Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Having particular key generator

Subclass of:

380 - Cryptography

380277000 - KEY MANAGEMENT

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
380046000 Nonlinear (e.g., pseudorandom) 85
380045000 Multiple key level 36
380047000 Plural generators 7
Entries
DocumentTitleDate
20110176676METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT FOR EFFICIENT ELLIPTIC CURVE CRYPTOGRAPHY - A method, apparatus and computer program product are provided to more efficiently perform aspects of elliptic curve cryptography such as by more efficiently multiplying an integer k by a point P on an elliptic curve by decomposing the integer into integers k07-21-2011
20090214029Unified Broadcast Encryption System - A system and method is disclosed for performing unified broadcast encryption and traitor tracing for digital content. In one embodiment a media key tree is divided into S subtrees, the media key tree including media keys and initial values, which may be random values. The digital content is divided into a plurality of segments and at least some of the segments are converted into a plurality of variations. The random values are transformed into media key variations and a separate media key variant is assigned to each of the subdivided subtrees. A unified media key block including the media key tree is stored on the media.08-27-2009
20130028414METHOD AND SYSTEM FOR SECURING DATA UTILIZING REDUNDANT SECURE KEY STORAGE - A system and method which protects a data processing system against encryption key errors by providing redundant encryption keys stored in different locations, and providing the software with the ability to select an alternate redundant key if there is any possibility that the encryption key being used may be corrupted. In the preferred embodiment, a memory control module in the data processing device is configured to accommodate the storage of multiple (for example up to four or more) independent password/key pairs, and the control module duplicates a password key at the time of creation. The redundant passwords and encryption keys are forced into different memory slots for later retrieval if necessary. The probability of redundant keys being corrupted simultaneously is infinitesimal, so the system and method of the invention ensures that there is always an uncorrupted encryption key available.01-31-2013
20090202069METHOD AND SYSTEM FOR GENERATING A SECURE KEY - A method, system on a chip, and computer system for generating more robust keys which utilize data occupying relatively small die areas is disclosed. Embodiments provide a convenient and effective mechanism for generating a key for use in securing data on a portable electronic device, where the key is generated from repurposed data and a relatively small amount. A multi-stage encryption algorithm may be performed to generate the key, where the first stage may include encrypting the secure data, and the second stage may include encrypting the result of a logical operation on the encrypted secure data with a unique identifier of the portable electronic device. A secret key may be used as the encryption key for each stage. The result of the second encryption stage may include the generated key which may be used to perform subsequent operations on the portable electronic device.08-13-2009
20120163590CRYPTOGRAPHY MODULE FOR USE WITH FRAGMENTED KEY AND METHODS FOR USE THEREWITH - A cryptography module includes a key store having a plurality of storage locations for storing a key as k key fragments including a plurality of random key fragments and a remainder key fragment. One or more crypto-processing segments each operate based on corresponding ones of the k key fragments to process an input signal to produce an output signal.06-28-2012
20130044874CRYPTOGRAPHIC CIRCUIT AND METHOD THEREFOR - Data security is facilitated. In accordance with one or more embodiments, a target circuit is used to generate encryption information specific to the target circuit. The encryption information is used for generating data corresponding to a key, such as for decrypting media content. In some implementations, encryption information is used together with key data to generate a key offset. The key offset is subsequently used, together with newly-generated encryption information, to obtain the key.02-21-2013
20130044875COMBINING KEY CONTROL INFORMATION IN COMMON CRYPTOGRAPHIC ARCHITECTURE SERVICES - A method for creating a key token includes receiving a first key token, second key token and a request to combine the first key token with the second key token, identifying a key type of the first key token and a key type of the second key token, determining whether the key type of the first key token may be combined with the key type of the second key token, combining the first key token with the second key token to create a third key token responsive to determining that the key type of the first key token may be combined with the key type of the second key token, and outputting the third key token.02-21-2013
20130028415CRYPTOGRAPHIC PROCESSING SYSTEM, KEY GENERATION DEVICE, ENCRYPTION DEVICE, DECRYPTION DEVICE, SIGNATURE PROCESSING SYSTEM, SIGNATURE DEVICE, AND VERIFICATION DEVICE - The object is to provide a secure functional encryption scheme having a large number of cryptographic functions. An access structure is constituted by applying the inner-product of attribute vectors to a span program. The access structure has a degree of freedom in design of the span program and design of the attribute vectors, thus having a large degree of freedom in design of access control. A secure functional encryption process having a large number of cryptographic functions is implemented by employing the concept of secret sharing for the access structure.01-31-2013
20110194687DATA-CONDITIONED ENCRYPTION METHOD - A system and method for encryption of data is disclosed. At least one block of the data is received. The at least one block of data is modified to cause each unique data element within the at least one block to appear with a respective predetermined frequency ratio. The block of data is encrypted into ciphertext based at least on an encryption key.08-11-2011
20100158246METHOD FOR AUTHENTICATION AND ELECTRONIC DEVICE FOR PERFORMING THE AUTHENTICATION - An authentication method (06-24-2010
20100074440HIGH-SPEED PIPELINED ARIA ENCRYPTION APPARATUS - There is provided a high-speed pipelined ARIA encryption apparatus. The high-speed pipelined ARIA encryption apparatus includes a round key generator for generating a plurality of round keys required for performing an encryption operation using a master key formed to have uniform bits, a plurality of round units whose number is in proportion to the number of times of round operations corresponding to the number of bit of an input value to receive the round keys and the input value and to perform the round operations, and a plurality of pipelined register provided between the round units to transmit the output value of a previous round unit as the input value of the next round unit. A plurality of round units are provided and pipelined registers are inserted between the round units so that it is possible to improve the performance of processing a large amount of data and to perform ARIA encryption at high speed.03-25-2010
20100074439 METHOD AND APPARATUS FOR THE GENERATION OF CODE FROM PATTERN FEATURES - A method is provided for deriving a single code from a biometric sample in a way which enables different samples of a user to provide the same code whilst also distinguishing between samples of different users. Different features are analysed to obtain mean and variance values, and these are used to control how the different feature values are interpreted. In addition, features are combined and a sub-set of bits of the combination is used as the code. This enables bits which are common to all user samples to be dropped as well as bits which may differ between different samples of the same user.03-25-2010
20100074438SYSTEMS AND METHODS FOR KEY MANAGEMENT - A method for key management for a broadcasting system includes generating a receiver group key (RGK) seed and a plurality of parameters for a receiver group provided by the broadcasting system; and calculating an RGK for the receiver group based on the RGK seed and the plurality of parameters.03-25-2010
20130039488Device and method for providing portable and secure internet-based IT services - The increase in popularity of Internet-based computing services for delivery of their information technology (IT) capability has also created dependences for the user to access their IT facilities and be able to work. The current invention provides solutions to these dependences using a system with a convenient, highly portable data storage device that when connected to a general purpose computer that has access to the internet, provides the user the ability to access and work on large, complex tasks and files on their internet-based IT facilities while simultaneously maintaining the security and integrity of the information and data transmitted over the internet between the user and their IT facilities.02-14-2013
20130039487Coordinating compression information for unreliable encrypted streams through key establishment protocols - In one embodiment, a method includes transmitting compression information from a sender node to a receiver node in a key establishment protocol exchange and transmitting an encrypted compressed packet from the sender node to the receiver node using an unreliable transport. The compression information is used by the receiver node in decompressing the packet received from the sender node. An apparatus is also disclosed.02-14-2013
20130039491TAMPERING MONITORING SYSTEM, MANAGEMENT DEVICE, PROTECTION CONTROL MODULE, AND DETECTION MODULE - A management device 02-14-2013
20130039490INFORMATION PROCESSING APPARATUS, INFORMATION RECORDING MEDIUM, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM - A configuration in which use management for each piece of content, which is divided in units, can be performed strictly and efficiently is provided. CPS units such that content stored on an information recording medium is divided into units are set, a unit key is assigned to each CPS unit, and data forming each unit is encrypted and recorded. For reproduction, a unit key is generated, and data processing using the unit key is performed. As information for generating the unit key, copy/play control information (CCI) that is set so as to correspond to the CPS unit and a content hash that is a hash value based on data forming the CPS unit are used. With this configuration, tampering of CCI and data forming the CPS unit can be prevented, and authorized content use can be realized.02-14-2013
20130039489CRYPTOGRAPHIC PROCESSING SYSTEM, KEY GENERATION DEVICE, KEY DELEGATION DEVICE, ENCRYPTION DEVICE, DECRYPTION DEVICE, CRYPTOGRAPHIC PROCESSING METHOD, AND CRYPTOGRAPHIC PROCESSING PROGRAM - It is an object of this invention to implement a predicate encryption scheme with delegation capability. A cryptographic process is performed using dual vector spaces (dual distortion vector spaces) of a space V and a space V* paired through a pairing operation. An encryption device generates as a cipher vector a vector of the space V, the cipher vector being a vector in which transmission information is embedded. Using a predetermined vector of the space V* as a key vector, a decryption device performs the pairing operation on the cipher vector generated by the encryption device and the key vector to decrypt the cipher vector and to extract information concerning the transmission information. In particular, the encryption device and the decryption device perform the cryptographic process without using some dimensions of the space V and the space V*.02-14-2013
20130083921ENCRYPTION DEVICE, DECRYPTION DEVICE, ENCRYPTION METHOD, DECRYPTION METHOD, PROGRAM, AND RECORDING MEDIUM - In encryption, a random number r is generated to generate a ciphertext C04-04-2013
20100046749CONTENT PROTECTION APPARATUS, AND CONTENT UTILIZATION APPARATUS - Content is divided into a plurality of partial contents. Next, each of the partial contents is encrypted using a browsing-control-use secret key. Also, an editing-control-use secret key and a partial-content validation key are generated, then generating the feature value for each of the partial content. Moreover, key-encrypted data is generated by encrypting the browsing-control-use secret key and the editing-control-use secret key corresponding to each of the browsable and editable partial contents, using the public key of a user. Finally, encrypted content is generated from the key-encrypted data, encrypted partial contents, and the partial-content validation key.02-25-2010
20130034228SECURE KEY CREATION - Creating a secure key includes creating a token and populating a key control information section of the token with a value to indicate a minimum number of key parts used to form a key. Creating the secure key also includes populating a payload section of the token with a first key part, binding the key control information section to the payload section, adding a second key part to the first key part and iterating the value and binding the key control information section to the payload section after the second key part has been added. Creating the secure key further includes indicating the key is complete, wherein the key comprises a combination of the first and second key parts.02-07-2013
20130034227SECURE PROVISIONING OF A PORTABLE DEVICE USING A REPRESENTATION OF A KEY - A portable device initially accesses a secure server and requests a certificate. The secure server generates a random key and encodes the generated key to generate a representation of the key, such as a two-dimensional bar code or an audio signal, and communicated to a local device, such as a laptop or desktop computer, using a web interface. The local device is used to present the representation of the key to a mobile device. The mobile device then captures the representation of the key from the local device, for example using an image capture device or audio capture device, and extracts the key by decoding the representation of the key. The key is then stored by the mobile device and used to securely communicate with the secure server without manually entering the key.02-07-2013
20130077785Method for Updating Air Interface Key, Core Network Node and Radio Access System - The disclosure discloses a method for updating an air interface key, a core network node and a radio access system, wherein the method for updating an air interface key comprises: a core network node receives a relocation complete indication message from a target RNC (S03-28-2013
20130077784MACHINE, MACHINE MANAGEMENT APPARATUS, SYSTEM, AND METHOD, AND RECORDING MEDIUM - A machine management method includes installing software in a machine including a security device that holds a secret key unextractable from the security device and a public key extractable from the security device, encrypts input data with the public key, and decrypts the input data with the secret key; storing machine identification information of the machine in association with software identification information of the software installed in the machine in an external management apparatus; creating a device-encryption key to encrypt data stored on a first storage device of the machine; storing a device-encryption-key BLOB obtained by encrypting the device-encryption key with the public key on a second storage device of the machine; and storing the device-encryption key in association with the machine identification information in the external management apparatus.03-28-2013
20130077783METHOD AND APPARATUS FOR ESTABLISHING A KEY AGREEMENT PROTOCOL - A system and method for generating a secret key to facilitate secure communications between users. A first and second and a function between the two monoids are selected, the function being a monoid homomorphism. A group and a group action of the group on the first monoid is selected. Each user is assigned a submonoid of the first monoid so that these submonoids satisfy a special symmetry property determined by the function, a structure of the first and second monoids, and the action of the group. A multiplication of an element in the second monoid and an element in the first monoid is obtained by combining the group action and the monoid homomorphism. First and second users choose private keys which are sequences of elements in their respective submonoids. A first result is obtained by multiplying an identity element by the first element of the sequence in a respective submonoid. Starting with the first result, each element of the user's private key may be iteratively multiplied by the previous result to produce a public key. Public keys are exchanged between first and second users. Each user's private key may be iteratively multiplied by the other user's public key to produce a secret key. Secure communication may then occur between the first and second user using the secret key.03-28-2013
20130077782Method and Apparatus for Security Over Multiple Interfaces - A secure digital system including a number of ICs that exchange data among each other. Each of the ICs includes a key generator for generating a cipher key; a memory for securely storing the generated cipher key; an authenticating module for authenticating neighboring ICs of a respective IC; an encryption module for encrypting data communicated from the respective IC to the neighboring ICs; and a decryption module for decrypting data received from the neighboring ICs.03-28-2013
20130077781METHOD OF KEY DERIVATION IN AN INTEGRATED CIRCUIT - A method of derivation, by an electronic circuit, of a first key from a second key, wherein: at least one third key is derived from the second key and is used to derive the first key; and a value of a counter, representative of the number of first keys, conditions the derivation of a new value of the third key.03-28-2013
20130188790CRYPTOGRAPHIC KEY - A technique to facilitate cryptographic key management is provided. In one aspect, multiple strings or components are sorted and concatenated in the order in which they were sorted.07-25-2013
20090161866SECURE COMMUNICATION METHOD AND SYSTEM - A system for providing secure communication of a message between parties is provided. The system includes first and second communication devices. The first communication device includes a first list of numbers and a first number selector for periodically selecting a different number in the first list. The first communication device further includes a first encryption key generator for generating a first encryption key at a certain time. The first encryption key generator uses the number selected by the first number selector at a certain time to generate the first encryption key from the first list of numbers. The first communication device also includes an encryptor, for encrypting a message using the first encryption key, and a transmitter for transmitting the encrypted message. The second communication device includes a receiver for receiving the encrypted message and a second list of numbers, the second list of numbers being identical to the first list of numbers. A second number selector is provided for periodically selecting a different number in the second list. The second number selector is synchronised with the first number selector such that, at any given time, the second number selector selects the same number as the first number selector. The second communication device also includes a second encryption key generator for generating a second encryption key, wherein the second encryption generator uses the number selected by the second number selector at the certain time to generate the second encryption key from the second list of numbers; the second encryption key being identical to the first encryption key. The second communication device further includes a decryptor for decrypting the encrypted message using the second encryption key. An associated method for providing secure communication of a message between parties is also provided.06-25-2009
20090154695MANAGING A PLURALITY OF CACHED KEYS - In a method of managing a plurality of cached keys, a determination is made as to whether to generate an additional key for the plurality of cached keys. If it is determined to generate the additional key, control of a central processing unit is acquired and a first current time is recorded. While a difference between a second current time and the first current time is not greater than a predefined time slice, one or more operational units of a plurality of operational units for generating the additional key are executed on the central processing unit. If the additional key is completed, the additional key is saved as a cached key with the plurality of cached keys.06-18-2009
20090154694CONTENTS MANAGEMENT SYSTEM, AND CONTENTS MANAGEMENT DEVICE - Provided is a content management device, which is connected with a plurality of terminal devices for performing a content moving operation while considering the conveniences of the users of the individual terminal devices. The content management device comprises a content storage unit stored with one or more contents, a move information management unit stored with first range information indicating the partial or entire range of the content to be moved, a range information receiving unit for accepting second range information indicating the range requiring the move, from one terminal device, a judgement unit for deciding whether or not the range indicated by the first range information and the range indicated by the second range information overlap at least partially, and a control unit for permitting the required range to be moved to the terminal device, in case the decision by the judgement unit is NO.06-18-2009
20120183136APPARATUS AND METHOD FOR GENERATING A KEY FOR BROADCAST ENCRYPTION - An apparatus and method for generating a key for a broadcast encryption. The apparatus includes a node secret generator for managing a user that receives broadcast data in a tree structure and for generating a unique node secret for each node in the tree structure. The apparatus also includes an instant key generator for temporarily generating an instant key used at all nodes in common in the tree structure, and a node key generator for generating a node key for each node by operating the node secret generated at the node secret generator and the instant key generated at the instant key generator. Thus, key update can be efficiently achieved.07-19-2012
20120183135RELIABLE PUF VALUE GENERATION BY PATTERN MATCHING - A method is used to reliably provision and re-generate a finite and exact sequence of bits, for use with cryptographic applications, e.g., as a key, by employing one or more challengeable Physical Unclonable Function (PUF) circuit elements. The method reverses the conventional paradigm of using public challenges to generate secret PUF responses; it exposes the response and keeps the particular challenges that generate the response secret.07-19-2012
20080304659METHOD AND APPARATUS FOR EXPANSION KEY GENERATION FOR BLOCK CIPHERS - A key scheduler performs a key-expansion to generate round keys for AES encryption and decryption just-in-time for each AES round. The key scheduler pre-computes slow operations in a current clock cycle to reduce the critical delay path for computing the round key for a next AES round.12-11-2008
20130089201AUTHENTICATION DEVICE, AUTHENTICATION METHOD, AND PROGRAM - Provided is an authentication device including a key holding unit for holding L (L≧2) secret keys s04-11-2013
20130089200SECURE DATA TRANSFER ON A HANDHELD COMMUNICATIONS DEVICE - A handheld communications device for transmitting an encryption key is provided. The device comprises a display device, and a data processor. The data processor of the handheld communications device is in communication with the display device. The data processor is configured to generate an encryption key, and to vary a visual output of the display device over time in accordance with a bit sequence of the encryption key. The varying visual output comprises a sequence of colours and/or brightness levels output by the display device.04-11-2013
20090304180KEY EVOLUTION METHOD AND SYSTEM OF BLOCK CIPHERING - A system and associated method for block ciphering. The method generates a key that is specific to a text block being encrypted and later being decrypted. The text block is encrypted by a block cipher encryption with the key. The encrypted text block is decrypted by a block cipher decryption with the key back to the text block. Altering a single bit in either the encrypted text block or the key results in unsuccessful decryption such that a decrypted text block is completely different from the before encryption.12-10-2009
20090041238IMPLICIT CERTIFICATE SCHEME - A method of generating a public key in a secure digital communication system, having at least one trusted entity CA and subscriber entities A. For each entity A, the trusted entity selects a unique identity distinguishing the entity A. The trusted entity then generates a public key reconstruction public data of the entity A by mathematically combining public values obtained from respective private values of the trusted entity and the entity A. The unique identity and public key reconstruction public data of the entity A serve as A's implicit certificate. The trusted entity combines the implicit certificate information with a mathematical function to derive an entity information f and generates a value k02-12-2009
20090041237INFORMATION PROCESSING APPARATUS, INFORMATION RECORDING MEDIUM MANUFACTURING APPARATUS, INFORMATION RECORDING MEDIUM, METHOD, AND COMPUTER PROGRAM - To provide a configuration in which a unit classification number corresponding to a content playback path is set based on various units. A unit classification number defining a playback path of content including encrypted data having different variations generated by encrypting a segment portion which forms the content by using a plurality of segment keys and encrypted content generated by encrypting a non-segment portion by a unit key is set based on various units, such as a content management unit and an index. In a CPS unit key file storing key generating information concerning CPS units as content management units, settings of unit classification numbers are indicated. Based on the CPS unit key file, a unit classification number to which content to be played back belongs can be obtained.02-12-2009
20130058478VIRTUALIZATION OF CRYPTOGRAPHIC KEYS - A cryptographic key is virtualized to provide a virtual cryptographic key. To virtualize the key, an operation, such as an exclusive OR operation, is used with the key and a mask. The virtual key is usable by a guest of a virtual environment in cryptographic operations.03-07-2013
20110058668Secure group key management approach based upon N-dimensional hypersphere - This invention publishes a secure group key management approach based upon N-dimensional hypersphere. After initialization, the GC admits the new members and assigns identifiers to them when there are new members joining the group, and deletes the leaving members' private information when there are members leaving the group. If a lot of members join and other members leave the group at the same time, the GC deletes the leaving members' private information, admits the new members, assigns indemnifiers to the new members, and then chooses mapping parameters, mapping each member's and its private information to the points in a multi-dimensional space. The GC calculates the central point of the hypersphere, and publishes the central point, the mapping parameter and the identifiers of leaving members if there are members leave. The group members calculate the mapping points, and then calculate the group keys. The invention can effectively reduce user storage, user computation, and amount of update information while re-keying. The independence of the group keys can be kept.03-10-2011
20090268902SYSTEM FOR AND METHOD OF CRYPTOGRAPHIC PROVISIONING - A system for and method of securely provisioning a module with cryptographic parameters, such as cryptographic keys and key tables, is presented. Such modules may be used to enable encrypted communications between mobile phones to which they are coupled. The system and method prevent a malevolent individual involved in manufacturing the modules from compromising the security of the module. In particular, the modules are provisioned by an entity different from the manufacturer.10-29-2009
20130064365Data Destruction - In one embodiment, receive a first request in connection with accessing a set of encrypted data, wherein the set of encrypted data has an expiration date; the first request comprises a first key associated with the expiration date; and the set of encrypted data has been encrypted using the first key. Validate the first key by comparing the expiration date against a current time. Generate a second key for decrypting the set of encrypted data using the first key only if the expiration date has not passed.03-14-2013
20130064366Method for Generating Cryptographic Half-Keys, and Associated System - A method for generating cryptographic half-keys makes it possible to generate n pairs (K03-14-2013
20130163755PROTECTION METHOD, DECRYPTION METHOD, PLAYER, STORAGE MEDIUM, AND ENCRYPTION APPARATUS OF DIGITAL CONTENT - A digital content protection method includes distributing, together with an encrypted content, an encrypted protected program key, a protected content key, and a protected code including an individual instruction code, at least some elements of which are designed according to a unique operation code specification for each content player or for each content player group.06-27-2013
20130163754INFORMATION DISTRIBUTION SYSTEM AND PROGRAM FOR THE SAME - An information distribution system described herein is capable of securely storing digitized personal information in an encrypted state in a storage section and securely transferring/disclosing the stored digitized information only to a particular third person via a network. Communication of the information is securely performed in the encrypted state between information terminals connected to the communication network. An information terminal which has created information encrypts the original information by a common key generated upon communication and stores the information in a secure storage of one of the information terminals connected to the communication network while maintaining the encrypted state. Further, the system creates a mechanism for authenticating a person having a particular authority for viewing the encrypted information and index information having an encrypted common key and link information indicating the location of the information for supply to a user.06-27-2013
20130064367ACCELERATED VERIFICATION OF DIGITAL SIGNATURES AND PUBLIC KEYS - Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and so that v=w/z. The verification equality R=uG+vQ may then be computed as −zR+(uz mod n) G+wQ=O with z and w of reduced bit length. This is beneficial in digital signature verification where increased verification can be attained.03-14-2013
20090238362DISC MANUFACTURING METHOD, DATA RECORDING APPARATUS, INFORMATION RECORDING MEDIUM, INFORMATION PROCESSING APPARATUS AND METHOD, AND COMPUTER PROGRAM - A product mark including a public key certificate issued with respect to an information-recording-medium manufacturing entity or information-recording-medium manufacturing equipment, and an encrypted volume ID calculated by computation based on a product-mark-associated value such as a hash value generated on the basis of the product mark, and a volume ID as an identifier set with respect to a given set of discs to be manufactured, are generated. The product mark and the encrypted volume ID are set as information for generating a key used for decryption of encrypted content, and recorded onto a disc by a reflective-film-removal recording method. Due to this configuration, the product mark and the encrypted volume ID as key generating information cannot be read from a pirated disc produced by physically copying a pit pattern on the basis of a legitimate commercial disc, thereby making it possible to prevent unauthorized reproduction or use of content.09-24-2009
20090232302Derivation method for cached keys in wireless communication system - A method and apparatus for providing improved security and improved roaming transition times in wireless networks. The same pairwise master key (PMK) from an authentication server can be used across multiple access points and a new pairwise transition key (PTK) is derived for each association of a station to any of the access points. A plurality of access points are organized in functional hierarchical levels and are operable to advertise an indicator of the PMK cache depth supported by a group of access points (N) and an ordered list of the identifiers for the derivation path. Access points in each level in the cache hierarchy compute the derived pairwise master keys (DPMKs) for devices in the next lower level in the hierarchy and then deliver the DPMKs to those devices. An access point calculates the PTK as part of the security exchange process when the station wishes to associate to the access point. The station also computes the PTK as part of the security exchange process. The station calculates all the DMPKs in the hierarchy as part of computing the PTK. The method and apparatus allow the cache depth to vary per station, but it remains constant for a given station within a key circle.09-17-2009
20090232301METHOD AND SYSTEM FOR GENERATING SESSION KEY, AND COMMUNICATION DEVICE - A method for generating a session key, a system, and a communication device are disclosed. The method includes: selecting, by a communication party, a temporary private key, and operating at least the temporary private key according to the parameters of the cryptosystem to generate a first message, and sending the first message to the opposite party; and after receiving the second message, operating, by the communication party, at least the second message and the temporary private key according to the parameters of the cryptosystem to generate a session key. The system includes a key management center and a communication device. The communication device includes: a temporary private key selecting unit, a message generating and sending unit, and a session key generating unit. In the disclosure, the session key generated after the communication party selects a temporary private key is variable, thus avoiding too much dependence on the key management center and improving the practicability and security of the key.09-17-2009
20090310778VARIABLE-LENGTH CIPHER SYSTEM AND METHOD - Systems and methods for enciphering data are provided. In one embodiment, information is enciphered using a variable block length cipher that returns the encrypted symbol set in the same format as the plaintext symbol set. The cipher can be based on DES, AES or other block ciphers. In one example implementation a method for enciphering token information the invention provides for enciphering token information by constructing a tweak of a defined length using token information; converting the tweak to a bit string of a defined size to form a first parameter; converting a number of digits of plaintext to a byte string of a defined size to form a second parameter, wherein the number of digits converted varies; defining a data encryption standard key; applying the data encryption standard key to the first and second parameters; computing a specified number of encryption rounds; and receiving enciphered token information.12-17-2009
20120114120STORAGE DEVICE, ACCESS DEVICE, AND PROGRAM PRODUCT - In general, according to one embodiment, a storage device includes a data storage, a key storage, a receiver, an acquisition unit, a first computing unit, and a second computing unit. The data storage stores therein data. The key storage stores therein a plurality of device keys. The receiver receives identification information on an access device that accesses the data. The acquisition unit acquires an index specifying one of the device keys stored in the key storage. The first computing unit computes a second key based on the device key specified by the index and the identification information, the second key being used to perform an operation on key information acquired by performing an operation on a first key shared with the access device. The second computing unit computes the first key by performing an operation on the key information using the second key.05-10-2012
20120114119SYSTEM AND METHOD FOR PROTECTING SPECIFIED DATA COMBINATIONS - A method in one example implementation includes extracting a plurality of data elements from a record of a data file, tokenizing the data elements into tokens, and storing the tokens in a first tuple of a registration list. The method further includes selecting one of the tokens as a token key for the first tuple, where the token is selected because it occurs less frequently in the registration list than each of the other tokens in the first tuple. In specific embodiments, at least one data element is an expression element having a character pattern matching a predefined expression pattern that represents at least two words and a separator between the words. In other embodiments, at least one data element is a word defined by a character pattern of one or more consecutive essential characters. Other specific embodiments include determining an end of the record by recognizing a predefined delimiter.05-10-2012
20120237025DEVICE AND METHOD FOR DETERMINING AN INVERSE OF A VALUE RELATED TO A MODULUS - A device for determining an inverse of an initial value related to a modulus, comprising a unit configured to process an iterative algorithm in a plurality of iterations, wherein an iteration includes two modular reductions and has, as an iteration loop result, values obtained by an iteration loop of an extended Euclidean algorithm.09-20-2012
20120237024Security System Using Physical Key for Cryptographic Processes - One embodiment of the invention is based on the recognition that by keeping the encryption key (DEK) in a key device, and using the key device to perform all encryption and decryption, where the DEK is not supplied to the computing system, the above noted security problems can be overcome. The encrypted information is stored in the computing system and not in the key device. However, without the key device, it is not possible to access the encrypted information stored in the computing system. Thus, the function of the key device is similar to that of a physical key used in daily life for unlocking a door or drawer, except that the user gains access to protected information instead of access to a building, drawer or car.09-20-2012
20120237023Secure Key Management - A system for implementing computer security is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method that includes creating a token and populating a payload section of the token with key material and selecting a wrapping method that specifies how the key material is securely bound to key control information. A structure of the key control information in the token is independent of the wrapping method. Implementing computer security also includes wrapping the key material and binding key control information to the key material in the token. The key control information includes information relating to usage and management of the key material.09-20-2012
20130163752APPARATUS AND METHOD FOR GENERATING GROUP KEY USING STATUS OF WIRELESS CHANNEL - An apparatus and method for generating a group key using the status of a wireless channel are provided. The apparatus includes a representative channel response selection unit for selecting a representative channel response signal from among pilot signals received from slave terminals. A key generation unit generates a group key based on a representative channel response value of the representative channel response signal. A hash value generation unit generates a hash value corresponding to the group key. A transmission pilot control unit adjusts power intensities of transmission pilots of the respective slave terminals using the channel response value of the representative channel response signal and channel response values and transmission power intensities of the slave terminals. A communication unit is individually connected to the slave terminals and configured to transmit pilot signals, power intensities of which have been adjusted, and the hash value to the slave terminals.06-27-2013
20130163753KEY CREATION AND ROTATION FOR DATA ENCRYPTION - Embodiments are directed towards enabling cryptographic key rotation without disrupting cryptographic operations. If key rotation is initiated, a transitional key may be generated by encrypting the current key with a built-in system key. A new key may be generated based one at least one determined key parameter. Next, the new key may be activated by the one or more key holders. If the new key is activated, it may be designated as the new current key. The new current key may be employed to encrypt the transitional key and store it in a key array. Each additional rotated key may be stored in the key array after it is encrypted by the current cryptographic key. Further, in response to a submission of an unencrypted query value, one or more encrypted values that correspond to a determined number of rotated cryptographic keys are generated.06-27-2013
20110280397Method and System for Secret Key Exchange Using Wireless Link Characteristics and Random Device Movement - A new methodology to exchange a random secret key between two parties. The diverse physical characteristics of the wireless medium and device mobility are exploited for secure key exchange. Unique physical characteristics of wireless channels between the two devices are measured at different random locations. A function of these unique characteristics determines the shared secret key between the two devices.11-17-2011
20080304661CONTENT DISTRIBUTION/BROWSING SYSTEM, CONTENT DISTRIBUTION APPARATUS, CONTENT BROWSING APPARATUS AND PROGRAM - A content distribution/browsing system is disclosed. First to (m−1)th encrypted content items E(K12-11-2008
20090147950CRYPTOGRAPHIC DEVICE FOR FAST SESSION SWITCHING - Provided is a cryptographic device for fast session switching, and more particularly, a cryptographic device using a block cipher algorithm and capable of rapidly performing session switching. The cryptographic device includes: a block cipher algorithm executer for performing encryption or decryption on input data using an initialization vector and a round key corresponding to a current session; an initialization vector manager for storing an initialization vector input from outside of the cryptographic device and an initialization vector received from the block cipher algorithm executer, and providing the initialization vector corresponding to the current session to the block cipher algorithm executer; and a session round key generator for storing a session key input from outside of the cryptographic device, generating the round key based on a session key corresponding to the current session, and providing the round key to the block cipher algorithm executer. The device has a structure capable of performing minimum operation to store and manage an initialization vector and a session key, and thus can minimize delay time caused by session switching.06-11-2009
20090310777Trust Anchor Key Cryptogram and Cryptoperiod Management Method - In the field of public key cryptography, e.g. a public key infrastructure, the distribution of trust anchor keys to end-user systems is difficult when the time comes to change the public key, either because a compromise of the private key counterpart is suspected, or as a cryptoperiod policy enforcement. With the present invention, the central organization (from which the trust anchor key originates) is given the opportunity to distribute at once a number of trust anchor keys, in advance of their respective intended period of use, and without exposing the individual public keys to brute force attacks before their actual period of use. At a later time, the central organization distributes unlocking information that enables the use of a public key distributed according to the present invention. The preferred embodiment makes use of an hidden selection of a cryptographic function among a function family.12-17-2009
20090285390INTEGRATED CIRCUIT WITH SECURED SOFTWARE IMAGE AND METHOD THEREFOR - The various embodiments herein disclosed include a method wherein an integrated circuit (11-19-2009
20110299679CONTROLLER, CONTROL METHOD, COMPUTER PROGRAM, RECORDING MEDIUM FOR COMPUTER PROGRAM, RECORDING APPARATUS, AND MANUFACTURING METHOD FOR RECORDING APPARATUS - A controller for embedding in a recording medium apparatus in order to control memory access comprises a unique key generation unit that generates a unique key assigned to the controller, a decryption unit that acquires encrypted key information generated by encrypting a private key for the recording medium apparatus with the unique key, and that decrypts the encrypted key information so acquired with the unique key to generate decrypted information; a private key verification unit that verifies whether or not the decrypted information is the private key, and an encrypted key information write unit that writes the encrypted key information so acquired to memory when the decrypted information is verified to be the private key.12-08-2011
20090202070Robust Cipher Design - In an iterated block cipher, a method for round key encryption and key generation, the method including providing a first function Fi and a second function Fj, providing a round key generation function, the round key generation function being operative to utilize, in any given round, exactly one of the first function Fi, and the second function Fj, providing a round mixing function, the round mixing function being operative to utilize, in any given round, exactly one of the first function Fi, and the second function Fj, utilizing the round key generation function in at least a first round to generate a second round key for use in a second round, and utilizing the round mixing function in at least the first round to mix a first round key with a cipher state, wherein one of the following is performed in the first round the round key generation function utilizes the first function Fi to generate the second round key for use in the second round, substantially simultaneously with the round key mixing function utilizing the second function Fj to mix the first round key with the cipher state, and the round key generation function utilizes the second function Fj to generate the second round key for use in the second round, substantially simultaneously with the round key mixing function utilizing the first function Fi to mix the first round key with the cipher state. Related apparatus and methods are also described.08-13-2009
20090097640DEVICE AND METHOD FOR DETERMINING AN INVERSE OF A VALUE RELATED TO A MODULUS - A device for determining an inverse of an initial value related to a modulus, comprising a unit configured to process an iterative algorithm in a plurality of iterations, wherein an iteration includes two modular reductions and has, as an iteration loop result, values obtained by an iteration loop of an extended Euclidean algorithm.04-16-2009
20090147951METHOD OF HANDLING SECURITY KEY CHANGE AND RELATED COMMUNICATION DEVICE - A method of handling security key change for a user equipment in a wireless communication system includes applying a radio resource control procedure to activate key change, where the radio resource control procedure covers two conditions where the key change is accompanied with an authentication and key agreement run and without an authentication and key agreement run.06-11-2009
20100119061GENERATING SECURE PRIVATE KEYS FOR USE IN A PUBLIC KEY COMMUNICATIONS ENVIRONMENT - A private key is generated for use in a public key communications environment, and the private key includes a partial private key and processed biometric data. The partial private key is known to the user, but the processed biometric data is not. The processed biometric data is generated on the fly and is not provided to the user. This enables a more secure and robust private key to be created and used in encryption/decryption.05-13-2010
20110150212COMPUTER IMPLEMENTED METHOD FOR GENERATING A SET OF IDENTIFIERS FROM A PRIVATE KEY, COMPUTER IMPLEMENTED METHOD AND COMPUTING DEVICE - The invention relates to a computer implemented method for generating a set of identifiers from a private key, the method comprising the steps of: calculating a set of public keys, wherein the private key and each public key of the set of public keys form an asymmetric cryptographic key pair; and outputting the identifiers comprising the public keys.06-23-2011
20120189119Method and Apparatus for Increasing the Speed of Cryptographic Processing - Encrypting data in as cascaded block cipher system may be accomplished by applying a first encryption algorithm using a secret shared between first and second parties as a key to generate a secret inner key; applying a second encryption algorithm for a predetermined number of rounds using the secret inner key to generate a plurality of blocks of ciphertext data from a plurality of blocks of plaintext data; and repeating the applying the first encryption algorithm and the applying the second encryption algorithm steps.07-26-2012
20100284534PACKET CIPHER ALGORITHM BASED ENCRYPTION PROCESSING DEVICE - A packet cipher algorithm based encryption processing device includes a key expand unit and an encryption unit. The key expand unit comprises a key expand unit data registration component and at least one key expand unit data conversion component. The encryption unit comprises an encryption unit data registration component and at least one encryption unit data conversion component, and the number of the encryption unit data conversion component is the same as that of the key expand unit data conversion component, and besides, they are one to one. A sub-key output of each key expand unit data conversion component connects the corresponding sub-key input of each encryption unit data conversion component to solve the technical problems that the encryption efficiency of the prior packet cipher algorithm based encryption processing device is low and the cost is high. The advantage of the present invention is reducing the resource consumption and further reducing the achievement cost of the device under the premise of keeping the high efficiency of the prior art.11-11-2010
20090052665Bulk Data Erase Utilizing An Encryption Technique - A system and a computer program product are disclosed for eliminating access to data on removable storage media of a removable storage media cartridge. The system comprises a data storage drive that stores a key on the removable storage media cartridge, such that data on the removable storage media is accessible with the key. Upon receiving a command to eliminate access to data on the removable storage media the data storage drive shreds the key such that access to data on the removable storage media is eliminated.02-26-2009
20100119066METHOD AND SYSTEM FOR SECURING DATA UTILIZING REDUNDANT SECURE KEY STORAGE - A system and method which protects a data processing system against encryption key errors by providing redundant encryption keys stored in different locations, and providing the software with the ability to select an alternate redundant key if there is any possibility that the encryption key being used may be corrupted. In the preferred embodiment, a memory control module in the data processing device is configured to accommodate the storage of multiple (for example up to four or more) independent password/key pairs, and the control module duplicates a password key at the time of creation. The redundant passwords and encryption keys are forced into different memory slots for later retrieval if necessary. The probability of redundant keys being corrupted simultaneously is infinitesimal, so the system and method of the invention ensures that there is always an uncorrupted encryption key available.05-13-2010
20100119065METHOD AND SYSTEM FOR SECURING DATA UTILIZING REDUNDANT SECURE KEY STORAGE - A system and method which protects a data processing system against encryption key errors by providing redundant encryption keys stored in different locations, and providing the software with the ability to select an alternate redundant key if there is any possibility that the encryption key being used may be corrupted. In the preferred embodiment, a memory control module in the data processing device is configured to accommodate the storage of multiple (for example up to four or more) independent password/key pairs, and the control module duplicates a password key at the time of creation. The redundant passwords and encryption keys are forced into different memory slots for later retrieval if necessary. The probability of redundant keys being corrupted simultaneously is infinitesimal, so the system and method of the invention ensures that there is always an uncorrupted encryption key available.05-13-2010
20100119064SERVICE DISTRIBUTION APPARATUS AND METHOD - A service distribution apparatus and method are provided. The service distribution apparatus includes a service module that provides a plurality of separable services; a storage module that stores group information of service reproduction apparatuses which reproduce the services, and a service control module that distributes requested services to different service reproduction apparatuses, respectively, based on the group information.05-13-2010
20120033808Method and Apparatus for Generating a Public Key in a Manner That Counters Power Analysis Attacks - A public key for an Elliptic Curve Cryptosystem is generated in a manner that acts as a countermeasure to power analysis attacks. In particular, a known scalar multiplication method is enhanced by, in one aspect, performing a right shift on the private key. The fixed-sequence window method includes creation and handling of a translated private key. Conveniently, as a result of the right shift, the handling of the translated private key is made easier and more efficient.02-09-2012
20120033807DEVICE AND USER AUTHENTICATION - A method of authenticating a device and a user comprises obtaining a device ID for the device, performing a biometric measurement of the user, obtaining helper data for the user, and generating a key from the biometric measurement and helper data. There is then generated a message comprising the key or a component derived from the key, which transmitted to a remote service, and at the service there is carried out the step of authenticating the device and the user with the message. In a preferred embodiment, the generating of the key further comprises generating the key from the device ID.02-09-2012
20080267395APPARATUS AND METHOD FOR ENCRYPTED COMMUNICATION PROCESSING - To provide an apparatus and a method for encrypted communication processing in inter-node communication on a network capable of performing effective encrypted communication with improved security. In the inter-node multicast communication on the network, by first setting one or more of encryption keys, it can be avoided to deteriorate, by the procedure for an encrypted communication, the condition where the multicast communication is possible. Therefore, the multicast by the effective encrypted communication with improved security becomes possible.10-30-2008
20080267394Identity-Based Key Generating Methods and Devices - The present invention discloses a method and device of generating asymmetrical key pair (public key and private key) based on user identity. Key Management Center (KMC) generates public/private key calculating base, and publish the public key calculating base. Based on identity provided by a user, a private key is calculated and provided to the user. Any user can calculate other user's public key based on other user's identity and the published public key calculating base. Thus, when obtaining the public key of the communicating party, no third party CA certificate is needed, and no maintenance of mass parameters associated with users are needed.10-30-2008
20090086964PROVIDING LOCAL STORAGE SERVICE TO APPLICATIONS THAT RUN IN AN APPLICATION EXECUTION ENVIRONMENT - Methods, systems, and apparatus, including medium-encoded computer program products, for providing local storage service to applications that run in an application execution environment. In one aspect, a method includes receiving a request from one of the applications, wherein the request triggers local storage of information; obtaining an encryption key based on identifiers including a first identifier corresponding to the application execution environment, a second identifier corresponding to the one application, and a third identifier corresponding to the computing apparatus; encrypting the information using the encryption key; and storing the encrypted information in the computing apparatus.04-02-2009
20090086968A METHOD FOR THE APPLICATION OF IMPLICIT SIGNATURE SCHEMES - A method of verifying a transaction over a data communication system between a first and second correspondent through the use of a certifying authority. The certifying authority has control of a certificate's validity, which is used by at least the first correspondent. The method comprises the following steps. One of the first and second correspondents advising the certifying authority that the certificate is to be validated. The certifying authority verifies the validity of the certificate attributed to the first correspondent. The certifying authority generates implicit signature components including specific authorization information. At least one of the implicit signature components is forwarded to the first correspondent for permitting the first correspondent to generate an ephemeral private key. At least one of the implicit signature components is forwarded to the second correspondent for permitting recovery of an ephemeral public key corresponding to the ephemeral private key. The first correspondent signs a message with the ephemeral private key and forwards the message to the second correspondent. The second correspondent attempts to verify the signature using the ephemeral public key and proceeds with the transaction upon verification.04-02-2009
20090086967Image Forming Apparatus - An image forming apparatus is supplied capable of preventing an information leakage even if encrypted print data outflows from the image forming apparatus. In the image forming apparatus, a first encryption key storing section stores a first part encryption key generated by a part of an encryption key; a second encryption key storing section stores a second part encryption key generated by other part of the encryption key; an encryption key generating section reads out the second part encryption key when the second encryption key storing section is attached, reads out the first part encryption key, generates the encryption key, and stores it into a volatility memory; an encryption processing section encrypts print information through using the encryption key, and makes encryption print information; a nonvolatility storing section stores the encryption print information; a decryption processing section reads out the encryption print information and the encryption key, and decrypts the print information; and an image forming section forms an image of the decrypted print information.04-02-2009
20090086965SECURE, TWO-STAGE STORAGE SYSTEM - A two-stage storage security system comprising an address translator and a cryptographic engine for a mobile computing platform is provided. In response to a write operation, the address translator receives unencrypted data blocks, from an initiator, and associates the blocks with corresponding scrambled data storage addresses. The cryptographic engine encrypts the unencrypted data blocks to be stored on the platform storage component at the corresponding scrambled data storage addresses. The address translator applies a predetermined reversible translation function to reversibly remap addresses, and the cryptographic engine applies a predetermined cryptographic technique to encrypt and decrypt the data blocks. In a read operation, encrypted data blocks retrieved from the storage component are decrypted and restored to an original logical order. Decryption of storage component data is allowed when storage component is coupled to the corresponding platform.04-02-2009
20100080383SECURE PROVISIONING OF A PORTABLE DEVICE USING A REPRESENTATION OF A KEY - A portable device initially accesses a secure server and requests a certificate. The secure server generates a random key and encodes the generated key to generate a representation of the key, such as a two-dimensional bar code or an audio signal, and communicated to a local device, such as a laptop or desktop computer, using a web interface. The local device is used to present the representation of the key to a mobile device. The mobile device then captures the representation of the key from the local device, for example using an image capture device or audio capture device, and extracts the key by decoding the representation of the key. The key is then stored by the mobile device and used to securely communicate with the secure server without manually entering the key.04-01-2010
20090046854Method for a Public-Key Infrastructure Providing Communication Integrity and Anonymity While Detecting Malicious Communication - An inventive scheme for detecting parties responsible for repeated malicious activities in secure and anonymous communication is presented. The scheme comprises generating a pool of keys, distributing to and associating with each party a small number of keys chosen randomly from the pool, revoking a key when it is detected as used in a malicious activity, creating a set of parties associated with the revoked key, revoking additional keys randomly chosen among the keys not currently revoked, selecting new keys, and when a party requests an updated key, sending the updated key selected from among the new keys to the requesting party, wherein if an other malicious activity is detected, creating another set of the parties associated with the other malicious activity and identifying the parties in both sets. The steps of the inventive scheme are repeated until only one party is in the intersection set.02-19-2009
20090046853Method and system for generating a pair of public key and secret key - A method of generating a pair of public key and secret key, includes the steps of selecting a public key; selecting a secret key; computing a heavy prime number in responsive to the public key and the secret key; factoring the heavy prime number by selecting first and second prime numbers in condition that a sum of said first and second prime numbers equals to the heavy prime number; and pairing the secret key with the public key in term of the heavy prime number as a bridge to generate a unique combination between the secret key with the public key. Therefore, the secret key is definitively undetermined by conjecturing the public key even though the public key is known.02-19-2009
20090168998EXECUTING AN ENCRYPTION INSTRUCTION USING STORED ROUND KEYS - Embodiments of an invention for executing an encryption instruction using stored round keys are disclosed. In one embodiment, an apparatus includes instruction logic, encryption logic, a storage region, and control logic. The instruction logic is to receive an encryption instruction. The encryption logic is to perform, in response to the instruction logic receiving the encryption instruction, an encryption operation including a plurality of rounds, each round using a corresponding round key from a plurality of round keys. The storage region is to store the plurality of round keys. The control logic is to fetch, for use during each of the plurality of rounds, the corresponding round key from the storage region.07-02-2009
20090168999Method and apparatus for performing cryptographic operations - In one embodiment, the present invention includes a processor having logic to perform a round of a cryptographic algorithm responsive to first and second round micro-operations to perform the round on first and second pairs of columns, where the logic includes dual datapaths that are half the width of the cryptographic algorithm width (or smaller). Additional logic may be used to combine the results of the first and second round micro-operations to obtain a round result. Other embodiments are described and claimed.07-02-2009
20090141891DISTRIBUTED SCALABLE CRYPTOGRAPHIC ACCESS CONTROL - Published resources are made available in an encrypted form, using corresponding resource keys, published through resource key files, with the publications effectively restricted to authorized peer systems only by encrypting the resource keys in a manner only the authorized peer systems are able to recover them. In one embodiment, the resource keys are encrypted using encryption public keys of the authorized peer systems or the groups to which the authorized peer system are members. In one embodiment, the encryption public keys of individual or groups of authorized peer systems are published for resource publishing peer systems through client and group key files respectively. Group encryption private keys are made available to the group members through published group key files. Further, advanced features including but not limited to resource key file inheritance, password protected publication, obfuscated publication, content signing, secured access via gateways, and secured resource search are supported.06-04-2009
20090262926METHOD AND APPARATUS FOR GENERATING A CRYPTOGRAPHIC KEY - In embodiments methods and circuits for generating a cryptographic key, for encrypting and decrypting data with the generated key, for storing and reading the encrypted data using a filename unknown to a running application of a mobile computer application are provided.10-22-2009
20110170686COMMUNICATION APPARATUS, CONTROL METHOD OF COMMUNICATION APPARATUS, COMPUTER PROGRAM, AND STORAGE MEDIUM - The security level is enhanced without impairing user operability when executing an automatic communication parameter setting processing. A communication apparatus which configures a network serves as a providing apparatus which provides communication parameters to a receiving apparatus which receives the provided communication parameters. At this time, whether or not an encryption key, which is included in the communication parameters, is generated randomly is determined based on the participation status of the communication apparatus in the network.07-14-2011
20080285748Method for generating secret key in computer device and obtaining the encrypting and decrypting key - The invention relates to a method for generating an secret key in a computer device and using the secret key. The method includes the step of receiving an inputted password first, then processing the inputted password with a device key to generate a user certificate, wherein the device key is established according to the information which is dependent on the computer device and is stored in the non-volatile storage device.11-20-2008
20090274297DIGITAL CONTENT DECRYPTING APPARATUS AND OPERATING METHOD THEREOF - A device and method for decrypting re-encrypted digital contents are discussed. According to an embodiment, the method includes receiving the re-encrypted digital content without a source encryption key from a source device connected to the target device, wherein the re-encrypted digital content is generated at the source device by: 1) decrypting an encrypted digital content which is previously encrypted in an external device, and 2) re-encrypting the decrypted digital content with the source encryption key; performing an addition operation by using a first target internal key and an identifier (ID); generating a target encryption key based on an output of the addition operation and a second target internal key by using a predetermined encryption algorithm, the second target internal key being associated with the target device; and decrypting the re-encrypted digital content using the target encryption key.11-05-2009
20090274296DIGITAL CONTENT DECRYPTING APPARATUS AND OPERATING METHOD THEREOF - A device and method for decrypting digital contents are discussed. According to an embodiment, a method for decrypting digital content at a target device, includes receiving the digital content without a source encryption key from a source device connected to the target device, the digital content having been encrypted with the source encryption key in the source device; performing an addition operation by using a first target internal key and an identifier (ID), the first target internal key being associated with the target device, and the ID being associated with at least one of the target device and a storage medium of the target device; generating a target encryption key based on an output of the addition operation and a second target internal key by using a predetermined encryption algorithm, the second target internal key being associated with the target device; and decrypting the encrypted digital content using the target encryption key.11-05-2009
20090103723System And Method For Secure Storage Of Data - A method of securely storing a data item including obtaining the data item; translating the data item into a first plurality of data blocks using an erasure code associated with a rate; and storing at least a subset of the first plurality of data blocks, where a size of the subset exceeds a product of the rate and a size of the first plurality of data blocks.04-23-2009
20090296926KEY MANAGEMENT USING DERIVED KEYS - Some embodiments of the present invention provide a system that generates and retrieves a key derived from a master key. During operation, the system receives a request at a key manager to generate a new key, or to retrieve an existing key. To generate a new key, the system generates a key identifier and then derives the new key by cryptographically combining the generated key identifier with the master key. To retrieve an existing key, the system obtains a key identifier for the existing key from the request and then cryptographically combines the obtained key identifier with the master key to produce the existing key.12-03-2009
20110200189ENCODER AND DECODER APPARATUS AND METHODS WITH KEY GENERATION - Embodiments provide remote control encoders and decoders, encryption algorithms, key generation, systems and methods, singularly and in combination, and not limited thereto.08-18-2011
20080212771Method and Devices For User Authentication - For authenticating a user using a communication terminal (09-04-2008
20110206201METHOD OF GENERATING A CRYPTOGRAPHIC KEY, NETWORK AND COMPUTER PROGRAM THEREFOR - The present invention relates to security systems for communication networks. More precisely, the invention relates to a method for generating a shared key between a first node (D08-25-2011
20120263296PRIVATE KEY COMPRESSION - Apparatus for ciphering, including a non-volatile memory, which stores a number from which a private cryptographic key, having a complementary public cryptographic key, is derivable, wherein the number is shorter than the private cryptographic key, and a processor, which is configured to receive an instruction indicating that the private cryptographic key is to be applied to data and, responsively to the instruction, to compute the private cryptographic key using the stored number and to perform a cryptographic operation on the data using the private cryptographic key. Related apparatus and methods are also described.10-18-2012
20100061552SECURE STORAGE IN FILE SYSTEM - A node may contain a secure store agent. A process executing on the node may request connection information from the secure store agent. An encryption key phrase may be accessed, responsive to the request for connection information, to decrypt the requested connection information. The requested connection information may be obtained from a secure storage file in a file system.03-11-2010
20100061551ENCRYPTION/DECRYPTION APPARATUS AND METHOD USING AES RIJNDAEL ALGORITHM - An encryption/decryption apparatus and method using an advanced encryption standard (AES) Rijndael algorithm are provided. The apparatus includes a round key operator that performs arithmetic operations on a round key for a first round and first partial round keys of round keys for second to last rounds and generates the round keys for the second to last rounds, and a round executor that performs an encryption or decryption operation using the round key for the first round and the round keys for the second to last rounds.03-11-2010
20090296927PASSWORD SELF ENCRYPTION METHOD AND SYSTEM AND ENCRYPTION BY KEYS GENERATED FROM PERSONAL SECRET INFORMATION - A public key cryptographic system and method is provided for a password or any other predefined personal secret information that defeats key factoring and spoofing attacks. The method adopts a new technique of encrypting a password or any predefined secret information by a numeric function of itself, replacing the fixed public key of the conventional RSA encryption. The whole process involving key generation, encryption, decryption and password handling is discussed in detail. Mathematical and cryptanalytical proofs of defeating factoring and spoofing attacks are furnished.12-03-2009
20100098248DEVICE AND METHOD OF GENERATING AND DISTRIBUTING ACCESS PERMISSION TO DIGITAL OBJECT - A system is provided, which includes at least one digital object owner client computing device, a trusted server computing device and at least one digital object consumer client computing device. Each of said at least one digital object owner client computing device is configured to transmit a created or amended access permission message to the trusted server computing device. The trusted server computing device is configured to generate, from the created or amended access permission message, at least one personalized access permission message, each of which is uniquely addressed to one of the at least one digital object consumer client computing device. The at least one digital object consumer client computing device is configured to enforce a download, from the trusted server computing device, of the at least one personalized access permission message uniquely addressed to the at least one digital object consumer client computing device.04-22-2010
20100098247Method, Apparatus And Computer Program Product For Generating An Encryption Key And An Authentication Code Key Utilizing A Generic Key Counter - A method, apparatus and computer program product are provided that relate to encryption and authentication techniques. An apparatus may include a processor configured to define a generic key counter. The processor may also be configured to generate an encryption key at least partially based upon the generic key counter. The processor may also be configured to generate an authentication code key that is at least partially based upon the same generic key counter. The processor may further be configured to update the encryption key and the authentication code in accordance with a common time schedule. A corresponding method and computer program product may also be provided.04-22-2010
20090103724COMMUNICATION DEVICE AND REKEYING CONTROL METHOD IN SECURED COMMUNICATION - A communication device which performs automatic rekeying in a secured communication system, includes: a rekeying time manager for generating a rekeying request at a previously designated rekeying time; and a rekeying controller for controlling the automatic rekeying to forcefully perform rekeying based on the rekeying request.04-23-2009
20100128869METHOD AND DEVICE FOR EXECUTING A CRYPTOGRAPHIC CALCULATION - The invention concerns a method which consists in operating a key generation in an electronic component for a specific cryptographic algorithm; storing in the electronic component a prime number P and generating at least a secret prime number. In one step (a) randomly selecting (05-27-2010
20080273697Use of Indirect Data Keys for Encrypted Tape Cartridges - A method, system and program are provided for enabling selective access to multiple users' encrypted data in a single storage cartridge. A unique, derived key is generated for each user's data by performing cryptographic operations on a combination of a common base key and metadata related to the data to be encrypted (e.g. its total block count). The base data key is wrapped with one or more encryption keys to form one or more encryption encapsulated data keys (EEDKs). The base key and the derived key are wrapped to create a session encrypted data key (SEDK), which along with the EEDKs, are conveyed to the tape drive, where the SEDK is decrypted. The EEDKs are then stored in one or more places on the storage cartridge. The base key and the derived key are used to encrypt a predetermined user's data, with the derived key stored on the cartridge with the encrypted data. The encrypted data may be subsequently decrypted by retrieving the EEDK and decrypting it with a decryption key to extract the base data key. The extracted base data key can then be used with other information to calculate the derived key. Once calculated, the derived key is used to decrypt its associated encrypted data.11-06-2008
20080273696Use of Indirect Data Keys for Encrypted Tape Cartridges - A method, system and program are provided for enabling selective access to multiple users' encrypted data in a single storage cartridge. A unique, derived key is generated for each user's data by performing cryptographic operations on a combination of a common base key and metadata related to the data to be encrypted (e.g. its total block count). The base data key is wrapped with one or more encryption keys to form one or more encryption encapsulated data keys (EEDKs). The base key and the derived key are wrapped to create a session encrypted data key (SEDK), which along with the EEDKs, are conveyed to the tape drive, where the SEDK is decrypted. The EEDKs are then stored in one or more places on the storage cartridge. The base key and the derived key are used to encrypt a predetermined user's data, with the derived key stored on the cartridge with the encrypted data. The encrypted data may be subsequently decrypted by retrieving the EEDK and decrypting it with a decryption key to extract the base data key. The extracted base data key can then be used with other information to calculate the derived key. Once calculated, the derived key is used to decrypt its associated encrypted data.11-06-2008
20080298581Application-Specific Secret Generation - A method, computer program product, and data processing system for protecting sensitive program code and data (including persistently stored data) from unauthorized access are disclosed. Dedicated hardware decrypts an encrypted kernel into memory for execution. When an application is to be executed, the kernel computes one or more secrets by cryptographically combining information contained in the application with secret information contained in the kernel itself. The kernel then deletes its secret information and passes the computed secrets to the application. To store data persistently in memory, the application uses one of the computed secrets to encrypt the data prior to storage. If the kernel starts another instance of the same application, the kernel (which will have been re-decrypted to restore the kernel's secrets) will compute the same one or more secrets, thus allowing the second application instance to access the data encrypted by the first application instance.12-04-2008
20110268269COMPUTER IMPLEMENTED METHOD FOR GENERATING A PSEUDONYM, COMPUTER READABLE STORAGE MEDIUM AND COMPUTER SYSTEM - The invention relates to a computer implemented method for generating a pseudonym for a user comprising entering a user-selected secret, storing the user-selected secret in memory, computing a private key by applying an embedding and randomizing function onto the secret, storing the private key in the memory, computing a public key using the private key, the public key and the private key forming an asymmetric cryptographic key, erasing the secret and the private key from the memory, and outputting the public key for providing the pseudonym.11-03-2011
20080285747ENCRYPTION-BASED SECURITY PROTECTION METHOD FOR PROCESSOR AND APPARATUS THEREOF - An encryption-based security protection method and apparatus are provided. The method includes generating a random key pattern table in order to allocate a plurality of random key patterns of original data to be transmitted; generating an address pattern table in order to allocate a plurality of address patterns of addresses in which the original data is stored; and generating a mapping table in order to map the plurality of random key patterns and the plurality of address patterns. The apparatus includes an address pattern table generation unit; a random key pattern table generation unit; a mapping table generation unit; and an internal memory unit which stores the address pattern table, the random key pattern table, and the mapping table.11-20-2008
20080304658Wireless Communication Apparatus and Wireless Communication Method - An inventive wireless communication apparatus that, in a wireless communication system to which a secret key scheme is applied, can generate a secret key, which is different from a secret key generated by a third party, even if a wireless signal is intercepted by the third part having an approximate propagation path environment to a receiving wireless communication apparatus. In the inventive apparatus, an eigenvalue selecting part (12-11-2008
20090185681CIRCUIT ARRANGEMENT AND METHOD FOR RSA KEY GENERATION - In order to further develop a circuit arrangement for as well as a method of performing at least one operation, in particular at least one cryptographic calculation, wherein the problem of creating at least one key, in particular the R[ivest-]S[hamir-] A[dleman] key, satisfying at least one defined digital signature laws, in particular satisfying the German Digital Signature Law, is solved it is proposed that at least one, preferably two, prime numbers (p; q) for key generation, in particular for R[ivest-]S[hamir-]A[dleman] key generation, are searched in compliance with at least one defined digital signature law, in particular with the German Digital Signature Law.07-23-2009
20080260144IMAGE FORMING APPARATUS - An image forming apparatus is supplied capable of preventing data stored in a non-volatility memory from being read out when the non-volatility memory is stolen. In the image forming apparatus, an encryption function section of encryption/decryption function section encrypts print job received from an information processing apparatus or print data made in the image forming apparatus, and stores it to a non-volatility memory; and a decryption function section of the encryption/decryption function section decrypts the print job or the print data encrypted by the encryption function section and stored in the non-volatility memory, and outputs it.10-23-2008
20120294440Key Agreement and Re-keying over a Bidirectional Communication Path - A key agreement method is carried out by a first system in conjunction with a second system over a bidirectional communication path, including generating a first key pair having a first public key and a first private key, sending the first public key to the second system, receiving a second public key generated by the second system, and calculating a master key based upon the first private key, the second public key, a long-term private key, and a long-term public key. The long-term private key was generated by the first system during a previous key-agreement method as part of a long-term key pair. The long-term public key was generated by the second system and received during the previous key-agreement method. The previous key-agreement method required a secret to be known to the first system and the second system, thus conferring authentication based on the secret to the long-term public key.11-22-2012
20100142704CRYPTOGRAPHIC ENCODING AND DECODING OF SECRET DATA - Methods and apparatus are provided for cryptographically encoding secret data in a data processing system. The secret data is encoded in accordance with a verifiable encryption process to produce a cryptographic construction (θ) having a decryption constraint dependent on the occurrence of a predetermined event. An event-dependent decryption constraint is thereby built into the cryptography, so that there is an intrinsic restriction on the ability to decrypt the encoded secret data which is dependent on occurrence of the predetermined event. Decoding apparatus for such a cryptographic construction is also provided, as well as distributed trust data processing systems providing accountable privacy based on use of such cryptographic constructions.06-10-2010
20080304662GROUP KEY EXCHANGES WITH FAILURES - A method for generating a session key on demand in a network among participating network devices, including choosing a private and public key according to a public key encryption scheme, and broadcasting the public key to each other participating network device; choosing a local contribution value from a multiplicative group of size q; encrypting the local contribution value under the received public key to an encrypted contribution value and sending the encrypted contribution value; receiving encrypted contribution values and deriving decrypted contribution values by applying the private key; deriving a blinded session key from the decrypted contribution values and the local contribution value; agreeing on one of the blinded session keys by using an agreement protocol; and deriving the session key from the agreed-on blinded session key by applying one of the decrypted contribution values and the contribution value A corresponding computer program element, computer program product, and computer device.12-11-2008
20090190753RECORDING APPARATUS AND RECORDING METHOD - A recording apparatus having a unit to receive content data and information related to a copying of the content data; a separation/extraction unit to separate and extract the content data and the information; a writing unit to divide the content data extracted by the separation/extraction unit into plural data and write them in a first recording medium; an encryption key generation unit to generate an encryption key for encrypting each of the plural data; and a copy control information processing unit to generate, from the information related to the copying and the generated encryption key, a plurality of pieces of content protection management information for the plurality of pieces of data, wherein when the content data written into the first recording media is recorded into a second recording media, the plurality of pieces of data are recorded before the plurality of pieces of content protection management information are recorded.07-30-2009
20090086966REPRODUCTION APPARATUS, REPRODUCTION METHOD AND INFORMATION RECORDING MEDIUM - According to one embodiment, an information storage medium comprises a content encrypted by a content encryption key; a content encryption key file encrypted by a first encryption key or third encryption key; an encryption key block from which a third encryption key prime providing a source of the first encryption key or third encryption key by being processed by using a second encryption key of a player; and a program configured to make the player calculate the third encryption key from the third encryption key prime. The content encryption key file comprises a flag indicating whether the key file is encrypted by the third encryption key or first encryption key.04-02-2009
20090129590COMMON KEY GENERATION SYSTEM, COMMON KEY GENERATION METHOD AND NODE USING THE SAME - First and second nodes generate numeric string elements from time interval by their physical changes. The first node generates a basic numeric string from the numeric string elements and similar numeric strings, encrypts the generated basic numeric string and the similar numeric strings, and generates a cipher value list that stores the numeric strings with corresponding cipher values. The second node generates a basic numeric string based on the numeric string elements generated by the second node, encrypts the generated basic numeric string in accordance with the same encryption rule as that for the first node, and transmits the generated cipher value to the first node. The first node receives a cipher value from the second node, and compares the received cipher value with the cipher values in the cipher value list to find a match, and transmits a match signal if a match is found.05-21-2009
20120069996SYSTEM AND METHOD FOR ENCRYPTING TRAFFIC ON A NETWORK - According to embodiments of the present invention a system and method for encrypting traffic on a network is disclosed. Encrypted data is transmitted between a first network element and a second network element by: acquiring an encryption seed at the first network element, the encryption seed being substantially similar to a decryption seed at the second network element; generating at least one encryption key from the encryption seed; receiving data; encrypting the data using the encryption key to generate encrypted data; transmitting the encrypted data from the first network element to the second network element via a network; and updating the encryption seed at the first network element in response to an event trigger03-22-2012
20120069995CONTROLLER CHIP WITH ZEROIZABLE ROOT KEY - The present invention is a data storage device that includes a control chip with a zeroizable root key. In one embodiment, the control chip comprises a digital memory, the zeroizable root key being a derived root key obtained by applying a firmware root key to a different root key stored within the digital memory such that the setting of each bit of the different root key is locked.03-22-2012
20090003597Small Public-Key Based Digital Signatures for Authentication - Embodiments disclosed allow authentication between two entities having agreed on the use of a common modulus N. The authentication includes generating a pseudorandom string value; generating a public key value based on the modulus N and the pseudorandom string value; generating a private key value corresponding to the public key value; receiving a verifier's public key value; generating a shared secret value based on the modulus N, the private key value and the verifier's public key value; calculating an authentication signature value using the shared secret value; and transmitting the authentication signature value for authentication. When the authentication signature is received, the public key value and the shared value are generated to calculate an authentication signature value. Thereafter, the authentication signature values are compared and authenticated.01-01-2009
20080317247Apparatus and Method for Processing Eap-Aka Authentication in the Non-Usim Terminal - Disclosed are an apparatus and a method for processing authentication using Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA) in a non-Universal Subscriber Identity Module (USIM) terminal without a USIM card.12-25-2008
20090052663METHODS FOR CREATING SECRET KEYS BASED UPON ONE OR MORE SHARED CHARACTERISTICS AND SYSTEMS THEREOF - A method and system for generating one or more keys includes obtaining at two or more devices data based on movement of at least one of the devices with the respect to the other device. At least one key is generated based on the obtained data at each of the devices for use in securing communications between the devices. The key at each of the devices is substantially the same.02-26-2009
20090052664Bulk Data Erase Utilizing An Encryption Technique - Disclosed is a method for eliminating access to data on removable storage media of a removable storage media cartridge. A key is stored on the removable storage media cartridge, such that data on the removable storage media is accessible with the key. Upon receiving a command to eliminate access to data on the removable storage media the key is shredded such that access to data on the removable storage media is eliminated.02-26-2009
20090097641MANAGEMENT-APPARATUS CARD, MEASURING APPARATUS, HEALTH CARE SYSTEM, AND METHOD FOR COMMUNICATING VITAL SIGN DATA - The management-apparatus card capable of being attached to a management apparatus receives, from the measuring apparatus, first unique information indicating the measuring apparatus, and identification information indentifying a user of the measuring apparatus; stores second unique information indicating the management-apparatus card; generates a decryption key corresponding to an encryption key, using the first unique information, the second unique information, and the identification information; stores the generated decryption key; receives encrypted vital sign data from the measuring apparatus; decrypts the received vital sign data using the stored decryption key; and obtains the decrypted vital sign data.04-16-2009
20120288089SYSTEM AND METHOD FOR DEVICE DEPENDENT AND RATE LIMITED KEY GENERATION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for generating a device dependent cryptographic key in a rate-limited way. A system configured to practice the method first receives data associated with a user. The data associated with the user can be a password, a personal identification number (PIN), or a hash of the password. Then the system performs a first encryption operation on the user data based on a device-specific value to yield first intermediate data and performs a second encryption operation on the first intermediate data based on the device-specific value to yield second intermediate data. Then the system iteratively repeats the second encryption operation until a threshold is met, wherein each second encryption operation is performed on the second intermediate data from a previous second encryption operation. The iterations produce a final cryptographic key which the system can then output or use for a cryptographic operation.11-15-2012
20130121487System And Method For Deterministic Generation Of A Common Content Encryption Key On Distinct Encryption Units - Various embodiments of a system and method for deterministic generation of a common content encryption key on distinct encryption units are described. Embodiments may include, for each given content item of multiple content items that represent one or more portions of a common media object, controlling a different encryption unit of multiple distinct encryption units to i) generate a content encryption key for the given content item based on: a common base secret shared by the multiple distinct encryption units, and an identifier specific to the media object, and ii) encrypt the given content item with the respective content encryption key generated for that content item in order to generate a respective encrypted content item. Each content encryption key generated for a given content item may be equivalent to each other content encryption key such that decryption of each encrypted content item requires a common decryption key.05-16-2013
20110222686METHOD FOR ISSUING IC CARD STORING ENCRYPTION KEY INFORMATION - It is possible to issue an. IC card storing unique encryption key information in such a manner that re-issuing is enabled and sufficient security can be assured. An IC card provider X delivers an IC card having a group code G(A) to a company A and an IC card having a group code G(B) to a company B. When a company staff α inputs a unique personal code P(α) and performs initialization, in the IC card, calculation is performed according to a predetermined algorithm using the P(α) and G(A). Data uniquely determined by the calculation is stored as encryption key information K(α) in the IC card. Even if the company staff α loses the IC card, it is possible to obtain the IC card having the same encryption key information K(α) as before by performing initialization again by using the IC card delivered by the IC card provider X.09-15-2011
20130121488METHOD AND STORAGE DEVICE FOR PROTECTING CONTENT - A method for protecting content of a storage device including a memory for storing data and a controller for managing data input and output of the memory is provided, in which a Data Encryption Key (DEK) for encrypting the data stored in the memory is generated, an IDentifier (ID) of the memory is acquired, the DEK is encrypted using user secret information and the ID of the memory, and the encrypted DEK is stored in the memory.05-16-2013
20090208003Authentication Method, Host Computer and Recording Medium - According to one embodiment, a host computer updates the media key block MKB in a first updatable memory device in the case where the version number of the media key block MKB read from a recording medium is newer than that of the media key block MKB in the first updatable memory device. The host computer generates a medium unique key Kmu based on a media key Km calculated from the media key block MKB read from the recording medium and a media ID read from the recording medium. The host computer executes the authentication and key exchange AKE process with the recording medium based on the medium unique key Kmu.08-20-2009
20090208002PREVENTING REPLAY ATTACKS IN ENCRYPTED FILE SYSTEMS - Replay attacks in an encrypted file system are prevented by generating a session key and providing the session key to one or more drive managers and an encrypted file system process. When a drive request is received by the encrypted file system process the drive request is encrypted using the generated session key. The encrypted drive request is sent to a drive manager. The drive manager attempts to decrypt the drive request using the session key. If the encrypted drive request is successfully decrypted, then the drive manager performs the requested operation. On the other hand, if the request is not decrypted successfully, then the request is not performed by the drive manager. Drive managers can include both disk device drivers and a logical volume managers.08-20-2009
20090252322Method, medium, and system for encrypting and/or decrypting information of microarray - Provided is a method of encrypting information of a microarray. The method includes: acquiring genetic information of a person by scanning the microarray; generating a secret key for identifying the unique property of the person from the acquired genetic information; and encrypting the acquired genetic information by using the generated secret key. Accordingly, the method can prevent the leakage of the genetic information of the person and protect the person's privacy.10-08-2009
20080232583Vehicle Segment Certificate Management Using Shared Certificate Schemes - The present invention advantageously provides techniques to solve problems with combinatorial anonymous certificate management by addressing critical issues concerning its feasibility, scalability, and performance. Methods and procedures to manage IEEE 1609.2 anonymous and identifying cryptographic keys and certificates in the Vehicle Infrastructure Integration (VII) system are presented, along with methods for management of identifying and anonymous certificates in a partitioned Certificate Authority architecture designed to enhance vehicle privacy. Novel methods for vehicles to dynamically change an anonymous certificate for use while maintaining vehicle privacy are given. Refinements to basic combinatorial schemes are presented including probabilistic key replacement, rekey counter decrement, dynamic rekey threshold, geographic attack isolation and proofs of geographic position.09-25-2008
20120140922Method for Generating Private Keys in Wireless Networks - The first and second nodes in a wireless network estimate first and second channel response. The first node quantizes the first channel response to produce a first bit sequence, and a feed-forward message, which is transmit as a feed-forward message to the second node. The second node quantizes the second channel response using the feed-forward message to produce and an estimate of the first bit sequence, a second bit sequence and a feed-back message, which is transmitted to the first node. Then, the first and second nodes delete bits in the respective bit sequences using the feed-back and feed-forward message to generate first and second private keys with low bit mismatch rate.06-07-2012
20090316887DATABASE ENCRYPTION AND QUERY METHOD KEEPING ORDER WITHIN BUCKET PARTIALLY - A database encryption and query method keeping an order within a bucket partially, which encrypts and stores numeric data in a database, includes calculating a relative value of a plaintext within a bucket to which the plaintext is allocated; generating a first key value by producing a random number within the bucket; generating a second key value for defining a function having a bucket range of the bucket as an input; and changing the relative value based on the first and the second key value with keeping an order of the relative value partially to store the changed relative value. The first key value may be a value of separating order informations on the relative value. Further, the second key value may be a resultant value obtained by applying a mod 2 operation to the bucket size of the bucket.12-24-2009
20090316888PLAYING METHOD AND DEVICE OF DIGITAL RIGHT MANAGING MULTIMEDIA - A playing method of digital right managing multimedia is disclosed, in which the files of DRM multimedia to be played take a Page as a playing basic unit, when the operation of fast-forward/fast-reverse is triggered, the method comprises: determining time of fast-forward/fast-reverse; determining number of Pages of fast-forward/fast-reverse based on the time of fast-forward/fast-reverse; determining Page of target playing position based on the number of Pages of fast-forward/fast-reverse; calculating key stream of the Page of the target playing position based on prestored key data of the first Page; decrypting ciphertext of the Page of the target playing position based on the calculated key stream of the Page of the target playing position; and decoding the decrypted Page of the target playing position and playing the decrypted Page of the target playing position. A playing device is also provided. Therefore, the playing effect can be improved.12-24-2009
20100150343SYSTEM AND METHOD FOR ENCRYPTING DATA BASED ON CYCLIC GROUPS - A technique for performing data encryption for a cryptographic system that utilizes a cyclic group having an order is disclosed. The technique involves encoding a secret key into an encoded secret key using an encoding key, where the secret key and the product of the encoding key and the encoded secret key are congruent modulo the order of the cyclic group, serially encrypting a message into an encrypted message using the encoded secret key and the encoding key, and transmitting the encrypted message to a destination.06-17-2010
20100158245IMPLICIT ITERATION OF KEYED ARRAY SYMBOL - The use of a data structure that is a symbolic representation of a keyed array that has an array variable and an associated key variable. There is a correlation maintained between the variable type of the array variable and the corresponding keying set that is to be bound to the associated key variable. The keyed array may remain unbound thereby being simply symbolically represented, or the keying set may be bound to the key variable more immediately. In one embodiment, once the keying set is bound to the key variable, data may be bound to the array variable itself. This may be repeated for multiple keyed arrays. The data from multiple keyed arrays may be operated upon to about another array of values, which may then be aggregated in some way.06-24-2010
20120140921RSA-ANALOGOUS XZ-ELLIPTIC CURVE CRYPTOGRAPHY SYSTEM AND METHOD - The RSA-analogous XZ-elliptic curve cryptography system and method provides a computerized system and method that allows for the encryption of messages through elliptic polynomial cryptography and, particularly, in a manner which is analogous to RSA cryptography but which does not require multiple private keys, as in the RSA scheme. The RSA-analogous XZ-elliptic curve cryptography method is based on the integer factorization problem. It is well known that the integer factorization problem is a computationally “difficult” or “hard” problem.06-07-2012
20090110192SYSTEMS AND METHODS FOR ENCRYPTING PATIENT DATA - Certain embodiments of the present invention provide a method for protecting electronic patient data in a healthcare environment. The method includes selecting the patient data to be protected, selecting a biometric identifier from a patient, generating an encryption key based on the biometric identifier, and encrypting the patient data. The method may also include authenticating the encrypted patient data. The biometric identifier may be a DNA sequence. The method may also include applying a hash function to the DNA sequences to obtain a hash value. The encryption key may be based at least in part on the hash value.04-30-2009
20100014662METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT FOR PROVIDING TRUSTED STORAGE OF TEMPORARY SUBSCRIBER DATA - A method for providing trusted storage of temporary subscriber data may include receiving a value indicative of a temporary identity associated with a device, encrypting the value with a randomly generated encryption key to generate an encrypted value, storing the encrypted value in an identity module in removable communication with the device, and storing the encryption key in the device.01-21-2010
20090116641ACCESS CONTROL KEY MANAGEMENT IN A VIRTUAL WORLD - Access control key management in a virtual world that includes generating a key for access to a virtual space, a service, an event, or an item in a virtual world, assigning one or more parameters to the key, providing the key to an avatar in the virtual world, and accessing the virtual space, the service, or the item by the avatar using the key in accordance with the one or more parameters. The one or more parameters may include a type parameter, a frequency parameter, a duration parameter, or a value parameter. The avatar may be denied access if the duration parameter has expired and may be allowed access while the duration parameter has not expired. The one or more parameters may be determined responsive to rules associated with the virtual space, the service, the event or the item.05-07-2009
20090116642METHOD AND DEVICE FOR GENERATING LOCAL INTERFACE KEY - A method for generating a local interface key includes: generating a variable parameter; and deriving the local interface key, according to the variable parameter generated and related parameters for calculating the local interface key. The method simplifies the process in which the terminal obtains the local interface key and the system resources are saved. Moreover, the local interface key is derived through the variable parameter and the valid key information. Thus, the security level between the UICC and the terminal is ensured.05-07-2009
20090323940METHOD AND SYSTEM FOR MAKING INFORMATION IN A DATA SET OF A COPY-ON-WRITE FILE SYSTEM INACCESSIBLE - Information in a data set of a copy-on-write file system may be made inaccessible. A first key for encrypting a data set of a copy-on-write file system is generated and wrapped with a second key. An encrypted data set is created with the first key. The wrapped first key is stored with the encrypted data set. A command to delete the encrypted data set is received and the second key is altered or changed to make information in the encrypted data set of the copy-on-write file system inaccessible.12-31-2009
20100183148RECORDING KEYS IN A BROADCAST-ENCRYPTION-BASED SYSTEM - According to one embodiment of the present invention, a method for protecting content in a broadcast-encryption-based system, where the devices in the system receive a recording key table. Each device generates a set of recording keys from the recording key table using a media key variant calculated from the broadcast encryption system's media key block. The digital content is encrypted in a title key picked by the recorder. The selected title key is also encrypted in each one of the recorder's generated recording keys. To play back the content, a player uses one of its generated recording keys to decrypt the title key and the decrypt the content. The recording key table is designed so that any two devices are guaranteed to have at least one key in common during normal operation, although during a forensic situation, this rule can be abandoned.07-22-2010
20110129087System and Method for Encrypting and Decrypting Data - A method is provided for creating an encrypted data file from a data file having a sample entry box and a media data box. The sample entry box has description information therein. The media data box includes media data therein. The method includes: receiving the data file; encrypting the media data within the media data box with an encryption key; replacing the sample entry box with an encoded box; creating a sinf box within the encoded box; creating a form a box within the sinf box; and creating an schm box within the sinf box. The schm box indicates the type of formatting of the encrypted media data. The encoded box does not include an initial counter that may be used to decrypt the encrypted media data.06-02-2011
20100290618 Method and Apparatus for Authenticating a User - A method of generating a private key for use in an authentication protocol comprises, at a client: receiving a user specific identifier; converting the identifier through a one-way function to a string of a pre-determined length; and mapping said string to a permutation π11-18-2010
20100239087ENCRYPTING VARIABLE-LENGTH PASSWORDS TO YIELD FIXED-LENGTH ENCRYPTED PASSWORDS - According to one embodiment, encrypting passwords includes performing the following for each input password of a plurality of input passwords to yield encrypted passwords, where at least two input passwords have different lengths and the encrypted passwords have the same length. An input password and a random number are received at logic configured to perform a key derivation operation comprising a pseudorandom function. An encryption key is derived from the input password and the random number according to the key derivation operation. The encryption key and a user identifier are received at logic configured to perform a cipher-based message authentication code (CMAC) function. An encrypted password is generated from the encryption key and the user identifier according to the CMAC function.09-23-2010
20100220857SYSTEM AND METHOD FOR REGISTERING SECRET KEY - A secret key registration system which registers a secret key in a portable key device and vehicle. A first transformation equation is stored in a writer and the vehicle. A second transformation equation is stored in the portable key device and the vehicle. The writer transmits a registration code to the portable key device and generates intermediate data with the first transformation equation of the writer. The intermediate data is transmitted to the portable key device, which generates the secret key from the intermediate data with the second transformation equation. The portable key device transmits the registration code to the vehicle. The vehicle generates intermediate data from the registration code with the first transformation equation of the vehicle, and then generates the secret key from the intermediate data with the second transformation equation.09-02-2010
20100254533SIMPLIFIED SECURE SYMMETRICAL KEY MANAGEMENT - Nodes of a network are each provided with a seed value and a seed identifier. Each seed value has a corresponding unique seed identifier which is maintained within the system. Within each authorized node, the seed value is combined with a local node identifier, such as a serial number or other unique identifier, to form a cryptographic key that is then used by the node to encrypt and/or decrypt data transmitted and received by that node. The cryptographic key is never transmitted over the network, and each node is able to create a different cryptographic key for use in communicating with other nodes.10-07-2010
20100208890CONTENT DISTRIBUTION APPARATUS, CONTENT USE APPARATUS, CONTENT DISTRIBUTION SYSTEM, CONTENT DISTRIBUTION METHOD AND PROGRAM - There is provided a content distribution apparatus which includes an encrypting part for encrypting data of each of a plurality of segments divided in content data with a segment key generated from information unique to the segment, and a license generator for generating a license that allows generation of the segment key for one or more segments to which the data contained in a certain data area in the content data belongs.08-19-2010
20100208888PASSWORD KEY DERIVATION SYSTEM AND METHOD - A password-based key derivation function includes a sub-function that gets executed multiple times based on an iteration count. A key derivation module computes the iteration count dynamically with each entered password. The iteration count is computed as a function of the password strength. Specifically, the weaker the password, the higher the iteration count; but the stronger the password, the smaller the interaction count. This helps strengthen weaker passwords without penalizing stronger passwords.08-19-2010
20100061550DATA PROCESSING APPARATUS - To improve a technology of encryption for a data processing apparatus in order to reduce a possibility of having communication broken by a third party. The data processing apparatus encrypts subject data to render it as encrypted data and records it on a predetermined recording medium, and also decrypts the encrypted data recorded on the recording medium to change it back to the subject data. When performing the encryption, an algorithm and a key to be used for the encryption are generated by using solutions which are sequentially generated by assigning past solutions to a solution generating algorithm. The solutions are erased at a stage where it is no longer necessary to assign them to the solution generating algorithm anew.03-11-2010
20100014663Strengthened public key protocol - A method of determining the integrity of a message exchanged between a pair of correspondents. The message is secured by embodying the message in a function of a public key derived from a private key selected by one of the correspondents. The method comprises first obtaining the public key. The public key is then subjected to at least one mathematical test to determine whether the public key satisfies predefined mathematical characteristics. Messages utilizing the public key are accepted if the public key satisfies the predefined mathematical characteristics.01-21-2010
20090074182INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, RECORDING MEDIUM, AND PROGRAM - The present invention relates to an information processing apparatus, an information processing method, a recording medium, and a program for importing and exporting a content with information missing controlled. A CPU extracts a sound track contained in the content in step S03-19-2009
20090074183INFORMATION PROCESSING APPARATUS, ELECTRONIC DEVICE, INFORMATION PROCESSING METHOD AND INFORMATION PROCESSING MEDIUM - The usage restriction of a first content which has already been distributed is made to efficiently function when processing in which a second content refers to the first content is performed. A secret key and a public key are generated for a first content, the public key is added to the first content to transmit the first content, and when a second content which wants to refer to the first content is generated, a signature from a administrator of the first content by the secret key generated at the time of broadcasting the first content is requested on a predetermined data added to the second content. When the signature is given, the second content to which the signed predetermined data is added is transmitted. On the receiving side, by employing the public key added to the first content, processing that collates the signature on the predetermined data added to the second content is performed, and when the collation succeeds, a predetermined processing is given to the stored first content to output the first content based upon the instruction of the second content.03-19-2009
20100220856PRIVATE PAIRWISE KEY MANAGEMENT FOR GROUPS - In an example embodiment, a key generation system (KGS) is used to generate private pairwise keys between peers belonging to a group. Each member of the group is provisioned with a set of parameters which allows each member to generate a key with any other member of the group; however, no group member can derive a key for pairings involving other group members. The private pairwise keys may be used to derive session keys between peers belonging to the group. Optionally, an epoch value may be employed to derive the private pairwise keys.09-02-2010
20090141890DIGITAL AUTHENTICATION OVER ACOUSTIC CHANNEL - Apparatus and method are disclosed for digital authentication and verification. In one embodiment, authentication involves storing a cryptographic key and a look up table (LUT), generating an access code using the cryptographic key; generating multiple parallel BPSK symbols based upon the access code; converting the BPSK symbols into multiple tones encoded with the access code using the LUT; and outputting the multiple tones encoded with the access code for authentication. In another embodiment, verification involves receiving multiple tones encoded with an access code; generating multiple parallel BPSK symbols from the multiple tones; converting the BPSK symbols into an encoded interleaved bit stream of the access code; de-interleaving the encoded interleaved bit stream; and recovering the access code from the encoded de-interleaved bit stream.06-04-2009
20090110191Techniques For Encrypting Data On Storage Devices Using An Intermediate Key - A data storage device encrypts data stored in non-volatile memory using a bulk encryption key. The data storage device uses a key derivation function to generate an initial encryption key. The data storage device then wraps an intermediate encryption key with the initial encryption key and stores the wrapped intermediate key in the non-volatile memory. The data storage device wraps the bulk encryption key with the intermediate encryption key and stores the wrapped bulk encryption key in the non-volatile memory. The data storage device can unwrap the wrapped intermediate key to generate the intermediate encryption key using the initial encryption key. The data storage device can unwrap the wrapped bulk encryption key to generate the bulk encryption key using the intermediate encryption key. The data storage device decrypts data stored in the non-volatile memory using the bulk encryption key.04-30-2009
20080304660IMAGE FORMING APPARATUS ALLOWING EASY MANAGEMENT RELATING TO USER'S USAGE12-11-2008
20090147949UTILIZING CRYPTOGRAPHIC KEYS AND ONLINE SERVICES TO SECURE DEVICES - The claimed subject matter in accordance with an aspect provides systems and/or methods that generates, allocates, or utilizes strong symmetric cryptographic keys to secure storage devices. The system can include components that determine whether a storage device with an associated credential cache has been affiliated with the system. The system extracts authentication information included within the credential cache and establishes communications with a web service that utilizes the authentication information to generate and return a set strong symmetric cryptographic keys to the system. The system employs one of the set of strong symmetric cryptographic keys to encrypt or decrypt the storage device to make content persisted on the storage device available and thereafter removes the distributed set of strong symmetric cryptographic keys from the system.06-11-2009
20090103722APPARATUS AND METHOD TO PROVIDE SECURE COMMUNICATION OVER AN INSECURE COMMUNICATION CHANNEL FOR LOCATION INFORMATION USING TRACKING DEVICES - A system for securing information. The system includes a first tracking device associated with an object or an individual. In one embodiment, the first tracking device generates independently a synchronous secret key and a server generates independently the synchronous secret key. Over an insecure communication channel, the server communicates an asynchronous vector pair encrypted with the synchronous secret key with the tracking device. To securely communicate information, messages are encrypted and decrypted using the asynchronous vector pair between the tracking device and the server. To further secure message information, a set of random numbers may be further utilized with the asynchronous vector pair to further encrypt and decrypt the messages communicated between the tracking device and the server.04-23-2009
20110129088METHOD AND SYSTEM FOR AUTHENTICATING A MOBILE TERMINAL IN A WIRELESS COMMUNICATION SYSTEM - A method and system for authenticating in a wireless communication system. The system includes a Mobile Terminal (MT), an authenticator, and an Authentication, Authorization, Accounting (AAA) server. When the authenticator requests NAI information for authentication, the MT adds an authentication code to the NAI, and sends a response message including the NAI information to the authenticator. The authenticator relays the NAI to which the authentication code is added, to the AAA server. The AAA server extracts the authentication code from the NAI information, verifies the authentication of the MT, generates a new authentication key, and transmits the new authentication key to the authenticator.06-02-2011
20100296651ENCRYPTION APPARATUS AND METHOD THEREFOR - An encryption apparatus (11-25-2010
20100310070Generation and Use of a Biometric Key - In a control system comprising control device adapted for, on the one hand, receiving signal indicating a first biometric datum (W), and, on the other hand, obtaining a second biometric datum captured (w′), at the level of the control device, the first and second biometric date are compared. Next, it is decided whether the first and second biometric data correspond on the basis of the comparison. Thereafter, at least a secret cryptographic key part (H(w)) is generated by applying cryptographic function to the first biometric datum.12-09-2010
20130136258Encrypting Data for Storage in a Dispersed Storage Network - A method begins by a dispersed storage (DS) processing module encrypting a plurality of data segments of the data using a plurality of encryption keys to produce a plurality of encrypted data segments and generating a plurality of deterministic values from the plurality of encrypted data segments. The method continues with the DS processing module establishing a data intermingling pattern and generating a plurality of masked keys by selecting one or more of the plurality of deterministic values in accordance with the data intermingling pattern and performing a masking function on the plurality of encryption keys and the selected one or more of the plurality of deterministic values. The method continues with the DS processing module appending the plurality of masked keys to the plurality of encrypted data segments to produce a plurality of secure data packages and outputting the plurality of secure data packages.05-30-2013
20100310069System and method for secure communication of components inside self-service automats - Method to secure the communication of components within self-service automats that are linked to each other by a bus system, having a transmitter and a receiver, characterized in that data are exchanged as tuples (C,A,R,N,Z) on the transport layer of the bus system where 12-09-2010
20100322416SYSTEM, APPARATUS AND METHOD FOR LICENSE KEY PERMUTATION - A system and method of dynamically altering the encoding, structure or other attribute of a cryptographic key, typically a license activation key, to render useless keys that have been created by illegal key generation “cracks”. An encoding/decoding engine provides a plurality of key obfuscation algorithms that may alter the structure, encoding or any other attribute of a given key. A changeable combination code is supplied to the encoding/decoding engine that specifies a subset of the algorithms to apply during the encoding or decoding phase. The encoding engine is used during key generation and the decoding engine used during key usage. The same combination code must be used during decoding as was used during encoding to recover the original key or a valid key will not be recovered. Thus, a system can be rapidly re-keyed by selecting a new combination of encoding/decoding algorithms. The selection of algorithms comprises a combination code. The new combination code will result in keys that are incompatible with any existing illegal key generators.12-23-2010
20090067623Method and apparatus for performing fast authentication for vertical handover - A method and apparatus for performing fast authentication for a vertical handover are provided. The method includes requesting a handover from a serving network to a target network and generating a derivative Master Session Key (MSK) for key generation, and transmitting the derivative MSK to the target network. Accordingly, a key negotiation process can start by skipping an access authentication process. Therefore, there is an advantage in that a fast authentication process can be achieved.03-12-2009
20090067622METHOD AND APPARATUS FOR PROTECTING CONTENT CONSUMER'S PRIVACY - Provided is a method of protecting a content consumer's privacy. The method includes classifying contents into content groups, encrypting the contents using different encryption keys, generating a plurality of decryption keys each of which can decrypt all contents in each of the content groups, and provides the generated decryption keys to authorized clients, wherein each client is provided with a different decryption key.03-12-2009
20110019818SYSTEM FOR LOCKING ELECTRONIC DEVICE AND METHOD THEREOF - A system for locking an electronic device is provided. The system includes an electronic device, and electronic keys electrically connected to the electronic device. The electronic key includes a plurality of resistors which are connected in series, the resistance value of the electronic key is changeable by coupling different resistors of the electronic key. The electronic device comprises of a processing unit and a function key. When the function key produces locking command in response to user operation, the processing unit obtains the resistance value of the electronic key and produce encryption key according to the obtained resistance value to unlock the electronic device. When the function key produces unlocking command, the processing unit decodes the encryption key and unlocks the electronic device when determining the obtained value matches the decoded encryption key.01-27-2011
20090034722METHOD OF ENCRYPTING AND DECRYPTING DATA STORED ON A STORAGE DEVICE USING AN EMBEDDED ENCRYPTION/DECRYPTION MEANS - A method of encrypting data is provided that uses a medium key retrieved from a storage medium. The medium key is combined with another key to generate a combination key. Content is encrypted according to the combination key and written to the storage medium.02-05-2009
20110116627Fast Key-changing Hardware Apparatus for AES Block Cipher - A fast key-changing hardware apparatus, which generates one sub-key each clock cycle, which is used by advanced encryption system (AES) algorithm block cipher, is independent from the AES algorithm block cipher. The invented apparatus automatically generate expanded keys from the input cipher key, store them in the key expanded RAM and ready to be used by the AES algorithm block cipher. If the key changing and the key expanding speed in the fast key-changing device is as fast as the data block (i.e. 128, 192, or 256 bits) processing speed in the AES algorithm block cipher, the cipher system has the characteristic of one-time pad perfect cryptography. When using this device with a fixed key cipher system, the original input cipher key can be detached or destroyed from the system and guarantees the safety of the cipher key.05-19-2011
20110116628Cryptographic key split binder for use with tagged data elements - A process of cryptographically securing a data object including one or more respectively tagged data elements includes selecting a tagged data element from among a plurality of tagged data elements, based on an associated data tag. A plurality of cryptographic key splits is generated from seed data. The cryptographic key splits are bound together to produce a first cryptographic key. A second cryptographic key is generated based on security requirements of the data object. The tagged data element is encrypted using the first cryptographic key. The data object encrypting using the second cryptographic key. At least one of the cryptographic key splits is based on the associated data tag.05-19-2011
20110116629METHODS, APPARATUSES AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING MULTI-HOP CRYPTOGRAPHIC SEPARATION FOR HANDOVERS - A method, apparatus and computer program product are provided to provide cryptographical key separation for handovers. A method is provided which includes calculating a key based at least in part upon a previously stored first intermediary value. The method also includes calculating a second intermediary value based at least in part upon the calculated key. The method additionally includes sending a path switch acknowledgement including the second intermediary value to a target access point. The method may further include receiving a path switch message including an indication of a cell identification and calculating the encryption key based upon the indication of the cell identification. The method may further include storing the second intermediary value. The calculation of the key may further comprise calculating the key following a radio link handover. Corresponding apparatuses and computer program products are also provided.05-19-2011
20110085660AES ALGORITHM-BASED ENCRYPTION APPARATUS AND METHOD FOR MOBILE COMMUNICATION SYSTEM - A method and apparatus for improving hardware flexibility for encrypting data based on the Advanced Encryption Standard (AES) block algorithm is provided. An encryption apparatus is equipped with a shared logic including a mode detector which detects a current AES mode performed by an AES block algorithm, a shared hardware for use in the detected AES mode, and a key controller which generates a key for performing encryption/decryption in the AES mode.04-14-2011
20110085659Method and apparatus for generating a signature for a message and method and apparatus for verifying such a signature - A method of generating a signature σ for a message m, the method enabling online/offline signatures. Two random primes p and q are generated, with N=pq; two random quadratic residues g and x are chosen in Z*04-14-2011
20130156182Cryptographic Key Generation - A technique for generating a cryptographic key is provided. The technique is particularly useful for protecting the communication between two entities cooperatively running a distributed security operation. The technique comprises providing at least two parameters, the first parameter comprising or deriving from some cryptographic keys which have been computed by the first entity by running the security operation; and the second parameter comprising or deriving from a token, where the token comprises an exclusive OR of a sequence number (SQN) and an Anonymity Key (AK). A key derivation function is applied to the provided parameters to generate the desired cryptographic key.06-20-2013
20130156184SECURE EMAIL COMMUNICATION SYSTEM - The present invention provides a method and system for securing a digital data stream. A first key of a first asymmetric key pair from a key store remote from a host node is received at the host node. A dynamically generated key is received at the host node, which is used to encipher the digital data stream. The dynamically generated key is enciphered with the first key of the first asymmetric key pair. The enciphered digital data stream and the enciphered dynamically generated key are stored remotely from the host node and the key store.06-20-2013
20120243681SECURE COMMUNICATION SYSTEM - A method of encrypting data to be accessed only by a group of users comprises a user in the group receiving a user secret s09-27-2012
20090214030Apparatus and Method for Processing Fragmented Cryptographic Keys - A system includes a set of private key fragments distributed across a set of networked resources. Each private key fragment independently produces a fractional cryptographic result. A combination module on a designated networked resource combines a sufficient number of fractional cryptographic results to produce an operable cryptographic result. A method includes generating a set of private key fragments. The set of private key fragments is located across a set of networked resources. Fractional cryptographic results are produced at the set of networked resources. The fractional cryptographic results are combined to produce an operable cryptographic result.08-27-2009
20100158247METHOD AND SYSTEM FOR SECURE STORAGE, TRANSMISSION AND CONTROL OF CRYPTOGRAPHIC KEYS - A system and method are described supporting secure implementations of 3DES and other strong cryptographic algorithms. A secure key block having control, key, and hash fields safely stores or transmits keys in insecure or hostile environments. The control field provides attribute information such as the manner of using a key, the algorithm to be implemented, the mode of use, and the exportability of the key. A hash algorithm is applied across the key and control for generating a hash field that cryptographically ties the control and key fields together. Improved security is provided because tampering with any portion of the key block results in an invalid key block. The work factor associated with any manner of attack is sufficient to maintain a high level of security consistent with the large keys and strong cryptographic algorithms supported.06-24-2010
20090214028Generating Session Keys - A method and apparatus for generating shared session keys. The method and apparatus does not rely on strong random number generation. The first node sends a timestamp and random sequence to the second node. The second node generates a message authentication code (MAC) using this data and a shared secret key. The MAC is then used to encrypt a reply containing a second timestamp and second random sequence from the second node. The first node receives this message and decrypts it by generating the same MAC. Both nodes then generate a session key using the shared set of timestamps and random sequences.08-27-2009
20110123021SURROGATE KEY GENERATION USING CRYPTOGRAPHIC HASHING - The present invention relates to a method or system of generating a surrogate key using cryptographic hashing. One embodiment of the method of the present invention may have steps such as selecting a field or group of fields that is or are unique among all records in the database, for each record, extracting the data from the fields, concatenating the extracted data into an input message, running the input message through a hash generator, either in batches or one at a time, for testing purposes perhaps, and outputting a surrogate key.05-26-2011
20100020965METHOD FOR SPEEDING UP THE COMPUTATIONS FOR CHARACTERISTIC 2 ELLIPTIC CURVE CRYPTOGRAPHIC SYSTEMS - In some embodiments, an apparatus and method for speeding up the computations for characteristic 2 elliptic curve cryptographic systems are described. In one embodiment, a multiplication routine may be pre-computed using a one iteration graph-based multiplication according to an input operand length. Once pre-computed, the multiplication routine may be followed to compute the products of the coefficients of the polynomials representing a carry-less product of two input operands using a carry-less multiplication instruction. In one embodiment, the pre-computed multiplication routines may be used to extend a carry-less multiplication instruction available from an architecture according to an input operand length of the two input operands. Once computed, the carry-less product polynomial produces a remainder when the product is computed modulo a programmable polynomial that defines the elliptic cryptographic system to form a cryptographic key. Other embodiments are described and claimed.01-28-2010
20100014664Cryptographic Processing Apparatus, Cryptographic Processing Method, and Computer Program - To realize a common-key block cipher process configuration with increased difficulty of key analysis and improved security. In a configuration for storing in a register an intermediate key generated by using a secret key transformation process and performing a transformation process on the register-stored data to generate a round key, a process of swapping (permuting) data segments constituting the register-stored data is executed to generate a round key. For example, four data segments are produced so that two sets of data segments having an equal number of bits are set, and a process of swapping the individual data segments is repeatedly executed to generate a plurality of different round keys. With this configuration, the bit array of each round key can be effectively permuted, and round keys with low relevance can be generated. A high-security cryptographic process with increased difficulty of key analysis can be realized.01-21-2010
20090202068MEDIA SECURITY THROUGH HARDWARE-RESIDENT PROPRIETARY KEY GENERATION - A method, system and apparatus of an author website in a commerce environment are disclosed. In one embodiment, a system includes a host processor; a first security circuit to re-encrypt a work of authorship protected by an encryption standard using a proprietary key after an authorization module uses an algorithm of the encryption standard to verify that the system has permission to playback the work of authorship; a system memory to store a proprietary encrypted content generated through the re-encryption process of the first security circuit; and a second security circuit of a display module to independently generate the proprietary key using an index pointer provided from the first security circuit to the second security circuit through the host processor and to decrypt the proprietary encrypted content of the system memory using the independently generated proprietary key.08-13-2009
20090323942METHOD FOR PAGE- AND BLOCK BASED SCRAMBLING IN NON-VOLATILE MEMORY - A method and system for programming and reading data with reduced read errors in a memory device. In one approach, date to be written to the memory device is scrambled using a first pseudo random number which is generated based on a page of the memory device to which the data is to be written, to provide first scrambled data, which is scrambled using a second pseudo random number which is generated based on a block of the memory device to which the data is to be written. This avoids bit line-to-bit line and block-to-block redundancies which can result in read errors. The data may also be scrambled using a third pseudo random number that depends on a section within a page. Scrambling may also be based on one or more previous pages which were written.12-31-2009
20090323941SOFTWARE COPY PROTECTION VIA PROTECTED EXECUTION OF APPLICATIONS - Methods and apparatus to provide a tamper-resistant environment for software are described. In some embodiments, procedures for verifying whether a software container is utilizing protected memory and is associated with a specific platform are described. Other embodiments are also described.12-31-2009
20100008498ENCRYPTION PROCESSING APPARATUS, ENCRYPTION METHOD, AND COMPUTER PROGRAM - A common-key blockcipher processing structure that makes analysis of key more difficult and enhances security and implementation efficiency is realized. In a key scheduling part in an encryption processing apparatus that performs common-key blockcipher processing, a secret key is input to an encryption function including a round function employed in an encryption processing part to generate an intermediate key, and the result of performing bijective transformation based on the intermediate key, the secret key, and the like and the result of performing an exclusive-OR operation on the bijective-transformed data are applied to round keys. With this structure, generation of round keys based on the intermediate key generated using the encryption function whose security has been ensured is performed, thereby making it possible to make analysis of the keys more difficult. The structure of the key scheduling part can be simplified, thereby making it possible to improve the implementation efficiency.01-14-2010
20100054463COMMUNICATION SYSTEM AND METHOD FOR PROTECTING MESSAGES BETWEEN TWO MOBILE PHONES - A communication system and method for protecting messages between two mobile phones are provided. The method sets protective parameters in a first mobile phone, generates an encryption key and a decryption key according to the protective parameters, stores the decryption key into a storage device of the first mobile phone, and registers the encryption key to a second mobile phone through a wireless network. The method further encrypts a short message into an encrypted message in the second mobile phone according to the encryption key, and sends the encrypted message to the first mobile phone through the wireless network. In addition, the method decrypts the encrypted message to a readable message when the first mobile phone receives the encrypted message, and displays the readable message on a display screen of the first mobile phone.03-04-2010
20100034376INFORMATION MANAGING SYSTEM, ANONYMIZING METHOD AND STORAGE MEDIUM - After anonymization of individual information such as clinical data, only the owner of a specimen data or the owner of a browsing right can identify data stored or related to it after the anonymization. Therefore, in an unlinkable anonymizing method, a uni-directional function such as a hash value calculation is applied to a combination data of related information such as an individual identifiable ID number or data, ID information and a key symbol in case of the anonymization, or a relational data such as a specimen number from only which an individual cannot be identified. A correspondence table of the anonymization number and the individual information is deleted. An estimation of an original individual or a specimen number from the anonymization number is prevented by use of uni-directional function. The access to the data after the anonymization is limited only to the owner who knows anonymization key data or the mandatory of the information.02-11-2010
20110150213WHITE-BOX IMPLEMENTATION - A system for enabling a device to compute an outcome of an exponentiation C06-23-2011
20110103581METHOD AND APPARATUS FOR GENERATING NON-INTERACTIVE KEY AND METHOD FOR COMMUNICATION SECURITY USING THE SAME - A method and apparatus for generating a non-interactive key, and a method for communication security using the same. A event is detected, and keys are generated based on the detected event. Thus, keys are generated using a small number of calculating operations with a simple interface and thus a user may easily generate the keys, and the performance of an apparatus using the keys is improved. In addition, the keys are generated without wireless interaction between nodes, thereby improving communication security.05-05-2011
20120201377Authenticated Mode Control - Methods and systems for authenticated mode control in controlled devices are disclosed. A method for changing a mode in a controlled device from a current mode includes selecting one of several available key derivation functions based on a target mode, generating a target mode specific root key using a global root key and the selected key derivation function, and the use of that root key to affect a change of the controlled device to a target mode. Corresponding devices and systems are also disclosed. In one embodiment, the methods are applicable to a cable television distribution system and the changing of the operating mode of a set top box from one conditional access provider to another.08-09-2012
20110033045COUNTERMEASURE METHOD FOR PROTECTING STORED DATA - A method of read or write access by an electronic component of data, including generating a first secret key for a first data of an ordered list of data to access, and for each data of the list, following the first data, generating a distinct secret key by means of a deterministic function applied to a secret key generated for a previous data of the list, and the application of a cryptographic operation to each data to be read or to be written of the list, carried out by using the secret key generated for the data.02-10-2011
20100254534METHOD AND APPARATUS FOR ESTABLISHING A KEY AGREEMENT PROTOCOL - A system and method for generating a secret key to facilitate secure communications between users. A first and second and a function between the two monoids are selected, the function being a monoid homomorphism. A group and a group action of the group on the first monoid is selected. Each user is assigned a submonoid of the first monoid so that these submonoids satisfy a special symmetry property determined by the function, a structure of the first and second monoids, and the action of the group. A multiplication of an element in the second monoid and an element in the first monoid is obtained by combining the group action and the monoid homomorphism. First and second users choose private keys which are sequences of elements in their respective submonoids. A first result is obtained by multiplying an identity element by the first element of the sequence in a respective submonoid. Starting with the first result, each element of the user's private key may be iteratively multiplied by the previous result to produce a public key. Public keys are exchanged between first and second users. Each user's private key may be iteratively multiplied by the other user's public key to produce a secret key. Secure communication may then occur between the first and second user using the secret key.10-07-2010
20100098249METHOD AND APPARATUS FOR ENCRYPTING DATA AND METHOD AND APPARATUS FOR DECRYPTING DATA - Provided are a method and apparatus for encrypting data, and a method and apparatus for decrypting data. The method of encrypting data includes generating an encryption key by using current time information indicating a current time, encrypting data by using the generated encryption key, and transmitting the encrypted data.04-22-2010
20110211690PROTOCOL FOR PROTECTING CONTENT PROTECTION DATA - Through the use of a one-time-use nonce, the transfer of cryptographic data over a potentially insecure link in a two-factor content protection system is avoided. The nonce may be stored encrypted with a public key from a smart card. A random key may be used to produce a storage key, which is used to encrypt a content protection key. The random key may be stored, encrypted with a key derived from the nonce. Instead of receiving a raw content protection key over the potentially insecure link, the raw nonce is received and, once used, replaced with a new nonce.09-01-2011
20120201376COMMUNICATION DEVICE AND KEY CALCULATING DEVICE - According to one embodiment, a communication device, which is connected to an external device, includes a key storage unit, an acquiring unit, a key selecting unit, and a calculating unit. The key storage unit stores therein a plurality of first information items obtained by twisting a plurality of device keys with first identification information for identifying the communication device. The acquiring unit acquires second identification information for identifying the external device. The key selecting unit selects one of the plurality of first information items using a media key block process. The calculating unit calculates a shared key, which is shared with the external device, using second information item obtained by twisting the selected first information item with the second identification information.08-09-2012
20090190754System and methods for permitting open access to data objects and for securing data within the data objects - A system and methods for permitting open access to data objects and for securing data within the data objects is disclosed. According to one embodiment of the present invention, a method for securing a data object is disclosed. According to one embodiment of the present invention, a method for securing a data object is disclosed. The method includes the steps of (1) providing a data object comprising digital data and file format information; (2) embedding independent data into a data object; and (3) scrambling the data object to degrade the data object to a predetermined signal quality level. The steps of embedding and scrambling may be performed until a predetermined condition is met. The method may also include the steps of descrambling the data object to upgrade the data object to a predetermined signal quality level, and decoding the embedded independent data. The additional steps of descrambling and decoding may be performed until a predetermined condition is met. The predetermined condition may include, for example, reaching a desired signal quality of the data object.07-30-2009
20090141889DATA PROCESSING APPARATUS - To improve encryption technology for a data processing apparatus in order to reduce a possibility of having communication broken by a third party. The data processing apparatus encrypts subject data and renders it as encrypted data to record it on a predetermined recording medium, and decrypts the encrypted data recorded on the recording medium to change it back to the subject data. The encryption is performed in units of plain text cut data generated by cutting the subject data by a predetermined number of bits, where the number of bits of the plain text cut data is varied and dummy data of a size having the number of bits matching with a piece of the plain text cut data of the largest number of bits is mixed with pieces of the plain text cut data other than that of the largest number of bits out of the plain text cut data.06-04-2009
20110176675Method and system for protecting keys - A method of protecting a media key including obtaining the media key, obtaining an auxiliary key, calculating a split key using the media key and the auxiliary key, encrypting the split key using a wrap key to generate an encrypted split key, assembling the encrypted split key and a communication key to obtain a data bundle, and sending the data bundle to a token, where the media key is extracted from the data bundle on the token to protect data on a storage device.07-21-2011
20090080650SECURE EMAIL COMMUNICATION SYSTEM - The present invention provides a method and system for securing a digital data stream. A first key of a first asymmetric key pair from a key store remote from a host node is received at the host node. A dynamically generated key is received at the host node, which is used to encipher the digital data stream. The dynamically generated key is enciphered with the first key of the first asymmetric key pair. The enciphered digital data stream and the enciphered dynamically generated key are stored remotely from the host node and the key store.03-26-2009
20120063593OBLIVIOUS TRANSFER WITH HIDDEN ACCESS CONTROL LISTS - A method, apparatus, and a computer readable storage medium having computer readable instructions to carry out the steps of the method for anonymous access to a database. Each record of the database has different access control permissions (e.g. attributes, roles, or rights). The method allows users to access the database record while the database does not learn who queries a record. The database does not know which record is being queried: (i) the access control list of that record or (ii) whether a user's attempt to access a record had been successful. The user can only obtain a single record per query and only those records for which he has the correct permissions. The user does not learn any other information about the database structure and the access control lists other than whether he was granted access to the queried record, and if so, the content of the record.03-15-2012
20100329452Generation of key streams in wireless communication systems - Security key stream generation in a communication apparatus. The method includes using a count parameter and a bearer parameter as input, value of said count parameter being incremented as security key streams are generated and value of the count parameter having a finite maximum value; detecting value of the count parameter reaching a predetermined value; and responsive to the detecting, changing value of the bearer parameter into a new value, and resetting value of the count parameter to a value below the maximum value.12-30-2010
20100329454ENCRYPTION PARAMETER SETTING APPARATUS, KEY GENERATION APPARATUS, CRYPTOGRAPHIC SYSTEM, PROGRAM, ENCRYPTION PARAMETER SETTING METHOD, AND KEY GENERATION METHOD - A sophisticated cryptographic system is realized without using a pairing operation on a composite order. A random matrix selection unit 12-30-2010
20100329453ROUNDING FOR SECURITY - A system may generate from a first value, based on rounding information, a first security key that matches a second security key whenever the first value and a second value from which the second security key is generated differ by less than a non-zero predetermined amount. The second security key may be generated from the second value rounded to a multiple of a rounding interval that is nearest to the second value. The rounding information may include a rounding direction indication. The rounding direction indication may indicate the direction in which the second value is rounded to the multiple of the rounding interval nearest to the second value.12-30-2010
20110075839SYSTEM AND METHOD FOR QUANTUM CRYPTOGRAPHY - Provided are a system and a method for quantum cryptography. The method includes generating the same quantum cryptography key in a transmitter and a receiver by measuring a composite-quantum-system made of a plurality of sub-quantum-systems in each of the transmitter and the receiver connected to each other through a quantum channel, wherein a part of the sub-quantum-systems is confined within the transmitter in order not to expose the entire composite-quantum-system to an outside of the transmitter and the composite-quantum-system cannot be determined without disturbing the composite-quantum-system at the outside of the transmitter.03-31-2011
20110075838Technique for Distributing Software - A computer program product and method for installing downloaded software on a client system over a network is described. The product and method include generating an access key by receiving an installation key produced using a random number generated from a seed that is the value of a client system internal clock at the exact moment in time to the millisecond at which a software installation program was run on the client produce the access code by modulo combining the installation key and user name received by the client system.03-31-2011
20100119063Establishing Relative Identity - There are disclosed a method, computing device, and storage medium for establishing relative identity between a first agent on a first computing device and a second agent on a second computing device. An absolute key and a partial relative key may be generated for the first agent, wherein the absolute key and the partial relative key define a relative identity of the first agent, wherein the relative identity is unique for a relationship between the first agent and the second agent.05-13-2010
20100215175METHODS AND SYSTEMS FOR STRIPE BLIND ENCRYPTION - Methods and systems are disclosed that relate to encrypting data of a data item for storing in a data storage system comprising a plurality of disks having stripes. A blinding factor is constructed based on a stripe blind that is assigned to a stripe with which the data item is associated and a unique identifier associated with the data item. A first logic operation is performed between the blinding factor and an encryption key to create a blinded encryption key for the data item. The data item is decrypted by identifying the stripe blind with the unique identifier and recreating the data item's blinding factor based on the stripe blind and the unique identifier. A second logic operation, which is selected based on the first logic operation, is performed between the blinding factor and the blinded encryption key to recreate the encryption key.08-26-2010
20100195824Method and Apparatus for Dynamic Generation of Symmetric Encryption Keys and Exchange of Dynamic Symmetric Key Infrastructure - A method and apparatus for dynamically generating data encryption keys for encrypting data files and for decrypting encrypted data files via a key exchange method is provided. A dynamically generated an encryption key is generated for each encryption event, so that the key cannot be produced or reproduced. A key exchange component of the invention ensures that only an intended recipient has the means to decrypt a file encrypted with the dynamically generated symmetric encryption keys.08-05-2010
20110051929IMAGE PROCESSING APPARATUS, ELECTRONIC CERTIFICATE CREATION METHOD THEREOF AND RECORDING MEDIUM - An image processing apparatus includes: a key creator that creates one set of a secret key and a public key for each user; a reader that reads out an electronic certificate to certify a user, created by a certificate authority, and the user's own secret key, from a portable recording medium having this electronic certificate and the user's own secret key recorded therein; and a certificate creator that creates an electronic certificate including the public key created by the key creator, by giving a signature using the user's own secret key read out by the reader.03-03-2011
20100067689COMPUTING PLATFORM WITH SYSTEM KEY - A method for installing a system key onto a computing platform is disclosed. A system key generator is installed on the computing platform. The system key generator is activated and generates a system key within the computing platform. The system key is also stored within the computing platform.03-18-2010
20100067690SPA-RESISTANT LEFT-TO-RIGHT RECODING AND UNIFIED SCALAR MULTIPLICATION METHODS - Provided is a scalar multiplication method unified with a simple power analysis (SPA) resistant left-to-right recording in a crypto system based on an elliptic curve and a pairing. The scalar multiplication method includes: recording an L-digit secret key k′ from a radix-r n-digit secret key k by comparing two successive elements with each other from the most significant digit with duplication allowed in order to generate the L-digit secret key k′; and performing scalar multiplication between the secret key k and a point P on an elliptic curve to output a scalar multiplication value Q=kP using the secret key k′.03-18-2010
20110188651KEY ROTATION FOR ENCRYPTED STORAGE MEDIA USING A MIRRORED VOLUME REVIVE OPERATION - Encryption key rotation is performed in computing environments having mirrored volumes by initializing a target storage media with a new key, performing a mirror revive operation from a first storage media to the target storage media, and configuring the first storage media and the target storage media to comprise a mirrored volume.08-04-2011
20090175443Secure function evaluation techniques for circuits containing XOR gates with applications to universal circuits - An embodiment of the present invention provides a method that minimizes the number of entries required in a garbled circuit associated with secure function evaluation of a given circuit. Exclusive OR (XOR) gates are evaluated in accordance with an embodiment of the present invention without the need of associated entries in the garbled table to yield minimal computational and communication effort. This improves the performance of SFE evaluation. Another embodiment of the present invention provides a method that replaces regular gates with more efficient constructions containing XOR gates in an implementation of a Universal Circuit, and circuits for integer addition and multiplication, thereby maximizing the performance improvement provided by the above.07-09-2009
20100027786DYNAMIC ENCRYPTION AUTHENTICATION - A method is disclosed. The method includes generating a uniquely derived data string using personalized information and a first encryption algorithm, generating at least one uniquely derived key using the uniquely derived data string, and creating a dynamic verification value using a second encryption algorithm using the at least one uniquely derived key, wherein the first encryption algorithm is different than the second encryption algorithm.02-04-2010
20100027785DEVICE AND METHOD FOR SECURITY HANDSHAKING USING MIXED MEDIA - A method and device for private/public key encryption using optical media. A key pair is generated, and the public key pair is stored on the optical media. The media is scanned and the optical media characteristics are used to hash stored information with the private key. The hashed version of the private key is then stored on the optical media. A read/write unit may subsequently de-hash the private key for encryption of data files.02-04-2010
20100027784KEY GENERATION USING BIOMETRIC DATA AND SECRET EXTRACTION CODES - There is provided a method of generating a key for encrypting Communications between first and second terminals comprising obtaining a measurement of characteristics of a physical identifier of a user; and extracting a key from the physical identifier using a code selected from a collection of codes, each code in the collection defining an ordered mapping from a set of values of the characteristics to a set of keys; wherein the collection of codes comprises at least one code in which the ordered mapping is a permutation of the ordered mapping of one of the other codes in the collection.02-04-2010
20100020964KEY GENERATION METHOD USING QUADRATIC-HYPERBOLIC CURVE GROUP - Disclosed is a key generation apparatus which uses a finite commutative group defined by a number-theoretical (or arithmetical) function that can be substituted for the elliptic curve, thereby enabling the computational difficulty equivalent to that of breaking the elliptic curve cryptography. The key generation apparatus comprises a key setting part and a key generator. The key setting part sets a secret key α, and selects an element of the finite commutative group as a public key G. The key generator performs an addition operation defined for the finite commutative group on the public key G, thereby to multiply the public key G by the secret key α representing a scalar coefficient to generate a public key Y. The finite commutative group is a set of pairs (x,y) of a dependent variable y of a quadratic-hyperbolic function defined on a finite ring and an independent variable x of the quadratic-hyperbolic function.01-28-2010
20100020966METHOD FOR GENERATING ENCRYPTION KEY - The present invention relates to an encryption key generating method ensuring resistance to collusion attacks and achieving reduction in a key length of encryption keys corresponding to respective hierarchies of each scalability. In the encryption key generating method, an encryption key (K01-28-2010
20120308001SECURE KEY CREATION - Key creation includes sending a first public key part from a first system to a second system, receiving a second public key part sent by the second system to the first system and establishing a first secret material in the first system using the first and second public key parts, wherein the first secret material is identical to a second secret material established on the second system using the first and second key parts. Key creation also includes binding key control information to the first secret material in the first system, wherein the key control information includes information relating to key type and key management and deriving a first key material from the combination of the key control information and the first secret material, wherein the first key material is identical to a second key material derived by the second system.12-06-2012
20120308002DEVICE ARCHIVING OF PAST CLUSTER BINDING INFORMATION ON A BROADCAST ENCRYPTION-BASED NETWORK - Provided are techniques for the creation and storage of an archive for binding IDs corresponding to a cluster of devices that render content protected by a broadcast encryption scheme. When two or more clusters are merged, a binding ID corresponding to one of the clusters is selected and a new management key is generated. Binding IDs associated with the clusters other than the cluster associated with the selected binding ID are encrypted using the new management key and stored on a cluster-authorized device in a binding ID archive. Content stored in conformity with an outdated binding ID is retrieved by decrypting the binding ID archive with the management key, recalculating an old management key and decrypting the stored content.12-06-2012
20120307998BUILDING OPTIONAL BLOCKS - A computer program product is provided and includes a tangible storage medium readable by a processing circuit and on which instructions are stored for execution by the processing circuit for verifying conditions for iterative building of optional blocks in a standardized key block, parsing optional block data to validate the optional block data and to determine a length of the optional block data and a number of optional blocks contained in the optional block data, validating an optional block identification to be added, determining a storage location, inserting the optional block into the storage location, updating a value of the optional block data and returning the updated value of the optional block data.12-06-2012
20120307999PROTECTING A CONTROL VECTOR IN AN OPTIONAL BLOCK OF A STANDARD KEY BLOCK - A computer program product is provided and includes a tangible storage medium readable by a processing circuit and on which instructions are stored for execution by the processing circuit for validating parameters passed to a parameter database, computing a length required for control vector CV data, preparing an optional block in accordance with a result of the computation, converting the CV to a format for a standardized key block while copying the converted CV into the optional block and updating optional block data in the standardized key block.12-06-2012
20120308000Combining Key Control Information in Common Cryptographic Architecture Services - A system includes a processor configured to perform a method, the method comprising receiving a first key token, second key token and a request to combine the first key token with the second key token, identifying a key type of the first key token and a key type of the second key token, determining whether the key type of the first key token may be combined with the key type of the second key token, combining the first key token with the second key token to create a third key token responsive to determining that the key type of the first key token may be combined with the key type of the second key token, and outputting the third key token.12-06-2012
20130170641Generator of Chaotic Sequences and Corresponding Generating System - A generator of chaotic sequences of integer values is provided. The generator includes at least two discrete recursive filters at least of first-order, generating an output chaotic sequence of integer values, each recursive filter comprising means for implementing a nonlinear function connected via an exclusive-or gate to means for generating a perturbation sequence of integer values. The two filters are mounted in parallel. The chaotic sequence output from the generator is equal to an exclusive-or of the chaotic sequences output from the recursive filters, and in the means for implementing the nonlinear function includes a chaotic map.07-04-2013
20120039466Method of Compressing a Cryptographic Value - A computer implemented method of compressing a digitally represented cryptographic value. The method comprising the steps of: (a) selecting a secret value; (b) performing a cryptographic operation on the secret value to generate the cryptographic value; (c) determining whether the cryptographic value satisfies the pre-determined criteria; and (d) repeating the sequence of steps starting at step (a) until the cryptographic value satisfies the pre-determined criteria.02-16-2012
20120099726CONTENT PROTECTION APPARATUS AND METHOD USING BINDING OF ADDITIONAL INFORMATION TO ENCRYPTION KEY - The present invention relates to a content protection apparatus and method using binding of additional information to an encryption key. The content protection apparatus includes an encryption unit for creating an encryption key required to encrypt data requested by a user terminal and then generating encrypted data in which the data is encrypted. An additional information management unit manages additional information including authority information about the encrypted data. A White-Box Cryptography (WBC) processing unit generates a WBC table required to bind the encryption key corresponding to the encrypted data to the additional information. A bound data generation unit generates bound data in which the encrypted key is bound to the additional information, using a cipher included in the WBC table.04-26-2012
20090316886FINE-GRAINED FORWARD-SECURE SIGNATURE SCHEME - The presented methods form the basis of a forward-secure signature scheme that is provably secure. Moreover, the presented methods form also the basis of a fine-grained forward-secure signature scheme that is secure and efficient. The scheme allows to react immediately on hacker break-ins such that signatures from the past still remain valid without re-issuing them and future signature values based on an exposed key can be identified accordingly. In general, each prepared signature carries an ascending index such that once an index is used, no lower index can be used to sign. Then, whenever an adversary breaks in, an honest signer can just announce the current index, e.g., by signing some special message with respect to the current index, as part of the revocation message for the current time period. It is then understood that all signatures made in prior time periods as well as all signatures make in the revoked period up to the announced index are valid, i.e., non-reputable.12-24-2009
20090080649METHOD AND SYSTEM FOR PROTECTING DATA - Methods and systems for protecting data may include controlling encryption and/or decryption and identifying a destination of corresponding encrypted and/or decrypted data, utilizing rules based on a source location of the data prior to the encryption or decryption and an algorithm that may have been previously utilized for encrypting and/or decrypting the data prior to the data being stored in the source location. The source location and/or destination of the data may comprise protected or unprotected memory. One or more of a plurality of algorithms may be utilized for the encryption and/or decryption. The rules may be stored in a key table, which may be stored on-chip, and may be reprogrammable. One or more keys for the encryption and/or decryption may be generated within the chip.03-26-2009
20110002461Method and System for Electronically Securing an Electronic Biometric Device Using Physically Unclonable Functions - A system for securing an integrated circuit chip used for biometric sensors, or other electronic devices, by utilizing a physically unclonable function (PUF) circuit. These PUF functions are in turn used to generate security words and keys, such as an RSA public or private key. Such a system can be used to protect biometric security sensors and IC chips, such as fingerprint sensors and sensor driver chips, from attack or spoofing. The system may also be used in an efficient method to produce unique device set-up or power-up authentication security keys. These keys can be generated on a low frequency basis, and then frequently reused for later security verification purposes. In operation, the stored keys can be used to efficiently authenticate the device without the need to frequently run burdensome security key generation processes each time, while maintaining good device security.01-06-2011
20100098246SMART CARD BASED ENCRYPTION KEY AND PASSWORD GENERATION AND MANAGEMENT - An apparatus can include a smart card based encryption key management system used to generate an encryption key using encryption key seed material, and an encryption key data store to store the encryption key seed material. An apparatus can include a smart card based password management system used to generate a password using password seed material, and a password data store to store the password seed material.04-22-2010
20110064216CRYPTOGRAPHIC MESSAGE SIGNATURE METHOD HAVING STRENGTHENED SECURITY, SIGNATURE VERIFICATION METHOD, AND CORRESPONDING DEVICES AND COMPUTER PROGRAM PRODUCTS - A cryptographic message signature method are provided, which have strengthened security. The method implements two sets of signature algorithms SA03-17-2011
20110091036Cryptographic Key Generation - A technique for generating a cryptographic key (04-21-2011
20120207301SYSTEMS AND METHODS FOR ENCRYPTING DATA - Data encryption techniques are presented. According to an embodiment of a method, a cryptographic hash of unencrypted data for data block X−1 is generated, and a hash of an encryption key is generated. An initialization vector for data block X is generated using the cryptographic hash and the hash of the encryption key. Data block X−1 and data block X are logically contiguous and data block X−1 logically precedes data block X. Encryption data for data block X is generated from unencrypted data for data block X using the initialization vector.08-16-2012
20120002808Interleaving and deinterleaving method for preventing periodic position interference - A method for implementing volatile cipher key and separate verification module by collecting physical features includes: physical features sensor is set on the handset, and control module can be set separately; physical features sensor can collect physical features information of every user in advance, and the physical features can be transmitted to control module, and stored in user database; after physical features sensor went away the user's body or cipher sent successfully, cipher temporary storage unit reset; when registered user is operating again by using handset, control unit can retrieve cipher data in said user database, and check whether same records exist or not; if same record exist, control unit give a instruction to lower-stage controlled object; if not, control unit delivers a warning information, and store an error record.01-05-2012
20120207300Method and Device for Generating Control Words - The present invention relates to the generation of n control words for encryption of a content item. A device obtains a first key K08-16-2012
20120008770DATA PROCESSING DEVICE AND DATA PROCESSING METHOD - A data encryption device is connected between an HDD and an HDD controller that controls the HDD. The data encryption device encrypts data that is stored from the HDD controller to the HDD, and decrypts data that is read from the HDD. A CPU of the data encryption device receives a command issued from the HDD controller to the HDD, and determines whether the command is executable at the HDD. When it is determined that the command is executable, the command is issued to the HDD. On the other hand, when it is determined that the command is unexecutable, the CPU prohibits issuance of the command to the HDD. Furthermore, when a command issued to the HDD is a specific command, the CPU bypasses data transferred between the HDD controller and the HDD without encryption or decryption.01-12-2012
20120008769Method and System For Managing A Distributed Identity - A method for managing a distributed identity, including retrieving identification data of a user, wherein the identification data includes a username, a password, and metadata; receiving, from a general-use device, a unique physical identifier of the user; combining the unique physical identifier and the identification data to create a unique identity record of the user; encrypting at least a component of the unique identity record; creating a hash of an identifying token of the unique identity record; passing the hash of the identity token of the unique identity record to be parsed into a hierarchy; organizing the unique identity record in a distributed database of a plurality of unique identity records; and storing the unique identity record, containing the encrypted component, in the distributed database of the plurality of unique identity records.01-12-2012
20120014520BIOMETRIC ENCRYPTION AND KEY GENERATION - A system, method and program product for generating a private key. A system is disclosed that includes a signal acquisition system for obtaining biometric input from a user and encoding the biometric input into an acquired biometric; a recognition system for determining an identity based on the acquired biometric and outputting an absolute biometric associated with the identity; an input device for accepting a knowledge input from the user; and a key generator that generates a private key based on the knowledge input and the absolute biometric.01-19-2012
20120014521MOBILE PHONE AIDED OPERATIONS SYSTEM AND METHOD - The present system and method uses multiple digital devices with possibly different users operating in concert, for performing authentication and other cryptographic operations. The multiple digital devices include, for example, a mobile device such as a cellular phone, as a central building block.01-19-2012
20120057698ORGANIC KEYED ENCRYPTION - An encryption technique that creates a unique encryption key or fingerprint based on unique physical and electrical characteristics of a target electronic assembly to be protected. The encryption key can be constructed by exploiting the manufacturing variances present in all electronic elements including active elements and passive elements. Active elements include, for example: oscillators/clocks, internal I/O controllers, external I/O controllers, memory, processors, and digital power converters. Passive elements include, for example: internal I/O interconnects, external I/O interconnects, memory buses, and power buses. The encryption key can also include one or more environmental condition thresholds.03-08-2012
20120057699METHOD AND APPARATUS FOR ESTABLISHING A KEY AGREEMENT PROTOCOL - A system and method for generating a secret key to facilitate secure communications between users. A first and second and a function between the two monoids are selected, the function being a monoid homomorphism. A group and a group action of the group on the first monoid is selected. Each user is assigned a submonoid of the first monoid so that these submonoids satisfy a special symmetry property determined by the function, a structure of the first and second monoids, and the action of the group. A multiplication of an element in the second monoid and an element in the first monoid is obtained by combining the group action and the monoid homomorphism. First and second users choose private keys which are sequences of elements in their respective submonoids. A first result is obtained by multiplying an identity element by the first element of the sequence in a respective submonoid. Starting with the first result, each element of the user's private key may be iteratively multiplied by the previous result to produce a public key. Public keys are exchanged between first and second users. Each user's private key may be iteratively multiplied by the other user's public key to produce a secret key. Secure communication may then occur between the first and second user using the secret key.03-08-2012
20120250859DATA ENCRYPTION METHOD AND SYSTEM AND DATA DECRYPTION METHOD - An embodiment of the invention provides a data encryption method for an electrical device. The method comprises: generating an identification code corresponding to the electrical device; generating a temporary key according to the identification code; encrypting first data to generate a first secret key according to the temporary key and a first encryption mechanism; and encrypting the first secret key by a second encryption mechanism to generate an encrypted key.10-04-2012
20120155635ATTRIBUTE BASED ENCRYPTION USING LATTICES - A master public key is generated as a first set of lattices based on a set of attributes, along with a random vector. A master secret key is generated as a set of trap door lattices corresponding to the first set of lattices. A user secret key is generated for a user's particular set of attributes using the master secret key. The user secret key is a set of values in a vector that are chosen to satisfy a reconstruction function for reconstructing the random vector using the first set of lattices. Information is encrypted to a given set of attributes using the user secret key, the given set of attributes and the user secret key. The information is decrypted by a second user having the given set of attributes using the second user's secret key.06-21-2012
20120027206INFORMATION GENERATION APPARATUS,METHOD, PROGRAM, AND RECORDING MEDIUM THEREFOR - Hierarchical cryptography expressed in a general semiordered structure other than a tree structure is implemented. In information generation, random numbers σ02-02-2012
20120027205IDENTITY AUTHENTICATION AND SHARED KEY GENERATION METHOD - The invention relates to an identity authentication and key negotiation method. In order to overcome the defects in the prior art that security of authentication methods is not high, the invention discloses an identity authentication and shared key generation method. In the technical solution of the invention, a key authority issues a pair of public key 02-02-2012
20120063594METHOD FOR CREATING ASYMMETRICAL CRYPTOGRAPHIC KEY PAIRS - The invention relates to a method for creating a set of asymmetrical cryptographic key pairs, wherein the set of key pairs has a first key pair (K03-15-2012
20120155636On-Demand Secure Key Generation - A method is provided for generating on-demand cryptographic keys in a vehicle-to-vehicle communication system. At least one unique identifier is obtained relating to a user of the vehicle. The host vehicle generates cryptographic keys for encrypting, decrypting, and authenticating secured messages between the host vehicle and at least one remote vehicle in the vehicle-to-vehicle communication system. The cryptographic keys are generated as a function of the at least one unique identifier. A respective cryptographic key used to decrypt or encrypt messages communicated between the host vehicle and the at least one remote entity is temporarily stored in a memory device of the host vehicle. The host vehicle utilizes the respective cryptographic key to decrypt or encrypt a secure message transmitted between the host vehicle and the remote vehicle. The respective cryptographic key temporarily stored in the memory device of the host vehicle is deleted after the vehicle-to-vehicle communications of the host vehicle is disabled.06-21-2012
20120300924Implicit Certificate Scheme - A method of generating a public key in a secure digital communication system, having at least one trusted entity CA and subscriber entities A. The trusted entity selects a unique identity distinguishing each entity A. The trusted entity then generates a public key reconstruction public data of the entity A by mathematically combining public values obtained from respective private values of the trusted entity and the entity A. The unique identity and public key reconstruction public data of the entity A serve as A's implicit certificate. The trusted entity combines the implicit certificate information with a mathematical function to derive an entity information f and generates a value k11-29-2012
20120300923ENCRYPTION USING REAL-WORLD OBJECTS - Technologies are generally described for providing an encryption method using real-world objects. In some examples, a method may include capturing, by a first electronic device, an external object, generating an object signal associated with the external object, generating an encryption key based on the object signal, and transmitting data encrypted by the encryption key to a second electronic device.11-29-2012
20120155637SYSTEM AND METHOD FOR HARDWARE STRENGTHENED PASSWORDS - A cryptographic module and a computing device implemented method for securing data using a cryptographic module is provided. The cryptographic module may include an input component for receiving a password, an output component for outputting data to the computing device, a random number generator for generating a random number and a module processor operative to generate at least one cryptographic key using the generated random number, and to record an association between the received password linking the received password with the at least one cryptographic key in a data store accessible to the cryptographic module.06-21-2012
20100119062DEVICE TO GENERATE A MACHINE SPECIFIC IDENTIFICATION KEY - An integrated circuit assembly having monitoring circuitry for observing the internal signals of the system so that its properties are captured. The system properties are manipulated so that they can be used as a pseudo random number and or as the basis number for an encryption key. The monitoring circuitry having: manipulation circuitry to transform monitored data and combine it with previously manipulated values; and registers to store previously manipulated values; and counters to count events; and condition detection circuitry for detecting when a signal is at a specific value or range of values. Optionally the monitoring circuitry which has the functionality for capturing system properties may be combined with other monitoring circuitry, which has the functionality required by a debug support circuit. The monitoring circuitry avoids replication of resources by sharing parts of specific monitoring circuits like counters.05-13-2010
20090016524PEER TO PEER IDENTIFIERS - In an ad hoc peer-to-peer type network during peer discovery, information relating to users of various devices is broadcast to other devices in the network, which can compromise privacy of the users. Instead of announcing a public identifier that might be known by a multitude of individuals, the user device announces a private identifier that might be known to, or determined by, a select few individuals. The individuals selected can be given a key to determine the private identifier associated with a public identifier, or vice versa, wherein that key can have a validity range or a period of time, after which the key expires. Prior to the expiration of the key, the selected individuals, through their respective devices, can detect a corresponding user and/or device by the current private identifier being announced, thus mitigating the number of people that are aware of the user's presence.01-15-2009
20090060178Management system for web service developer keys - Various technologies and techniques are disclosed for managing web service developer keys. A generic key identifier can be generated based on an original web service key. The generic key identifier is used within source code of an application being developed. Upon receiving a request to run the application, the generic key identifier is transformed back into the original web service key prior to calling an associated web service. Multiple users can securely share the same application that uses the web service. When one user who does not have his own original web service key accesses the application, that user can be prompted to obtain and enter the original web service key once the key has been obtained from a provider of the web service.03-05-2009
20100091987MANAGEMENT SYSTEM INCLUDING DISPLAY APPARATUS AND DATA MANAGEMENT APPARATUS FOR DISPLAYING DATA ON THE DISPLAY APPARATUS, AND DATA ACQUISITION METHOD - In order to restrict a destination of data for security and facilitate acquisition of the data at the destination, a conference system includes an MFP and a projector, wherein the MFP prestores data for display in an HDD and includes an access key generating portion to generate an access key for an access to the display data and a data transmitting portion to transmit the display data on the condition that the access key is received from a PC, and the projector includes a wireless communication portion to wirelessly communicate with PCs within a predetermined distance, a projecting control portion to display the data stored in the HDD in the MFP, an access key acquiring portion to acquire the access key, and an access key transmitting portion to cause the wireless communication portion to transmit the access key when receiving a request from the PC via the wireless communication portion.04-15-2010
20100091986Information Management System and Encryption System - A system capable of surely preventing a theft or leak of information which comprises: an information registration destination decision unit deciding registration destinations of information; a distribution unit information generation unit generating distribution unit information pieces; and a plurality of storage grids connectable to the distribution unit information generation unit. The distribution unit information generation unit multiplies original data and divides the multiplied data into a plurality of distribution unit information pieces such that each distribution unit information piece does not include all the elements contained in the original data and the same element occurs repeatedly in the same piece for generation of the distribution unit information pieces, and registers the distribution unit information pieces in the respective storage grids based on the management information about the correlation between the distribution unit information pieces and the storage grids as their registration destinations generated by the information registration destination decision unit.04-15-2010
20120314858ENCODING/DECODING CIRCUIT - An encoding/decoding operation portion includes an encoding/decoding operation circuit and an avoiding path for detouring the encoding decoding operation circuit and can select between encoding or decoding input data in the encoding/decoding operation circuit and detouring the encoding/decoding operation circuit to output the input data without change. Only one wire has to be provided from a selector to a key storage portion and an initialization-vector storage portion. With this construction, it is possible to realize an encoding/decoding circuit which can suppress an increase in the number of wires used to transmit a content of key data to the key storage portion and the initialization-vector storage portion and does not cause complication of circuit layout.12-13-2012
20100246818METHODS AND APPARATUSES FOR GENERATING DYNAMIC PAIRWISE MASTER KEYS - A method to generate a pairwise master key for use in establishing a wireless connection is presented. In one embodiment, the method comprises determining a region in an image. The method further comprises generating the pairwise master key based at least on contents of the region in the image.09-30-2010
20100246817SYSTEM FOR DATA SECURITY USING USER SELECTABLE ONE-TIME PAD - A method of generating a key, a method of encrypting a message and an encryption/decryption system. In one embodiment, the method of generating the key includes: (1) selecting a common document to serve as a one-time pad, (2) generating a pointer, (3) searching the common document based on the pointer and (4) retrieving a key from the common document.09-30-2010
20120314856IMPLICITLY CERTIFIED PUBLIC KEYS - Methods, systems, and computer programs for using an implicit certificate are described. In some aspects, an implicit certificate is accessed. The implicit certificate is associated with an entity and generated by a certificate authority. The implicit certificate includes a public key reconstruction value of the entity. Certificate authority public key information is accessed. The certificate authority public key information is associated with the certificate authority that issued the implicit certificate. A first value is generated based on evaluating a hash function. The hash function is evaluated based on the certificate authority public key information and the public key reconstruction value of the entity. A public key value of the entity can be generated or otherwise used based on the first value.12-13-2012
20120128152BROADCAST ENCRYPTION BASED MEDIA KEY BLOCK SECURITY CLASS-BASED SIGNING - Provided are techniques for verifying, by a first device, that a management key block of a second device is valid. A management key block that includes a plurality of verification data, each of the plurality associated with a plurality of security classes ranked from a high to low, is generated. The first device, which is associated with a security class that is higher than a security class associated with the second device, verifies a management key block of the second device by calculating a management key precursor associated with the higher security class and verifying verification data associated with the higher security class. In this manner, the second device is unable to pass an unauthorized, or “spoofed,” management key block.05-24-2012
20120163591KEY DERIVATION FUNCTIONS TO ENHANCE SECURITY - A data input is divided into two segments. The second segment is raised to a power of a function of the first segment, the power being relatively prime to a function of a predefined modulus. The modulus is then applied to the result. The transformed data is assembled from the first segment and the remainder modulo the modulus. This data transformation can be applied in combination with a key derivation algorithm, a key wrapping algorithm, or an encryption algorithm to enhance the security of these other applications.06-28-2012
20100208889TWO-PARTY STORAGE OF ENCRYPTED SENSITIVE INFORMATION - A secure storage system secures information of a client by first encrypting the information with a first key to generate first-key encrypted data. The secure storage system then encrypts with a second key the first-key encrypted data and the first key to generate second-key encrypted data. The system provides the client with a first portion of the second-key encrypted data. The system stores a second portion of the second-key encrypted data and the second key. When the confidential information is needed, the client provides the first portion. The system retrieves the second portion. The system then decrypts with the second key the first portion and the second portion to generate the first-key encrypted data and the first key. The system then decrypts with the first key the first-key encrypted data to generate the unsecure confidential information.08-19-2010
20120213362Distribution Of Lock Access Data For Electromechanical Locks In An Access Control System - A method of updating lock access data for an electromechanical lock is disclosed. The lock is of a type capable of being actuated by a user desiring to open the lock with a key having electronic key data stored therein. Updated lock access data for the lock may be configured by an administrator from a remote site and communicated to the lock using public networks. According to the method, updated lock access data from the remote site for the lock is transmitted over a telecommunication channel to a mobile terminal. The updated lock access data is transmitted from the mobile terminal to the key using short-range wireless communication. When the user attempts to open the lock with the key, the updated lock access data as received from the mobile terminal is forwarded from the key to the lock. The lock verifies that the user is trusted and then accepts the updated lock access data as received from the key.08-23-2012
20120213361SYSTEMS AND METHODS FOR DEVICE AND DATA AUTHENTICATION - Embodiments relate to systems and methods for authenticating devices and securing data. In embodiments, a session key for securing data between two devices can be derived as a byproduct of a challenge-response protocol for authenticating one or both of the devices.08-23-2012
20120134494Data Control Method of Cloud Storage - The present application relates to the field of technology of cloud storage data security, and in particular, relates to a data control method of cloud storage. The method comprises: converting the original data by a preset method into irreversible data blocks to form a physical part of the original data, and storing it in the cloud storage data center; outputting information necessary for data restoration of the process of converting the original data to the physical part, as a logical part of the original data, and storing the logical part of the original data in an original data owner controlled storage media. In this invention, the original data to be stored is converted into the physical part, which is then stored in a cloud storage data center. The logical part of the original data required for restoring the physical part to the original data is controlled by owners of the original data. Therefore, the original data owners can control the physical part of data, which physically occupies a large space by controlling the logical part, which physically occupies a small space and therefore, control their data in a cloud storage data center.05-31-2012
20120163592SYSTEMS AND METHODS FOR DISTRIBUTING AND SECURING DATA - A robust computational secret sharing scheme that provides for the efficient distribution and subsequent recovery of a private data is disclosed. A cryptographic key may be randomly generated and then shared using a secret sharing algorithm to generate a collection of key shares. The private data may be encrypted using the key, resulting in a ciphertext. The ciphertext may then be broken into ciphertext fragments using an Information Dispersal Algorithm. Each key share and a corresponding ciphertext fragment are provided as input to a committal method of a probabilistic commitment scheme, resulting in a committal value and a decommittal value. The share for the robust computational secret sharing scheme may be obtained by combining the key share, the ciphertext fragment, the decommittal value, and the vector of committal values.06-28-2012
20120250857METHOD AND APPARATUS OF SECURELY PROCESSING DATA FOR FILE BACKUP, DE-DUPLICATION, AND RESTORATION - Disclosed are an apparatus and methods of performing a secure backup of at least one data file via an agent application. According to one example, the method may include determining the at least one data file requires a mirror backup file, and determining that the at least one data file is a candidate for de-duplication based on at least one data file characteristic. The method may also include creating a filekey based on at least a portion of the content of the at least one data file, and transmitting the filekey to a database query handler associated with a database to determine if the file has been de-duplicated.10-04-2012
20120257746Systems and Methods to Securely Generate Shared Keys - A method for secure bidirectional communication between two systems is described. A first key pair and a second key pair are generated, the latter including a second public key that is generated based upon a shared secret. First and second public keys are sent to a second system, and third and fourth public keys are received from the second system. The fourth public key is generated based upon the shared secret. A master key for encrypting messages is calculated based upon a first private key, a second private key, the third public key and the fourth public key. For re-keying, a new second key pair having a new second public key and a new second private key is generated, and a new fourth public key is received. A new master key is calculated using elliptic curve calculations using the new second private key and the new fourth public key.10-11-2012
20120170740CONTENT PROTECTION APPARATUS AND CONTENT ENCRYPTION AND DECRYPTION APPARATUS USING WHITE-BOX ENCRYPTION TABLE - A content protection apparatus using a white-box encryption table includes: a random number generation unit for generating a random number; a white-box encryption table for encrypting the random number and user information provided from a user to generate an encrypted output value; and an operation unit for performing an operation between the encrypted output value and data inputted from an outside to encrypt or decrypt the data.07-05-2012
20120076294ARITHMETIC METHOD AND APPARATUS FOR SUPPORTING AES AND ARIA ENCRYPTION/DECRYPTION FUNCTIONS - Provided are an arithmetic method and apparatus for supporting Advanced Encryption Standard (AES) and Academy, Research Institute and Agency (ARIA) encryption/decryption functions. The apparatus includes: a key scheduler for generating a round key using an input key; and a round function calculator for generating encrypted/decrypted data using input data and the round key. Here, the round function calculator includes an integrated substitution layer and an integrated diffusion layer capable of performing both AES and ARIA algorithms.03-29-2012
20100272255SECURELY FIELD CONFIGURABLE DEVICE - A field configurable device, such as an FPGA, supports secure field configuration without using non-volatile storage for cryptographic keys on the device and without requiring a continuous or ongoing power source to maintain a volatile storage on the device. The approach can be used to secure the configuration data such that it can in general be used on a single or a selected set of devices and/or encryption of the configuration data so that the encrypted configuration data can be exposed without compromising information encoded in the configuration data.10-28-2010
20100027783Precalculated encryption key - An authenticated encryption method includes receiving, by an Advanced Encryption Standard (AES) engine, a cipher key and computing a hash key using the received cipher key. The computed hash key is stored in a storage memory. The AES engine then receives a packet of data and encrypts the packet of data using the received cipher key. The hash key from the storage memory is sent to a GHASH engine which is used to authenticate the packet of data. Encrypting the packet of data is performed after the hash key is stored in the storage memory. Input flow of the packet of data is enabled after the hash key is stored in the storage memory.02-04-2010
20120314857BLOCK ENCRYPTION DEVICE, BLOCK DECRYPTION DEVICE, BLOCK ENCRYPTION METHOD, BLOCK DECRYPTION METHOD AND PROGRAM - A block encryption device receives b-bit tweak T and generates, by keyed hash function employing key K12-13-2012
20090323943DATA TRANSMISSION SYSTEM - A cipher key is generated by first information shared in secrete between a data transmitting unit 12-31-2009
20120257743MULTIPLE INDEPENDENT ENCRYPTION DOMAINS - A stored object may be encrypted with an “object” cryptographic key. The object cryptographic key may be stored in metadata for the object and the metadata for the object may be encrypted using an “internal” cryptographic key associated with a particular encryption domain. The internal cryptographic key may be stored in a filesystem memory block associated with the particular encryption domain. A “domain” cryptographic key may be generated and stored associated with the particular encryption domain. The domain cryptographic key may be used to encrypt the filesystem memory block. Conveniently, below the domain cryptographic key, the filesystem has a unique, totally unknown, internal cryptographic key for actual data encryption.10-11-2012
20120082308Methods and Apparatus For Configuring Multiple Logical Networks of Devices on a Single Physical Network - Methods and apparatus for configuring multiple logical networks that share a common transmission medium are presented. According to an exemplary embodiment, an apparatus for configuring multiple logical networks of devices on a single physical network includes a transceiver configured to exchange information with devices connected to a shared bus of the physical network. The apparatus includes logic configured to assign a network number to a new logical network when the apparatus is first activated on the shared bus, the assigned network number being different from network numbers associated with other logical networks using the shared bus.04-05-2012
20120257745Split-Key Key-Agreement Protocol - There is provided a method of one member of a first entity generating an intra-entity public key. The first entity has a plurality of members and the one member has a long-term private key and a corresponding long-term public key. The method includes generating a short-term private key and a corresponding short-term public key, computing an intra-entity shared key by mathematically combining the short-term public key of the one member and respective short-term public keys of each other member of the first entity and computing the intra-entity public key by mathematically combining the short-term private key, the long-term private key and the intra-entity shared key.10-11-2012
20120257744ENCIPHERING APPARATUS AND METHOD, DECIPHERING APPARATUS AND METHOD AS WELL AS INFORMATION PROCESSING APPARATUS AND METHOD - The invention provides an enciphering apparatus and method, a deciphering apparatus and method and an information processing apparatus and method by which illegal copying can be prevented with certainty. Data enciphered by a 1394 interface of a DVD player is transmitted to a personal computer and a magneto-optical disk apparatus through a 1394 bus. In the magneto-optical disk apparatus with which a change to a function is open to a user, the received data is deciphered by a 1394 interface. In contrast, in the personal computer with which a change to a function is open to a user, the enciphered data is deciphered using a time variable key by a 1394 interface, and a result of the decipherment is further deciphered using a session key by an application section.10-11-2012
20080298582Broadcast Cryptosystem, Crypto-Communication Method, Decryption Device, and Decryption Program - A client's secret key is Ki=(s+Ii)12-04-2008
20110038478Digital signature generation apparatus, digital signature verification apparatus, and key generation apparatus - A digital signature generation apparatus includes memory to store finite field F02-17-2011
20110038477RE-KEYING DATA IN PLACE - A system comprises an encryption engine and a host processor coupled to the encryption engine. The host processor determines when a time period has expired for a unit of data. Upon determining that the time period has expired, the host processor causes the encryption engine to re-key the unit of data in place.02-17-2011
20120269342BLOCK ENCRYPTION DEVICE AND METHOD AND COMPUTER PROGRAM - In block cipher based on generalized Feistel network, pseudorandomness and strong-pseudorandomness may be fulfilled efficiently. In encrypting a plaintext of kn-bit blocks, Feistel permutation is applied in terms of 2n bits as a unit, and then block-based permutation based on a binary de Bruijn graph with symmetrical type 2 branch coloring is applied. The Feistel permutation and the block-based permutation are grouped together to form a round. The round is repeatedly performed a preset number of times to output a ciphertext.10-25-2012
20120321076Cryptographic ignition key system - A cryptographic ignition key system and method for managing access to sensitive or protected information using an unclassified, block-cipher-based cryptographic combiner for storing non-private information on a physical token and storing private information on another device having anti-tamper protections and safeguards.12-20-2012
20120321078KEY ROTATION AND SELECTIVE RE-ENCRYPTION FOR DATA SECURITY - Systems and methods for maintaining data security through encryption key retirement and selective re-encryption are presented. A method of selectively re-encrypting a subset of encrypted values includes storing each encrypted value together with the key profile number for the encryption key that was used to generate that encrypted value. When a key is compromised, its associated key profile number allows the efficient identification of all the encrypted values that were created using the now-compromised key. Once identified, the encrypted values may be decrypted using the compromised key and re-encrypted using a new key, without changing other related data such as the token associated with the encrypted value.12-20-2012
20120087493METHOD FOR SECURING CREDENTIALS IN A REMOTE REPOSITORY - A method of securing user credentials in a remote repository is provided. In accordance with one embodiment, there is provided a method comprising generating a first private key and a first public key pair from a registered password; generating a second private key and a second public key pair; generating a storage key from the second private key and the first public key; encrypting a set of credentials using the storage key; creating a encrypted credential signature from the encrypted set of credentials and the first private key; and storing the encrypted set of credentials, the encrypted credential signature, and the second public key in the remote repository.04-12-2012
20120321077CRYPTOGRAPHIC COMMUNICATION SYSTEM AND CRYPTOGRAPHIC COMMUNICATION METHOD - Provided is a cryptographic communication system including a first semiconductor device and a second semiconductor device. The first semiconductor device includes a common key generation unit that generates a common key CK(a) by using a unique code UC(a) and correction data CD(a), and an encryption unit that encrypts the common key CK(a) generated in the common key generation unit by using a public key PK(b) of the second semiconductor device. The second semiconductor device includes a secret key generation unit that generates a secret key SK(b) by using a unique code UC(b) and correction data CD(b), and a decryption unit that decrypts the common key CK(a) encrypted in the encryption unit by using the secret key SK(b).12-20-2012
20120328097APPARATUS AND METHOD FOR SKEIN HASHING - Described herein are an apparatus and method for Skein hashing. The apparatus comprises a block cipher operable to receive an input data and to generate a hashed output data by applying Unique Block Iteration (UBI) modes, the block cipher comprising at least two mix and permute logic units which are pipelined by registers; and a counter, coupled to the block cipher, to determine a sequence of the UBI modes and to cause the block cipher to process at least two input data simultaneously for generating the hashed output data.12-27-2012
20110305333Method and Apparatus for Virtual Pairing with a Group of Semi-Connected Devices - One feature provides a method for a client node to establish a session key with a group node by obtaining an epoch identity value associated with a current epoch, wherein obtaining the epoch identity value includes one of computing the epoch identity value based on a node real time or negotiating the epoch identity value with the group node, computing a restricted key using a shared secret key, the epoch identity value, and a group node identity associated with the group node, and executing a session key establishment protocol with the group node to derive the session key using the restricted key as a master key in the session key establishment protocol. The session key may be established between the group node and the client node even though communications between the group node and the central node is only intermittently available during the current epoch.12-15-2011
20100202609SECURING MULTIFACTOR SPLIT KEY ASYMMETRIC CRYPTO KEYS - Techniques for securing an asymmetric crypto-key having a public key and a split private key with multiple private portions are provided. A first one of multiple factors is stored. All of the factors are under the control of a user and all are required to generate a first private portion of the split private key. The first private portion not stored in a persistent state. A second private portion of the split private key under control of an entity other than the user is also stored. The first private portion and the second private portion are combinable to form a complete private portion.08-12-2010
20100202608ENCRYPTION DEVICE, DECRYPTION DEVICE, AND STORAGE DEVICE - According to one embodiment, an encryption device uses N extended keys (N: a natural number not less than 2) obtained by extending one encryption key, and includes a first memory, a comparison circuit, a second memory, a selector, and an extension calculator. The first memory stores a flag corresponding to an initial value of a key. The comparison circuit outputs a signal indicating comparison matching when a command and the key are related to encryption. The selector loads the key in the first memory into the second memory upon receiving the signal. The extension calculator calculates the extended keys based on the key in the second memory and inputs them to the selector. Except when loading the initial value of the key into the second memory, the selector loads the extended keys into the second memory to extend the encryption key to from the first to N-th extended keys.08-12-2010
20130016833SECURELY USING A DISPLAY TO EXCHANGE INFORMATION - A first device has a display that is able to show information. The information is to be exchanged with a second device. The information is cleared from the display following receipt of an indication from the second device that the information has been successfully inputted at the second device.01-17-2013
20130016834SECURITY COUNTERMEASURES FOR POWER ANALYSIS ATTACKS - A countermeasure for differential power analysis attacks on computing devices. The countermeasure includes the definition of a set of split mask values. The split mask values are applied to a key value used in conjunction with a masked table defined with reference to a table mask value. The set of n split mask values are defined by randomly generating n−1 split mask values and defining an nth split mask value by exclusive or'ing the table mask value with the n−1 randomly generated split mask values.01-17-2013
20130016832SECURITY DEVICEAANM YAMASHITA; SusumuAACI AkirunoAACO JPAAGP YAMASHITA; Susumu Akiruno JP - A security device connected to a host device which includes a processor performing a scramble operation and a storage unit, the security device comprising: a storage unit in which the first authentication code is stored; a random number generation unit; an encryption unit; and a controller which performs a scramble operation, wherein the controller generates a first scramble key by performing the scramble operation on the random number and the first authentication code and transmits the first scramble key to the host device, and the controller receives, from the host device, scramble data generated by performing the scramble operation on encryption target data according to the random number, generates the encryption target data by performing the scramble operation on the scramble data and the random number, generates encryption data, and transmits the encrypted data to the host device.01-17-2013
20110158405KEY MANAGEMENT METHOD FOR SCADA SYSTEM - Disclosed is a shared key management method for SCADA system in which a master terminal unit (MTU), a plurality of sub-master terminal units (sub-MTUs), and a plurality of remote terminal units (RTUs) are sequentially and hierarchically structured, comprising the steps of: generating shared keys of a group key in a tree structure by the MTU, the tree structure including a binary tree ranging from a root node corresponding to the MTU to intermediate nodes corresponding to the sub-MTUs; storing shared keys of descendant nodes and ancestor nodes of an intermediate node of a sub-MTU by the sub-MTU; and updating, upon updating of a shared key of an intermediate node, all shared keys of on-path nodes from the updated intermediate node to the root node, the shared keys of the on-path nodes being updated using their own shared keys and shared keys of off-path child nodes.06-30-2011
20110158404REBINDING OF CONTENT TITLE KEYS IN CLUSTERS OF DEVICES WITH DISTINCT SECURITY LEVELS - According to one embodiment of the present invention, a system, method, and computer program product is provided for rebinding title keys in clusters of devices with distinct security levels in broadcast encryption systems. The method includes receiving a new management key and unbinding an encrypted title key with a previously used management key, the title key having a security class and residing in a title key block for a device having a security class, the device being in a cluster of devices including devices having a plurality of security classes. If the device security class is lower that the title key security class, the unbound title key is partially rebound with the new management key. the partially rebound title key is then saved in the title key block for the device.06-30-2011
20110158403ON-THE-FLY KEY GENERATION FOR ENCRYPTION AND DECRYPTION - Methods and apparatus to provide on-the-fly key computation for Galois Field (also referred to Finite Field) encryption and/or decryption are described. In one embodiment, logic generates a cipher key, in a second cycle, based on a previous cipher key, generated in a first cycle that immediately precedes the second cycle. Other embodiments are also described.06-30-2011
20130022197RANDOM NUMBER GENERATOR, ENCRYPTION DEVICE, AND AUTHENTICATION DEVICE - A random number generator includes an exclusive-OR circuit, a random number determiner, and a random number generation instruction inhibitor. The exclusive-OR circuit obtains an exclusive-OR of outputs from a number of digital circuits. The random number determiner determines whether or not an output generated according to an instruction to generate random numbers is a random number for each of the digital circuits. The random number generation instruction inhibitor inhibits an instruction to generate random numbers to be provided to the digital circuits whose output generated according to the instruction is determined to be not a random number by the random number determiner.01-24-2013
20130022196INFORMATION PROCESSING APPARATUS, SERVER APPARATUS, AND COMPUTER PROGRAM PRODUCT - In an embodiment, an information processing apparatus is connected to external apparatuses. The information processing apparatus includes: 01-24-2013
20090257585ORGANIC KEYED ENCRYPTION - An encryption technique that creates a unique encryption key or fingerprint based on unique physical and electrical characteristics of a target electronic assembly to be protected. The encryption key can be constructed by exploiting the manufacturing variances present in all electronic elements including active elements and passive elements. Active elements include, for example: oscillators/clocks, internal I/O controllers, external I/O controllers, memory, processors, and digital power converters. Passive elements include, for example: internal I/O interconnects, external I/O interconnects, memory buses, and power buses. The encryption key can also include one or more environmental condition thresholds.10-15-2009
20080247540METHOD AND APPARATUS FOR PROTECTING DIGITAL CONTENTS STORED IN USB MASS STORAGE DEVICE - A method and apparatus for protecting digital content stored in a universal serial bus (USB) mass storage (UMS) device from unlimited distribution are provided. According to the method and apparatus, a UMS device generates a random key according to a request from a user and shows the generated random key to the user, and then, by using the random key, registration data is encrypted. Accordingly, only a USB host that registers the UMS device after the user connects the USB host directly to the UMS device, can freely use digital content of the UMS device, and even if encrypted registration data of the UMS is leaked out, unauthorized devices cannot register the UMS device.10-09-2008
20080240427Key Management - The present invention relates to arrangements and methods for generating keys for cryptographic processing of communication between a first communication unit (10-02-2008
20080240426Flexible architecture and instruction for advanced encryption standard (AES) - A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a “one round” pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers.10-02-2008
20080232582Method for Dynamically Authenticating Programmes with an Electronic Portable Object - A method for dynamically authenticating an executable program, that is the continuation of the instructions defined thereby, is performed repeatedly during the very execution of the program. The method for making secure an electronic portable object through execution of a program supplied by another insecure electronic object uses, inter alia, a secret key protocol.09-25-2008
20130177154METHOD AND SYSTEM FOR DECRYPTING A TRANSPORT STREAM - A module configured in operation to connect to a host, the module including: a decryptor operable to decrypt an encrypted transport stream received from the host, the transport stream including content data and a decryption seed; a decryption key generator operable to extract the decryption seed from the transport stream and to generate a decryption key from the decryption key seed; and a secure channel generator operable to generate a secure channel between the module and the host, whereby the secure channel generator is further operable to provide the generated decryption key to the host over the secure channel.07-11-2013
20130177152Cryptographic Key Spilt Combiner - A cryptographic key split combiner includes a plurality of key split generators adapted to generate cryptographic key splits, a key split randomizer adapted to randomize the cryptographic key splits to produce a cryptographic key, and a digital signature generator. Each of the key split generators is adapted to generate key splits from seed data. The digital signature generator is adapted to generate a digital signature based on the cryptographic key. The digital signature generator can also be adapted to generate the digital signature based on a credential value. A process for forming cryptographic keys includes generating a plurality of cryptographic key splits from seed data. The cryptographic key splits are randomized to produce a cryptographic key. A digital signature is generated based on the cryptographic key. Generating a digital signature based on the cryptographic key can include generating the digital signature based on a credential value.07-11-2013
20130177153USING FILE METADATA FOR DATA OBFUSCATION - A system and method may assist in securing data for transmission to a receiving entity. Received data may include metadata associated therewith. The data may be encrypted using an encryption key encoded within selected portions of the metadata, where the selection of the selected portions is based on a scheme shared with the receiving entity. The encrypted data including the metadata may be transferred to the receiving entity. The receiving entity may decrypt the encrypted data using the selected portions of the metadata.07-11-2013
20110274272DATA TRANSMISSION SYSTEM - A cipher key is generated by first information shared in secrete between a data transmitting unit 11-10-2011
20130142329UTILIZING PHYSICALLY UNCLONABLE FUNCTIONS TO DERIVE DEVICE SPECIFIC KEYING MATERIAL FOR PROTECTION OF INFORMATION - A device specific key is generated within an electronic device by providing a challenge to a physically unclonable function (PUF) structure integrated within the electronic device, where the PUF structure outputs a specific response based upon a specific challenge provided to the PUF structure. The PUF response is provided to a cryptographic module integrated within the electronic device, and a device specific key is generated by the cryptographic module utilizing a cryptographic key generation algorithm. The device specific key is generated based upon a combination of input data including the PUF response and data that is specific to the electronic device.06-06-2013
20080219439Image processing apparatus, encryption communications device, encryption communications system, and computer readable medium - An image processing apparatus includes: a first value generation unit that generates a first value changing in time sequence; a second value generation unit that generates a second value changing in time sequence identical with the time sequence of the first value; a synchronization unit that synchronizes the first and the second value generation unit; a value output unit that causes the first and second value generation unit to simultaneously output the first and second values; a first key generation unit that generates a first key in accordance with the output first value output; an encryption unit that encrypts information in accordance with the generated first key; a second key generation unit that generates a second key in accordance with the output second value; and a decryption unit that decrypts the information encrypted by the encryption unit, in accordance with the generated second key.09-11-2008
20120250858APPLICATION USAGE CONTINUUM ACROSS PLATFORMS - A system for application usage continuum across client devices and platforms includes a first client device configured to execute a first instance of an application and a second client device configured to execute a second instance of the application. The first client device is configured to receive an indication to transfer operation of the first instance of the application running on the first client device to the second instance of the application on the second client device. The first client device is further configured to generate state information and data associated with execution of the first instance of the application on the first client device and cause the state information to be sent to the second client device to enable the second instance of the application on the second client device to continue operation of the application on the second client device using the state information from the first client device.10-04-2012
20080212770Key Information Generating Method and Device, Key Information Updating Method, Tempering Detecting Method and Device, and Data Structure of Key Information - A domain key is used to perform chaining decryption with respect to encrypted content key information (ST09-04-2008
20130114809UNIQUE SURROGATE KEY GENERATION USING CRYPTOGRAPHIC HASHING - The present invention relates to a method or system of generating a surrogate key using cryptographic hashing. One embodiment of the method of the present invention may have steps such as selecting a field or group of fields that is or are unique among all records in the database and for each record, extracting the data from the fields; concatenating the extracted data into an input message; running the input message through a hash generator, either in batches or one at a time, for testing purposes perhaps; and outputting a surrogate key.05-09-2013
20130114808SYSTEM AND METHOD FOR PROVIDING AN INDICATION OF RANDOMNESS QUALITY OF RANDOM NUMBER DATA GENERATED BY A RANDOM DATA SERVICE - A system and method for providing an indication of randomness quality of random number data generated by a random data service. The random data service may provide random number data to one or more applications adapted to generate key pairs used in code signing applications, for example. In one aspect, the method comprises the steps of: retrieving random number data from the random data service; applying one or more randomness tests to the retrieved random number data to compute at least one indicator of the randomness quality of the random number data; associating the at least one indicator with at least one state represented by a color; and displaying the color associated with the at least one indicator to a user. The color may be displayed in a traffic light icon, for example.05-09-2013
20130101113ENCRYPTING DATA OBJECTS TO BACK-UP - Provided are a computer program product, system, and method for encrypting data objects to back-up to a server. A client private key is intended to be maintained only by the client. A data object of chunks to store at the server is generated. A first portion of the chunks in the data object is encrypted with the client private key and the first portion of the chunks in the data object encrypted with the client private key are sent to the server to store. A second portion of the chunks in the data object not encrypted with the client private key are sent to the server to store.04-25-2013
20130101114APPARATUS AND METHOD FOR GENERATING IDENTIFICATION KEY - Provided is an apparatus for generating an identification key by a probabilistic determination of a short occurring between nodes constituting a circuit, by violating a design rule provided during a semiconductor manufacturing process. The identification key generating apparatus may include an identification key generator to generate an identification key based on whether a contact or a via used to electrically connect conductive layers in a semiconductor chip shorts the conductive layers, and an identification key reader to read the identification key by reading whether the contact or the via shorts the conductive layers.04-25-2013
20130129087Secure Key Generation - Methods and systems for secure key generation are provided. In embodiments, during the manufacturing process, a device generates a primary seed for the device and stores the seed within the device. The device exports the device primary key to a secure manufacturer server. The secure manufacturer server generates a public/private root key for the device and requests a certificate for the public root key of the device from a certificate authority. The device, having the stored primary seed, is integrated into an end-user system. Upon occurrence of a condition, the device after integration into the end-user system generates the public/private root key in the field. The system also receives and installs the certificate for the public root key.05-23-2013
20130129086Downloading of Data to Secure Devices - An encryption key may be generated based on personalized unit data associated with a software download recipient, for example, a secure processor. In some aspects, the secure processor may generate a decryption key based on its personalized unit data, and a software download may be performed between the software provider and the secure processor using the generated encryption keys. The secure processor may then decrypt and load the software for execution. The encryption and decryption key generation may also be based on a sequence number or other data indicating one or more previous software downloads at the secure processor. Using the sequence number or other data, sequences of multiple encryption and/or decryption keys may be generated to support multiple software downloads to a secure processor.05-23-2013
20110222685Storage devices having a security function and methods of securing data stored in the storage device - A storage device may include a storage unit that stores data transmitted via a plurality of first wires; and a security control unit that controls connection between each of a plurality of second wires connected to an external device and each of the plurality of first wires by programming a plurality of switching devices according to an encryption key.09-15-2011
20080199005SIGNAL PROCESSOR - Original data to be a source for an encryption key is read from a memory cell array and stored in a buffer region. An encryption key generation unit generates a plurality of encryption keys by variously modifying the original data read from the buffer region based on a predetermined generation rule. The encryption unit generates an encrypted command by encrypting commands individually with an encryption key different for each command, out of the plurality of encryption keys generated by the encryption key generation unit.08-21-2008
20130148803MULTI-USER SEARCHABLE ENCRYPTION SYSTEM AND METHOD WITH INDEX VALIDATION AND TRACING - A multi-user searchable encryption system includes a key generation center to issue a private secret key to a user and trace information regarding a user who has generated an index, and a user terminal device to generate an index for searching for a database using the private secret key. The multi-user searchable encryption system includes a database (DB) server that verifies the index generated by the user terminal device and searches for corresponding data to the verified index.06-13-2013
20120275595CRYPTOGRAPHICALLY SECURE AUTHENTICATION DEVICE, SYSTEM AND METHOD - An electronic device generates identifying values which are used in authenticating the electronic device. The device comprises an interface, a private key generator for generating a private key, a non-volatile memory for storing at least the private key, an index source, a hash engine, and a logical interconnection between the private key generator, the non-volatile memory, the index source, the hash engine and the interface. The hash engine generates identifying values provided to the interface via the logical interconnection. The identifying values are provided to a verifying device for use in authenticating the electronic device. Alternatively or in addition, devices may be paired to share a root key to cryptographically communicate between each other and/or to authenticate each other.11-01-2012
20100316217GENERATING A SESSION KEY FOR AUTHENTICATION AND SECURE DATA TRANSFER - A device for generating a session key which is known to a first communication partner and a second communication partner, for the first communication partner, from secret information which may be determined by the first and second communication partners, includes a first module operable to calculate the session key using a concatenation of at least a part of a random number and a part of the secret information. The device also includes a second module operable to use the session key for communication with the second communication partner.12-16-2010
20130156181APPARATUS AND METHOD FOR GENERATING SECRET KEY USING CHANGE IN WIRELESS CHANNEL ON WIRELESS COMMUNICATION NETWORK - A secret key generation apparatus and method are provided. The secret key generation apparatus includes at least one antenna, amplification/phase controllers, a transceiver, and a random sign& controller. The antenna receives a wireless signal from a counterpart terminal that performs wireless communication. The amplification/phase controllers control the amplification gain and phase of the wireless signal that is received via at least one antenna. The transceiver measures the status of a wireless channel using the wireless signal having the controlled amplification gain and phase, determines parameters based on results of the measurement, and generates a secret key based on results of the determination. The random signal controller controls the amplification/phase controllers so that the amplification gain and phase are adjusted whenever the transceiver generates a secret key.06-20-2013
20130182841System and Method of Lawful Access to Secure Communications - The present disclosure relates to systems and methods for secure communications. In some aspects, an initiator KMS receives, from an initiator UE, one or more values used in generation of an encryption key, which includes obtaining at least one value associated with a RANDRi. The initiator KMS sends the at least one value associated with the RANDRi to a responder KMS. The responder KMS generates the encryption key using the one or more values.07-18-2013
20130182840System and Method of Lawful Access to Secure Communications - The present disclosure relates to systems and methods for secure communications. In some aspects, a method of signalling an interception time period is described. At least one keying information used by a KMF to regenerate a key is stored. A start_interception message is signaled from an ADMF to a CSCF. A halt_message is signaled from the ADMF to the CSCF.07-18-2013
20130156183ENCRYPTION KEY GENERATING APPARATUS AND COMPUTER PROGRAM PRODUCT - According to an embodiment, an encryption key generating apparatus includes a converting unit to convert input data using a physically unclonable function and outputs output data; a memory to store a plurality of pattern data, each of which is a partial data in the output data indicated by one of a plurality of index data; a generating unit to generates an encryption key on the basis of the plural of index data; and a comparing unit to compare the output data with the plural of pattern data to detect plural of locations in the output data at which partial data similar to the plural of pattern data is present. The generating unit reproduces, as the plural of index data, the plural of locations detected by the comparing unit and reproduces the encryption key on the basis of the plural of index data that have been reproduced.06-20-2013
20130202107Integrated Silicon Circuit Comprising a Physicallly Non-Reproducible Function, and Method and System for Testing Such a Circuit - A silicon integrated circuit comprises a physically non-copyable function LPUF allowing the generation of a signature specific to said circuit. Said function comprises a ring oscillator composed of a loop traversed by a signal, being formed of N topologically identical chains of lags, connected in series and of an inversion gate, a chain of lags being composed of M delay elements connected in series. The function also comprises a control module generating N control words being used to configure the value of the delays introduced by the chains of lags on the signal traversing them. A measurement module measures the frequency of the signal at the output of the last chain of lags after the updating of the control words, and means can deduce from the frequency measurements the bits making up the signature of the circuit. A method and a system for testing such circuits are also provided.08-08-2013
20130202108METHOD AND DEVICE FOR GENERATION OF SECRET KEY - A method and a device for generation of a secret key are provided. In one exemplary embodiment, the disclosure is directed to a device for generation of a secret key. The device for generation of a secret key includes a motion sensor, a storage unit and a control unit. The motion sensor is configured to sense a motion of the device in a three-dimensional space and generate a motion sensing signal. The storage unit is configured to store the motion sensing signal. The control unit is electrically coupled to the motion sensor and the storage unit, and configured to generate a secret key by the motion sensing signal.08-08-2013
20130182838Method and apparatus for generating a privilege-based key - Disclosed is a method for generating a privilege-based key using a computer. In the method, a privilege is received from an application, and verified as being associated with the application. The computer cryptographically generates a second key using a first key and the privilege. The second key is provided to the application.07-18-2013
20130182839SEMICONDUCTOR DEVICE AND IC CARD - In power residue calculation in a primality determination, in addition to the conventional randomization of an exponent, a modulus is also randomized. A random number generated by a random number generator is set to a randomizing number, and is input to a modulus generator and an exponent generator. The modulus generator and the exponent generator randomize a prime number candidate P using the randomizing number to generate a randomized modulus R07-18-2013
20120020476Method for Performing a Cryptographic Task in an Electronic Hardware Component - A method and apparatus are provided to perform a cryptographic task on at least one numerical datum in an electronic hardware component. The method includes a step of at least partial use of an encryption function. This encryption function includes a basic encryption function obtained by the addition between an intermediate function arising from composition of a coding function with a first function, and a second function. This method can be applied to the encryption of a datum or to the decryption of a datum. Also, a method is provided for generating a public key and a device able to implement one of these methods.01-26-2012
20130195266Apparatus and Method for Producing a Message Authentication Code - An apparatus for producing a message authentication code based on a first message and an original key is provided. The apparatus includes a key generator configured to produce a generated key based on the original key and the first message. Furthermore, the apparatus includes a message authentication code generator configured to produce the message authentication code based on the generated key and the first message.08-01-2013
20120039465Fast Computation Of A Single Coefficient In An Inverse Polynomial - In one exemplary embodiment of the invention, a method for computing a resultant and a free term of a scaled inverse of a first polynomial v(x) modulo a second polynomial f02-16-2012

Patent applications in class Having particular key generator

Patent applications in all subclasses Having particular key generator