segment number, and a decoder that plays back the decrypted moving picture data.09-18-2008
20130177156Encrypted Data Processing - A computer-implemented method of processing data by a first processor, the data being generated by a second processor. The method comprises receiving a data object encrypted with a first encryption key, the data object comprising the data to be processed and policy data indicating allowed processing for said data. said received data object is decrypted based upon said first encryption key and the data is processed only in accordance with the policy data.07-11-2013
20130177157ENCRYPTION KEY MANAGEMENT - An encryption key fragment is divided into a number of encryption key fragments. Requests to store different ones of the encryption key fragments are transmitted to different computer memory storage systems. An individual request to store an encryption key fragment includes one of the encryption key fragments and bears an access control hallmark for regulating access to the encryption key fragment.07-11-2013
20130129094ELECTRONIC EQUIPMENT, METHOD OF CONTROLLING ELECTRONIC EQUIPMENT AND CONTROL PROGRAM FOR ELECTRONIC EQUIPMENT - According to one embodiment, an electronic equipment includes: an instruction receiving module configured to communicate with an external equipment to receive a start-up inhibit instruction, an encryption key deletion instruction outputted from the external equipment, and an internal data deletion instruction to which an execution delay time is attached; and an instruction processing module configured to inhibit start-up of the electronic equipment to perform deletion process of the encryption key stored and to perform deletion process of the stored internal data when the start-up inhibit instruction, the encryption key deletion instruction, and the internal data deletion instruction to which the execution delay time is attached are received.05-23-2013
20080205651Secure processor system without need for manufacturer and user to know encryption information of each other - A secure processor system capable of improving the security of processor processing by the addition of minimum modules without the need for a manufacturer and a user to know encryption information of each other has been disclosed. The secure processor system includes a secure processor having a CPU core that executes a instruction code, an encryption key hold part that holds a processor key, and an encryption processing part that encrypts or decrypts data input/output to/from the core with a processor key and a memory, and the encryption key hold part includes a hardware register that holds a hardwired encryption key, a write only register that stores an encryption key for instruction to be input and holds the stored encryption key for instruction so that it cannot be read, and the encryption key hold part outputs a hardware encryption key as a processor key at the time of activation and outputs a command encryption key as a processor key after a encryption key for instruction is written.08-28-2008
20080199012Method for identifying a server device in a network - According to an aspect of an embodiment, an apparatus connectable to a storage device through a network, comprising: a network interface module for connecting the apparatus to the storage device through the network; a memory for storing identification information identifying said network interface module in said network; a receiving module for receiving set up information including identification information identifying said network interface module through said network; and a controller for writing said identifying information into the memory on the basis of said set up information.08-21-2008
20090175450Systems and methods for obtaining information on a key in BB84 protocol of quantum key distribution - Systems and methods for obtaining information on a key in the BB84 (Bennett-Brassard 1984) protocol of quantum key distribution are provided. A representative system comprises a quantum cryptographic entangling probe, comprising a single-photon source configured to produce a probe photon, a polarization filter configured to determine an initial probe photon polarization state for a set error rate induced by the quantum cryptographic entangling probe, a quantum controlled-NOT (CNOT) gate configured to provide entanglement of a signal with the probe photon polarization state and produce a gated probe photon so as to obtain information on a key, a Wollaston prism configured to separate the gated probe photon with polarization correlated to a signal measured by a receiver, and two single-photon photodetectors configured to measure the polarization state of the gated probe photon.07-09-2009
20130148809COMPUTING THE ETH ROOT OF A NUMBER USING A VARIANT OF THE RSA ALGORITHM (FOR EVEN E'S)06-13-2013
20120275600SECURE KEY CREATION - A system for creating a secure key is provided that includes a computer processor and an application configured to execute on the computer processor, the application implementing a method that includes creating a token and populating a key control information section of the token with a value to indicate a minimum number of key parts used to form a key. Creating the secure key also includes populating a payload section of the token with a first key part, binding the key control information section to the payload section, adding a second key part to the first key part and iterating the value and binding the key control information section to the payload section after the second key part has been added. Creating the secure key further includes indicating the key is complete, wherein the key comprises a combination of the first and second key parts.11-01-2012
20100316222IMAGE PROCESSING SYSTEM - An image processing system 12-16-2010
20130156194SECURE RECORDING AND SHARING SYSTEM OF VOICE MEMO - According to an aspect of an embodiment, a system for secure recording and sharing of audio data includes a communication interface, a registration module, a microphone, an encryption engine, and a storage device. The registration module is configured to register an attendee device associated with an attendee for a meeting. The microphone is configured to convert sound generated at the meeting to audio data representing the sound. The encryption engine is configured to encrypt the audio data. The storage device is configured to store and associate the encrypted audio data with the attendee device for subsequent access by the attendee.06-20-2013
20130156195METHOD OF OBTAINING A MAIN KEY FROM A MEMORY DEVICE, METHOD OF GENERATING AUTHENTICATION INFORMATION FOR A MEMORY DEVICE, AN EXTERNAL DEVICE AND SYSTEM ICLUDING THE EXTERNAL DEVICE - In one embodiment, the method includes obtaining, at the external device, an encrypted main key and an encrypted first decryption key from the memory device. The encrypted first decryption key is an encrypted version of a first decryption key. The encrypted main key is an encrypted version of the main key. The external device is unable to read the main key from the memory device. The method further includes decrypting, at the external device, the encrypted first decryption key using a second decryption key to obtain the first decryption key; and decrypting, at the external device, the encrypted main key of the memory device using the first decryption key to obtain the main key.06-20-2013
20120281838KEY MANAGEMENT POLICIES FOR CRYPTOGRAPHIC KEYS - A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to management of the key material populating one or more key management fields that define attributes that limit distribution of the key material.11-08-2012
20120281837SECURE KEY MANAGEMENT - A system for secure key management is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method. The method includes populating a section of information associated with a key, the section of information being populated with information relating to a level of protection of the key accumulated over time. Secure key management further includes securely binding the section of information to the key, wherein the key is encrypted.11-08-2012
20120281836SECURE KEY MANAGEMENT - A system for implementing secure key management is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method. The method includes populating a section of information associated with a key, the section being populated with information relating to how the key was created. The method also includes populating the section with information relating to how the key was acquired by a secure module; and binding the section to the key, wherein the key is encrypted.11-08-2012
20130182848SECURE GROUP MESSAGING - A method for securing at least one message transferred in a communication system from a first computing device to a second computing device in a peer-to-peer manner. At the first computing device, an identity based authenticated key exchange session is established with a third computing device operating as a peer authenticator. The identity based authenticated key exchange session has an identity based authenticated session key associated therewith. The first computing device obtains from the third computing device a random key component of the second computing device, wherein the random key component of the second computing device is encrypted by the third computing device using the identity based authenticated session key prior to sending the random key component of the second computing device to the first computing device. A peer-to-peer messaging key is computed at the first computing device using the random key component of the second computing device.07-18-2013
20130182849Contact management system and method - In an embodiment of a method of providing contact information, the method includes creating a contact record in a contact management system, where a process associated with a subject of the contact record and/or a recipient of data associated with the contact record is included in creating the contact record. A unique serial number is generated corresponding to the contact record and the serial number is conveyed to the recipient. A request by an application is received for the contact record from the contact management system corresponding to the serial number and data associated with the contact record is transmitted to the application.07-18-2013
20110311054Asymmetrical Chaotic Encryption - Implementations and techniques for asymmetrical chaotic encryption are generally disclosed. One disclosed method for asymmetrical encryption includes determining a ciphertext control block from data, where the ciphertext control block is based at least in part on one or more Chebyshev polynomials. The method also includes encrypting at least a portion of the data into an encrypted ciphertext block, where the encrypted ciphertext block is based at least in part on Logistic Mapping, and in which a final ciphertext includes the encrypted ciphertext block and the ciphertext control block12-22-2011
20120093318Encryption Key Destruction For Secure Data Erasure - Techniques for encryption key destruction for secure data erasure via an external interface or physical key removal are described. Electrical destruction of key material retained in a memory of a storage device renders the device securely erased, even when the device is otherwise inoperable. The memory (e.g. non-volatile, such as flash) stores key material for encrypting/decrypting storage data for the device. An eraser provides power and commands to the memory, even when all or any portion of the device is inoperable. The commands (e.g. erase or write) enable zeroizing or destroying the key material, rendering data encrypted with the destroyed key material inaccessible, and therefore securely erased. Alternatively, the memory is a removable component (e.g. an external security device or smartcard) coupled to the device during storage operation. Removing and physically destroying the memory renders the device securely erased. The device and/or the memory are sealed to enable tamper detection.04-19-2012
20130208893SHARING SECURE DATA - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for managing secure data are disclosed herein.08-15-2013
20130208892COMPUTER SYSTEM AND COMPUTER SYSTEM CONTROL METHOD - When removing an HDD, in which a failure has occurred, after the execution of hot swap in a storage apparatus having a stored data encryption function, an encryption key assigned to that HDD is shredded and thereby data in the HDD is automatically crypto-shredded; and after a new HDD is installed, data in a spare disk regarding which copy back to the new HDD is completed is automatically crypto-shredded and key generation for the spare disk is requested to a security administrator in preparation for the next hot swap. Then, with the storage apparatus which imports and uses an encryption key generated by an external key management server for encryption/decoding of stored data, the encryption key for the spare disk is imported from the external key management server in advance and the encryption key is prevented from the use other than the intended use in preparation for a case where the encryption key may not be imported due to a communication failure with the external key management server at the time of the hot swap, thereby causing a shortage of encryption keys.08-15-2013

Patent applications in class KEY MANAGEMENT

Patent applications in all subclasses KEY MANAGEMENT