Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Key distribution center

Subclass of:

380 - Cryptography

380277000 - KEY MANAGEMENT

380278000 - Key distribution

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
380282000 By public key method 45
380281000 Using master key (e.g., key-encrypting-key) 14
380280000 Control vector or tag 4
20090238368Key distribution system - The cloning source of an authorized receiving device cannot be identified. A key distribution system 09-24-2009
20090010439Terminal Apparatus, Server Apparatus, and Digital Content Distribution System - To reduce a frequency of recording communication management information for communication disconnection countermeasure. A digital content distribution system includes a license server (01-08-2009
20090245522MEMORY DEVICE - A method of controlling a memory device connectable to a host for sending out a command to the memory device, has storing a plurality of first keys which are accessible by a plurality of passwords, respectively, encrypting a second key for encrypting and decrypting data to produce an encrypted second key by using one of the first keys, and storing the encrypted second key, decrypting the encrypted second key by using one of the first keys and encrypting or decrypting data by the second key upon receipt of a command from the host to encrypt or decrypt the data, and receiving, upon receipt of a command for renewing the second key from the host, a renewed second key, encrypting the renewed second key with one of the first keys, and storing the encrypted renewed second key.10-01-2009
20100208898MANAGING GROUP KEYS - In an example, one or more cryptographic keys may be associated with a group. Any member of the group may use the key to encrypt and decrypt information, thereby allowing members of the group to share encrypted information. Domain controllers (DCs) maintain copies of the group's keys. The DCs may synchronize with each other, so that each DC may have a copy of the group's keys. Keys may have expiration dates, and any client connected to a DC may generate a new key when a key is nearing expiration. The various clients may create new keys at differing amounts of time before expiration on various DCs. DCs that store keys early thus may have time to propagate the newly-created keys through synchronization before other DCs are requested to store keys created by other clients. In this way, the creation of an excessive number of new keys may be avoided.08-19-2010
Entries
DocumentTitleDate
20090238367DIRECT DELIVERY OF CONTENT DESCRAMBLING KEYS USING CHIP-UNIQUE CODE - Systems and methods of direct delivery of content descrambling keys using chip-unique code are described herein. One such method includes receiving a unique chip identifier from a digital subscriber communications terminal; determining a chip key associated to the chip identifier; encrypting a service instance using the chip key; and transmitting the encrypted service instance. One such system includes a chip key server configured to store a plurality of chip identifiers, each identifier associated with a chip key, and configured to receive a unique chip identifier from a digital subscriber communications terminal; and an encryptor configured to encrypt a service instance using the chip key associated with the unique chip identifier, the chip key provided by the chip key server.09-24-2009
20130044882Enhancing provisioning for keygroups using key management interoperability protocol (KMIP) - A key management protocol (such as Key Management Interoperability Protocol (KMIP)) is extended via set of one or more custom attributes to provide a mechanism by which clients pass additional metadata to facilitate enhanced key provisioning operations by a key management server. The protocol comprises objects, operations, and attributes. Objects are the cryptographic material (e.g., symmetric keys, asymmetric keys, digital certificates and so on) upon which operations are performed. Operations are the actions taken with respect to the objects, such as getting an object from a key management server, modifying attributes of an object and the like. Attributes are the properties of the object, such as the kind of object it is, the unique identifier for the object, and the like. According to this disclosure, a first custom server attribute has a value that specifies a keygroup name that can be used by the key management server to locate (e.g., during a Locate operation) key material associated with a named keygroup. A second custom server attribute has a value that specifies a keygroup name into which key material should be registered (e.g., during a Register operation) by the server. A third custom server attribute has a value that specifies a default keygroup that the server should use for the device passing a request that include the attribute. Using these one or more custom server attributes, the client taps into and consumes/contributes to the key management server's provisioning machinery.02-21-2013
20080260164Method and Application for Authentication of a Wireless Communication Using an Expiration Marker - Systems and methods of securing wireless communications between a network and a subscriber station are disclosed. One embodiment creates authentication triplets due to expire after a certain amount of time such that they may not be used indefinitely by an attacker who intercepts them.10-23-2008
20110194697MULTICASE KEY DISTRIBUTION METHOD, UPDATED METHOD, AND BASE STATION BASED ON UNICAST CONVERSATION KEY - A multicast key distribution method, an update method, and a base station based on unicast conversation key, the distribution method includes the following steps: 1) the base station composes groups of multicast key distribution; 2) the base station broadcasts the groups of multicast key distribution to all terminals; 3) the terminals acquire the multicast conversation key by calculating. The present invention solves the problem that the efficiency of the multicast key distribution based on unicast conversation key is low in the prior art, and provides a multicast key distribution method based on unicast conversation key.08-11-2011
20090154708SYMMETRIC KEY DISTRIBUTION FRAMEWORK FOR THE INTERNET - A method, device, and system are disclosed. In one embodiment the method includes receiving measured health information from a client on a key distribution server. Once the measured health information is received the server is capable of validating the measured health information to see if it is authentic. The server is also capable of sending a session key to the client when the measured health information is validated. When the client receives the session key, the client is capable of initiating an encrypted and authenticated connection with an application server in the domain using the session key.06-18-2009
20100040236METHOD, SYSTEM AND DEVICE FOR GENERATING GROUP KEY - A method for generating a group key are provided in the field of network communications. The method includes the following steps: Group members select DH secret values and generate DH public values. An organizer generates an intermediate message and broadcasts a DH public value and the intermediate message. The group members generate a group key according to a DH secret value selected by the organizer and DH public values of the other group members except the organizer. A system for generating a group key and communication devices are also disclosed in the present invention.02-18-2010
20100067701Method and System for High Rate Uncorrelated Shared Secret Bit Extraction From Wireless Link Characteristics - A new methodology to exchange a random secret key between two parties. The diverse physical characteristics of the wireless medium and device mobility are exploited for secure key exchange. Unique physical characteristics of wireless channels between the two devices are measured at different random locations. A function of these unique characteristics determines the shared secret key between the two devices.03-18-2010
20090092255Dynamic Authentication in Secured Wireless Networks - Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required.04-09-2009
20090268914Securing Wireless Body Sensor Networks Using Physiological Data - A computer implemented method, apparatus, and computer program product for securing wireless body sensor networks with a three party password protocol. The password protocol combines the Bellare-Rogaway 3PKDP (three-party key distribution protocol) and the Diffie-Hellman password protocol. The three party password protocol also uses physiological values in place of passwords in one of the key exchanges. The other key exchanges in the protocol use symmetric key cryptography. The combination of the Bellare-Rogaway three-party key distribution protocol and the Diffie-Hellman password protocol allows two sensors which do not measure the same environmental data to authenticate and establish keys.10-29-2009
20120224695COMMUNICATING DEVICE AND COMMUNICATING METHOD - The debugging unit writes a public key of the key issuing server and an initializing program given from outside, to the storage unit. The instruction executing unit reads and executes the initializing program stored in the storage unit. The debug disabling unit disables the debugging unit. The public-key encrypting unit encrypts the random number by the public key in the storage unit, the random number generated by the random number generating unit after the debugging unit is disabled. The transmitting unit transmits the encrypted random number to the key issuing server. The receiving unit receives an individual key encrypted by the random number from the key issuing server. The individual-key writing unit decrypts the encrypted individual key by the random number to obtain the individual key and write the individual key to the storage unit.09-06-2012
20090279703SECURE SHELL USED TO OPEN A USER'S ENCRYPTED FILE SYSTEM KEYSTORE - The present invention provides a computer implemented method, apparatus, and data processing system for associating a private part of a keystore of a user with a user authentication process in an encrypting file system. A secure shell daemon server establishes the user authentication process with a secure shell client such that the user authentication process is associated with a user and the user is authenticated. The secure shell daemon server obtains an acknowledgment from the secure shell client. The secure shell daemon server accesses a user public key of the user from the keystore of the user, responsive to receiving the acknowledgment. The secure shell daemon obtains a public secure shell cookie associated with the user from the keystore of the user. The public secure shell cookie is an access key in encrypted form. The access key is based on the user's public key to form the public secure shell cookie. The secure shell daemon server obtains the access key from the secure shell client. The private part of the keystore is associated with the user authentication process, wherein the private part is accessed based on the access key.11-12-2009
20100074447SYSTEM AND METHODS FOR QUANTUM KEY DISTRIBUTION OVER WDM LINKS - A system and a method for quantum key distribution between a transmitter and a receiver over wavelength division multiplexing (WDM) link are disclosed. The method includes providing one or more quantum channels and one or more conventional channels over the WDM link; assigning a different wavelength to each of the one or more quantum channels and each of the one or more conventional channels; transmitting single photon signals on each of the one or more quantum channels; and transmitting data on each of the one or more conventional channels. The data comprises either conventional data or trigger signals for synchronizing the transmission of the single photon signals on the quantum channels. All channels have wavelengths around 1550 nm. The WDM link can be a 3-channel WDM link comprising two quantum channels for transmitting single photon signals and one conventional channel for transmitting conventional data or triggering signals.03-25-2010
20110033054METHOD FOR DISTRIBUTING ENCRYPTION MEANS - The present invention relates to method for operating a trust centre for distributing key material to at least one radio station, comprising the steps of at the trust centre, dividing an identifier of the radio station, said identifier being a code word consisting a first number of bits, into a plurality of subidentifiers, and generating for each subidentifier, an keying material function selected out of a set of keying material functions on the basis of the considered subidentifier at the trust centre, transmitting to the radio station the identifier and the key material comprising the generated encryption functions.02-10-2011
20110293097VIRTUAL MACHINE MEMORY COMPARTMENTALIZATION IN MULTI-CORE ARCHITECTURES - Techniques for memory compartmentalization for trusted execution of a virtual machine (VM) on a multi-core processing architecture are described. Memory compartmentalization may be achieved by encrypting layer 3 (L3) cache lines using a key under the control of a given VM within the trust boundaries of the processing core on which that VMs is executed. Further, embodiments described herein provide an efficient method for storing and processing encryption related metadata associated with each encrypt/decrypt operation performed for the L3 cache lines.12-01-2011
20110261963METHOD FOR SHARING AN INFORMATION CIPHERING AND DECIPHERING KEY, A KEY SHARING SYSTEM AND AN ACCESS CONTROL SYSTEM APPLYING THIS METHOD - This method is characterized in that it includes the following steps, a step for establishing a key root database in the transmitter and said at least one receiver, a step for generating in the transmitter a sequence of bits called an index, a step for having this index bit sequence transmitted by the transmitter to the receiver, and a step for having the key extracted from the index and from the key root database by the transmitter and said at least one receiver.10-27-2011
20090310788METHOD FOR MANAGING AND CONTROLLING THE ACCESS KEYS TO SERVICES IN A COMMUNICATION SYSTEM - A method for managing keys making it possible for a user to access one or more given services S in a communication system, in which the user is not able to be continuously connected to this service. A key K(t) is generated, which provides access to the service of day [t] for all the t12-17-2009
20080267411Method and Apparatus for Enhancing Security of a Device - A method is provided that authenticates a data transfer module. Further, the method establishes a secure tunnel between a first processor, which receives a copy protection key from the data transfer module, and a second processor, which receives the copy protection key from the first processor through the secure tunnel. In addition, the method receives, at the second processor, encrypted content from the data transfer module. The method also decrypts, at the second processor, the encrypted content with the copy protection key to generate decrypted content.10-30-2008
20100266130METHOD FOR DISTRIBUTING KEYS AND APPARATUS FOR USING THE SAME - The method and apparatus for distributing keys according to the IEEE 802.11r standard broadcast at least one notify packet from a first access point to other access points within an extended service set when a station has connected to the first access point. If the R0 key holder identifier in a key request packet coming from a second access point matches the R0 key holder identifier held by the first access point, a key response packet is forwarded to the second access point to speed up the handoff procedure between the station and the second access point.10-21-2010
20080260163COMMUNICATION ENCRYPTION PROCESSING APPARATUS - A communication encryption processing apparatus is provided in which a dedicated signal line is provided between a key management module and an encryption and decryption processing module to perform a key delivery via the dedicated signal line from the key management module to the encryption and decryption processing module, and as a result, transmission and reception of raw key data on a bus is no longer performed.10-23-2008
20090086977SYSTEM AND METHOD TO PASS A PRIVATE ENCRYPTION KEY - A method includes receiving, via a network, a request to provision and provide a private key, the private key being for use with a public and private key system. The method further includes identifying a requester that has made the request via the network and initiating a secure session with the requester. The method also includes providing the private key using the secure session, and provisioning the private key.04-02-2009
20090086978SYSTEM AND METHODS FOR DIGITAL CONTENT DISTRIBUTION - Method and system for transferring encrypted content from a server to a storage device are provided. The method includes encrypting the content using a first key, wherein the server encrypts the content; establishing a secure communication channel between the server and the storage device using a random session key; sending the first key to the storage device via the secure communication channel; replacing the random session key with the first key; sending the encrypted content to the storage device after the random session key is replaced with the first key; decrypting the encrypted content using the first key, wherein the storage device decrypts the encrypted content; re-encrypting the decrypted content using a second key generated by the storage device; and storing the re-encrypted content at the storage device.04-02-2009
20090169021Content distribution system, information processing method and terminal apparatus in content distribution system, and recording medium on which is recorded program thereof - In a terminal apparatus configuring the content distribution system, when a user's content data acquisition request operation is detected, content data corresponding to the acquisition request operation are acquired, via the network, from another terminal apparatus, and stored. Subsequently, when there is a request from another terminal apparatus for a transmission of the stored content data, the content data corresponding to the transmission request are transmitted to the another terminal apparatus. Meanwhile, a reproduction of the content data being restricted when a reservation period of the acquired content data is not finished, the reproduction of the content data is possible when the reservation period is finished.07-02-2009
20090252329IPTV FOLLOW ME CONTENT SYSTEM AND METHOD - Tools are provided for distributing access-restricted content in an internet protocol television (“IPTV”) environment based on portable entitlement keys. Such tools can include a decoder, an encoder, and a network entitlement handler. The decoder may be configured to receive a key associated with entitlement information, and transmit the entitlement information over a network. The encoder may be configured to receive content from content providers, and to encode the content to create IP-compatible content, with access restrictions based on entitlement. The network entitlement handler may be configured to receive a request for requested content from the decoder; receive the access-restricted content including (including the requested content) from the encoder; and transmit the requested content over the network to the decoder using IP, when the decoder is entitled to receive the requested content.10-08-2009
20090202080Method and system for managing encryption key - Conventionally, an encryption key for encrypting data to be backed up in a tape cannot be allocated for each logical data management unit. To solve the problem, provided is a storage system including: a disk storage device; a tape storage device in which a tape storage medium is loaded; and a controller for controlling the disk storage device and the tape storage device, in which the controller is configured to: generate, upon reception of a request for setting a tape group including one or more tape storage media, a first encryption key used for encrypting data stored in the tape group set by the request; and hold information for correlating the generated first encryption key with the tape group.08-13-2009
20090279704MOBILE INTERNET PROTOCOL SYSTEM AND METHOD FOR UPDATING HOME AGENT ROOT KEY - A MIP system and a method for updating an HA-RK are disclosed. The AAA server generates and delivers a new HA-RK before expiry of the old HA-RK, thus eliminating the time gap between expiry of the old HA-RK and obtaining of the new HA-RK and making the MIP registration seamless. In the system, if the remaining lifetime of the old HA-RK is less than or equal to the lifecycle of the MSK in the EAP process, a new HA-RK is delivered; otherwise, no new HA-RK needs to be delivered. If both a new HA-RK and an old HA-RK are valid on the network entity at a time, then only the old HA-RK applies and the new HA-RK is not active until expiry of the old HA-RK. Alternatively, both the new HA-RK and the old HA-RK are active concurrently, and are differentiated by an SPI.11-12-2009
20120263303GROUP KEY MANAGEMENT APPROACH BASED ON LINEAR GEOMETRY - A group key management approach based on linear geometry is disclosed. The approach includes the following steps: step 1: a group controller selects a mapping f and a finite field F; each group member selects a m-dimensional private vector over the finite field F, and sends it to the group controller via secure channel; step 2: the group controller selects a mapping parameter in the finite field F randomly, and maps the private vectors of all the group members into a new set of vectors by using the mapping f according to the mapping parameter; step 3: the group controller selects a random number k in the finite field F as a group key, and constructs a system of linear equations by using the new set of vectors and the group key; the group controller computes the central vector, and sends the central vector and the mapping parameter to all the group members via open channel; step 4: after the group members receive the central vector and the mapping parameter, the private vector of each group member is mapped to a new vector in a vector space according to the mapping parameter, and the group key is obtained by calculating the inner product of the new vector and the central vector. This invention requires small memory and little computation, has high security property, and is effective against brute-force attacks.10-18-2012
20090279705METHOD AND SYSTEM FOR DISTRIBUTING KEY OF MEDIA STREAM - A method and a system for distributing key of media stream are provided. The method comprises: determining, by a security management server, whether a domain to which the calling terminal belongs and a domain to which a called terminal belongs subscribe a key distribution protocol; generating a key based on encryption capability information obtained in a calling process, and distributing the generated key to the calling terminal and the called terminal, if the protocol has been subscribed; generating a key based on encryption capability information obtained in a calling process, and distributing the generated key to the terminal at the same side as the security management server, if the protocol has not been subscribed. By applying the disclosure, the key is generated by the security management server, so that complexity may be reduced for media stream key negotiation to facilitate promotion of media stream encryption service.11-12-2009
20110206206Key Management in a Communication Network - A method and apparatus for key management in a communication network. A Key Management Terminal KMS Terminal Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device.08-25-2011
20080240446INTRUDER TRACEABILITY FOR SHARED SECURITY ASSOCIATIONS - Various embodiments are directed to systems and techniques for shared security associations. In one or more embodiments, a key distribution server provides shared security associations for clients and servers by assigning a group key to a particular client according to a time-based group key assignment schedule. The key distribution server may comprise a recursive codebook including multiple entries corresponding to group key assignments to be selected by the key distribution server with respect to time intervals. Other embodiments are described and claimed.10-02-2008
20080240447SYSTEM AND METHOD FOR USER AUTHENTICATION WITH EXPOSED AND HIDDEN KEYS - The present invention relates to a system and method for digitally authenticating users both online and offline. In one embodiment, a hardware token assigned by a trusted token provider to the user is employed to ensure the identity of the user. In the online authentication, the token is adapted for generating an exposed key EK and a hidden key HK based on a noise code NC and a time code TC of the token, a space code SC of a service server, and an owner code OC of the user. A login session is initialized by entering a user identifier at the service server and the generated EK from a computing device. The service server computes an expose key CEK and a hidden key CHK based one an authentication license generated by the token provider. The service server authenticates the user if the CEK is same as the EK, and sends a response message encrypted the CHK to the computing device. Then, the user provides the HK to the computing device to decrypt the encrypted response message so as to access his/her account. In the offline authentication, the token is adapted for generating a license exposed key LEK used to render the encrypted digital content on an offline compliant device. The compliant device authenticates the user if a license exposed key computed by the compliant device based on a content license of which the user bought is same as LEK, so as to render the protected digital content after authentication.10-02-2008
20080273706System and Method for Controlled Access Key Management - Embodiments of the present invention provide controlled access to key management servers using store and forward protocols. A computer-implemented method for providing controlled key management includes generating a request indicative of a key management function. The request is received at the first of a number of intermediate parties capable of relaying the request toward a key management server. The key management function is performed subsequent to receiving the request from the last of the intermediate parties which is authorized to provide the request to the key management server. A response to the request is then generated.11-06-2008
20080279387Propagating Keys from Servers to Clients - A method for key distribution includes steps or acts of: deprecating a first key on a server; receiving a request from a client wherein the client request includes the deprecated key; verifying the client request by using the deprecated key provided in the client request to decrypt the client request; and sending a communication to the client advising that the first key has been updated. An additional step of sending instructions to the client on obtaining the updated key may also be provided. Additionally, instructions on obtaining the updated key may be sent to the client.11-13-2008
20110007903Universal file packager for use with an interoperable keychest - There is provided a system and method for a universal file packager for use with an interoperable key chest. There is provided a method for distributing media contents to distributors, comprising obtaining a first key, a second key and a content, encrypting the second key using the first key to generate an encrypted second key, encrypting the content using the second key to generate an encrypted content, generating a key information file including the encrypted second key, generating a universal file including the encrypted content and a first network address for a central key repository (CKR), providing the key information file for storage in the CKR, and providing the universal file to the distributors. The universal file can then be provided to users for digital e-commerce and transferred across different distributors with the CKR negotiating key access for granting new interoperable DRM licenses.01-13-2011
20080212783KERBERIZED HANDOVER KEYING IMPROVEMENTS - A media-independent handover key management architecture is disclosed that uses Kerberos for secure key distribution among a server, an authenticator, and a mobile node. In the preferred embodiments, signaling for key distribution is based on re-keying and is decoupled from re-authentication that requires EAP (Extensible Authentication Protocol) and AAA (Authentication, Authorization and Accounting) signaling similar to initial network access authentication. In this framework, the mobile node is able to obtain master session keys required for dynamically establishing the security associations with a set of authenticators without communicating with them before handover. By separating re-key operation from re-authentication, the proposed architecture is more optimized for a proactive mode of operation. It can also be optimized for reactive mode of operation by reversing the key distribution roles between the mobile node and the target access node.09-04-2008
20090129599HIERARCHICAL DETERMINISTIC PAIRWISE KEY PREDISTRIBUTION SCHEME - A security system for a hierarchical network (05-21-2009
20090185691METHOD AND SYSTEM FOR PROVIDING A MOBILE IP KEY - A method for providing an IP key, for encoding messages between a user terminal MS or a PMIP client and a home agent HA, wherein an authentication server only provides the mobile IP key when the authentication server recognizes, by a correspondingly encoded parameter, that the user terminal MS itself is not using mobile IP (PMIP).07-23-2009
20090080661SYSTEM AND METHOD FOR CONTROLLING MESSAGE ATTACHMENT HANDLING FUNCTIONS ON A MOBILE DEVICE - A system and method for controlling message attachment handling functions on a mobile device is described herein. An attachment handling control can be set to identify one of a number of selected attachment handling control modes. Depending on the attachment handling control mode identified, a request for the attachment structure that includes a decrypted session key for an encrypted message received at the mobile device may or may not be automatically sent to a remote server. This may provide the user with increased control over the content of an encrypted message that the remote server may access when determining the attachment structure for a message.03-26-2009
20090080660PROCESSORLESS MEDIA ACCESS CONTROL ARCHITECTURE FOR WIRELESS COMMUNICATION - To provide greater flexibility in wireless communication design and implementation, a device and method for implementing media access control (MAC) layer functionality without using an embedded processor for MAC layer functions. A key table stores connection identification data and communicates the connection identification data to a transmit control module and a receive control module to configure and control data transmission and reception, respectively. This use of dedicated hardware, rather than an processor, to implement MAC functions simplifies the design and construction of devices which wirelessly communicate with each other.03-26-2009
20110142241COMMUNICATION APPARATUS CONFIGURED TO PERFORM ENCRYPTED COMMUNICATION AND METHOD AND PROGRAM FOR CONTROLLING THE SAME - In a communication apparatus, a storage device stores encryption keys for encrypted communication with another communication apparatus on a network. A determination is made based on a storage state of encryption keys stored in the storage device whether to provide first encryption key information and second encryption key information wherein the first encryption key information is for encrypted communication using a common encryption key among all communication apparatuses on a network and the second encryption key information is for encrypted communication using an encryption key different for each communication apparatus on the network. Communication parameters including the first encryption key information and the second encryption key information are provided to an apparatus that request for provision of communication parameters based on the determination.06-16-2011
20090202079Method, apparatus and computer program product for providing mobile broadcast service protection - An apparatus for providing mobile broadcast service protection may include a processor. The processor may be configured to receive an indication of device groupings defining at least a first group of devices and a second group of devices in which the first and second groups are defined on the basis of a device characteristic, communicate a first security key providing access to a first message stream associated with a mobile broadcast service to the first group of devices, and communicate a second security key providing access to a second message stream associated with the same mobile broadcast service to the second group of devices. Methods and computer program products corresponding to the apparatus are also provided from the perspective of a network device and mobile terminal.08-13-2009
20090110199Toolbar Signature - A method and system are provided for a web browser toolbar signature. In one example, the method includes receiving a submission of user content from a source webpage, receiving a producer identity of a producer who submitted the user content, receiving identifying information about the destination webpage, coding signed content using the user content and the producer identity, wherein the signed content includes a signature, and submitting the signed content to a server hosting the destination webpage.04-30-2009
20090245521METHOD AND APPARATUS FOR PROVIDING A SECURE DISPLAY WINDOW INSIDE THE PRIMARY DISPLAY - In some embodiments, the invention involves securing sensitive data from mal-ware on a computing platform and, more specifically, to utilizing virtualization technology and protected audio video path technologies to prohibit a user environment from directly accessing unencrypted sensitive data. In an embodiment a service operating system (SOS) accesses sensitive data requested by an application running in a user environment virtual machine, or a capability operating system (COS). The SOS application encrypts the sensitive data before passing the data to the COS. The COS makes requests directly to a graphics engine which decrypts the data before displaying the sensitive data on a display monitor. Other embodiments are described and claimed.10-01-2009
20090245520DIGITAL CONTENT PROTECTION METHODS - An digital content protection method and device are disclosed. In the method, digital content to be delivered from a content provider to a consumer terminal is retrieved. The digital content is encoded to prevent unauthorized playback. The encoded digital content and a key for decoding the content are separately transmitted from the content provider to the consumer terminal, playback of the encoded digital content requires decoding with the key.10-01-2009
20090316909UTILIZATION APPARATUS, SERVICER APPARATUS, SERVICE UTILIZATION SYSTEM, SERVICE UTILIZATION METHOD, SERVICE UTILIZATION PROGRAM, AND INTEGRATED CIRCUIT - Provided are a utilization apparatus, a server apparatus, and a key utilization system which enable the utilization apparatus to control deletion of the old key without using a secure clock and allow encrypted communications irrespective of whether the accessed server has updated its key or not. In key utilization system 12-24-2009
20090252330DISTRIBUTION OF STORAGE AREA NETWORK ENCRYPTION KEYS ACROSS DATA CENTERS - Efficient mechanisms are provided for transferring key objects associated with disk logical unit numbers and tape cartridges from one data center to another data center. A request is received to transfer a source data center key object from a source data center to a destination data center. The source data center key object corresponds to a data block, such as a disk logical unit number (LUN) or a tape cartridge, maintained in a storage area network (SAN) and includes a unique identifier, an encrypted key, and a wrapper unique identifier. The encrypted key is decrypted using a source data center key hierarchy. Key information is transmitted from the source data center to the destination data center. A destination data center key object is generated using a destination data center key hierarchy.10-08-2009
20090274305METHOD AND APPARATUS FOR TRANSMITTING CONTENT KEY - Provided is a method of transmitting content keys to nodes arranged in a hierarchical structure which includes a plurality of node groups each including a predetermined number of the nodes. In this method, revoke information that includes identifiers of revoked node groups in the hierarchical structure, the total number of independent revoked nodes, and identifiers of the independent revoked nodes is generated. The revoked node groups are node groups consisting of only revoked nodes, and the independent revoked nodes are revoked nodes not belonging to any of the revoked node groups. Then, encrypted content keys are obtained by encrypting content keys using broadcast encryption, by using an encryption key set that has a form that cannot be generated using a decryption key set that the revoked nodes possess, and a set of encrypted content keys is generated. Thereafter, the revoke information and the set of the encrypted content keys are transmitted to all of the nodes arranged in the hierarchical structure.11-05-2009
20100002885Efficient multiparty key exchange - A system for providing secure communications includes a telecommunications network. The system includes N nodes and a new node in communication with the network to form a session, where N is greater than or equal to three and is an integer. Each node has media streams, and a unique cryptographic media key for each media stream which each node sends to every other node of the session over the telecommunications network. One of the N nodes is a key master which distributes a master key to every other node in the session over the network. Each node encrypts with its own respective media key and the master key each of its media streams. When the new node first joins the session, the new node sends its unique cryptographic media keys for each of its media streams to the N nodes of the session. The key master then generates a new master key with the media keys of the new node and distributes the new master key to the new node and the N nodes using only a single signalling message to each of the N nodes and the new node without any other signalling messages to establish secure communications between the new node and the N nodes in the session. A method for providing secure communications.01-07-2010
20100254537Scalable and Secure Key Management For Cryptographic Data Processing - A method and system for secure and scalable key management for cryptographic processing of data is described herein. In the method, a General Purpose Cryptographic Engine (GPE) receives key material via a secure channel from a key server and stores the received Key encryption keys (KEKs) and/or plain text keys in a secure key cache. When a request is received from a host to cryptographically process a block of data, the requesting entity is authenticated using an authentication tag included in the request. The GPE retrieves a plaintext key or generate a plaintext using a KEK if the authentication is successful, cryptographically processes the data using the plaintext key and transmits the processed data. The system includes a key server that securely provides encrypted keys and/or key handles to a host and key encryption keys and/or plaintext keys to the GPE.10-07-2010
20100061557SYSTEM AND METHOD FOR EFFECTIVELY PRE-DISTRIBUTING KEY FOR DISTRIBUTED SENSOR NETWORK - A system for effectively pre-distributing keys for a distributed sensor network is disclosed, The system includes: a plurality of sensor nodes, each of which has a sensing function, a calculation function, and a wireless communication function; and a base station which is connected to the sensor nodes over a wireless network, receives data from the sensor nodes, acts as a data central station, and distributes keys for inter-sensornode security authentication to the sensor nodes. A key management unit contained in the base station, generates a set of the sensor nodes used for security authentication between the sensor nodes, decomposes the set of the sensor nodes into a plurality of matrices, distributes the matrices to the sensor nodes, and allows the sensor nodes to search for a common private key required for the security authentication using the received matrices. Therefore, the system can always search for a common private key between the sensor nodes.03-11-2010
20090110200SYSTEMS AND METHODS FOR USING EXTERNAL AUTHENTICATION SERVICE FOR KERBEROS PRE-AUTHENTICATION - Systems and methods for providing Kerberos pre-authentication are presented. According to a method embodiment, a request for authentication is received from a principal of an authentication service. The principal in the authentication service is authenticated. A key associated with the authenticated principal in the authentication service is provided to a Kerberos Key Distribution Center (KDC).04-30-2009
20130136265METHOD AND APPARATUS FOR KEY DISTRIBUTION USING NEAR-FIELD COMMUNICATION - An apparatus and method to provision and distribute a traffic key amongst a plurality of radios enables secure communication, for a predetermined group or a predetermined event. Each radio has a controller, a radio transceiver for electromagnetic radio communications, and a near-field transceiver for near-field communications (NFC). The traffic key (or traffic keys) is provisioned locally at one radio and distributed to the remaining radios utilizing the NFC over a non propagating link. The same traffic key is distributed amongst all radios, and additional restrictions may be applied if desired. The same radios can later be re-provisioned for a different group or event. The local provisioning and distribution is highly advantageous for markets that do not require permanent assignment of radios.05-30-2013
20100329463GROUP KEY MANAGEMENT FOR MOBILE AD-HOC NETWORKS - Group key management in a mobile ad-hoc network (MANET) may be provided. Each network node associated with the MANET may comprise a group distribution key and a list of authorized member nodes from which a group key manager may be elected. The group key manager may periodically issue a new group key to be used in protecting communications among the network nodes. A compromised node may be excluded from receiving updated group keys and thus isolated from the MANET.12-30-2010
20110243331SHARED RANDOM NUMBERS MANAGEMENT METHOD AND MANAGEMENT SYSTEM IN SECRET COMMUNICATION NETWORK - In a secret communication network including a center node and multiple remote nodes, the center node is provided with a virtual remote node which functions as a remote node similar to each of the remote nodes. Random numbers shared between the center node and each remote node are managed based on random number sequences used in cipher communication between the virtual remote node and one of the remote nodes.10-06-2011
20090141902APPARATUS AND METHOD FOR SECURING DATA IN COMPUTER STORAGE - Apparatus, and an associated method, for maintaining data, such as a data file, in secure form. Security keys are stored and maintained at a central location. The security key is downloaded to a device that is to operate upon the data. When the security key is authorized to be downloaded to a computer device, a time boundary is associated with the security key. The time boundary defines the period of usability of the security key. The security key is used at the computer device to encrypt the data each time the data is written to storage and to decrypt the data each time the data is read from storage. Thereby, at all times, when the data is stored at storage, the data is maintained in secure form.06-04-2009
20090034742IDENTITY-BASED ENCRYPTION SYSTEM - A system is provided that uses identity-based encryption to support secure communications. Messages from a sender to a receiver may be encrypted using the receiver's identity and public parameters that have been generated by a private key generator associated with the receiver. The private key generator associated with the receiver generates a private key for the receiver. The encrypted message may be decrypted by the receiver using the receiver's private key. The system may have multiple private key generators, each with a separate set of public parameters. Directory services may be used to provide a sender that is associated with one private key generator with appropriate public parameters to use when encrypting messages for a receiver that is associated with a different private key generator. A certification authority may be used to sign directory entries for the directory service. A clearinghouse may be used to avoid duplicative directory entries.02-05-2009
20090316910METHOD AND DEVICE FOR MANAGING CRYPTOGRAPHIC KEYS IN SECRET COMMUNICATIONS NETWORK - A cryptographic key management method and device are provided by which cryptographic keys of multiple nodes can be managed easily and stably. A system includes at least one first node and a plurality of second nodes connected to the first node, and the first node individually generates and consumes a cryptographic key with each of the second nodes connected to the first node itself. A cryptographic key management device in such a system has a monitor that monitors the stored key amounts of cryptographic keys of the individual second nodes, stored at the first node, and a key management control section that performs key generation control on the first node, based on the stored key amounts.12-24-2009
20090214043KEY DISTRIBUTION METHOD AND AUTHENTICATION SERVER - A method of and an authentication server for distributing a key are disclosed. According to an embodiment of the present invention, the method of distributing a key, which is distributed by an authentication server connected with wireless terminals through a communication network, for encrypting and decrypting data in accordance with providing a service can include: obtaining characteristic information by decrypting encrypted characteristic information that has been received from each of n number of wireless terminals; generating a random key; generating a group key used for encrypting and decrypting data in accordance with providing a service; and generating a distribution key by using the random key, the group key and the characteristic information, and transmitting the distribution key to each wireless terminal.08-27-2009
20090097660MULTI-FACTOR CONTENT PROTECTION - Protecting content. A recipient receives content from a publisher. Some content is managed by an access server. The access server controls the recipient's use of managed content through interaction with a trusted agent at the recipient. The content is encrypted to a content key, and the content is associated with policy information. The policy information includes the content key for decrypting the content. The policy information is encrypted to an access server key allowing the policy information to be decrypted by the access server. The content key is received from the access server. The content key is encrypted to a trusted agent key. The content key is further encrypted to additional factor(s) defining additional content protection beyond that provided by trusted agent. The content key is decrypted using the trusted agent key and the at least one additional factor. The content is decrypted using the content key.04-16-2009
20100014677GROUP SUBORDINATE TERMINAL, GROUP MANAGING TERMINAL, SERVER, KEY UPDATING SYSTEM, AND KEY UPDATING METHOD THEREFOR - Provided is a group subordinate terminal in a key updating system that includes a server and a group of terminals including: a group managing terminal; and group subordinate terminals including the group subordinate terminal, the group subordinate terminal comprising: a group withdrawal request processing unit which transmits a group withdrawal request to the group managing terminal in response to an instruction to update its apparatus-unique key, the group withdrawal request requesting for withdrawal of the group subordinate terminal from the group; an update apparatus-unique key requesting unit which requests for another apparatus-unique key by transmitting to the server a group withdrawal certificate indicating that the withdrawal of the group subordinate terminal from the group of terminals is completed through invalidation of its group key; and an update processing unit which updates the apparatus-unique key held in an apparatus-unique key holding unit to the another apparatus-unique key obtained from the server.01-21-2010
20100034392ELECTRONIC APPARATUS, METHOD FOR CONTROLLING FUNCTIONS OF THE APPARATUS AND SERVER - An electronic apparatus, having functions on which use limitations can be imposed, in which a variety of functions are loaded on the electronic apparatus by hardware circuitry or by computer programs. Use of a certain function(s) is limited by setting a function limiting flag to “1”, provided that an other function(s) are usable within a period of a preset number of days of possible test use. An application is made from the apparatus to a key issuing source for purchasing usable functions. The key issuing source then issues a limitation removing key. The limitation removing key may be acquired from the key issuing source by a mobile phone terminal and transmitted to the apparatus by infrared ray communication. The apparatus rewrites the function limiting flag by this limitation removing key. If the number of days of actual test use has reached the number of days of possible test use, the CPU of the apparatus does not carry out the function(s) the function limiting flag of which is “1”.02-11-2010
20090257596Managing Document Access - Methods, computer program products and systems for protecting a document from access by one or more users based on one or more document access rules. In one embodiment, the method includes creating a data set representing the one or more document access rules, storing the document and the associated data set, determining and storing a key for opening the document when one or more document access rules from the data set are met, and releasing the key to open the document to one or more users in response to a request from a user which meets one or more document access rules, thereby enabling the user to access the document.10-15-2009
20090323968DESCRAMBLING APPARATUS AND DESCRAMBLING METHOD IN A TV SYSTEM - A descrambling apparatus and a descrambling method to descramble a scrambled data in a receiver of a digital TV system are provided. The descrambling apparatus comprises: a receiving module, a storing module, a comparator, a retrieving module and a descrambler. The receiving module receives a packet, wherein the packet comprises a key-status field, a packet identifier field and a scrambled data; the storing module stores a key data and a formerly received packet data; the comparator compares the formerly received packet data and a key-status value of the key-status field to generate a compare result; the retrieving module retrieves a descramble key from the key data and the formerly received packet data according to the compare result, the key-status value and a packet identifier value of the packet identifier field; and the descrambler descrambles the scrambled data according to the descramble key to generate a descrambled data.12-31-2009
20100054479DRM KEY MANAGEMENT SYSTEM USING MULTI-DIMENSIONAL GROUPING TECHNIQUES - A key management system is provided. The key management system includes a key server. The key server generates secret keys by constructing a rights hierarchy and a resource hierarchy, associating the rights hierarchy with the resource hierarchy, and converting a rights-resource relationship into a node in a service hierarchy. The rights hierarchy includes a rights node and the resource hierarchy includes a resource node. The rights hierarchy is set above the resource hierarchy. The right hierarchy and the resource hierarchy are in a partial order relationship.03-04-2010
20110075847KEY DISTRIBUTION IN A HIERARCHY OF NODES - Methods, a client node and a key server node are provided for distributing from the key server node, and acquiring at the client node, self-healing encryption keys. The client node and the key server node are part of a key distribution network that comprises a plurality of client nodes. An encryption key is obtained from a combination of a forward key with a backward key, wherein the backward key is distributed at a time separated from the time of the forward key by a self-healing period. The forward and backward keys are updated in a multicast rekey message, at a given time, encrypted by an encryption key defined for a previous time. Optionally, when a sibling of the client node joins or leaves the key distribution network, a unicast rekey message is used to renew the forward and backward keys at the client node.03-31-2011
20110255696KEY DISTRIBUTION METHOD AND SYSTEM - The present invention discloses a key distribution method and system, and the method includes: a card issuer management platform generating initial keys of a supplementary security domain corresponding to an application provider, importing the initial keys and a Trust Point's public key for external authentication to the supplementary security domain, and sending the information of the supplementary security domain and the initial keys to the application provider management platform (10-20-2011
20100296655KEY DISTRIBUTION SYSTEM - A key distribution system for controlling access to content by rendering devices, comprising an epoch module to provide epochs, each epoch including service key periods, a service key module to provide a batch of service keys, a group module to provide group keys for each epoch such that each rendering device is assigned a group key grouping together the devices having the same group key, thereby defining groups, in different epochs the devices are grouped differently, an encryption module to encrypt, for each epoch, each service key in the batch of service keys, individually with each group key yielding a plurality of group-key-encrypted service keys from each service key, and a delivery module to distribute to the devices, for each one of the epochs, the group-key-encrypted service keys for the batch of service keys and the group keys of the one epoch. Related apparatus and methods are also described.11-25-2010
20090022323SECRET KEY PREDISTRIBUTION METHOD - A secret key predistribution method is provided. The secret key predistribution method includes the steps of: performing a tree structure establishment process by causing a center to release a tree structure and causing sensor nodes to store the released tree structure; performing a seed key and hashed key generation process by causing the center to select a seed key and extract hashed keys by applying a hash function according to the tree structure; and performing a key predistribution process by causing the center to select key id sequences and causing the sensor nodes to store the selected sequences and corresponding hashed keys. Accordingly, the secret key distribution method can provide excellent resiliency and efficiency in terms of hash computational complexity.01-22-2009
20090022324INFORMATION PROCESSING APPARATUS, CONTENT PROVIDING SYSTEM, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM - Disclosed herein is an information processing apparatus that serves as a server that performs data transmission in response to receipt of media information from a user device. The information processing apparatus includes: an encrypted transmission data storage database that stores a transmission data identifier and encrypted transmission data such that the transmission data identifier and the encrypted transmission data are associated with each other; and a control section configured to acquire, from a key management server, an encrypted unit key obtained by encrypting a unit key that is used to encrypt the transmission data, and transmit the acquired encrypted unit key and the encrypted transmission data to the user device.01-22-2009
20090016538Delivery of Messages to A Reciever Mobile Device - A system for delivering messages to a receiver mobile device and a method and memory storing instructions therefor are described. The system comprises a key server arranged to: transmit a first signal responsive to receipt of a message from a sender mobile device; transmit a delivery confirmation notice responsive to receipt of a second signal from the receiver mobile device; transmit a key to the receiver mobile device responsive to receipt of the second signal from the receiver mobile device; and a message server communicatively coupled with the key server and arranged to: transmit a third signal to the receiver mobile device responsive to receipt of the first signal from the key server; transmit a fourth signal to the sender mobile device responsive to receipt of the delivery confirmation notice from the key server.01-15-2009
20080205654Method and Security System for the Secure and Unequivocal Encoding of a Security Module - The present invention relates to a method and a security system for the secure and unequivocal encoding of a security module, in particular a chip card. To this end, a security module (08-28-2008
20100329464SYSTEMS AND METHODS FOR IMPLEMENTING SUPPLY CHAIN VISIBILITY POLICIES - Methods, storage medium and systems for implementing visibility policies within a supply chain include storing event data on a computer-readable storage medium of a first partner, the event data corresponding to at least one event associated with an item while the item was in possession of the first partner, the item having traveled through the supply chain, transferring evidence of possession between the plurality of partners as the item travels through the supply chain, and requesting access to the event data by a second partner. Implementations further include determining that the item traveled through a portion of the supply chain based on the evidence, authenticating an identity of the second partner, and authorizing the second partner to access the first event data, when it is determined that the item traveled through the portion of the supply chain and when the identity of the second party is authenticated.12-30-2010
20110135097Updating Encryption Keys in a Radio Communication System - Encryption keys in a communication system are updated according to rekey groups having a common set of encryption keys or CKRs. Each group includes a number of radios with active and inactive keysets. A database records the relationships between rekey groups and keys, and the status of their keysets. An operator first determines one or more keys to be updated. New keys are then transmitted to each radio in one or more rekey groups using respective rekey messages. The new keys are stored in the inactive keysets of the radios. The inactive keysets are then activated using respective changeover messages. Deployment of new keys is carried out by software in the form of automated update tasks.06-09-2011
20110261962METHOD AND SYSTEM FOR DISTRIBUTING CRYPTOGRAPHIC KEYS IN A HIERARCHIZED NETWORK - A method is presented for distributing cryptographic keys in a hierarchized network including at least one device in charge of a higher group of devices, wherein at least one of the devices of the group of devices is also in charge of a lower group of devices. The method includes the steps of: a) storing (10-27-2011
20100166188IMPLICIT CERTIFICATE SCHEME - A method of generating a public key in a secure digital communication system, having at least one trusted entity CA and subscriber entities A. For each entity A, the trusted entity selects a unique identity distinguishing the entity A. The trusted entity then generates a public key reconstruction public data of the entity A by mathematically combining public values obtained from respective private values of the trusted entity and the entity A. The unique identity and public key reconstruction public data of the entity A serve as A's implicit certificate. The trusted entity combines the implicit certificate information with a mathematical function to derive an entity information ƒ and generates a value k07-01-2010
20100166187QKD USING HIGH-ALTITUDE PALTFORMS - Systems and methods for performing quantum key distribution (QKD) using one or more high-altitude platforms (HAPs) are disclosed. The system includes a second QKD station (Alice) supported by the HAP so as to be in free-space communication with the first QKD station (Bob) over an optical path (OP) via an optical quantum communication channel that carries quantum signals (P07-01-2010
20090034741ASYMMETRIC KEY WRAPPING USING A SYMMETRIC CIPHER - A method of asymmetric key wrapping in a system is disclosed. The method generally includes the steps of (A) transferring a shared key from a key storage to a cipher operation, wherein the cipher operation comprises a symmetric-key cipher utilizing a cipher key, (B) generating an encrypted key by encrypting a decrypted key with the cipher operation using the shared key as the cipher key in a wrap-encrypt mode and (C) presenting the encrypted key external to the system in the wrap-encrypt mode.02-05-2009
20090028342Systems, Methods, and Media for Adding an Additional Level of Indirection to Title Key Encryption - Systems, methods and media for encrypting and decrypting content files are disclosed. More particularly, hardware and/or software for adding an additional level of indirection to a title key encryption scheme are disclosed. Embodiments may include generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key.01-29-2009
20110069839AUTHENTICATION INFORMATION GENERATING SYSTEM, AUTHENTICATION INFORMATION GENERATING METHOD, CLIENT APPARATUS, AND AUTHENTICATION INFORMATION GENERATING PROGRAM FOR IMPLEMENTING THE METHOD - A secret information server 03-24-2011
20120099729METHOD AND SYSTEM FOR DELAYING TRANSMISSION OF MEDIA INFORMATION IN INTERNET PROTOCOL ( IP) MULTIMEDIA SUBSYSTEM - A method for transmitting deferred media information in an Internet Protocol (IP) multimedia subsystem (IMS) includes: a sending party of the media information sends a key generation parameter encrypted with a Ka to a mailbox application server of a receiving party of the media information, the mailbox application server stores or saves the encrypted key generation parameters, and sends the encrypted key generation parameters to a key management server (KMS); the KMS generates a media key K and forwards it to the sending party through the mailbox application server of the receiving party; the receiving party obtains the encrypted key generation parameter from the mailbox application server and sends it to the KMS; the KMS generates the K and sends it to the receiving party; the receiving party decrypts the encrypted media information by using the K. A corresponding system is also disclosed. The method and system decrease signaling interaction between the sending party and the KMS, reduce the storage pressure of the KMS; realize the end-to-end secure transmission of the deferred media in the IMS.04-26-2012
20090136042APPLICATION LAYER AUTHORIZATION TOKEN AND METHOD - An authorization token may provide security for operations. The authorization token may be encrypted by a key manager of a head end system so that only a target device may decrypt the authorization token and perform an operation.05-28-2009
20120063601SYSTEMS AND METHODS FOR REMOTELY LOADING ENCRYPTION KEYS IN CARD READER SYSTEMS - Systems and methods for remotely loading encryption keys in card reader systems are provided. One such method includes storing, at a card reader, a device identification number for identifying the card reader, a first magnetic fingerprint of a data card, and a second magnetic fingerprint of the data card, wherein each of the first and second fingerprints includes an intrinsic magnetic characteristic of the data card, encrypting, using a first encryption key derived from the second fingerprint, information including the device identification number and first fingerprint, sending the encrypted information to an authentication server, receiving, from the authentication server, a score indicative of a degree of correlation between the first fingerprint and second fingerprint, and receiving, when the score is above a preselected threshold, a second encryption key from the authentication server, the second encryption key encrypted using a third encryption key derived from the first fingerprint.03-15-2012
20120300939KEY MANAGEMENT AND NODE AUTHENTICATION METHOD FOR SENSOR NETWORK - A key management and node authentication method for a sensor network is disclosed. The method comprises the following steps of: 1) keys pre-distribution: before deploying the network, communication keys for establishing security connection between nodes are pre-distributed to all of nodes by a deployment server. 2) Keys establishment: after deploying the network, a pair key for the security connection is established between nodes, which includes the following steps of: 2.1) establishment of shared keys: the pair key is established between neighbor nodes in which the shared keys are existed; 2.2) path keys establishment: the pair key is established between the nodes in which there is no shared keys but there is a multi-hop security connection. 3) Node identity (ID) authentication: before formally communicating between nodes, the identity is authenticated so as to determine the legality and the validity of the identity of the other. It is possible for effectively resisting attacks such as wiretapping, tampering, and replaying and the like for the network communication, realizing the secret communication between the nodes, effectively saving resources of the nodes of the sensor network, and prolonging the service lift of the sensor network in the method.11-29-2012
20120155647CRYPTOGRAPHIC DEVICES & METHODS - A client device which utilizes a unit derivation key (UDK), a current unit key, a current unit key index (UKI) and a received UKI. The client device includes a processor to receive the received UKI, compare the received UKI with a current UKI, if the received UKI is not equivalent to the current UKI, utilize the UDK, the current unit key and the received UKI to derive a new unit key. A headend facility (HF) device which utilizes a current unit key and a current unit key index (UKI). A key infrastructure center (KIC) device which utilizes a derivation key.06-21-2012
20120300938Systems and Methods for Authenticating Mobile Devices - Embodiments of the invention provide systems and methods for authenticating mobile devices. Device identifying information may be received for a mobile device. A base level key may also be communicated to the mobile device. The base level key may be utilized by the mobile device to derive unique transaction specific keys to encrypt subsequent communications output by the mobile device. A communication encrypted with a unique transaction specific key may be received from the mobile device. Based at least in part upon the device identifying information and the base level key, a derived key may be generated, and the derived key may be utilized to decrypt the received communication and authenticate the mobile device. In certain embodiments, the above operations may be performed by one or more computers associated with a service provider.11-29-2012
20120155646SUPPORTING DNS SECURITY IN A MULTI-MASTER ENVIRONMENT - Multiple peer domain name system (DNS) servers are included in a multi-master DNS environment. One of the multiple peer DNS servers is a key master peer DNS server that generates one or more keys for a DNS zone serviced by the multiple peer DNS servers. The key master peer DNS server can also generate a signing key descriptor that identifies the set of one or more keys for the DNS zone, and communicate the signing key descriptor to the other ones of the multiple peer DNS servers.06-21-2012
20090086979VIRTUAL TPM KEYS ROOTED IN A HARDWARE TPM - The present subject matter related to trusted computing, and more particularly, to virtual trusted platform module keys rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module operable to capture virtual machine trusted platform module calls and operates to generate, maintain, and utilize hardware trusted platform module keys on behalf of the one or more virtual machines. Some embodiments include virtual trusted platform module keys having a public portion on top of an private portion including an encrypted hardware trusted platform module key.04-02-2009
20100208896COMMUNICATION APPARATUS AND CONTROL METHOD THEREOF - A first communication apparatus that functions as a providing apparatus that provides an encryption key or as a receiving apparatus that receives an encryption key provided by a providing apparatus, and that performs a key sharing process for sharing an encryption key with another apparatus, the first communication apparatus includes: acquisition means for acquiring identification information of a second communication apparatus that functioned as the providing apparatus in the key sharing process performed among a plurality of apparatuses present on a network which the first communication apparatus is to join; and determination means for determining whether the first communication apparatus is to function as the providing apparatus or as the receiving apparatus based on the result of a comparison between the identification information of the second communication apparatus acquired by the acquisition means and identification information of the first communication apparatus.08-19-2010
20120250866COMMUNICATION APPARATUS AND COMMUNICATION SYSTEM - A communication apparatus communicates with another communication apparatus by using a first key. The communication apparatus includes a processing unit that conducts a handshake process for a key exchange with the another communication apparatus and a key encryption unit that conducts an encryption process by using a second key. The processing unit conducts a first handshake process with the another communication apparatus without exchanging information on the first key while serving as a reception side of key information. Then, the processing unit conducts a second handshake process with the another communication apparatus to transmit the information on the first key encrypted by the key encryption unit by using the second key to the another communication apparatus.10-04-2012
20100027798METHOD AND APPARATUS FOR STORAGE OF SECURE INFORMATION, WHICH IS REQUIRED FOR SHORT-RANGE COMMUNICATION, ON A COMMUNICATION TERMINAL - A method of storing secure information that is required for a near-field communication on a communication terminal includes transmitting a request to store information and a key required for securing the information on the communication terminal from an issuer of the information to a central facility, transmitting the information and the key required for securing the information from the issuer via the central facility to the communication terminal when the central facility has confirmed the request to store the information and the key required for securing the information on the communication terminal, storing the information and the key required for securing the information in the communication terminal, and transmitting a notification relating to storing of the information and of the key required for securing the information from the communication terminal via the central facility to the issuer of the information, wherein the key required for securing the information is furnished by a central facility while being uniquely allocated to the secure information.02-04-2010
20100008509COMMUNICATION APPARATUS, KEY SERVER, AND MANAGEMENT SERVER - A communication apparatus obtains file information indicating all or a part of first and second encrypted pieces obtained by encrypting a plurality of pieces constituting a part of a content and version management information with which it is possible to judge whether the file information has validity and receives, for each of the pieces, one of the first encrypted piece and the second encrypted piece from another communication apparatus, by using the file information. The communication apparatus transmits, to a key server, a request message for requesting decryption keys each being used for decrypting the one of the first encrypted piece and the second encrypted piece received for a different one of the pieces and the version management information of the file information used to obtain the one of the first encrypted piece and the second encrypted piece in correspondence with each of the pieces and receives the decryption keys.01-14-2010
20090067633CONFIGURING HOST SETTINGS TO SPECIFY AN ENCRYPTION SETTING AND A KEY LABEL REFERENCING A KEY ENCYRPTION KEY TO USE TO ENCRYPT AN ENCRYPTION KEY PROVIDED TO A STORAGE DRIVE TO USE TO ENCRYPT DATA FROM THE HOST - Provided are a method, system, and article of manufacture for configuring host settings to specify encryption and a key label referencing a key encrypting key to use to encrypt an encryption key provided to a storage drive to use to encrypt data from the host. User settings are received to configure a data class having data attributes with encryption settings. The data class is stored with the received user encryption settings. A job is received indicating a data set to store to a removable storage medium. A data class is determined having data class attributes matching data attributes of the data set indicated in the job. A determination is made from the determined data class whether to encrypt the data. The data set and a command to encrypt the data set are transmitted to a storage drive in response to determining that the determined data class indicates to encrypt the data, wherein the command to encrypt the data set causes the storage drive to encrypt the data sets written to the removable storage medium with an encryption key.03-12-2009
20120314868SYSTEM AND METHOD FOR GRID BASED CYBER SECURITY - A method and system for providing a secure communication network using an electrical distribution grid is disclosed. A device connected to the electrical distribution grid initiates a request for a secured key token by signaling an intelligent communicating device residing at or near an edge of the grid. The intelligent communicating device forwards the request to a receiver at a distribution substation on the electrical grid. This receiver enhances the properties of the request such that a grid location for the request can be inferred. The enhanced request is forwarded to a server at the distribution substation, which compares the request grid location to a Grid Map and Policies of known secure grid locations. Any inconsistencies between the grid location inferred from the enhanced request and the Grid Map and Policies locations are considered evidence of tampering, and the server rejects the request.12-13-2012
20090060201Secure Peer-to-Peer Distribution of an Updatable Keyring - A distributed peer-to-peer document archive system provides version-control, security, access control, linking among stored documents and remote access to documents usually associated with centralized storage systems while still providing the simplicity, personalization and robustness to network outages associated with personal and peer-to-peer storage systems. A “keyring” is an encrypted repository that allows a user to recover and access a user's entire digital archive with a single master key. After the key is created, it does not need to be updated, and can be stored in a safe, safety-deposit box or other secure location. In the event the user's computer is stolen or destroyed, the user need only install the system on a new machine and import the master key. The system will then use that key to browse nearby servers to find and decrypt all files necessary to recreate the full digital archive in its most recent state.03-05-2009
20080310638Storage Medium Processing Method, Storage Medium Processing Device, and Program - A situation where accesses concentrate on a release day is eased. A user terminal 12-18-2008
20080317250Contents distribution system, contents distribution method, terminal apparatus, and recording medium on which program thereof is recorded - To prevent a preview of contents by a person who does not have a right to view or listen, by distributing encoded contents data which are difficult for a third person to decode. A new participation terminal apparatus, as well as transmitting a participation request to a parent terminal apparatus of a connection destination candidate, transmits a participation disclosure key for encoding a contents decoding key. The parent terminal of the connection destination candidate which receives the participation disclosure key from the new participation terminal apparatus generates an encoded decoding key, which is a contents decoding key encoded using the participation disclosure key received, and transmits it to the new participation terminal apparatus. The new participation terminal apparatus decodes the encoded decoding key received, using a participation secret key stored in a participation key storage section, acquiring a contents decoding key. Using the contents decoding key, the new participation terminal apparatus decodes distributed encoded contents data, and carries out a reproduction process.12-25-2008
20110038482Scalable Key Archival - A solution for scalable key archival includes, at a network device, determining whether a key management device that is not part of a current key management device configuration has been newly added to a network. The method also includes, if the key management device has been newly added to the network, determining whether the network device has a first application program interface (API) or device driver for communicating with the key management device. The method also includes, if the network device does not have the first API, obtaining the API. The method also includes creating a binding between a virtual device driver of the network device and the key management device via the first API, the network device having a second API for communications between the virtual device driver and a security processor of the network device. The security processor communicates with the key management device using the second API.02-17-2011
20100189263METHOD AND APPARATUS FOR GENERATING AND UPDATING SECURITY CODES - A system and method for creating a target cryptographic key. In one embodiment the system includes a first cryptographic module including a first cryptographic key, and a loader including a second cryptographic key, a communications port for the first cryptographic module; and a communication link for transmitting the target cryptographic key. When the first cryptographic module is connected with the communications port of the loader, the first cryptographic module loads the second cryptographic key and creates the target cryptographic key in response to the first cryptographic key and the second cryptographic key. In one embodiment the method of creating a cryptographic key, includes the steps of: loading a second cryptographic key into a first cryptographic module; calculating, by the first cryptographic module, a target cryptographic key in response to a first cryptographic key and a second cryptographic key; and loading the target cryptographic key to a loader.07-29-2010
20100232607INFORMATION PROCESSING DEVICE, CONTENT PROCESSING SYSTEM, AND COMPUTER READABLE MEDIUM HAVING CONTENT PROCESSING PROGRAM - An information processing device and method include storing encrypted content, storing a key for decrypting the encrypted content stored, decrypting the encrypted content stored using the key, storing a deletion table storing information indicating whether or not the key stored is to be deleted when a transition from an operating state to one of other states is made, the information corresponding to the other states, and checking the information in the deletion table corresponding to the one of the other states and deleting the key when the information indicates that the key is to be deleted.09-16-2010
20120321087CONTROLLING ACCESS TO PROTECTED OBJECTS - A device operated by a user may store an object to which access is to be regulated, which may be achieved by encrypting the object with an encryption key and sending the key to a server having a key store. When a user of the device requests access to the object, the server may authenticate the user (e.g., according to a credential submitted by the user) and verify a trust identifier of the device (e.g., authorization to access the object through the device, and/or the integrity of the device), before sending to the device a ticket granting access to the key. The device may send the ticket to the server, receive the key from the server, decrypt the stored encrypted object, and provide the object to the user. This mechanism promotes rapid access upon request and efficient use of the server, and enables remote revocation of access.12-20-2012
20110158411REGISTERING CLIENT DEVICES WITH A REGISTRATION SERVER - In a method of registering a plurality of client devices with a device registration server for secure data communications, a unique symmetric key is generated for each of the client devices using a cryptographic function on a private key of the device registration server and a respective public key of each of the client devices, and a broadcast message containing the public key of the device registration server is sent to the client devices, in which the client devices are configured to generate a respective unique symmetric key from the public key of the device registration server and its own private key using a cryptographic function, and in which the unique symmetric key generated by each client device matches the respective unique symmetric key generated by the device registration server for the respective client device.06-30-2011
20080232598System, Method and Apparatus to Obtain a Key for Encryption/Decryption/Data Recovery From an Enterprise Cryptography Key Management System - A technique for obtaining a key for encryption/decryption/data recovery from an enterprise key management system. In one example embodiment, this is accomplished by connecting a client mobile device to a cryptography key management using a UID, a UDID, the names of one or more data files to encrypt, a password Pswd, and a KeyID to obtain the key for encryption/decryption/data recovery.09-25-2008
20120250865SECURELY ENABLING ACCESS TO INFORMATION OVER A NETWORK ACROSS MULTIPLE PROTOCOLS - There is disclosed a method that includes providing encrypted information to a plurality of receiving devices, and transmitting by one of a multicast and broadcast a release key to the plurality of receiving devices to enable access to the encrypted information, wherein the release key is received at or about the same time by the plurality of receiving devices. The release key may be transmitted and or received over a multicast or broadcast network. The release key may be transmitted and/or over a distributed network. The transmission of the release key may be synchronized using a timing mechanism.10-04-2012
20130101121SECURE MULTI-PARTY COMMUNICATION WITH QUANTUM KEY DISTRIBUTION MANAGED BY TRUSTED AUTHORITY - Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution (“QKD”) are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.04-25-2013
20130129095Key Delivery - A multi-hierarchical key system is provided such that users receive timely key renewals when required so that access to authorized content is not disrupted. Timely renewals of keys may occur continuously for various services while minimizing network traffic. The multi-hierarchical key system may be used in an adaptive streaming environment.05-23-2013
20080205655CONTACT MANAGEMENT SYSTEM AND METHOD - In an embodiment of a method of providing contact information, the method includes creating a contact record in a contact management system, where a process associated with a subject of the contact record and/or a recipient of data associated with the contact record is included in creating the contact record. A unique serial number is generated corresponding to the contact record and the serial number is conveyed to the recipient. A request by an application is received for the contact record from the contact management system corresponding to the serial number and data associated with the contact record is transmitted to the application.08-28-2008
20090097661SYSTEMS AND METHODS FOR MANAGING CRYPTOGRAPHIC KEYS - A common interface for managing cryptographic keys is provided. A request to manage a cryptographic key may be received in a first interface format, translated to a common interface format, and then executed remotely from the first interface. Return arguments may then be translated from the common interface format to a format compatible with the first interface and communicated securely to the first interface. The cryptographic keys may be used in connection with a secure data parser that secures data by randomly distributing data within a data set into two or more shares.04-16-2009
20110249816HYBRID KEY MANAGEMENT METHOD FOR ROBUST SCADA SYSTEMS AND SESSION KEY GENERATION METHOD - Disclosed is a hybrid key management method for a supervisory control and data acquisition (SCADA) system in which a master terminal unit (MTU), a plurality of sub-master terminal units (sub-MTUs), and a plurality of remote terminal units (RTUs) are sequentially and hierarchically structured, the hybrid key management method comprising the steps of: (a) creating, by the MTU and the sub-MTUs, their own secret numbers and making and exchanging digital signatures; (b) creating, by the MTU, group keys; and (c) distributing, by the MTU, the group keys to the sub-MTUs and encrypting and decrypting the group keys using the secret numbers.10-13-2011
20130156197SECURE BROADCASTING AND MULTICASTING - Techniques are presented for secure broadcasting and multicasting. Communications for multicasting and broadcasting are encrypted and decrypted using a secure communication key. The secure communication key is represented in a broadcast value that is sent to selected parties. The broadcast value represents the product of unique prime numbers and an additional number plus the secure communication key. Each party is represented by one of the unique prime numbers. Each party can acquire the secure communication key by dividing the broadcast value by its particular prime number to obtain a remainder, which is the secure communication key.06-20-2013
20120281840METHOD AND SYSTEM FOR PACING, ACKING, TIMING, AND HANDICAPPING (PATH) FOR SIMULTANEOUS RECEIPT OF DOCUMENTS EMPLOYING ENCRYPTION - A method of facilitating substantially simultaneous receipt of electronic content by a plurality of intended recipients is disclosed. The electronic content is encrypted. The encrypted electronic content is transmitted to the plurality of intended recipients. An acknowledgement packet is received from each of the plurality of intended recipients within a predetermined timeout period. A handicap time is calculated for transmitting a decryption key to each of the intended recipient based on a time associated with the acknowledgement packet last received. Decryption keys are transmitted to the plurality of intended recipients using a delay based on the handicap time, where a decryption key having a smaller handicap time is transmitted prior to a decryption key having a larger handicap time.11-08-2012

Patent applications in class Key distribution center

Patent applications in all subclasses Key distribution center