Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Key distribution

Subclass of:

380 - Cryptography

380277000 - KEY MANAGEMENT

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
380279000 Key distribution center 172
380283000 User-to-user key distributed over data link (i.e., no center) 54
Entries
DocumentTitleDate
20130028422Architecture for Reconfigurable Quantum Key Distribution Networks Based on Entangled Photons Directed by a Wavelength Selective Switch - A system and method for securing communications between a plurality of users communicating over an optical network. The system utilizes a fixed or tunable source optical generator to generate entangled photon pairs, distribute the photons and establish a key exchange between users. The distribution of entangled photon pairs is implemented via at least one wavelength selective switch.01-31-2013
20120163603SERVER AND METHOD, NON-TRANSITORY COMPUTER READABLE STORAGE MEDIUM, AND MOBILE CLIENT TERMINAL AND METHOD - Systems and methods for operating in connection with mobile devices are described. The mobile devices may move between online and offline areas. In some instances, a prediction may be made as to when a mobile device will enter an offline area. The prediction may be based on sensor information. Data or a key may be transferred to the mobile device prior to entering the offline area.06-28-2012
20130044881KEY TRANSPORT METHOD, MEMORY CONTROLLER AND MEMORY STORAGE APPARATUS - A key transport method for transporting a key from a buffer memory to an encryption/decryption unit is provided. The method includes logically dividing bits of the key into key segments, wherein each of the key segments has a start position and a segment length. The method also includes setting a transmission length belonging to each of key segments based on the start positions and the segment lengths of the key segments; assigning a transmission bit stream belonging to each of the key segments from the bits of the key according to the start positions and the transmission lengths of the key segments; determining a transmission sequence; and sending the start position, the segment length and the transmission bit stream belonging to each of the key segments to the encryption/decryption unit from the buffer memory based on the transmission sequence. Accordingly, the method can transport the key safely.02-21-2013
20080260162Controlling Delivery Of Broadcast Encryption Content For A Network Cluster From A Content Server Outside The Cluster - Controlling delivery of broadcast encryption content for a network cluster from a content server outside the cluster that include receiving in the content server from the network device a key management block for the cluster, a unique data token for the cluster, and an encrypted cluster id and calculating a binding key for the cluster in dependence upon the key management block for the cluster, the unique data token for the cluster, and the encrypted cluster id. In typical embodiments, calculating a binding key includes calculating a management key from the key management block for the cluster; calculating a content server device key from the management key and the content server device id; decrypting the encrypted cluster id with the content server device key; and calculating the binding key with the management key, the unique data token for the cluster, and the cluster id.10-23-2008
20090122990NETWORK MOBILITY OVER A MULTI-PATH VIRTUAL PRIVATE NETWORK - Methods and apparatus for applying a single virtual private network (VPN) address to tunnels or connections associated with different access interfaces are disclosed. In one embodiment, a method includes establishing a first tunnel between a node and a VPN server. The first tunnel has a first address. The method also includes assigning a VPN address to the first tunnel, as well as establishing a second tunnel between the node and the VPN server. The second tunnel has a second address. The VPN address is assigned to the second tunnel, and VPN address is accessed by both the first address and the second address.05-14-2009
20090122989SMART STORAGE DEVICE - A smart storage device can have a smart-card portion with access control circuitry and integrated memory, a controller in selective communication with the smart-card portion, and a memory device in communication with the controller. The memory device can be separate from the smart-card portion and can store one or more smart-card applications.05-14-2009
20130136263SYSTEM AND METHOD FOR REGISTERING A PERSONAL COMPUTING DEVICE TO A SERVICE PROCESSOR - In one aspect, a system for registering a personal computing device to a service processor is disclosed. In one embodiment, the system includes a computer-executable first registration module that is executable to perform functions that include providing a device identifier associated with a personal computing device to a service processor over a communications link. The system also includes a computer-executable second registration module that is executable to perform functions that include receiving the device identifier over the communications link and retrieving stored user access data associated with a particular authorized user of the personal computing device who has remote access to the service processor via a management computer. The second registration module is further executable to generate a cryptographic key based on the device identifier and configuration data associated with firmware of the service processor, and to provide the cryptographic key to the personal computing device over the communications link.05-30-2013
20100074446METHOD OF AUTOMATICALLY POPULATING A LIST OF MANAGED SECURE COMMUNICATIONS GROUP MEMBERS - Methods of automatically populating a secure group list in a key variable loader and of providing keys to a secure group are presented. After a user selects a secure group and encryption algorithm using inputs of the loader, the loader provides a group identifier and corresponding key for the group. The group identifier, encryption algorithm, and key are transmitted to a portable communication device over a physical connection between the two while a device identifier of the communication device is transmitted concurrently to the loader. The key variable loader automatically populates a stored list of subscribers of the group with the device identifier. When it is desired to transmit a new key to all of or fewer than all of the subscribers, one of the subscribers is connected with the loader and used to wirelessly transmit a new key to the remaining subscribers.03-25-2010
20110170695TIME-BIN POLARIZATION FORMAT EXCHANGE TECHNIQUE FOR ENTANGLED OPTICAL SOURCE - It is an object of the present invention to provide a network system for quantum key distribution (QKD) for free space and fiber networks.07-14-2011
20090169017CONFIGURATION OF VIRTUAL TRUSTED PLATFORM MODULE - Systems, methods and machine readable media for configuring virtual platform modules are disclosed. One method includes launching a virtual machine monitor, and determining, with the virtual machine monitor, whether a configuration policy that defines a configuration for a virtual trusted platform module is trusted. The method further includes configuring the virtual trusted platform module per the configuration policy in response to the virtual machine monitor determining that the configuration policy is trusted. The method also includes launching, via the virtual machine monitor, a virtual machine associated with the virtual trusted platform module.07-02-2009
20090220092Probabilistic Mitigation of Control Channel Jamming Via Random Key Distribution in Wireless Communications Networks - An embodiment includes methods that generate random cryptographic keys, and send the keys to client devices. These methods may send representations of channel locator functions to the client devices, which may use the channel locator functions to locate particular control channels, using the random keys as input.09-03-2009
20100111308KEY HANDLING IN COMMUNICATION SYSTEMS - In a method for key handling in mobile communication systems, first and second numbers are exchanged between entities of the mobile communication system. The first and second numbers are respectively used only once with respect to the respective system parameters of the communication system and therefore allowing greater security in the communication system.05-06-2010
20100104103Method And Apparatus For Billing And Security Architecture For Venue-Cast Services - A security system is applied to venue-cast content transmissions over a broadcast/multicast network infrastructure. The broadcast network infrastructure may be Evolution-Data Only Broadcast Multicast Services (BCMCS) that facilitates distribution of a subscription-based content delivery service. A venue-cast service can be part of the subscription-based content delivery service and has an associated service key. Upon subscribing to the content delivery service, the subscriber access terminal is given the service key. Such service key may be associated with a particular subscriber package and/or venue location. The same service key is provided to the broadcast network infrastructure that broadcasts venue-cast content. A broadcast access key is generated by the broadcast network infrastructure and used to encrypt venue-specific content to be broadcasted. Consequently, only access terminals that have received the service key (e.g., subscribe to the associated subscription package and/or are located at a specific venue or location) can decrypt the broadcasted content.04-29-2010
20100104104Method of Data Item Selection for Trade and Traded Item Controlled Access via Menu/Toolbar driven Interface - This invention provides a system that enable a trading network center and participating network operators as well as their selling-subscribers to select for-not-use/for-trade electronic information data items to trade by using an interactive button/menu/toolbar driven interface, such as a browser or onscreen widget; also it enable their buying-subscribers to select and access dealpack by using the same interface through a controlled access process controlled and operated by the trading network center via its trading portal.04-29-2010
20090154706METHOD AND APPARATUS FOR ESTABLISHING COMMUNICATION VIA SERVICE PROVIDER - Provided are a method and apparatus for establishing communication via a service provider providing a service of establishing communication between a transmitting terminal and a receiving terminal. The method includes receiving an encryption key from the service provider, transmitting the encryption key to an external device storing receiving terminal identification information required for establishing communication with the receiving terminal, receiving the encrypted receiving terminal identification information from the external device, and transmitting the encrypted receiving terminal identification information to the service provider.06-18-2009
20090154707METHOD AND SYSTEM FOR DISTRIBUTING GROUP KEY IN VIDEO CONFERENCE SYSTEM - Provided are a system and method for distributing a group key for a video conference using a one-time password in a video conference system. The method includes: when a video terminal is required to participate in a video conference, generating a challenge value and a response value corresponding to the video terminal; encrypting a group key corresponding to the video conference with the response value, and transmitting the encrypted group key and the challenge value to the video terminal; and causing the video terminal to participate in the video conference in response to an acknowledgement message from the video terminal. This results in high user friendliness and high-level security.06-18-2009
20100040235Key Providing System, Terminal Device, and Information Processing Method - A terminal device improved with a digraph generation method in a key distribution method of various types of broadcast encryption systems is provided. The terminal device includes an acquiring unit for acquiring information related to a set, which is selected from a plurality of sets representing a combination of a plurality of terminal devices, and which represents some or all of the plurality of terminal devices; an extracting unit for extracting the set contained in the information and to which it belongs; and a digraph generation unit for generating a directional branch for generating a key corresponding to the extracted set in a predetermined digraph formed by a plurality of directional branches.02-18-2010
20130083926QUANTUM KEY MANAGEMENT - Innovations for quantum key management harness quantum communications to form a cryptography system within a public key infrastructure framework. In example implementations, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a Merkle signature scheme (using Winternitz one-time digital signatures or other one-time digital signatures, and Merkle hash trees) to constitute a cryptography system. More generally, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a hash-based signature scheme. This provides a secure way to identify, authenticate, verify, and exchange secret cryptographic keys. Features of the quantum key management innovations further include secure enrollment of users with a registration authority, as well as credential checking and revocation with a certificate authority, where the registration authority and/or certificate authority can be part of the same system as a trusted authority for quantum key distribution.04-04-2013
20100091996METHOD AND APPARATUS FOR INPUT OF CODED IMAGE DATA - An image input device which includes a means for inputting image data, a memory for storing a secret information and an operator for carrying out an operation by using the image data and the secret information.04-15-2010
20100091995SIMPLE PROTOCOL FOR TANGIBLE SECURITY - The claimed subject matter provides systems and/or methods that effectuate a simple protocol for tangible security on mobile devices. The system can include devices that generate sets of keys and associated secret identifiers, employs the one or more keys to encrypt a secret and utilizes the identifiers and encryptions of the secret to populate a table associated with a security token device that is used in conjunction with a mobile device to release sensitive information persisted on the mobile device for user selected purposes.04-15-2010
20090052675SECURE REMOTE SUPPORT AUTOMATION PROCESS - Secure Remote Support Automation Process wherein a remote support server receives a support task request and schedules a predefined task to a predefined actor who also has a predefined escalation policy and notifies the support actor of the scheduled task along with a key, a key seed, or a credential to use in authentication. The method enabling privileged access to an Internet security appliance using public/private key pairs through a firewall and network address translation by a support server and an assigned support task actor.02-26-2009
20130089206METHOD AND APPARATUS FOR DISTRIBUTING A QUANTUM KEY - A method for distributing a quantum key is provided, including sending a first photon to a first receiver; sending a second photon to a second receiver, the first and second photons being a pair of time-energy entangled photons; and providing a coding scheme comprising a plurality of time bins and a plurality of frequency bins, wherein a combination of a time bin and a frequency bin corresponds to a character.04-11-2013
20130089205Token Provisioning Method - The present invention discloses a token provisioning method for a token provisioning system. The token provisioning method includes steps of generating at least one encryption key at a customer side; generating a plurality of seed numbers corresponding to a plurality of electronic serial numbers (ESNs) at the customer side, respectively; encrypting the plurality of seed numbers and the plurality of corresponding ESNs with the at least one encryption key at the customer side; decrypting the plurality of seed numbers and the plurality of corresponding ESNs with the at least one encryption key; and programming a plurality of tokens with the plurality of seed numbers and the plurality of corresponding ESNs.04-11-2013
20100002884Optical Out-Of-Band Key Distribution - One aspect of the disclosure relates to an out-of-band communication system and associated process. The out-of-band communication system includes an encrypted data path that is configured to convey encrypted data. The out-of-band communication system includes an optical out-of-band channel that is physically distinct from the encrypted data path. The encrypted data path extends between an optical transmitter and an optical receiver. The optical out-of-band channel is configured to transmit key information from the optical transmitter to the optical receiver.01-07-2010
20120219153Intercepting a Communication Session in a Telecommunication Network - Intercepting a secure communication session includes distributing a key from a key distribution point to establish a secure communication session between a first endpoint and a second endpoint. A secure channel is established between the key distribution point and an intercepting point. The intercepting endpoint may be determined to be authorized to intercept the secure communication session. The key is provided to the intercepting endpoint only if the intercepting endpoint is authorized to intercept the secure communication session, where the key provides the intercepting endpoint with access to intercept the secure communication session.08-30-2012
20110007902Approach for managing access to messages using encryption key management policies - Controlling access to disseminated messages includes implementing one or more key management policies that specify how various encryption keys are maintained and in particular, when encryption keys are made inaccessible. Deleting a particular key renders inaccessible all copies of messages, known or unknown, associated with the particular key, regardless of the location of the associated messages. A message may be directly or indirectly associated with a deleted key. Any number of levels of indirection are possible and either situation makes the message unrecoverable. The approach is applicable to any type of data in any format and the invention is not limited to any type of data or any type of data format.01-13-2011
20090092254METHOD FOR EFFICIENTLY PROVIDING KEY IN A PORTABLE BROADCASTING SYSTEM AND SYSTEM USING THE SAME - A method for efficiently providing a key in a portable broadcasting system and a system using the same are provided, in which when a user selects a service to be purchased after invoking a broadcasting application, a terminal transmits a service request message including information about the selected service, a server transmits a service response message including a key required for using the selected service in the form of a MIKEY, and the terminal receives the service response message.04-09-2009
20090092253OPTIMIZING AMOUNT OF DATA PASSED DURING SOFTWARE LICENSE ACTIVATION - During a software activation process, a processing device may provide a software license key to be communicated to an activation authority. The software license key may be provided to the activation authority via one of a number of communication methods, such as, for example, via a telephone, via a facsimile, via e-mail, via a text message, or via other communication methods. A length of the software license key may be based on an expected amount of time to provide the software license key to the activation authority. When the expected amount of time is relatively long, the software license key may be relatively short. When the expected amount of time is relatively short, the software license key may be relatively long. In some embodiments, a relatively short software license key may be a unique subset of a relatively long software license key.04-09-2009
20110013775System and method of mobile content sharing and delivery in an integrated network environment - A system and method of mobile content sharing and delivery in an integrated network environment, comprising; a first mobile terminal serving as information provider, a home server, and a second mobile terminal serving as information receiver. The information of said first mobile terminal is transmitted to said second mobile terminal through said home server, and that information can be stored in said home server for direct downloading of file by said second mobile terminal in an asynchronous transmission manner; when said first mobile terminal moves and switches to another network environment, said second mobile terminal still can request and download said information through said home server. A double key protection scheme is further provided in safeguarding secure transaction of information.01-20-2011
20090232314APPARATUS, METHOD, AND COMPUTER PROGRAM PRODUCT FOR PROCESSING INFORMATION - An information processing apparatus performs mutual authentication with another information processing apparatus storing key management information and at least one of apparatus secret keys, the key management information containing encrypted secret keys each being a secret key encrypted with a different one of the apparatus secret keys respectively assigned to information processing apparatuses. The apparatus transmits, to the other apparatus, designation information specifying one of the encrypted secret keys decryptable with the apparatus secret key, out of the encrypted secret keys contained in the key management information usable by the apparatus, receives the encrypted secret key specified by the designation information out of the encrypted secret keys contained in the key management information stored in the other apparatus from the other apparatus, obtains the secret key by decrypting the encrypted secret key with the apparatus secret key, and performs authentication with the other apparatus based on the secret key.09-17-2009
20090232313Method and Device for Controlling Security Channel in Epon - A method and device for controlling security of a communication channel between an OLT and an ONU in a secure channel control system of EPON formed of the OLT and the ONU having a cryptographic module, a key management module and a transmitter/receiver for transmitting/receiving frames, the method comprising the steps of: a) distributing a key between the OLT and the ONU; b) transferring the distributed key to the encryption modules of the OLT and ONU; c) activating a corresponding encryption module using the distributed key at one of the OLT and the ONU which starts a security function activation; d) transmitting an encryption module information message including activation state information of the corresponding encryption module from the side (transmitting side) having the activated encryption module to an opponent side (receiving side); and e) activating an encryption module by checking activation state information of the encryption module at the receiving side.09-17-2009
20090232312ENCRYPTED CONTENT REPRODUCTION DEVICE, ENCRYPTED CONTENT REPRODUCTION METHOD, PROGRAM, AND RECORDING MEDIUM FOR STORING THE PROGRAM - The invention presents an encrypted content playback equipment capable of decryption and playback of an encrypted content by using key information when a key medium storing the key information is not inserted, an encrypted content playback method, a program, and a recording medium for storing the program.09-17-2009
20090052674KEY DISTRIBUTION CONTROL APPARATUS, RADIO BASE STATION APPARATUS, AND COMMUNICATION SYSTEM - A key distribution control apparatus, a radio base station apparatus and a communication system for improving security. A communication system (02-26-2009
20120114124METHOD FOR COMBINING AUTHENTICATION AND SECRET KEYS MANAGEMENT MECHANISM IN A SENSOR NETWORK - A method for combining authentication and secret keys management mechanism in a sensor network includes the following steps: 1) pre-distribution of the secret key, which includes 1.1) the pre-distribution of the communication secret key and 1.2) the pre-distribution of the initial broadcast message authentication secret key; 2) authentication, which includes 2.1) the authentication of the node identity and 2.2) the authentication of the broadcast message; and 3) negotiation of the session secret key by the nodes.05-10-2012
20090252328SYSTEM FOR SECURELY TRANSMITTING MTA CONFIGURATION FILES - A system for securely transmitting configuration files from a server to a terminal device includes a downloading module, an encrypting module, a signing module, a transmitting module, a transceiver module, a verifying module, and a decrypting module. The downloading module downloads a first configuration file of the terminal device including a sign public key from the server upon the condition that the terminal device is powered on and activates the server to transmit a second configuration file of the terminal device. The encrypting module retrieves and encrypts the second configuration file. The signing module retrieves a sign private key to sign the encrypted second configuration file. The transmitting module transmits the signed second configuration file to the transceiver module. The verifying module retrieves the sign public key to verify the signed second configuration file. The decrypting module decrypts the verified second configuration file to retrieve the second configuration file.10-08-2009
20110280404ITERATIVE DATA SECRET-SHARING TRANSFORMATION - Provided are a method, system, and article of manufacture for iterative data secret-sharing transformation and reconversion. In one aspect, data secret-sharing transformation and reconversion is provided in which each bit of an input stream of bits of data is split, on a bit by bit basis, into a pair of secret-sharing bits, and the secret-sharing bits of each pair of secret-sharing bits are separated into separate streams of secret-sharing bits. In this manner, one secret-sharing bit of each pair of secret-sharing bits may be placed in one stream of secret-sharing bits and the other secret-sharing bit of each pair may be placed in another stream of secret-sharing bits different from the one stream of secret-sharing bits. Confidentiality of the original input stream may be protected in the event one but not both streams of secret-sharing bits is obtained by unauthorized personnel. In another aspect, for an input stream of N bits, each received bit of the N bits of the input stream of data, may be interatively split, on a bit by bit basis, into a pair of secret-sharing bits, to generate as few as N+1 secret-sharing bits from the input stream of bits N bits. Other features and aspects may be realized, depending upon the particular application.11-17-2011
20110280405SYSTEMS AND METHODS FOR STABILIZATION OF INTERFEROMETERS FOR QUANTUM KEY DISTRIBUTION - Systems and methods are described in which both a quantum key distribution (QKD) transmitter and QKD receiver may keep both of their two-path interferometers stable, with regard to path length drift, relative to an internal reference laser are described. Systems and methods are also proposed whereby the transmitter interferometer may have only a single path (e.g., Sagnac interferometers). The systems and methods described herein may greatly improve the performance of quantum cryptographic transceivers that may make use of these systems and methods.11-17-2011
20110280403AUTOMATIC APPLICATION MANAGEMENT IN A SHORT-RANGE WIRELESS SYSTEM - Method, device and computer readable storage medium for managing applications on a wireless device by providing applications on the wireless device. The wireless device is used in a short-range wireless system with an effective range. The wireless device and a client device are brought into proximity and thereby into the effective range of the short-range wireless system. The wireless device and the client device are connected and associated. The application is associated with the client device. The application is then automatically launched on the wireless device.11-17-2011
20100266127SYSTEMS AND METHODS FOR ONE-TO-MANY SECURE VIDEO ENCRYPTION - A video encryption/decryption scheme is provided allowing an originator of video content to encrypt the video content using a session key, wherein the encrypted content and an encrypted form of the session key are provided to a destination. The session key is encrypted using a long term key value, and the long term key value itself is encrypted using shared secret information that is only stored in the main memory of the originator and destination's systems. The long term key is encrypted, typically by a third party, and provided to the originator and destination systems for encrypting/decrypting the session key. The third party also provides a pass phrase file, which the originator and destination systems can use as input with shared secret information to a certain cryptographic hashing algorithm to encrypt/decrypt the long term key.10-21-2010
20110280406KEY DISTRIBUTION METHOD AND SYSTEM - The present invention discloses a key distribution method and system, the method includes: a card issuer management platform informing a supplementary security domain corresponding to an application provider of generating in a smart card a public/private key pair including a public key and a private key, receiving the public key returned from the supplementary security domain, importing a public key for trust point for external authentication into the supplementary security domain, and transmitting the information of the supplementary security domain and the public key to the application provider management platform; the application provider management platform receiving the information of the supplementary security domain and the public key from the card issuer management platform, and selecting the supplementary security domain of the smart card by a service terminal according to the information of the supplementary security domain and the public key; the application provider management platform informing the supplementary security domain of regenerating a public key and a private key, generating a supplementary security domain certificate according to the regenerated public key which is returned from the supplementary security domain, and achieving the supplementary security domain key distribution by transmitting the supplementary security domain certificate to the supplementary security domain. The present invention can improve the security of the supplementary security domain key distribution.11-17-2011
20090208021METHOD AND APPARATUS FOR MANAGING ENCRYPTION KEYS BY MOBILE COMMUNICATION TERMINAL CONNECTED WITH SMARTCARD - A method and an apparatus are provided for managing encryption keys by a mobile communication terminal connected to a smartcard that stores the encryption keys. The mobile communication terminal receives and stores encrypted multimedia data, extracts recording key information corresponding to an encryption key from the received multimedia data, determines whether the extracted recording key information has been previously stored in a recording key database, and maps the extracted recording key information to identification information of the received multimedia data and stores mapping data therebetween in the recording key database when the extracted recording key information has not been previously stored in the recording key database.08-20-2009
20110286599DISTRIBUTED PUF - An electronic system (11-24-2011
20100166186WIRELESS COMMUNICATION METHOD USING WPS - A wireless communication method includes receiving a first frame requesting to start a registration protocol in Wi-Fi protected setup (WPS) of wireless LAN security standards, transmitting, after receiving the first frame, a second frame containing security types and encryption keys for the respective security types, and transmitting a third frame, after transmitting the second frame, the third frame instructing to terminate WPS. The security types include at least one of Wi-Fi protected access (WPA), WPA2 and WEP.07-01-2010
20110096930Method of Storing Secret Information in Distributed Device - A method of storing a function result of a secret key in memory of a device for distribution is provided. The method involves applying a first, one way function to a random number stored in the memory of the device, thereby generating a first result, applying a second function to the first result and the secret key, thereby generating a second result, storing the second result in the memory of the device, and distributing the device with the random number and second result stored in the memory and the secret key not stored in the memory.04-28-2011
20080273705Broadcasting method and broadcast receiver - A broadcasting method and a broadcast receiver whereby contents are first distributed only for storage so that the stored contents are later played back in a time period predetermined by the distributing party, the contents being encrypted for protection against unauthorized reproduction in any time period other than the intended one. A content is transmitted together with a begin store command in a first time period for storage onto a storage medium at the receiving side. In a time period subsequent to the first time period, a play command is broadcast so as to get the content retrieved from storage for playback. The content should preferably be encrypted. The encrypted content is decrypted and played back using a decryption key transmitted along with the play command in the second time period. The decryption key is deleted the moment the decryption process is terminated.11-06-2008
20090196425Method for Authenticating Electronically Stored Information - A system for authenticating electronically stored information (ESI) with a first key and a second key. The comparison of the first key and the second key are used to authenticate the second electronically stored information.08-06-2009
20090169019METHOD AND SYSTEMS USING IDENTIFIER TAGS AND AUTHENTICITY CERTIFICATES FOR DETECTING COUNTERFEITED OR STOLEN BRAND OBJECTS - A method and system for generating data for generating an authenticity certificate to be stored on a media. The authenticity certificate authenticates an object. A request for a step certificate includes a media identifier, a media key block, an object identifier, a requester entity type, and a requester identity certificate. The object identifier is hashed. A created signature includes the hashed object identifier, the requester entity type, a certifier identity certificate, and the requester identity certificate. A generated hashing result is a concatenation of the object identifier, the requester entity type, the certifier entity certificate, the requester identity certificate, and the signature. The step certificate including the hashing result is generated and encrypted. The encrypted step certificate and an encrypted random key are sent to a requester of the step certificate. The object may be determined to be an authentic object, a counterfeited object, or a stolen object.07-02-2009
20090169020Migration of full-disk encrypted virtualized storage between blade servers - A method, system and computer-readable storage medium with instructions to migrate full-disk encrypted virtual storage between blade servers. A key is obtained to perform an operation on a first blade server. The key is obtained from a virtual security hardware instance and provided to the first blade server via a secure out-of-band communication channel. The key is migrated from the first blade server to a second blade server. The key is used to perform hardware encryption of data stored on the first blade server. The data are migrated to the second blade server without decrypting the data at the first blade server, and the second blade server uses the key to access the data. Other embodiments are described and claimed.07-02-2009
20090122991METHOD AND APPARATUS FOR PROVIDING ENCRYPTED KEY BASED ON DRM TYPE OF HOST DEVICE - A method and apparatus for providing an encrypted key based on a DRM type of a host device are provided. The method includes receiving available DRM type information of a host device, making a request for generation of a key object based on the received available DRM type information, and transmitting the generated key object to the host device.05-14-2009
20080267410Method for Authorizing and Authenticating Data - A method and a corresponding apparatus for authenticating data in a digital processing system (DPS) is disclosed, wherein a root/first tier key pair associated with a first tier/root authority may sign data and second tier keys for authorizing data for processing in the DPS. The first tier/root authority may pass entitlements to the authorized second tier key, which may itself authorize third tier keys and pass entitlements to said key.10-30-2008
20080267409ENCRYPTION PROCESSING FOR STREAMING MEDIA - A method of securing transmission of streaming media by encrypting each packet in the stream with a packet key using a fast encryption algorithm. The packet key is a hash of the packet tag value and a closed key which is unique for each stream. The closed key is itself encrypted by the sender and passed to the recipient using a public key encryption system. The encrypted closed key (open key) may conveniently be inserted into the stream header. All of the packets in the stream are encrypted, but only the data pay load of each packet is encrypted. It is computationally infeasible, without knowing the recipient's private key to calculate the closed key based upon knowledge of publicly accessible information such as the recipient's public key, the open key, the encrypted stream data or the packet tag values.10-30-2008
20100266128CREDENTIAL PROVISIONING - Disclosed is a method in a provisioning apparatus. The method comprises obtaining a family key, a family key defining a family; submitting the family key to a security element in a secure manner (10-21-2010
20090285399Distributing Keypairs Between Network Appliances, Servers, and other Network Assets - A method and apparatus for providing an automated key distribution process to enable communication between two networked devices without the need for human provision of a key to both networked devices. In response to a first connection request from a first network device to a second network device, the second network device will check for a credential such as a public key for the first network device. If the credential is not present, then the second network device will communicate with the first network device on a second secured and pre-defined connection to obtain a certificate from the first network device. The second network device then queries a backend server with the certificate to obtain a credential such as the public key for the first network device. Subsequent connection or communication requests from the first network device will then be properly serviced.11-19-2009
20100080394QKD transmitter and transmission method - In order to facilitate alignment of a QKD transmitter and QKD receiver, the transmitter is provided with a retro-reflector for returning to the receiver a photon beam originating at the latter. The transmitter is arranged to polarization modulate the retro-reflected beam. The transmitter is provided both with an intensity detector for generating an indication of retro-reflected photon intensity, and an intensity-dependent controller for controlling the QKD transmitter in dependence on the detected photon intensity. In one embodiment, this control involves aborting operation of the QKD transmitter upon an unexpectedly high photon intensity being detected; in another embodiment, the intensity indication is used to control the attenuation of the retro-reflected beam so as stabilize the average retro-reflected photon count per unit time.04-01-2010
20100080393Cryptographic Key Management In Storage Libraries - Embodiments include methods, apparatus, and systems for managing encryption keys in a storage library. One method includes receiving a request to read or write data to a tape drive; initiating, by the tape drive, a request for an encryption key to encrypt or decrypt the data; and transmitting the encryption to key to the tape drive through an out-of-band path.04-01-2010
20100080395CRYPTOGRAPHIC METHOD FOR A WHITE-BOX IMPLEMENTATION - A cryptographic method is implemented in a white-box implementation thereof. The method comprises applying a plurality of transformations (04-01-2010
20090262942Method and system for managing shared random numbers in secret communication network - A method for managing shared random numbers in a secret communication network including at least one center node and a plurality of remote nodes connected to the center node, includes: sharing random number sequences between the center node and respective ones of the plurality of remote nodes; when performing random numbers sharing between a first remote node storing a first random number sequence shared with the center node and a second remote node storing a second random number sequence shared with the center node, distributing a part of the second random number sequence from the center node to the first remote node; and sharing the part of the second random number sequence between the first remote node and the second remote node.10-22-2009
20090296939LOCAL AREA NETWORK - A method and system for distributed security for a plurality of devices in a communication network, each of the devices being responsible for generating, distributing and controlling its own keys for access to the communication network and using the keys to establish a trusted network, each device's membership to the communication network being checked periodically by other devices by using a challenge response protocol to establish which devices are allowed access to the communication network and the trusted network.12-03-2009
20090169015QUANTUM KEY DISTRIBUTION METHOD, COMMUNICATION SYSTEM, AND COMMUNICATION DEVICE - A quantum key distribution method according to the present invention includes an error probability estimation step of estimating error probabilities of transmission data and the received data, an error correcting step of correcting errors in the received data based on error correcting information, a matching determination step of determining whether the transmission data and the received data after correcting errors match, and an information amount estimating step of estimating an amount of information leaked to an adversary through a quantum communication path, and further compresses data based on the amount of information made public in a process of processing via a public communication path and an estimated value of the amount of information leaked to the adversary through the quantum communication path to make the data after compression a cryptographic key shaped by devices.07-02-2009
20090052673METHOD AND APPARATUS FOR DECODING BROADBAND DATA - The invention relates to a method for decrypting encrypted broadband data by one or more authorised users comprising the following steps: provision of the encrypted broadband data (02-26-2009
20090225989KEY INFORMATION ISSUING DEVICE, WIRELESS OPERATION DEVICE, AND PROGRAM - A key information issuing device issuing key information to a key information retaining device includes an authentication module authenticating an issuer of the key information, an output module outputting the key information to the key information retaining unit, and a recording module recording a mapping of the issued key information to the key information retaining unit. The key information is issued in response to an indication of the authenticated issuer.09-10-2009
20110170696SYSTEM AND METHOD FOR SECURE ACCESS - The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded.07-14-2011
20090285401Providing Access To Content For a Device Using an Entitlement Control Message - Providing access to content for devices is performed by providing multiple entitlement management messages (EMMs), each which including a service key, to the plurality of devices. Also, a same entitlement control message (ECM) is provided to the devices. The ECM includes an encrypted traffic key for decrypting content. Each of the devices derives an access key from the service key according to a business model level of access to the content for a user of the devices and uses the access key to decrypt the traffic key to access the content according to the business model level of access to the content for the each of the plurality of devices.11-19-2009
20110170694Hierarchical Key Management for Secure Communications in Multimedia Communication System - In a communication system wherein a first computing device is configured to perform a key management function for first user equipment and a second computing device is configured to perform a key management function for second user equipment, wherein the first user equipment seeks to initiate communication with the second user equipment, wherein the first computing device and the second computing device do not have a pre-existing security association there between, and wherein a third computing device is configured to perform a key management function and has a pre-existing security association with the first computing device and a pre-existing security association with the second computing device, the third computing device performing a method comprising steps of: receiving a request from one of the first computing device and the second computing device; and in response to the request, facilitating establishment of a security association between the first computing device and the second computing device such that the first computing device and the second computing device can then facilitate establishment of a security association between the first user equipment and the second user equipment. The first computing device, the second computing device and the third computing device comprise at least a part of a key management hierarchy wherein the first computing device and the second computing device are on a lower level of the hierarchy and the third computing device is on a higher level of the hierarchy.07-14-2011
20090279702IMAGE PROCESSING APPARATUS AND CONTROL METHOD THEREOF - An image processing apparatus, to which a portable storage medium can be electrically connected, includes a generation unit configured to generate a pair of a public key and a private key, a medium detection unit configured to detect that the portable storage medium is connected to the image processing apparatus, a determination unit configured to determine whether the public key generated by the generation unit is stored in the portable storage medium detected by the medium detection unit, and a storage unit configured to store the public key generated by the generation unit in the portable storage medium based on the determination by the determination unit that the public key generated by the generation unit is not stored in the portable storage medium.11-12-2009
20090290715Security architecture for peer-to-peer storage system - An exemplary method includes receiving a request to register a peer in a peer-to-peer system; generating or selecting a transaction key for the peer; storing the transaction key in association with registration information for the peer; transmitting the transaction key to the peer and, in response to a request to perform a desired peer-to-peer transaction by another peer, generating a token, based at least in part on the transaction key. Such a token allows for secure transactions in a peer-to-peer system including remote storage of data and retrieval of remotely stored data. Other exemplary techniques are also disclosed including exemplary modules for a peer-to-peer server and peers in a peer-to-peer system.11-26-2009
20090290714Protocol for Verifying Integrity of Remote Data - An exemplary method for verifying the integrity of remotely stored data includes providing a key; providing a fingerprint, the fingerprint generated using the key in a keyed cryptographic hash function as applied to data of known integrity; sending the key to a remote storage location that stores a copy of the data of known integrity; receiving a fingerprint from the remote storage location, the fingerprint generated using the key in a keyed cryptographic hash function as applied to the remotely stored copy of the data; and verifying the integrity of the remotely stored copy of the data based at least in part on comparing the provided fingerprint to the received fingerprint. Other exemplary methods, systems, etc., are also disclosed.11-26-2009
20090103736Device for Generating Polarization-Entangled Photons - A device for generating polarization-entangled photons by means of parametric down-conversion, comprising a waveguide structure formed in a substrate of an optically non-linear material with periodically poled regions, wherein, when in operation, pump photons can be supplied from a pump laser to the waveguide structure, and wherein a separating means for separating the entangled photons for the separate further conduction of signal photons and idler photons, respectively, is arranged to follow the waveguide structure.04-23-2009
20090103735TELEMEDICAL SYSTEM - In the telemedical system securely sharing encryption keys for enabling secure exchange of the encrypted biological data between the measurement terminal and the server to prevent the data from being stolen by the malicious third party, a service key is transferred to the second adapter attached to a measurement terminal from the server via the first adapter attached to the management apparatus. First, the first adapter attached to the management apparatus receives the service key from the server. Next, the first adapter is temporarily detached from the management apparatus and is attached to the measurement terminal to store the symmetric key. The first adapter is detached from the measurement terminal, and is attached to the management apparatus again. The service key received in the first adapter is encrypted using the symmetric key, and the encrypted key is transmitted to the second adapter attached to the measurement terminal.04-23-2009
20090103734METHOD AND SYSTEM FOR SECURING ROUTING INFORMATION OF A COMMUNICATION USING IDENTITY-BASED ENCRYPTION SCHEME - Methods and systems for providing confidentiality of communications sent via a network that is efficient, easy to implement, and does not require significant key management. The identity of each node of the routing path of a communication is encrypted utilizing an identity-based encryption scheme. This allows each node of the routing path to decrypt only those portions of the routing path necessary to send the communication to the next node. Thus, each node will only know the immediate previous node from which the communication came, and the next node to which the communication is to be sent. The remainder of the routing path of the communication, along with the original sender and intended recipient, remain confidential from any intermediate nodes in the routing path. Use of the identity-based encryption scheme removes the need for significant key management to maintain the encryption/decryption keys.04-23-2009
20090041252EXCHANGE OF NETWORK ACCESS CONTROL INFORMATION USING TIGHTLY-CONSTRAINED NETWORK ACCESS CONTROL PROTOCOLS - In general, techniques are described for securely exchanging network access control information. The techniques may be useful in situations where an endpoint device and an access control device perform a tightly-constrained handshake sequence of a network protocol when the endpoint device requests access to a network. The handshake sequence may be constrained in a variety of ways. Due to the constraints of the handshake sequence, the endpoint device and the access control device may be unable to negotiate a set of nonce information during the handshake sequence. For this reason, the access control device uses a previously negotiated set of nonce information and other configuration information associated with the endpoint device as part of a process to determine whether the endpoint device should be allowed to access the protected networks.02-12-2009
20110206205ENCRYPTION KEY DISTRIBUTION METHOD IN MOBILE BROADCASTING SYSTEM AND SYSTEM FOR THE SAME - A method and a system for distributing an encryption key for service protection and content protection in a mobile broadcasting system are provided where a network generates a first encryption key when a broadcasting service is first provided to the terminal, and transmits a long term key message including the generated first encryption key to the terminal. Also, the network generates a second encryption key before the life-time of a first access value pair expires, and transmits a long term key message including the generated second encryption key to the terminal.08-25-2011
20100061556SECURING INFORMATION EXCHANGED VIA A NETWORK - A privacy key is provided over a network. An information page is provided over the network. A submission of data that is to be transmitted over the network in response to the information page is detected. A subset of the data is to be encrypted using the privacy key is determined. The privacy key is used to encrypt the subset of the data.03-11-2010
20090169016METHOD AND SYSTEM FOR KEYING AND SECURELY STORING DATA - An approach is provided for securely storing sensitive data. A system is provided that includes a central device configured to receive a key from a requester, to obtain a new key associated with the key, and to transmit the new key to the requestor, and a storage device for storing the new key in association with the key. Also, a secure system is provided that includes a parsing unit that parses an actual data value into a first data field and a second data field, a key generation unit that generates a key, a first process that transmits the key to a central manager and receives a new key associated with the key from the central manager, and at least one storage device configured to store the first data field in association with the key, and to store the second data field in association with the new key.07-02-2009
20090285400COMMUNICATION DEVICE, COMMUNICATION METHOD, READER/WRITER, AND COMMUNICATION SYSTEM - A control unit of a communication device decrypts, when receiving via an antenna from a reader/writer a cipher key encrypted with a key same as a common key recorded in a recording unit by the reader/writer, the encrypted cipher key with the common key recorded in the recording unit, and when receiving via the antenna from the reader/writer a readout target address specifying a region of a data readout source in the recording unit encrypted with a cipher key same as the cipher key by the reader/writer, decrypting the encrypted readout target address with the cipher key, and transmitting the data recorded in the region specified by the readout target address obtained through decryption of the regions of the recording unit to the reader/writer via the antenna.11-19-2009
20100135499SHARED KEY TRANSMISSION APPARATUS, AUTOMATIC TELLER MACHINE, AUTOMATIC TELLER SYSTEM AND METHOD OF CONTROLLING THE AUTOMATIC TELLER MACHINE - Provided are a shared key transmission apparatus, an automatic teller machine (ATM), and a controlling method thereof. The shared key transmission apparatus may include: a reception unit receiving, from the ATM, a first cryptogram where a random number is encrypted; a description unit restoring the random number from the first cryptogram; an encryption unit encrypting the shared key using the restored random number; and a transmission unit transmitting the encrypted shared key to the ATM. The ATM may include: an encryption unit generating a random number and encrypting the random number to generate a first cryptogram; a transmission unit transmitting the first cryptogram to the shared key transmission apparatus; a reception unit receiving, from the shared key transmission apparatus, a shared key that is encrypted using the restored random number; and a decryption unit restoring the shared key from the encrypted shared key using the generated random number.06-03-2010
20100135498Efficient Key Derivation for End-To-End Network Security with Traffic Visibility - Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows:06-03-2010
20080279385METHOD AND HOST DEVICE FOR USING CONTENT USING MOBILE CARD, AND MOBILE CARD - Provided are a method and host device for using content using a mobile card, and a mobile card. The method includes storing an identifier (ID) of the mobile card, a global key, and a content key encrypted by a secret key of the mobile card, generating a combined key of the ID and the global key, generating a first cryptogram, in which the content key encrypted by the secret key is encrypted by the combined key, transmitting the first cryptogram to the mobile card, receiving from the mobile card a second cryptogram, in which the content key is encrypted by the combined key, and decrypting the second cryptogram. Accordingly, a user can use encrypted content from a remote place.11-13-2008
20080279386METHOD AND APPARATUS FOR ENCRYPTING MEDIA PROGRAMS FOR LATER PURCHASE AND VIEWING - A system and method for storing and retrieving program material for subsequent replay is disclosed. The method includes accepting a receiver ID associated with a receiver key stored in a memory of the receiver, determining a pairing key for encrypting communications between the conditional access module and the receiver, encrypting the pairing key with the receiver key, and transmitting a message comprising the encrypted pairing key to the receiver. The apparatus comprises a receiver for receiving a data stream transmitting a media program encrypted according to a media encryption key and an encrypted media encryption key and a conditional access module, communicatively coupleable with the receiver.11-13-2008
20080285758REFRESHING SOFTWARE LICENSES - A license access agent is configured to execute on a client computer. The license access agent comprises a license manager configured to receive a software license upon a request for authorizing usage of a protected software product so as to allow one or more functionalities of the protected software product to run on the client computer. The license manager is configured to disable the protected software product upon expiration of the software license unless the license manager obtains a refreshed software license.11-20-2008
20080285759Method for data privacy in a fixed content distributed data storage - An archival storage cluster of preferably symmetric nodes includes a data privacy scheme that implements key management through secret sharing. In one embodiment, the protection scheme is implemented at install time. At install, an encryption key is generated, split, and the constituent pieces written to respective archive nodes. The key is not written to a drive to ensure that it cannot be stolen or otherwise compromised. Due to the secret sharing scheme, any t of the n nodes must be present before the cluster can mount the drives. Thus, to un-share the secret, a process runs before the cluster comes up. It contacts as many nodes as possible to attempt to reach a sufficient t value. Once it does, the process un-shares the secret and mounts the drives locally. Given bidirectional communication, this mount occurs more or less at the same time on all t nodes. Once the drives are mounted, the cluster can continue to boot as normal.11-20-2008
20080285757Interoperable Systems and Methods for Peer-to-Peer Service Orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.11-20-2008
20080304669RECIPIENT-SIGNED ENCRYPTION CERTIFICATES FOR A PUBLIC KEY INFRASTRUCTURE - In accordance with various embodiments, methods, apparatuses, and articles of manufacture for generating and signing, by a potential recipient, a digital encryption certificate are described herein. In some embodiments, the digital encryption certificate may include a encryption key of an encryption key pair, and may be signed by the potential recipient with a signing key of a signing key pair. The signing key pair may have a second, publicly-accessible signing key associated with a digital signing certificate issued by a party trusted by the potential recipient and one or more potential senders. In various embodiments, potential senders may verify the digital encryption certificate and use the encryption key to encrypt and send digital messages to the potential recipient.12-11-2008
20080310637Method, System And Rights Issuer For Generating And Acquiring Rights Objects - A method and system for generating and acquiring rights objects according to the embodiments. In the present disclosure, the generation and acquisition of rights objects is implemented as a service function or a service support function; a rights issuer is deployed as an application server or as a service support entity for an application server. Therefore, the present disclosure makes full use of all existing entities and operating mechanisms in an IMS network and provides an optimized method and system for generating and acquiring rights objects. Furthermore, the rights issuer may obtain user requests or online state information of users via the IMS. In addition, the present disclosure provides a rights issuer.12-18-2008
20120294445CREDENTIAL STORAGE STRUCTURE WITH ENCRYPTED PASSWORD - In accordance with one or more aspects, a storage structure including both an encrypted credential and an encrypted password is obtained. A key can be obtained from a key distribution service and the encrypted password decrypted, based on the key, to obtain a password. The encrypted credential is decrypted, based on the password to obtain the credential. Both devices able to obtain the key from the key distribution service, and devices otherwise able to obtain the password, are able to obtain the credential by decrypting the encrypted credential.11-22-2012
20080273703Dual-Gated Qkd System for Wdm Networks - Systems and methods of incorporating a QKD system (Q) into a WDM network (11-06-2008
20080267408PROTECTING AGAINST COUNTERFEIT ELECTRONICS DEVICES - An optical transceiver module is authenticated in a host system. A host generates a data string and writes the data string to a first predetermined memory location known to the transceiver. The data string is cryptographically altered (either encrypted or decrypted) by the transceiver and written to a second predetermined memory location known to the host. The host retrieves the cryptographically altered data string and performs a complementary cryptographic operation (either a decryption or encryption, respectively) thereon, creating a resulting data string. If the resulting data string is equal to the data string written to the first predetermined memory location, the transceiver is authenticated. The host and the transceiver may switch roles, with the transceiver generating the data string, the host cryptographically altering it, and so on. The host encrypts data strings when the transceiver decrypts data strings, and vice versa.10-30-2008
20100142712Content Delivery Network Having Downloadable Conditional Access System with Personalization Servers for Personalizing Client Devices - A content delivery network and method employing a Downloadable Conditional Access System (“DCAS”) includes first and second personalization servers. A unit key list having unique keys is segmented into different blocks. Each block is encrypted with a separate transmission key corresponding to that block such that first and second blocks are respectively encrypted with first and second transmission keys. The encrypted blocks are communicated to the personalization servers. The first transmission key is communicated to the first personalization server without being communicated to another personalization server such that the first server can decrypt the first block using the first transmission key to access the keys of the first block. The second transmission key is communicated to the second personalization server without being communicated to another personalization server such that the second server can decrypt the second block using the second transmission key to access the keys of the second block.06-10-2010
20090161876METHODS AND SYSTEMS FOR SECURE CHANNEL INITIALIZATION TRANSACTION SECURITY BASED ON A LOW ENTROPY SHARED SECRET - Methods and systems for secure channel initialization transaction security between a client network element and a server network element are disclosed. In accordance with one embodiment of the present disclosure, the method includes: choosing a random client ephemeral private key at a client network element; utilizing the client ephemeral private key and the shared secret to create a client ephemeral public key at the client network element; forwarding the client ephemeral public key in a channel initialization request to a server network element; selecting a random server ephemeral private key at the server network element; using the server ephemeral private key and the shared secret to create a server ephemeral public key at the server network element; creating a high entropy shared secret based on the client ephemeral public key and the server ephemeral private key; creating a message authentication code ‘MAC’ and encrypting a payload with the high-entropy shared secret; sending the encrypted payload and the server ephemeral public key to the client network element; utilizing the server ephemeral public key and the client ephemeral private key to derive the high-entropy shared secret; and decrypting the payload and verifying the MAC with the high-entropy shared secret.06-25-2009
20090185690SOLUTION FOR LOCALLY STAGED ELECTRONIC SOFTWARE DISTRIBUTION USING SECURE REMOVABLE MEDIA - A method, information processing system, and computer program storage product, are provided for creating a Removable Installation Kit (“RIK”) for locally staged electronic software distribution on a user system. The method includes selecting at least one software package from a list of software packages on a software distribution server. A set of data elements is created that is associated with an RIK to be created using the at least one software package. The set of data elements is stored at the software distribution server. A temporary copy of the at least one software package that has been selected is stored. The RIK is created by placing at least the software package that has been selected and a unique identifier associated with the RIK on at least one removable storage medium.07-23-2009
20090169018HANDHELD DEVICE ASSOCIATION VIA SHARED VIBRATION - In some embodiments an accelerometer is mechanically coupled to a first device. The accelerometer obtains a vibration profile in response to a relative movement of the first device and a second device. A radio transmits an encrypted version of the vibration profile to the second device and receives an encrypted version of a vibration profile from the second device. A processor sets up a secure channel between the radio and the second device in which to exchange keys with the second device in order to decrypt the received encrypted vibration profile. The processor also decrypts the received encrypted vibration profile in response to at least one of the exchanged keys, compares the transmitted vibration profile with the received vibration profile and allows a sharing of resources with the second device if a match occurs between the transmitted vibration profile and the received vibration profile. Other embodiments are described and claimed.07-02-2009
20090080659SYSTEMS AND METHODS FOR HARDWARE KEY ENCRYPTION - Various systems and methods for implementing dynamic logic are disclosed herein. For example, some embodiments of the present invention provide systems for encrypting/decrypting data. Such systems include a hardware key, a memory, a hardware decoder and a message encoder. The memory includes an encoded encoding key that represents an original encoding key. The hardware decoder receives a portion of the encoded encoding key and decodes the portion of the encoded encoding key using the hardware key to recover a portion of the original encoding key. The message encoder receives a data set and the portion of the original encoding key and encodes the data set using the portion of the original encoding key to create an encoded data set.03-26-2009
20110142240METHOD AND TERMINAL FOR LAWFUL INTERCEPTION - An interception target terminal includes an interception module, and the interception module activates an interception function on the basis of interception related information received from a communication business system. In addition, when a communication mode is changed in the state where an interception function is in an activated state, if a network to be accessed depending on a change of the communication mode is a network that is permitted to be intercepted, corresponding access details information is transmitted to a communication service system or a law enforcement agency system. Further, when the terminal performs communication by an encryption method in the state where the interception function is in the activated state, an encryption key used for encryption or communication data before the encryption is transmitted to the communication service system or the law enforcement agency system.06-16-2011
20110228942Reduced Hierarchy Key Management System and Method - A controller receives an encrypted media stream (“EMS”) and an identifier indicative of a selected content key from a headend. The EMS is encrypted with an encryption key and can be decrypted with a corresponding decryption key which is determinable from the selected content key. The controller receives indexes and content keys from the headend prior to receiving the EMS. Each index respectively corresponds to an identifier with one index corresponding to the identifier indicative of the selected content key. The content keys correspond to the indexes with one content key corresponding to the index corresponding to the identifier indicative of the selected content key. The controller selects the index corresponding to the identifier indicative of the selected content key upon receiving the EMS, determines the selected content key from the selected index, determines the decryption key from the selected content key, and decrypts the EMS with the decryption key.09-22-2011
20110222691RECORDING SYSTEM, PLAYBACK SYSTEM, KEY DISTRIBUTION SERVER, RECORDING DEVICE, RECORDING MEDIUM DEVICE, PLAYBACK DEVICE, RECORDING METHOD, AND PLAYBACK METHOD - To protect rights of a copyright owner of digital content, technology is required to prevent digital content on a recording medium from being copied onto another recording medium and played back. A key distribution server securely receives a media unique key from a recording medium device, generates a first title key different for each content, encrypts the generated first title key with the media unique key, encrypts the content with the first title key, and transmits the encrypted first title key to the recording medium device and the encrypted content to the recording device. The recording device securely receives the encrypted content from the key distribution server and the first title key and a second title key from the recording medium device, decrypts the encrypted content with the first title key, encrypts the decrypted content with the second title key, and transmits the encrypted content to the recording medium device.09-15-2011
20090016537METHOD OF AUTHENTICATING AND REPRODUCING CONTENT USING PUBLIC BROADCAST ENCRYPTION AND APPARATUS THEREFOR - Provided are a method and apparatus for mutually authenticating devices in a group and reproducing content using public broadcast encryption. The method of authenticating a first device and a second device includes acquiring specific information of the second device from the second device, transmitting data, containing the acquired specific information of the second device and specific information of the first device, by encrypting the data using a broadcast public key of a group to which the second device belongs, and determining whether authentication of the first device succeeds by decrypting the encrypted data by using a private key of the second device. If authentication succeeds, receiving the specific information of the first device, which is encrypted by using a temporary common key by using the decrypted data, and authenticating the second device by decrypting the encrypted specific information of the first device by using the temporary common key.01-15-2009
20080273704Method and Apparatus for Delivering Keying Information - A method of delivering an application key or keys to an application server for use in securing data exchanged between the application server and a user equipment, the user equipment accessing a communications network via an access domain. The method comprises running an Authentication and Key Agreement procedure between the user equipment and a home domain in order to make keying material available to the user equipment and to an access enforcement point. At least a part of said keying material is used to secure a communication tunnel between the user equipment and the access enforcement point, and one or more application keys are derived within the home domain using at least part of said keying material. Said application key(s) is(are) provided to said application server, and the same application key(s) derived at the user equipment, wherein said access enforcement point is unable to derive or have access to said application key(s).11-06-2008
20090220093Distribution Of Keys For Encryption/Decryption - Methods of encryption and decryption are described which use a key associated with an event to encrypt/decrypt data associated with the event. The method of encryption comprises identifying a key associated with an event and encrypting data using the identified key. The encrypted data is then published along with details of the event.09-03-2009
20080260161Terminal Device and Copyright Protection System - To provide a terminal device with which, even if content that has undergone conversion is moved to another device, the content before the conversion can be used when moving the content from the device which is a move destination of the content back to a move source of the content. The terminal device stores the content in advance, applies an irreversible conversion which causes a decrease in quality to the content to generate converted content, and writes the converted content to a storage medium. The terminal device encrypts a block in the content using an encryption key to generate an encrypted block, replaces the block in the content with the encrypted block, and writes the encryption key to the storage medium.10-23-2008
20090316907SYSTEM AND METHOD FOR AUTOMATED VALIDATION AND EXECUTION OF CRYPTOGRAPHIC KEY AND CERTIFICATE DEPLOYMENT AND DISTRIBUTION - A method for automated validation and execution of cryptographic key and certificate deployment and distribution includes providing one or more keys; providing one or more key deployment points; and distributing the one or more keys to the one or more key deployment points in an automated manner based on a matrix or pattern mapping of each of the one or more keys to be distributed to each of the one or more key deployment points.12-24-2009
20090316908Verification key handling - A method, an apparatus, and a computer program product for enabling verification key handling is disclosed. Said handling is enabled by receiving a verification key including an identifier of the parent verification key of the verification key, wherein the verification key includes a constraint portion, determining whether the constraint portion of the verification key corresponds to the constraint portion of the parent verification key, associating, in case the constraint portion of the verification key corresponds to the constraint portion of the parent verification key, the verification key with a particular state update, and storing the verification key associated with the particular state update.12-24-2009
20100183154APPARATUS AND METHOD FOR DISTRIBUTING PRIVATE KEYS TO AN ENTITY WITH MINIMAL SECRET, UNIQUE INFORMATION - In some embodiments, a method and apparatus for distributing private keys to an entity with minimal secret, unique information are described. In one embodiment, the method includes the storage of a chip secret key within a manufactured chip. Once the chip secret key is stored or programmed within the chip, the chip is sent to a system original equipment manufacturer (OEM) in order to integrate the chip within a system or device. Subsequently, a private key is generated for the chip by a key distribution facility (KDF) according to a key request received from the system OEM. In one embodiment, the KDF is the chip manufacturer. Other embodiments are described and claims.07-22-2010
20090296938Methods and apparatus for protecting digital content - A processing system to serve as a source device for protected digital content comprises a processor and control logic. When used by the processor, the control logic causes the processing system to receive a digital certificate from a presentation device. The processing system then uses public key infrastructure (PKI) to determine Whether the presentation device has been authorized by a certificate authority (CA) to receive protected content. The processing system may also generate a session key and use the session key to encrypt data. The processing system may transmit the encrypted data to the presentation device only if the presentation device has been authorized by the CA to receive protected content. Presentation devices and repeaters may perform corresponding operations, thereby allowing content to be transmitted and presented in a protected manner. Other embodiments are described and claimed.12-03-2009
20090116651METHOD AND SYSTEM FOR GENERATING AND DISTRIBUTING MOBILE IP KEY - A method and system for generating and distributing a mobile IP key are provided. The method mainly includes the following steps. During the course of access validation or re-authorization and re-authentication, a sub-key between a mobile node (MN) and an authentication, authorization, and accounting (AAA) server is computed, and an authentication extension (AE) between the MN and the AAA server is computed according to the sub-key. The AE is carried in a mobile IP registration request or a binding update (BU) request initiated by the MN, a home agent (HA) requests the key from the AAA server according to the AE in the registration request or the BU request, and the AAA server distributes the key to the HA. By using the present invention, a PMIP-client can compute the AE between the MN and the AAA server (MN-AAA-AE) without the need of distributing the key between the MN and the AAA server.05-07-2009
20090116650METHOD AND SYSTEM FOR TRANSFERRING INFORMATION TO A DEVICE - Methods and systems for transferring information to a device include assigning a unique identifier to a device and generating a unique key for the device. The device is located at a first site, and the unique identifier is sent from the device to a second site. The unique key is obtained at the second site, and it is used for encrypting information at the second site. The encrypted information is sent from the second site to the device, where it can then be decrypted.05-07-2009
20090296940CONTENT ENCRYPTION USING AT LEAST ONE CONTENT PRE-KEY - In a method for encrypting content, the content is received in a device and at least a portion of the content is stored to thereby associate the content with one of a first copy control state and a second copy control state. The method includes creating at least one of a first content pre-key using a local storage key unique to the device as a key to encrypt the content ID of the content and a second content pre-key using the first content pre-key as a key to encrypt the first copy control state, creating a content encryption key using one of the first content pre-key as a key to encrypt the first copy control state and the second content pre-key as a key to encrypt the second copy control state, and encrypting the content using the content encryption key.12-03-2009
20100239095KEY DISTRIBUTION - Methods and systems are provided for trusted key distribution. A key distribution or an identity service acts as an intermediary between participants to a secure network. The service provisions and manages the distribution of keys. The keys are used for encrypting communications occurring within the secure network.09-23-2010
20100254536Authenticated mode control - Methods and systems for authenticated mode control in controlled devices are disclosed. A method for changing a mode in a controlled device from a current mode includes selecting one of several available key derivation functions based on a target mode, generating a target mode specific root key using a global root key and the selected key derivation function, and the use of that root key to affect a change of the controlled device to a target mode. Corresponding devices and systems are also disclosed. In one embodiment, the methods are applicable to a cable television distribution system and the changing of the operating mode of a set top box from one conditional access provider to another.10-07-2010
20100135497COMMUNICATION WITH NON-REPUDIATION - Apparatus, systems, and methods may operate to compare a first hashed value of at least a first decryption key, the first decryption key received from a sender, to a second hashed value of at least a second decryption key that has been received as a signed value from a receiver. Further operations may include sending the first decryption key to the receiver and sending the signed value to the sender upon determining that the first hashed value matches the second hashed value. Additional apparatus, systems, and methods are disclosed.06-03-2010
20090290716DIGITAL SOFTWARE LICENSE PROCUREMENT - A digital software licensing system including one or more subsystems to issue an order for one or more software licenses to a software vendor, receive from the vendor a wrapped license file, decrypt the wrapped license file using a manufacturer private key and verify authenticity of wrapped license file using a vendor public key. The wrapped license file includes a list of license keys which are signed using a vendor private key and encrypted using the manufacturer public key.11-26-2009
20090074193Method for accessing a user operable device of controlled access - A method is provided for accessing a user operable device having limited access ability. The method comprises transmitting an inquiry from a mobile device of a user via a wide area transmission network to a key authority for obtaining an access key for accessing functions of the user operable device, receiving a request for information from the key authority, transmitting the requested information to the key authority, wherein the information is used by the key authority for co-coding the access key with one or more conditions for operating the user operable device, receiving the access key assigned by the key authority via the wide area transmission network, and transmitting the access key to a controller unit of the user operable device via a short range communication network for accessing the functions of the user operable device.03-19-2009
20090074192Systems and methods for enhanced quantum key formation using an actively compensated QKD system - Systems and methods for enhanced quantum key distribution (QKD) using an actively compensated QKD system. The method includes exchanging quantum signals between first and second QKD stations and measuring the quantum signal error. An error signal S03-19-2009
20110026715SELF-HEALING ENCRYPTION KEYS - A method and nodes provide self-healing encryption keys from a server to a client. Forward keys and backward keys are generated at the server. The server sends to the client a pair comprising a forward key for a first instant and a backward key for a later instant, the first and later instants being separated by a self-healing period. The client calculates a backward key for the first instant by processing the received backward key for the later instant. The server updates the keys to the client. If the client misses an update, it processes the first forward key to obtain a next one. If the client misses an updated backward key within the self-healing period, it uses the already processed backward key. If the client misses a later backward key, it sends a feedback to the server, responsive to which the server adjusts the self-healing period.02-03-2011
20090190764METHOD AND SYSTEM OF KEY SHARING - The present disclosure provides a method and system of key sharing, the method includes: transmitting, by a group member, a key information request to a neighbor group member; transmitting, by the neighbor group member, the requested key information to the group member, upon receiving the key information request. The system includes: a requester group member and a responder group member. With the method and system of the disclosure, it may improve the reliability and availability of group key and/or auxiliary key distribution, which avoids the bottleneck in service performance and network bandwidth that may occur when all the group members obtain the key from the key server.07-30-2009
20090185689QKD system and method with improved signal-to-noise ratio - Systems and methods for performing quantum key distribution (QKD) that allow for an improved signal-to-noise ratio (SNR) when providing active compensation for differences that arise in the system's relative optical paths. The method includes generating at one QKD station (Alice) a train of quantum signals having a first wavelength and interspersing one or more strong control signals having a second wavelength in between the quantum signals. Only the quantum signals are modulated when the quantum and control signals travel over the first optical path at Alice. The quantum and control signals are sent to Bob, where only the quantum signals are modulated as both signal types travel over a second optical path at Bob. The control signals are directed to two different photodetectors by an optical splitter. The proportion of optical power detected by each photodetector represents the optical path difference between the first and second optical paths. This difference is then compensated for via a control signal sent to a path-length-adjusting element in one of the optical paths. The control signals provides a high SNR that allows for commercially viable QKD system that can operate with a high qubit rate and a small qubit error rate (QBER) in the face of real-world sources of noise.07-23-2009
20110235805STORAGE SYSTEM AND METHOD FOR GENERATING ENCRYPTION KEY IN THE STORAGE SYSTEM - In a storage system including a plurality of recording medium drives and encrypting and recording data with a device key, even if a recording medium drive fails and is replaced with another drive, the data stored by the failed recording medium drive can be reproduced. The plurality of recording medium drives has not only their own device keys, but also copies of the device keys of the other recording medium drives. If any one of the recording medium drives is replaced and data in a recording medium mounted in the replaced recording medium drive cannot be decrypted, the drive queries the other recording medium drives to acquire a copy of a device key of a recording medium drive used in the past and decrypts the encrypted data.09-29-2011
20100310077METHOD FOR GENERATING A KEY PAIR AND TRANSMITTING A PUBLIC KEY OR REQUEST FILE OF A CERTIFICATE IN SECURITY - A method for generating a key pair and transmitting a public key or request file of a certificate in security is provided. Usually, when a user applies for a certificate, a public-private key pair is always generated by a client side; the public key is combined with the user information to form the certificate; the CA's signature enables validity of user's certificate. However, in other cases, the client side is not a perfectly secure environment, so the private key of the user generated from the client side may be filched by a hacker, or may be replaced by a forged public key. On this occasion, the hacker can disguise the user without being detected. The method of the present invention is to use an information security device to generate a public-private key pair, the private key is saved within the information security device; the public key can be exported; and the information security device can generate authentication information for verifying the public key. The CA can determine whether the public key is generated by the information security device or not by verifying the authentication information. By the method provided by the present invention, the security of online transactions can be ensured effectively.12-09-2010
20100303242METHODS, APPARATUSES, SYSTEM AND COMPUTER PROGRAMS FOR KEY UPDATE - It is disclosed a method comprising monitoring validity of limited-validity key information, acquiring, from a net-work entity upon invalidity of the limited-validity key information, limited-validity transaction identification information based on unlimited-validity identification information identifying a terminal, generating new limited-validity key information based on the acquired limited-validity transaction identification information, and transmitting the acquired limited-validity transaction identification information to a network element.12-02-2010
20100310075Method and System for Content Replication Control - A method and system for content replication control are provided. In one embodiment, a content replication system receives a request to replicate content in a plurality of memory devices, wherein each memory device is associated with a respective unique identifier. For each of the plurality of memory devices, the content replication system sends a request to a transport encryption key server for a transport encryption key, the request including the unique identifier of the memory device. If the unique identifier of the memory device is authorized to receive the transport encryption key, the content replication system receives the transport encryption key and sends the transport encryption key to the memory device. The content replication system then receives encrypted content from a content server, wherein the encrypted content is encrypted with the transport encryption key. The content replication system then sends the encrypted content to the plurality of memory devices.12-09-2010
20100310076Method for Performing Double Domain Encryption in a Memory Device - A method for performing double domain encryption is provided. In one embodiment a memory device receives content encrypted with a transport encryption key. The memory device decrypts the content with the transport encryption key and then re-encrypts the content with a key unique to the memory device. The memory device then stores the re-encrypted content in the memory device.12-09-2010
20130148810SINGLE USE RECOVERY KEY - Aspects of the subject matter described herein relate to disclosing recovery keys. In aspects, when a recovery key is disclosed, data is updated to indicate that the recovery key has been disclosed. A machine that has locked data may determine whether a recovery key for the locked data has been disclosed and whether a new key needs to be generated for the locked data. If a new key needs to be generated for the locked data, the machine may generate the new key and send it to a recovery store for storage. In addition, old keys that protect the locked data may be deleted after the new key has been generated and stored.06-13-2013
20110110524SYSTEM FOR ON-LINE AND OFF-LINE DECRYPTION - A secure communication system wherein message decryption may be performed while off-line, or optionally while on-line. A sender encrypts a message based on the message key and sends it to the recipient. An envelope containing a message key is created by encrypting the message key based on a verifier, where the verifier is based on a secret of the recipient. The recipient is provided the envelope, along with the message or separately, from the sender or from another party, contemporaneous with receipt of the message or otherwise. The recipient can then open the envelope while off-line, based on their secret, and retrieve the message key from the envelope to decrypt the message. In the event the recipient cannot open the envelope, optional on-line access permits obtaining assistance that may include obtaining an alternate envelope that the recipient can open.05-12-2011
20100177901SYSTEM AND SERVICE TO FACILITATE ENCRYPTION IN DATA STORAGE DEVICES - An encryption communications appliance provides data encryption management for a data storage library. The appliance is coupled to an encryption-capable storage device, a data storage library controller within the data storage library and with an encryption key manager (EKM). The encryption command communications appliance intercepts encryption key requests from the data storage device and transparently forwards the requests to the EKM. The appliance also forwards transparently communications between the library controller and the data storage device.07-15-2010
20090034737Diamond nanocrystal single-photon source with wavelength converter - A single-photon source (SPS) (02-05-2009
20090034740CERTIFICATE-BASED ENCRYPTION AND PUBLIC KEY INFRASTRUCTURE - The present invention provides methods for sending a digital message from a sender to a recipient in a public-key based cryptosystem comprising an authorizer. The authorizer can be a single entity or comprise a hierarchical or distributed entity. The present invention allows communication of messages by an efficient protocol, not involving key status queries or key escrow, where a message recipient can decrypt a message from a message sender only if the recipient possesses up-to-date authority from the authorizer. The invention allows such communication in a system comprising a large number (e.g. millions) of users.02-05-2009
20090034739KEY ISSUING METHOD, GROUP SIGNATURE SYSTEM, INFORMATION PROCESSING APPARATUS, AND PROGRAM - There is provided in accordance with the present invention a key issuing method for being performed by a user apparatus in a group signature system including the user apparatus and an issuer apparatus connected to the user apparatus through a network. The method comprises: reading an issuer public key from the issuer apparatus into a user storage through the network; receiving, from the issuer apparatus through the network, first confidential data including one or plural confidential texts which are produced by confidentializing the issuer public key using element data containing information of an element of a group in the issuer apparatus; performing a second confidential data generating process for generating second confidential data of a confidential text represented by the product of modulo-exponentiated element data corresponding to the confidential texts included in the first confidential data or a confidential text represented by the sum of the element data multiplied by a constant, using the issuer public key and the first confidential data; sending the second confidential data to the issuer apparatus through the network; receiving, from the issuer apparatus through the network, information generated in the issuer apparatus and based on the element data corresponding to the second confidential data; and generating a member public key which is a public key corresponding to the user apparatus and a member secret key which is a secret key corresponding to the user apparatus, using the information based on the element data corresponding to the second confidential data, and writing the member public key and the member secret key into the user storage.02-05-2009
20090034738Method and apparatus for securing layer 2 networks - Systems and methods for using a shared key architecture to enable secure Layer 2 meshed network security.02-05-2009
20090034736WIRELESS DEVICE AUTHENTICATION AND SECURITY KEY MANAGEMENT - A method and wireless device for updating at least one cryptographic security key (02-05-2009
20110044455Method, Apparatus and System for Key Derivation - A method, an apparatus and a system for key derivation are disclosed. The method includes the following steps: a target base station) receives multiple keys derived by a source base station, where the keys correspond to cells under control of the target base station; the target base station selects a key corresponding to the target cell after knowing a target cell that a user equipment (UE) wants to access. An apparatus for key derivation and a communications system are also provided.02-24-2011
20110116635METHODS CIRCUITS DEVICES AND SYSTEMS FOR PROVISIONING OF CRYPTOGRAPHIC DATA TO ONE OR MORE ELECTRONIC DEVICES - Disclosed are methods, circuit, devices and systems for provisioning cryptographic material to a target device. According to embodiments, a cryptographic material provisioning (CMP) module may be adapted to process a provisioning message with a first message portion which is encrypted with a native key of the target device and which includes first cryptographic material along with a first permissions data vector, wherein the CMP may be further adapted to process data bits of a second portion of the provisioning message using the first cryptographic material and in accordance with usage limitations defined in the first permissions data vector.05-19-2011
20110211699Key distribution method and system - This invention discloses a key distribution method and system. The method includes: notifying, by an application provider management platform, a supplementary security domain of an application provider that is set on a smart card and corresponds to the application provider management platform to generate a public/private key pair including a public cryptographic key and a private cryptographic key; receiving, by the application provider management platform, the public cryptographic key from the supplementary security domain of the application provider that has been encrypted by the public key of the application provider obtained in advance and has been signed by a Controlling Authority Security Domain (CASD) on the smart card through a card issuer management platform; authenticating, by the application provider management platform, a signature and using the private key of the application provider to perform decryption to obtain the public cryptographic key; and sending, by the application provider management platform, a trust point's public is key used for external authentication and a certificate of the supplementary security domain of the application provider to the supplementary security domain of the application provider after the trust point's public key and the certificate have been encrypted by the public cryptographic key of the supplementary security domain of the application provider and the encrypted data have been signed by the private key of the application provider, to complete distribution of a key of the supplementary security domain.09-01-2011
20110243330AUTHENTICATION ASSOCIATED SUITE DISCOVERY AND NEGOTIATION METHOD - An authentication associated suite discovery and negotiation method for ultra wide band network. The method includes the following steps of: 1) adding a pairwise temporal key PTK establishment IE and a group temporal key GTK distribution IE in an information element IE list of an initiator and a responder, and setting a corresponding information element identifier ID, and 2) an authentication associated process based on the authentication associated suite discovery and negotiation method. The authentication associated suite discovery and negotiation method for ultra wide band network provided by the present invention can provide the discovery and negotiation functions of a security solution to the network so as to satisfy all kinds of application requirements better when multiple pairwise temporal key PTK establishing plans or multiple group temporal key GTK distributing plans co-exist.10-06-2011
20090214042Content playback apparatus, content playback method, computer program, key relay apparatus, and recording medium - A content playback apparatus reduces load concentration on a specific server apparatus that manages content keys of encrypted content, while protecting copyrights of the content. The content apparatus makes playback of content recorded in a recording medium sold possible after the specific server breaks down. A key acquisition control unit (08-27-2009
20100040234SYSTEM AND METHOD FOR PERFORMING AN ASYMMETRIC KEY EXCHANGE BETWEEN A VEHICLE AND A REMOTE DEVICE - Methods and apparatus are provided for performing an asymmetric key exchange between a vehicle and a first remote device. The method comprises storing predetermined cryptographic information on the vehicle, generating a first public key and a first private key that correspond to the vehicle, storing the first private key on the vehicle, and providing the first public key and descriptive data associated with the vehicle to a trusted entity, wherein the trusted entity is configured to store the first public key and the descriptive data in a location that is accessible to the first remote device.02-18-2010
20090323966METHOD AND SYSTEM FOR ENHANCING DATA ENCRYPTION USING MULTIPLE-KEY LISTS - A method for enhancing data encryption using multiple-key lists is disclosed. A first multiple-key list and a second multiple-key list for a decryption key are created, wherein each multiple-key list comprises plural partial decryption keys. Content to be accessed is encrypted using an encryption key corresponding to the decryption key. The first multiple-key list is stored in a hidden area of a memory device storing the content. The second multiple-key list is stored in the memory device. When the memory device is installed on an electronic device, an application installed in the electronic device is activated to select a first partial decryption key from the first multiple-key list stored in the hidden area and a second partial decryption key from the memory device, re-organizes and codes the first and second partial decryption keys to recover the decryption key, and decrypts the content using the decryption key, enabling the electronic device to access the content.12-31-2009
20090323967PRODUCTION OF CRYPTOGRAPHIC KEYS FOR AN EMBEDDED PROCESSING DEVICE - A system and method for producing cryptographic keys for use by an embedded processing device within a manufactured product. A pseudo random number generator is seeded with entropy data gathered by the embedded device, and the result is used to generate a public-private key pair. The process can be carried out during manufacturing so that the public key of each manufactured product can be stored in a database along with a unique identifier for the embedded device associated with the key. In one particular example, a vehicle having an installed telematics unit uses the key generating process to self-generate keys using entropy data available to the vehicle.12-31-2009
20100008507Method for auto-configuration of a network terminal address - A method for generating a network address in a communication network includes at least one user equipment and a network equipment. The method includes: a) providing a same shared secret key both at the at least one user equipment and at the network equipment; and b) generating at least a portion of the network address at the at least one user equipment and at the network equipment based upon at least the shared secret key.01-14-2010
20100034390Differential Phase Shift Keying Quantum Key Distribution - Differential phase shift (DPS) quantum key distribution (QKD) is provided, where the average number of photons per transmitted pulse is predetermined such that the secure key generation rate is maximal or nearly maximal, given other system parameters. These parameters include detector quantum efficiency, channel transmittance and pulse spacing (or clock rate). Additional system parameters that can optionally be included in the optimization include baseline error rate, sifted key error rate, detector dead time, detector dark count rate, and error correction algorithm performance factor. The security analysis leading to these results is based on consideration of a hybrid beam splitter and intercept-resend attack.02-11-2010
20100054478SECURITY ASSET MANAGEMENT SYSTEM - Some example embodiments described herein relate a security asset management system and a computerized method. The security asset management system includes a first server that is need of a security asset and a second server that provides the needed security asset to the first server. The second server is adapted to manage security assets. In some embodiments, the second server classifies the security assets as public and private security assets. In some embodiments, the second server may automatically rotate the security assets that it manages. In some embodiments, the computerized method includes connecting a first server to a second server that is adapted to manage security assets. The computerized method further includes detecting that the first server is in need of a security assets and using the second server to provide the needed security asset to the first server.03-04-2010
20100067700KEY MANAGEMENT SYSTEM - In a transmitter, data is encrypted by use of a data key, the data key is encrypted based on a first modification key, and the first modification key is encrypted based on a second modification key such that the first and second modification keys are different keys. The encrypted data, the encrypted data key, and the encrypted first modification key are transmitted to a receiver. In the receiver, the encrypted first modification key, the encrypted data key, and the encrypted data are received from the transmitter. The encrypted first modification key is decrypted based on the second modification key, the encrypted data key is decrypted based on the decrypted first modification key, and the encrypted data is decrypted by use of the decrypted data key.03-18-2010
20090028339Auto-Configuration of a Drive List for Encryption - A method, a system and a computer program product are provided to auto configure a drive list. When information is received for a drive, the key manager compares the information to drive information on a drive list. If the drive is not on the drive list the drive list is auto configured by adding the drive to the drive list. By adding the drive to the drive list the drive is able to obtain keys from the key manager to perform encryption and decryption.01-29-2009
20090028340Tunable compact entangled-photon source and QKD system using same - A robust, quickly tunable narrow-linewidth entangled photon source system based on Spontaneous Parametric Down Conversion (SPDC) of the pump light in periodically polled LiNbO01-29-2009
20090028341COMMUNICATION SYSTEM, COMMUNICATION DEVICE AND PROCESSING METHOD THEREFOR - A master generates a session key, receives public keys from a plurality of slaves, encrypts the session key using the individual public keys, transmits the encrypted session key to the plurality of slaves, encrypts data using the encrypted session key, and sends it to the plurality of slaves. A plurality of slaves transmit public keys to a master device, receive and decrypt a session key encrypted using individual public keys, receive data encrypted using the session key from the master, and decrypt it using the decrypted session key.01-29-2009
20100128878SYSTEM AND METHOD FOR PROVIDING DIGITAL CONTENTS SERVICE - The present invention relates to a method and system for providing a digital content service that provides packaging content consisting of digital rights management (DRM) content and advertisement content, and is able to use the DRM content for free by watching or listening to the advertisement content, including: generating packaging content consisting of pilot content and target content, which has been encrypted using an encryption key of the pilot content, and providing the packaging content to a portable terminal; and obtaining a decryption key for the target content through playing the pilot content of the packaging content, and playing the target content by the decryption key, by the portable terminal.05-27-2010
20110075845METHOD AND APPARATUS FOR DYNAMIC, SEAMLESS SECURITY IN COMMUNICATION PROTOCOLS - Communication nodes, acting as intermediate routers for communication packets transmitted between a source node and a destination node, are provided with different access rights to the fields of the routed communication packets. Routes of intermediate routers between the source node and the destination node are discovered and the identities of intermediate routers on the discovered routes are collected. The aggregate trust levels of the intermediate routers are computed allowing the most trusted route to be selected. Encryption keys are securely distributed to intermediate routers on the most trusted route based on the trust level of the intermediate routers and fields of the communication packets are encrypted with encryption keys corresponding to the assigned trust level. Intermediated nodes are thereby prevented from accessing selected fields of the communication packets.03-31-2011
20110075846SECURE COMPUTATION OF PRIVATE VALUES - An embodiment may include a system having a communication unit and a processing unit. The communication unit may be configured to receive an encrypted private value of a party, the encrypted private value being generated from a private value with a public-key encryption system and a public key, to send an encrypted blinded result to the party, and to receive a blinded result generated from the encrypted blinded result. The processing unit may be configured to compute a result of a function, the function having as input the private value, to blind the result of the function to generate the encrypted blinded result, and to compute the result by unblinding the blinded result.03-31-2011
20110255695KEY MANAGEMENT METHOD - The present invention relates to a key management method to establish selective secret information in multiple disjoint groups, more specifically to a method of reducing the broadcast size in access hierarchies and localize and facilitate management in said access hierarchies. The key management method selects a number of subgroups. Each subgroup supports an instance of a key distribution method for receiving distributed key material, and is capable of computing a usage security key based on the distributed key material and predefined user group key material.10-20-2011
20080253573BACKUP SYSTEM FOR IMAGE FORMING APPARATUS AND BACKUP METHOD FOR IMAGE FORMING APPARATUS - According to one embodiment, a backup system for an image forming apparatus includes: the image forming apparatus including an original data storage unit configured to store data, the image forming apparatus sending a backup copy of the data; and a backup apparatus electrically communicating with the image forming apparatus, the backup apparatus including a backup copy storage unit configured to save the backup copy received from the image forming apparatus, wherein the image forming apparatus further includes: a key generation unit configured to uniquely generate a key from an input key seed; an encryption and decryption unit configured to execute an encryption process and a decryption process in a symmetric-key cryptosystem using the key generated from the key seed by the key generation unit; and a nonvolatile memory unit configured to pre-store a first key seed, and the backup apparatus further includes: a nonvolatile memory unit configured to pre-store a second key seed.10-16-2008
20130163764SECURE DYNAMIC ON CHIP KEY PROGRAMMING - Provisioning an integrated circuit with confidential data, by receiving in the integrated circuit encrypted confidential data, the encrypted confidential data having been encrypted with a transport key, deriving in the integrated circuit the transport key by applying a key derivation function to a customer identifier, the customer identifier having been previously stored in the integrated circuit, decrypting in the integrated circuit the encrypted confidential data with the transport key to obtain decrypted confidential data, deriving in the integrated circuit a product key by applying a key derivation function to an integrated circuit identifier, the integrated circuit identifier having been previously stored in the integrated circuit, encrypting in the integrated circuit the decrypted confidential data with the product key to obtain re-encrypted confidential data, and storing the re-encrypted confidential data in a confidential data memory of the integrated circuit.06-27-2013
20110150226OPTICAL PHASE MODULATION METHOD AND APPARATUS FOR QUANTUM KEY DISTRIBUTION - Provided is an optical phase modulating method and apparatus for a quantum key distribution. When an optical phase modulator is arranged outside an optical interferometer, a configuration of the optical interferometer may be simplified, and an extension of an optical path caused by the optical phase modulator, instability and an insertion loss increased in the optical interferometer, and the like, may be overcome. An output feature may be improved by adjusting an applied voltage of the optical phase modulator arranged outside the optical interferometer.06-23-2011
20090323965Systems and Methods for Monitoring Performance of a Communication System - Monitoring the performance of communication systems is an important part of network operations. In one aspect the invention provides a method for monitoring the performance by collecting data pertaining to a mobile terminal accessing the system. In some embodiments, the method includes receiving an identifier for identifying the mobile terminal; using the identifier to detect the UE accessing the network via an access point; and in response to detecting the UE accessing the network, transmitting to the access point a message comprising an encrypted version of the identifier with a command to initiate the collection of data pertaining to the mobile terminal.12-31-2009
20090022322Entanglement-Based Qkd System With Active Phase Tracking - Entanglement-based QKD systems and methods with active phase tracking and stabilization are disclosed. The method includes generating in an initial state-preparation stage (Charlie) pairs of coherent photons (P01-22-2009
20090022320CONTENT COPYING DEVICE AND CONTENT COPYING METHOD - A content copying device has a mutual authentication section that performs a mutual authentication with a copy source recording medium and a copy destination recording medium respectively and generates a first medium unique key and a second medium unique key, a content key decrypting section that reads an encrypted content key from the copy source recording medium, and decrypts the encrypted content key using information based on the first medium unique key, a content key encrypting section that encrypts the decrypted content key using information based on the second medium unique key and writes the encrypted content key onto the copy destination recording medium, and a content copying section that reads an encrypted content from the copy source recording medium and writes the content onto the copy destination recording medium without performing decryption.01-22-2009
20090022321Personal information management system, personal information management program, and personal information protecting method - The present invention provides a personal information management system, a personal information management program and a personal information protecting method capable of storing personal information in consideration of security protection and facilitating utilization of the stored information. A personal information management system for handling personal information has a function of connection to a personal information dispersion management server that provides functions of encrypting personal information by the secret sharing scheme and decrypting the encrypted personal information with an index key for decrypting. The system has a search keyword management database storing the index key for decrypting and a personal information managing apparatus. When a request for storing personal information requiring security protection is generated, the personal information is divided and stored in the personal information dispersion management server, and the personal information is stored so as to be associated with the index key for decrypting into the search keyword management database.01-22-2009
20090022319METHOD AND APPARATUS FOR SECURING DATA AND COMMUNICATION - A method and apparatus for securing digital data, and applications for securing multiple data items such as multiple files or messages exchanged between two communicating parties. The methods use a randomly created non-repetitive codec, with which the information to be encrypted is XORed. The codec is XORed with a user initial key, and the two results are concatenated. For securing multiple items, a master file is created comprising a number of keys, while the master file itself is encrypted with the initial key. A communication application enables a login-free communication between a client and a server, thus blocking intrusion attempts on the client side, and pishing attempts on the server side.01-22-2009
20080247550Pon System with Encryption Function and Encryption Method of Pon System - In a PON system, clocks of an optical network unit and an optical line terminal are synchronized. An optical network unit generates a new encryption key and transmits it to an optical line terminal. The optical network unit transmits a notification that includes an encryption key changing time to the optical line terminal. Finally, the optical network unit and the optical line terminal change previously held encryption keys to the new encryption key at the encryption key changing time.10-09-2008
20090196426Method and Apparatus for Key Distribution for Secure Digital Cinema Presentations - Key distribution within a digital cinema presentation facility (08-06-2009
20090097659Method for Detection of a Hacked Decoder - A method of identifying a receiver device from which pirated video decryption keys have been obtained consistent with certain embodiments involves organizing a population of receiver devices into a plurality of N groups; associating the N groups with a plurality of N decryption keys, where each of the N groups is associated with one of the N decryption keys, where the N decryption keys are used for either decryption of content or decryption of other decryption keys; causing the plurality of N decryption keys to be obtained by their associated N groups of receiver devices by direct delivery or by derivation at the receiver devices; and identifying a pirated key as being associated with one of the N groups so as to identify the receiver device from which the pirated video decryption keys have been obtained as belonging to one of the N groups. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.04-16-2009
20080253572Method and System for Protecting Data - The present disclosure is directed to a method and system for protecting data. In accordance with a particular embodiment of the present disclosure a new file is created. A key is retrieved for the file from a keyserver. The key includes a key identifier and an encryption algorithm. The file is encrypted using the encryption algorithm. The key identifier is stored in a data repository. The data repository relates the key identifier to the encrypted file.10-16-2008
20120148051METHOD FOR GENERATING AN IDENTIFIER - The invention relates to a method for generating an identifier for identifying a pair, wherein the pair comprises a cryptographic device (06-14-2012
20080205653Method and Mobility Anchor Point for Authenticating Updates from Mobile Node - A method and Mobility Anchor Point (MAP) are provided for authenticating an update message received at the MAP from a Mobile Node (MN). A table entry is created in the MAP, following receipt of a first message comprising a public key of the MN, a first pointer and a first comparison data, information elements received from the first message being stored in the table entry. The MAP then receives an update message requesting binding of a Local Care-of Address (LCoA) with a Regional Care-of Address (RCoA). The update message further comprises a second pointer and a second comparison data. The MAP locates the table entry by use of the second pointer. The MAP then authenticates the second message by hashing one of the first or second comparison data and comparing a result of the hashing with the other one of the first and second comparison data. If a match is found, the second message is authenticated and the MAP binds the LCoA and the RCoA by storing both addresses in the table entry.08-28-2008
20100284539Methods for Protecting Against Piracy of Integrated Circuits - Techniques are provided for reducing the likelihood of piracy of integrated circuit design using combinational circuit locking system and activation protocol based on public-key cryptography. Every integrated circuit is to be activated with an external key, which can only be generated by an authenticator, such as the circuit designer. During circuit design, register transfer level (RTL) descriptions of the IC design are embedded with combinational logic based on a master key applied by the authenticator. That combinational logic renders at least one module of the RTL description locked, i.e., encrypted. The completed circuit design from the authenticator is sent to a fabrication lab with the combinationally locked modules. After fabrication, the circuit can only be activated when the authenticator sends an appropriate key that is used by the circuit to unlock the locked portions and thereby activate the circuit.11-11-2010
20080232597ITERATIVE SYMMETRIC KEY CIPHERS WITH KEYED S-BOXES USING MODULAR EXPONENTIATION - Disclosed is the design and development of a new cipher called the Dragonfire Cipher. The Dragon cipher includes message authentication code and keyed random number generator. Dragonfire cipher takes this transparent method of generating S-boxes and uses them to create a cipher with keyed S-boxes. This defeats most precomputations for cryptanalysis as the S-boxes are now different between sessions.09-25-2008
20110135096Method for Determining Functions Applied to Signals - A system and a method for determining a result of applying a function to signals is disclosed. The function is a polynomial function including monomials, in which the first signal in a first power forming a first part of the monomial and the second signal in a second power forming a second part of the monomial, wherein the first part of the monomial encrypted with a key is a first encrypted signal, and the second part of the monomial encrypted with the key is a second encrypted signal, comprising the steps of transmitting a first input signal encrypted with a second public key to the second processor, wherein the first input signal includes the first encrypted signal, transmitting a second input signal encrypted with a first public key to the first processor, wherein the second input signal includes a product of the first encrypted signal and the second encrypted signal.06-09-2011
20110085665Method For Generating Dynamic Group Key - A method of generating a dynamic group key of a group formed of a plurality of nodes, the method including: unicasting a public key that is based on respective secret keys of each of a plurality of general nodes excluding a master node, which is one of the plurality of nodes, wherein the unicasting is performed by the general nodes; broadcasting to the group an encryption value obtained by exponentially-calculating a secret key of the master node to the plurality of public keys, wherein the broadcasting is performed by the master node upon receiving the plurality of public keys; and obtaining a group key by using an inverse power-calculation of the respective secret keys of each of the general nodes based on the encryption value, wherein the obtaining is performed by the general nodes.04-14-2011
20120148050BINDING KEYS TO SECURE MEDIA STREAMS - A key message can include a key-encryption-key (KEK) associated with a KeyDomainID and a KeyGroupID. A session description message can describe streaming media initialization parameters containing media stream information for one or more media streams. For each media stream, the media stream information can include an IP address and a data port. The session description message can further contain a linkage for binding the KEK to a corresponding one of the media streams. The linkage can include the KeyDomainID and KeyGroupID or can include an abstract representation of the KeyDomainID and KeyGroupID. During session initialization, the key-encryption-key (KEK) can be bound to the media streams using the linkage of the session description message. Each of the media streams can be secured using a traffic key conveyed to user equipment (UE) under protection of the key-encryption-key (KEK).06-14-2012
20100215179Security Key Method In Semiconductor Manufacturing - The management of customer security keys by an integrated circuit manufacturer with automated material tracking among multiple circuit testers at multiple sites for programming keys into circuits. Limited key change methods plus sufficient key statuses provides processes for key handling.08-26-2010
20100215180Replacement of keys - A method and system for assigning a key to a device, the method including providing a device having a processor ID (CID) and an associated processor key (CK) and including a memory, at a first time, storing a personalization data ID (PDID) and associated personalization data (PD) in the memory, at a later time, sending the CID and the PDID to a security provider and receiving an activation value (AV) back from the security provider, the activation value AV being based, at least in part, on the CK and a personalization data key (PDK) associated with the PDID and the PD, computing, in the device, a result, based, at least in part, on the CK and the activation value, the result being produced by applying a first function g to the CK and the AV, such that the result=g(CK, AV), and storing the result in the memory, wherein a second function ƒ is used to compute the value of AV, such that AV=ƒ(CK, PDK), and ƒ includes an inverse function of function g, such that g(CK, ƒ(CK, PDK))=PDK, thereby assigning the personalization data key PDK to the device. Related methods and hardware are also described.08-26-2010
20100158253System and Method for Generalized Authentication - A system, method, and program product is provided that uses environments to control access to encryption keys. A request for an encryption key and an environment identifier is received. If the encryption key is not associated with the environment identifier, the request is denied. If they are associated, the system receives user-supplied environment authentication data items from a user. Examples of environment authentication data include passwords, user identifiers, user biometric data (e.g., fingerprint scan, etc.), smart cards, and the like. The system retrieves stored environment authentication data items from a secure (e.g., encrypted) storage location. The retrieved stored environment authentication data items correspond to the environment identifier that was received. The received environment authentication data items are authenticated using the retrieved stored environment authentication data items. If the authentication is successful, the user is allowed use of the requested encryption key, otherwise, the request is denied.06-24-2010
20110051933PARING METHOD BETWEEN SM AND TP IN DOWNLOADABLE CONDITIONAL ACCESS SYSTEM, SET-TOP BOX AND AUTHENTICATION DEVICE USING THIS - The present invention relates to a technology of paring a secure micro (SM) and a transport processor (TP) in a downloadable conditional access system (DCAS). More specifically, predetermined security components generated by a trusted authority which is a certificate authority are previously embedded into the SM and the TP, and pairing between the SM and the TP is performed by association of the security components with the TA. Accordingly, safe pairing can be assured and the leakage of security information from the SM by malicious hacking can be prevented.03-03-2011
20110188658COMMUNICATION APPARATUS, COMMUNICATION METHOD, AND COMPUTER PROGRAM - Communication parameters can be appropriately set without deteriorating user operability even if roles are not determined in advance when automatically setting the communication parameters. The invention includes a communication method when apparatus C newly joins a network formed of apparatuses A and B. The method is characterized by including a step of causing apparatus B to determine whether it belongs to the network in response to press of a button, and to operate as a provider and notify apparatus A of it upon determining that it belongs to the network, and a step of causing apparatus A to transmit, upon receiving the notification, a search response signal containing information on apparatus B in response to a search signal from apparatus C.08-04-2011
20110188659METHOD OF INTEGRATING QUANTUM KEY DISTRIBUTION WITH INTERNET KEY EXCHANGE PROTOCOL - A method of integrating quantum key distribution with Internet key exchange protocol, wherein the method comprises exchanging quantum-shared secret index from a cryptographic key database in Phase 1 of the Internet key exchange protocol between an initiator and a responder (08-04-2011
20100020977KEY GENERATION DEVICE, KEY DERIVATION DEVICE, ENCRYPTION DEVICE, DECRYPTION DEVICE, METHOD AND PROGRAM - A key generation device (01-28-2010
20120308011INTEGRATED KEY SERVER - A computer program product for integrated key serving is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method. The method includes using a smart card of two or more smart cards with a support element of two or more support elements to create an encryption key and storing the encryption key in an encrypted file that can only be decrypted by the smart card and the support element used to create the encryption key.12-06-2012
20110085666QUANTUM KEY DEVICE - The present invention relates to an improved quantum key device for use in quantum key distribution, which device comprises a quantum detector unit for detecting a quantum signal and a plurality of logic units operably connected to the quantum detector unit wherein each logic unit is arranged to derive a separate quantum key from the quantum signal detected. In this way, a single quantum key distribution (QKD) receiver can generate separate quantum keys for separate users.04-14-2011
20120039474Display Authenticated Security Association - A system and method for establishing a mutual entity authentication and a shared secret between two devices using displayed values on each device. Unique first private keys and first public keys are assigned to both devices. The public keys are exchanged between the two devices. Both devices compute a shared secret from their own private keys and the received public keys. Both devices compute, exchange, and verify their key authentication codes of the shared secret. If verification is successful, both devices use the shared secret to generate a displayed value. One or more users compare the displayed values and provide an indication to the devices verifying whether the displays match. If the displays match, then the devices compute a shared master key, which is used either directly or via a later-generated session key for securing message communications between the two devices.02-16-2012
20110026714METHODS AND DEVICE FOR SECURE TRANSFER OF SYMMETRIC ENCRYPTION KEYS - A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys.02-03-2011
20120002817KEY MANAGEMENT METHOD AND KEY MANAGEMENT DEVICE - A validity information processing section determines a valid MKB and a valid intermediate key by referring to validity information in a recording medium, and, when an MKB and an intermediate key that are not valid have been rewritten, rewrites the validity information in the recording medium. An MKB processing section reads the valid MKB from the recording medium and performs updating processing on an MKB stored in the key management device, and rewrites the non-valid MKB in the recording medium. An intermediate key processing section reads the valid intermediate key from the recording medium and decrypts and re-encrypts the read intermediate key with an authentication key, and rewrites the non-valid intermediate key into the re-encrypted intermediate key.01-05-2012
20120177201METHODS AND APPARATUS FOR USE IN QUANTUM KEY DISTRIBUTION - Methods and apparatus for use in quantum key distribution (QKD) are described. A quantum QKD signal is generated at a source and transmitted through a fibre optic network to an endpoint, a key being agreed with communication over a classical QKD channel. The classical QKD channel contains additional information relevant to a network over which keys are distributed, and may be processed at nodes intermediate between the source and the endpoint.07-12-2012
20120008785SYSTEM AND METHOD FOR SECURE PIN EXCHANGE - Systems and methods for wirelessly exchanging an encryption key between a first device and a second device are disclosed herein.01-12-2012
20120008784Delegated Key Exchange System and Method of Operation - A cryptographic key exchange protocol that enables a device that does not have the capability to perform public key operations to securely establish a shared key with a host device without any information disclosing the key being revealed to the delegate key service.01-12-2012
20120250863CHAOTIC CIPHER SYSTEM AND METHOD FOR SECURE COMMUNICATION - The present invention provides a method for a data encryption device to perform network communications, the method comprising obtaining an indexed array of encryption keys, wherein the indexed array of encryption keys is shared with a data decryption device; obtaining a message to be encrypted; using a first random or pseudorandom number to determine an index; obtaining a first key from the array of encryption keys, wherein the first key corresponds to the index; selecting a second key from the plurality of encryption keys; encrypting the message using the first key and a second random or pseudorandom number; encrypting the index using the second key and a third random or pseudorandom number; transmitting the encrypted message and the encrypted index to the data decryption device.10-04-2012
20120250864ENERGY MANAGEMENT APPARATUS AND ENERGY MANAGEMENT SYSTEM - An energy management apparatus includes: a communicator capable of communicating with at least a meter apparatus among the meter apparatus and a server apparatus that collects measurement information from the meter apparatus; a device registration processor configured to determine whether the direct communicator to the server apparatus can communicate with the server apparatus; if the direct communication is possible, transmit to the server apparatus a device registration message that requests to register a device identifier of the meter apparatus and a device identifier of the energy management apparatus; and, if the direct communication to the server apparatus is not possible, transmit the device registration message for the server apparatus to the meter apparatus; a communication processor configured to obtain energy control information of the device transmitted from the server apparatus; and a control executor configured to control the used energy amount of the device based on the energy control information.10-04-2012
20120027212METHOD FOR DETERMINING A CHAIN OF KEYS, METHOD FOR TRANSMITTING A PARTIAL CHAIN OF THE KEYS, COMPUTER SYSTEM AND CHIP CARD - The invention relates to a security module comprising 02-02-2012
20090136041Secure information storage system and method - The present invention systems and methods facilitate secure communication of information between devices. A present invention system and method can enable secure communication of proprietary content in a HDCP compliant configuration. In one embodiment, a high definition content protection key secure management method is utilized to enable efficient and secure storage of a HDCP key. A high definition content protection key value is received. The high definition content protection key is encrypted utilizing a secure key value, wherein the secure key value is not accessible via an external port. In one exemplary implementation, the secure key is stored in fuses included in a processing unit. The results of said encrypting in a memory (e.g., a BIOS memory, flash memory, etc.).05-28-2009
20120057708COMPUTER-READABLE, NON-TRANSITORY MEDIUM STORING DIGITAL CONTENT DISTRIBUTING PROGRAM, COMPUTER-READABLE, NON-TRANSITORY MEDIUM STORING DIGITAL CONTENT PLAYBACK PROGRAM, DIGITAL CONTENT DISTRIBUTING APPARATUS AND DIGITAL CONTENT PLAYBACK APPARATUS - In digital content including; data in which digital copyrighted work is stored, and a plurality of separation data separated from the data, a header of the data stores position information for specifying a separation region in which one of the separation data is separated. Moreover each separation region in which the separation data is separated, stores position information for specifying other separation regions in an interlinked manner. Furthermore the data excluding the separation region is encrypted by a content key of the data, and the separation region of the data, and the separation data are encrypted respectively by a content key different for each separation data. Moreover, the separation data is distributed together with the content key on a route different to the data.03-08-2012
20120063600APPRAISING SYSTEMS WITH ZERO KNOWLEDGE PROOFS - A system, method, and computer program product are provided for requesting a proof of a security policy in a Ghent system. Additionally, a system, method, and computer program product are provided for proving a security policy to an interrogator system.03-15-2012
20120155645PAIRING OF ANGLE SENSOR AND ELECTRONIC CONTROL UNIT - Various embodiments relate to a tamper-proof vehicle sensor system and a related method for sending secure packets between components. A sensing unit may include an angular sensor, such as an anisotropic magnetoresistive (AMR) sensor, which determines the angular position of a magnetic field and produces related angle sensor data. The sensing unit may place the angle sensor data in a packet and may encrypt the packet using a selected encryption key. The sensor may append an encryption key identifier (ID) associated with the selected encryption key onto the packet and send the secure, unidirectional packet to an electrical control unit (ECU). The ECU may then use the appended encryption key ID to retrieve the selected encryption key to decrypt the packet. The ECU may then extract the angle sensor data from the packet to modify the configuration of the vehicle.06-21-2012
20100290625Secure group communications - A device for use in a system with multiple receiving units, and multiple intermediate units each configured to communicate with the device and at least some of the multiple receiving units, includes a communication module configured to send information toward and receive information from the receiving units and the intermediate units, a memory, and a processor coupled to the memory and the communication module. The processor is configured to: cause the communication module to send information toward each of the receiving units sufficient for the receiving units to obtain a key chain corresponding to that receiving unit, each key chain containing a plurality of keys, each key in each key chain being related to other keys in the respective key chains by at least one inverse of a one-way function; select a key from a key chain associated with a particular receiving unit and stored in the memory; and cause the communication module to send the selected key, and an indication of which receiving unit the selected key is associated with, toward the intermediate unit associated with the particular receiving unit.11-18-2010
20100246829KEY GENERATION FOR NETWORKS - Systems, methods, and other embodiments associated with key generation for networks are described. One example method includes configuring a key server with a pseudo-random function (PRF). The key server may provide keying material to gateways. The method may also include controlling the key server to generate a cryptography data structure (e.g., D-matrix) based, at least in part, on the PRF and a seed value. The method may also include controlling the key server to selectively distribute a portion of the cryptography data structure and/or data derived from the cryptography data structure to a gateway. The gateway may then encrypt communications based, at least in part, on the portion of the cryptography data structure. The method may also include selectively distributing an epoch value to members of the set of gateways that may then decrypt an encrypted communication based, at least in part, on the epoch value.09-30-2010
20100246827USER-SPECIFIED SHARING OF DATA VIA POLICY AND/OR INFERENCE FROM A HIERARCHICAL CRYPTOGRAPHIC STORE - The claimed subject matter relates to architectures that can construct a hierarchical set of decryption keys for facilitating user-controlled encrypted data storage with diverse accessibility and hosting of that encrypted data. In particular, a root key can be employed to derive a hierarchical set of decryption keys and a corresponding hierarchical set of encryption keys. Each key derived can conform to a hierarchy associated with encrypted data of the user, and the decryption capabilities of the decryption keys can be configured based upon a location or assignment of the decryption key within the hierarchy. The cryptographic methods can be joined with a policy language that specifies sets of keys for capturing preferences about patterns of sharing. These policies about sharing can themselves require keys for access and the policies can provide additional keys for other aspects of policy and or base-level accesses.09-30-2010
20100246828METHOD AND SYSTEM OF PARALLELIZED DATA DECRYPTION AND KEY GENERATION - A method and system to decrypt data in a particular round of decryption substantially in parallel with the generation of a decryption key associated with the next round of the particular round of decryption. By performing an inverse next key computation, the decryption process can be symmetric to the advanced encryption standard (AES) encryption process in terms of processing time, hardware implementation and storage requirements.09-30-2010
20100020976 METHOD OF DECRYPTION KEY SWITCHING, A DECRYPTION DEVICE AND A TERMINAL EQUIPMENT - Embodiments of the present invention disclose a method of key switching for decrypting service data at a terminal, which includes: storing at least two decryption keys at a terminal side for decrypting service data encrypted by network side using a corresponding encryption key, wherein one of the at least two decryption keys is a current decryption key; receiving current service data and using the stored keys to decrypt the service data; and selecting from the stored decryption keys a key with which the current service data can be successfully decrypted and taking the selected key as the current decryption key. The embodiments of the present invention further disclose a data decryption device and a terminal equipment with the corresponding decryption function. With the invention, key switching can be performed adaptively, without special requirements on key distribution mode and synchronization, or additional overhead for supporting a strict data frame synchronization mechanism.01-28-2010
20120213372METHOD AND DEVICE FOR OBTAINING SECURITY KEY IN RELAY SYSTEM - A method and a device for obtaining a security key in a relay system are disclosed in the embodiment of the present invention. A node in the relay system obtains an initial key, according to the initial key, the node obtains a root key of an air interface protection key between the node and another node that is directly adjacent to the node, and according to the root key, the node obtains the air interface protection key between the node and said another node that is directly adjacent to the node. Therefore, according to the initial key, each lower-level node obtains a root key of an air interface protection key between each lower-level node, so that data of a UE on a Un interface link may be respectively protected, that is, each active UE has a set of security parameters on the Un interface link, and effective security protection is performed on data on each segment of an air interface.08-23-2012
20120213371Systems, Methods, and Apparatus for Electrical Grid Quantum Key Distribution - Certain embodiments of the invention may include systems, methods, and apparatus for electrical grid quantum key distribution. According to an example embodiment of the invention, a method is provided for secure communications in an electrical power distribution network. Example embodiments of the method can include evaluating vulnerability of communications control nodes associated with the network; distributing quantum encryption keys to one or more of the communications control nodes based, at least in part, on the vulnerability of the communications control nodes; and communicating among distributed electronic devices associated with the network using the quantum encryption keys.08-23-2012
20120213370SECURE MANAGEMENT AND PERSONALIZATION OF UNIQUE CODE SIGNING KEYS - A method and system generates and distributes unique cryptographic device keys. The method includes generating at least a first device key and encrypting the first device key with a first encrypting key to produce a first encrypted copy of the device key. The method also includes encrypting the first device key with a second encrypting key to produce a second encrypted copy of the device key. The second encrypting key is different from said first encrypting key. The first and second encrypted copies of the device keys are associated with a device ID identifying a computing device being manufactured. The second encrypted copy of the device key is loaded onto the computing device. The first encrypted copy of the device key and the device ID with which it is associated are stored onto at least one server for subsequent use after the computing device has been deployed to a customer.08-23-2012
20120257755METHOD AND SYSTEM FOR ESTABLISHING SECURE CONNECTION BETWEEN STATIONS - A method and system for establishing a secure connection between stations are disclosed. The method includes that: 1) a switch device receives an inter-station key request packet sent by a first user terminal; 2) the switch device generates an inter-station key, constructs an inter-station key announcement packet and sends it to a second user terminal; 3) the switch device receives an inter-station key announcement response packet sent by the second user terminal; 4) the switch device constructs an inter-station key announcement response packet and sends it to the first user terminal; 5) the switch device receives an inter-station key announcement response packet sent by the first user terminal. The switch device establishes an inter-station key for the two stations which are connected to the switch device directly, by which the embodiments of the present invention ensure the confidentiality and integrality of user data between the stations.10-11-2012
20120170751CRYPTOGRAPHIC COMMUNICATION WITH MOBILE DEVICES - A mobile device (07-05-2012
20120170752BROADCAST ENCRYPTION BASED MEDIA KEY BLOCK SECURITY CLASS-BASED SIGNING - Provided are techniques for verifying, by a first device, that a management key block of a second device is valid. A management key block that includes a plurality of verification data, each of the plurality associated with a plurality of security classes ranked from a high to low, is generated. The first device, which is associated with a security class that is higher than a security class associated with the second device, verifies a management key block of the second device by calculating a management key precursor associated with the higher security class and verifying verification data associated with the higher security class. In this manner, the second device is unable to pass an unauthorized, or “spoofed,” management key block.07-05-2012
20120177200QUANTUM KEY DISTRIBUTION METHOD AND APPARATUS - A QKD transmission apparatus comprises a GPS receiver module operable to receive a GPS signal, and a processor operable to use the GPS signal to derive a clock signal for transmission of a QKD signal.07-12-2012
20100272266Method for secure key management using multi-threshold secret sharing - A method and apparatus are disclosed for managing components of a secret key according to a secret sharing scheme. The disclosed secret sharing scheme divides a secret value, R, into n secret components (R10-28-2010
20100034391CRYPTOGRAPHIC-KEY MANAGEMENT SYSTEM, EXTERNAL DEVICE, AND CRYPTOGRAPHIC-KEY MANAGEMENT PROGRAM - An external device (02-11-2010
20100008508METHOD FOR ESTABLISHING A SECRET KEY BETWEEN TWO NODES IN A COMMUNICATION NETWORK - A method for establishing a secret key between two nodes in a communication network, in particular in a wireless local area network (WLAN), includes concealment of the fact that a key exchange occurs, one of the nodes—first node (B)—broadcasts one or more packets (P01-14-2010
20100266129KEY MANAGEMENT DEVICE AND INFORMATION TRANSMISSION SYSTEM USING THE SAME - An information transmission system includes a terminal device connected to a server device. Transmission destination information and transmission source information are encrypted and correlated with a user identifier when this information is stored in a storage unit for the server device. By using the user identifier and a decryption key which are reported when a transmission command button of the terminal device is pressed, the transmission destination information and the transmission source information are read out and decrypted by a decryption unit. A transmission unit for the server device transmits the transmission source information to a transmission destination specified by the transmission destination information.10-21-2010
20090060200Method of Converging Different Group Keys from Island into Single Group Key in Wireless Transport Network - The present invention provides a method of distributing a new group key by a designated group key server, comprising: receiving a group key by a wireless device from each of a newly discovered neighbor. The next step is to receive a list of devices that the newly discovered neighbor connects to. Then, the device determines whether or not the received group key is the same with a new group key and a key index from a neighbor Ni and to associate each the group key with the list of device received from the same neighbor. The device compares all the group keys from the each neighbor and merging an associated lists of device into a single list if the group keys are the same. Subsequently, the device selects the group key with the largest associated list of device be a new selected group key.03-05-2009
20090060199SYSTEM AND METHOD FOR UPDATING A TRANSACTIONAL DEVICE - Systems and methods for updating a transactional device having a reader is provided. In one embodiment, the method includes: reading data on a command token, wherein the data is stored in a memory device; identifying the token as a command token based on the data; generating transaction data that include an instruction based on the token data and a code identifying the instruction as a command data; and transmitting the transaction data to a remote device for command execution.03-05-2009
20090060198Secure message transport using message segmentation - Data is divided into a plurality of blocks. A unique identifier is assigned to each of the plurality of blocks. A key is generated that identifies how to reconstruct the data from the plurality of blocks. The key and each of the plurality of blocks are transmitted to a recipient.03-05-2009
20120230493Systems, Methods, and Apparatus for a Quantum Key Distribution Telescope - Certain embodiments of the invention may include systems, methods and apparatus for a quantum key distribution (QKD) telescope. According to an example embodiment of the invention, a method is provided for receiving a quantum key distribution (QKD) signal. The method can include collecting one or more QKD signals and one or more primary signals with a single telescope.09-13-2012
20080298595METHODS AND APPARATUS FOR PROVIDING PMIP KEY HIERARCHY IN WIRELESS COMMUNICATION NETWORKS - A method is provided for securing a PMIP tunnel between a serving gateway and a new access node through which an access terminal communicates. A PMIP key hierarchy unique to each access terminal is maintained by the gateway. The gateway uses a first node key to secure PMIP tunnels when authentication of the access terminal has been performed. A PMIP key is generated based on the first node key and the PMIP key is sent to the new access node to assist in establishing and securing a PMIP tunnel between the gateway and the new access node. Otherwise, when authentication of the access terminal has not been performed, the gateway generates a second node key and sends it to an intermediary network node which then generates and sends a PMIP key to the new access node. This second key is then used to secure the PMIP tunnel.12-04-2008
20080298594AUTHORIZING STATIONS INTO A CENTRALLY MANAGED NETWORK - Systems and methods for connecting new stations to a secure network. New stations can send connection requests to a headend device. The headend device can retrieve a device access key associated with the new station and can provide a network membership key to the new station based upon authentication of the new station using the device access key.12-04-2008
20080298593Gateway Shared Key - Procedures for using common encrypt/decrypt keys are described. In an example, a scale key is generated for encrypting host media stream for more than one client. The scale key may be exchanged with a first client so that the host receives a first client key for decrypting a first client media stream. The host may send a gateway device the scale key such that the gateway device may use the scale key. In implementations, the host may receive a share key for decrypting end client media stream forwarded through the gateway device.12-04-2008
20080298592TECHNIQUE FOR CHANGING GROUP MEMBER REACHABILITY INFORMATION - In one embodiment, a technique for updating an address associated with a first entity in a communications network with a second entity in the communications network wherein the address is used to forward information to the first entity from the second entity. The first entity registers a first address associated with the first entity with the second entity. The first entity determines that a second address associated with the first entity is to be used instead of the first address to communicate with the first entity. The first entity generates an update message containing the second address, the update message obviating having to register the second address with the second entity. The first entity forwards the update message to the second entity to cause the second entity to use the second address instead of the first address to forward information to the first entity.12-04-2008
20120269348SYSTEM FOR PROTECTING AN ENCRYPTED INFORMATION UNIT - This invention relates to system for securing an information unit and applications thereof. The system comprising at least one encrypting means for applying a first encryption key to the information unit thus provided an encrypted information unit, wherein said at least one encryption means is adapted to apply at least two second information encryption keys to the encrypted information unit, said at least two second encryption keys being calculated so as to decrypt the encrypted information unit when all of said first and second encryption keys have been applied to the information unit, the encryption keys being distributed to chosen users of the system.10-25-2012
20100239094COMPUTER READABLE MEDIUM STORING KEY GENERATING PROGRAM, COMPUTER READABLE MEDIUM STORING KEY RECORDING PROGRAM, KEY GENERATING DEVICE, PKI CARD, KEY RECORDING SYSTEM, KEY GENERATING METHOD AND KEY RECORDING METHOD - A computer readable medium stores a program causing a computer to execute a key generating processing. The computer generates a signatory private key which is used in an electronic signature, a signatory public key, a signatory public key certificate, a certification public key which is used when recording the signatory private key in a PKI card and a certification private key, transmits the certification private key to the PKI card via a secure communication path, and transmits an encoded signatory key obtained by encoding the signatory public key certificate and the signatory private key using the certification public key to the PKI card via the secure communication path or a non-secure communication path.09-23-2010
20120321086CLOUD KEY ESCROW SYSTEM - Embodiments are directed to allowing a user to store encrypted, third-party-accessible data in a data store and to providing third party data access to a user's encrypted data according to a predefined policy. A data storage system receives encrypted data from a user at a data storage system. The data is encrypted using the user's private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption prevents the storage system from gaining access to the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system accessing the encrypted data. The data storage system synchronously acknowledges that the received encrypted data has been verified and successfully stored.12-20-2012
20130010966ENCRYPTION KEY STORAGE - Systems, methods, and machine-readable and executable instructions are provided for encryption key storage. Encryption key storage may include associating each of a plurality of identifiers with a different one of a plurality of key fragment stores, determining a plurality of indexes, where each of the plurality of indexes is based upon a handle provided by a customer, an authorization token provided by the customer, and a different one of the plurality of identifiers, partitioning an encryption key provided by the customer into a number of encryption key fragments, and distributing the plurality of indexes and the number of encryption key fragments to the plurality of key fragment stores.01-10-2013
20130022203BALANCED ENTROPY RANDOM NUMBER GENERATOR - A method of generating a number includes asynchronously updating a plurality of linear feedback shift registers, selecting a mixing function using a balanced entropy value, and determining the number from bit values selected from the plurality of linear feedback shift registers based on the selected mixing function.01-24-2013
20080253574Controlling Delivery Of Broadcast Encryption Content For A Network Cluster From A Content Server Outside The Cluster - Controlling delivery of broadcast encryption content for a network cluster from a content server outside the cluster that include receiving in the content server from the network device a key management block for the cluster, a unique data token for the cluster, and an encrypted cluster id and calculating a binding key for the cluster in dependence upon the key management block for the cluster, the unique data token for the cluster, and the encrypted cluster id. In typical embodiments, calculating a binding key includes calculating a management key from the key management block for the cluster; calculating a content server device key from the management key and the content server device id; decrypting the encrypted cluster id with the content server device key; and calculating the binding key with the management key, the unique data token for the cluster, and the cluster id.10-16-2008
20080247551Information processing apparatus and computer readable medium - An information processing apparatus includes: an acceptance unit that accepts formed information to be formed on a medium and target information to be recorded as an information image together with an image based on the formed information; a specification acceptance unit that accepts specification of the accepted formed information or information concerning the formation result of information image on the medium; an encryption key acquisition unit that acquires an encryption key based on the specified information; an information image generation unit that encrypts the target information using the acquired encryption key, and that generates the information image based on the encrypted target information; and an output unit that outputs a command for forming the information image on the medium together with the image to be formed.10-09-2008
20130170645ENCRYPTION AND DECRYPTION DEVICES AND METHODS THEREOF - Encryption and decryption devices, computer readable media, and methods thereof. The decryption device comprises a key generator and a decryption module. The key generator is capable of receiving a first security key information for generating an application key. The decryption module is coupled to the key generator, capable of decrypting at least a portion of encrypted software data according to the application key, wherein the software data is used by a software when a software code of the software is executed.07-04-2013
20130142336METHOD OF GROUP KEY GENERATION AND MANAGEMENT FOR GENERIC OBJECT ORIENTED SUBSTANTIATION EVENTS MODEL - A method and an apparatus provide dedicated group key distribution in systems employing generic object oriented substation events (GOOSE). The method includes defining a group configuration for the GOOSE system via a plurality of field devices, verifying possession by each field device in the group of an asymmetric key pair, distributing a group key individually to each field group member device by a substation controller via a secure interaction between the substation controller and the group member device, and updating the group key after the group configuration has changed.06-06-2013
20130114815SECRET SHARING SYSTEM, SHARING APPARATUS, SHARE MANAGEMENT APPARATUS, ACQUISITION APPARATUS, SECRET SHARING METHOD, PROGRAM AND RECORDING MEDIUM - A sharing apparatus independently shares a value corresponding to each element θ(ψ, i, β)·g05-09-2013
20130136264SECURITY PROCESSING SYSTEM AND METHOD FOR HTTP LIVE STREAMING - Disclosed are a security processing system and method for HLS transmissions. An aspect of the invention provides a content key conversion device connected over a network to a content proxy device configured to provide encryption key information to a content operating device for a content received from a content provider device of an external network. The content key conversion device includes: a reception part that receives a double encryption key of a content from the content proxy device; an interface part that receives key decryption information corresponding to the double encryption key from an encryption key provider device of an external network; a decryption part that decrypts the double encryption key of the content using the key decryption information and thereby converts the double encryption key to an encryption key; and a transmission part that transmits the encryption key converted by the decryption part to the content proxy device.05-30-2013
20100290626OPTICAL TRANSMITTERS AND RECEIVERS FOR QUANTUM KEY DISTRIBUTION - An optical receiver for a quantum key distribution system comprises a plurality of optical components mounted or formed in a substrate and optically coupled by one or more hollow core waveguides formed in the substrate.11-18-2010
20100316223Method and Arrangement in a Telecommunication System - A security key, K_eNB, for protecting RRC/UP traffic between a User Equipment, UE, and a serving eNodeB is established by a method and an arrangement in a Mobility Management Entity, MME, and in said UE, of an Evolved Packet System, EPS. The MME and the UE derives the security key, K_eNB, from at least an NAS uplink sequence number, NAS_U_SEQ, sent from the UE to the MME, and from an Access Security Management Entity-key, K_ASME, shared between the MME and the UE.12-16-2010
20130156196Storage Device and Method for Super-Distribution of Content Protected with a Localized Content Encyrption Key - In one embodiment, a storage device stores a content encryption key, content encrypted with the content encryption key, and a super-distribution key. To re-distribute the content, the storage device creates a super-distribution token by encrypting the content encryption key with the super-distribution key and provides the encrypted content and the super-distribution token to a host device for storage in a target storage device. To access the encrypted content on the target storage device, the target storage device provides the super-distribution token to a server via the host device. The server generates an activation token from the super-distribution token, wherein the activation token contains the content encryption key. The target storage device receives the activation token from the server via the host device, retrieves the content encryption key from the activation token, and decrypts the encrypted content using the retrieved content encryption key.06-20-2013
20110311055METHODS, DEVICES, AND MEDIA FOR SECURE KEY MANAGEMENT IN A NON-SECURED, DISTRIBUTED, VIRTUALIZED ENVIRONMENT WITH APPLICATIONS TO CLOUD-COMPUTING SECURITY AND MANAGEMENT - The present invention discloses methods, devices, and media for secure key management in a non-secured, distributed, virtualized environment with applications to cloud-computing security and management. Methods include the steps of: receiving an encryption request for protecting an original key at a first encryption location in a network computing-environment; initially encrypting the original key with a first location-specific secure-key, located at a second encryption location, to create a location-specific initially-encrypted key; and finally encrypting the location-specific initially-encrypted key with a second location-specific secure-key, located at a third encryption location, to create a finally-encrypted key which may then be used in any way in a cipher-location; wherein the locations are regions of memory located in computing devices operationally connected to the network computing-environment; and wherein each of the location-specific secure-keys is protected from compromise by any owner of other location-specific secure keys using an appropriate technique in the respective locations.12-22-2011
20090175455METHOD OF SECURING A CALCULATION OF AN EXPONENTIATION OR A MULTIPLICATION BY A SCALAR IN AN ELECTRONIC DEVICE - A cryptographic operation includes calculating a multiplication of an element of an additively denoted group by a scalar. After two registers R07-09-2009
20120300937ACCESS CONTROL - Control apparatus (11-29-2012
20120300936Outsourcing the Decryption of Functional Encryption Ciphertexts - Functional encryption (FE) ciphertext is transformed into partially-decrypted (PD) ciphertext. The PD ciphertext has a shorter bit length than the FE ciphertext, or the decryption time of the PD ciphertext is less than the decryption time of the FE ciphertext. The FE ciphertext can be an attribute-based encryption ciphertext. The transformation can be performed with a transformation key generated by an authority with a master key or by a user with a decryption key. The transformation can also be performed, without a transformation key, based on unencrypted components of the FE ciphertext and on auxiliary information associated with the unencrypted components of the FE ciphertext. The PD ciphertext can require less transmission time across a network than the FE ciphertext. The PD ciphertext can require less time to decrypt than the FE ciphertext, particularly when the computational resources performing the decryption are limited.11-29-2012
20120093319METHOD AND APPARATUS FOR PROTECTING DIGITAL DATA BY DOUBLE RE-ENCRYPTION - Method and an apparatus for ensuring protection of digital data are provided. Embodiments may include double re-encrypting decrypted data using multiple keys (e.g., an unchangeable key, and a changeable key). In various embodiments, the re-encrypting may be performed using hardware, software, or a combination of hardware and software (e.g., re-encrypting in hardware using an unchangeable key and re-encrypting in software using a changeable key). In some embodiments, encryption/decryption is performed with RTOS using a HAL and a device driver (e.g., a filter driver, a disk driver and a network driver, in an I/O manager).04-19-2012
20130208894CRYPTOGRAPHIC KEY DISTRIBUTION SYSTEM - The invention concerns a or key distribution system comprising a server node, a repeater network connected to the server node through a quantum channel, and a client node connected to the repeater network through a quantum channel; wherein in use the repeater network and the client node cooperatively generate a transfer quantum key which is supplied to a system subscriber by the client node; the server node and the repeater network cooperatively generate a link quantum key; the repeater network encrypts the link quantum key based on the transfer quantum key and sends the encrypted link quantum key to the system subscriber through a public communication channel; the node encrypts a traffic cryptographic key based on the link quantum key and a service an key and sends the encrypted traffic cryptographic key to the system subscriber through a public communication channel.08-15-2013

Patent applications in class Key distribution

Patent applications in all subclasses Key distribution