Class / Patent application number | Description | Number of patent applications / Date published |
713161000 | Data authentication | 39 |
20080222414 | Transparent Authentication of Continuous Data Streams - A system, apparatus and method for transparently authenticating continuous data streams. A continuous data stream is divided into data blocks. Block authentication code(s) are determined using the data in the data blocks, a hash function and a key. The block authentication code(s) are embedded into the data block(s) by adjusting the timing between the packets in the data block(s). Timing delays may be used to separate the blocks. The continuous data stream may be received and authenticated by comparing an extracted block authentication code with a new calculated content-based block authentication code. | 09-11-2008 |
20080229100 | SECURE DATA MANAGEMENT USING NON-VOLATILE MEMORY - In one embodiment, encrypted data is received from an authenticated remote host at a non-volatile memory. The encrypted data includes received user data, received data volatility information, and received data validity rules. The encrypted data is stored in the non-volatile memory, and a data volatility flag and data valid flag in the non-volatile memory device are set based on the received data volatility information and the received data validity rules. The data may be read from the non-volatile memory by a user if data access is permissible as determined by the data volatility flag and the data valid flag set by the remote host. | 09-18-2008 |
20080235510 | MULTI-PARTY ENCRYPTION SYSTEMS AND METHODS - A cryptographic communication system and method having a first plurality of stations, each of the first plurality of stations having at least one encryption key K | 09-25-2008 |
20080276085 | Allowing differential processing of encrypted tunnels - In one embodiment, a method can include: (i) receiving an outbound packet in a network device, where the outbound packet includes a packet header; (ii) modifying the outbound packet by adding a service identifier to a cleartext portion of the packet header; (iii) when the outbound packet represents an event boundary, adding an event delimiter to the packet header; and (iv) passing the outbound packet to an encryption process for packaging and transmitting across a tunnel. | 11-06-2008 |
20080282086 | Method and Apparatus for Protecting Information and Privacy - A system for protecting software against piracy while protecting a user's privacy enables enhancements to the protection software in a user device and extended protections against piracy. The protection system allows the user device to postpone validation of purchased tags stored in a tag table for installed software and to re-establish ownership of a tag table to recover from invalidation of a tag table identifier value resulting from revelation of a tag table identifier value. Continued use of the tag table is provided by the use of credits associated with a tag table. A protection center is protected against denial of service attacks by making calls to the protection center cost time or money to the attackers. | 11-13-2008 |
20080313459 | Method and System for Protecting Against Computer Viruses - A method for delivering an update to at least one user, including creating an electronic communication including an update and a unique signature identifying, the electronic communication as including the update and sending the electronic communication to the user. | 12-18-2008 |
20080320302 | METHOD, APPARATUS, AND MANUFACTURE FOR DECRYPTION OF NETWORK TRAFFIC IN A SECURE SESSION - A network trace utility is provided. The network trace utility receives and copies packets in a secure session of (at least) two-way network communication between a client and a server. The network trace utility receives an administrator password, and uses a hash of the administrator password to decrypt the first session key. The network trace utility then decrypts one or more additional session keys, each one using the preceding session key. Then, the network trace utility decrypts the machine key using one of the session keys. A hash of the machine key is used to decrypt additional packets in the secure session. The network trace utility enables the contents of one or more additional packets in the secure session to be displayed to the user. | 12-25-2008 |
20090089578 | DIGEST GENERATION FROM INSTRUCTION OP-CODES - In general, in one aspect, a computer-implemented method includes determining a digest value based on hash operations on values of, at least, a set op-codes of multiple instructions of a program during execution of the program by a processor. | 04-02-2009 |
20090132814 | PROGRAM, METHOD AND APPARATUS FOR MANAGING ELECTRONIC DOCUMENTS - An electronic document management program, an electronic document management method and an electronic document management apparatus acquire a plurality of pieces of part identification information respectively identifiably expressing a plurality of parts of document information and a digital signature corresponding to the document information, acquire the preparation type, the preparer's name and the time and date of preparation of the document information as tracing information of the document information, manage the part identification information, the digital signature and the tracing information in association with each other and present information relating to the tracing information to the user in response to a request from the user. Additionally, they acquire new document information and tracing information according to a directive from the user. | 05-21-2009 |
20090204813 | SYSTEM AND METHOD FOR AUTHENTICATING DATA USING INCOMPATIBLE DIGEST FUNCTIONS - A system for authenticating data of interest includes a digest locator engine capable to locate a first and a second digest result in a data file, including a set of data; a first digest creator capable to create, using a first digest function, a first digest of the set of data, the first digest function being identical to a digest function used to create the first digest result; a second digest creator capable to create, using a second digest function that is incompatible with the first digest function, a second digest of the set of data, the second digest function being identical to a second digest function used to create the second digest result; and a digest comparator engine, communicatively coupled to the digest locator, first digest creator and the second digest creator, capable to compare the first and second created digests with the first and second located digest results respectively. | 08-13-2009 |
20090287925 | Method and apparatus for performing an authentication after cipher operation in a network processor - A method and apparatus is described for processing of network data packets by a network processor having cipher processing cores and authentication processing cores which operate on data within the network data packets, in order to provide a one-pass ciphering and authentication processing of the network data packets. | 11-19-2009 |
20100070762 | Apparatus, System and Method for Detecting a Loss of Key Stream Synchronization in a Communication System - An apparatus, system and method provides an out-of-synchronization detection by using a network layer checksum. A process operating at an upper layer verifies that a checksum embedded in a network layer header is correct before encrypting and transmitting a data packet containing the header and a payload. The data packet is received through a wireless communication channel at a receiver and decrypted. A calculated checksum is calculated on the received payload at the receiver and compared to the received checksum embedded in the header. A key stream used at the receiver for decrypting the received encrypted data packets is determined to be out of synchronization with a key stream used at the transmitter to encrypt the data packets if the calculated checksum is not equal to the network layer checksum. | 03-18-2010 |
20100100732 | PERSONAL INFORMATION DISTRIBUTION MANAGEMENT SYSTEM, PERSONAL INFORMATION DISTRIBUTION MANAGEMENT METHOD, PERSONAL INFORMATION SERVICE PROGRAM, AND PERSONAL INFORMATION UTILIZATION PROGRAM - The present invention is intended to allow distribution of personal information to be managed on the basis of not only a personal information management policy defined by a personal information producer but also management policies of all apparatuses which handle personal information when the distribution of personal information is managed between apparatuses. In its configuration, personal information generation apparatus | 04-22-2010 |
20100268945 | SYSTEM AND METHOD FOR SECURE COMMUNICATION - A secure communication module is provided for securing communication between a client application and a network service. The secure communication module comprises an authentication identifier provider for providing the client application a pool of authentication identifiers for use in subsequent communication with the network service, and an authentication identifier validator for checking the validity of an authentication identifiers from the pool of authentication identifiers sent with the subsequent communication. | 10-21-2010 |
20110040966 | METHOD AND DEVICE FOR AUTHENTICATING TRANSMITTED USER DATA - The invention relates to a method for transmitting user data, particularly user data realizing real-time applications, between at least one first communication device and at least one second communication device, the user data being transmitted as data packets during a communication connection, wherein during the communication connection at least from the first communication device at least one packet enabling an authentication of the first communication device is embedded in at least one of the data packets transmitting the user data and directed at the second communication device. The invention furthermore relates to an arrangement for carrying out the method. | 02-17-2011 |
20110040967 | System and Method for Multilevel Secure Object Management - A system and method for secure transport of data, the method comprising: sharing of key information with a key distributor, wherein the key information is for enabling decryption of first and second encrypted data, the key distributor being for making one or more decryption keys available to an authorised user; creating a container object, the container object comprising: first encrypted data having a first encryption based on at least a part of said key information; second encrypted data having a second encryption based on at least a part of said key information, wherein the first encryption is different to the second encryption; and metadata relating to the first encrypted data and the second encrypted data; and sending the container object to a data store or otherwise making the container object available, to allow user access to said data container object. | 02-17-2011 |
20110047375 | COMMUNICATION METHOD FOR MULTISUBSCRIBER NETWORKS, WHICH IS PROTECTED FROM DECEPTION, EAVESDROPPING AND HACKING - The invention relates to a P2P communication method for multi-subscriber networks, which is protected from deception, eavesdropping and hacking, and wherein the communication carried out in an interval is predominantly carried out in separate rooms, allocated to the P2P communication, and with separate reference data allocated to the P2P communication. At least part of the separate random reference data and/or random data is generated in at least one unit that participates in the P2P communication and is exchanged within the P2P communication in the form of relative data. The separate P2P communication is initiated with respect to at least one global random reference date valid for the time of the P2P communication, the random reference date being valid for a randomly determined time range and being stored in all units that carry out the P2P communications in a secret and non-deceivable manner. | 02-24-2011 |
20110138173 | SENDING APPARATUS, RECEIVING APPARATUS, SENDING METHOD, AND RECEIVING METHOD - A sending apparatus includes an encryption unit and a sending unit. The encryption unit encrypts each of data packets on the basis of a frame number of a frame and a determined cryptographic key. The sending unit transmits a frame including the data packets encrypted. A receiving apparatus includes a receiving unit and a decoding unit. The receiving unit receives the frame. The decoding unit decodes each of the data packets on the basis of the frame number of the frame and a determined decoding key. | 06-09-2011 |
20110161665 | METHOD AND SYSTEM FOR RESOLVING CONFLICTS BETWEEN IPSEC AND IPV6 NEIGHBOR SOLICITATION - A method of enabling host devices having an IPsec policy to communicate with one another via an IPv6 communication network, which includes the following steps: extracting a Media Access Control identifier (MAC ID) for a target host from a security policy for an IPv6 address for the target host; searching for the MAC ID of the target host in an Address Resolution Protocol (ARP) table on a source host; upon locating the MAC ID of the target host, creating a temporal neighbor cache entry in a neighbor cache table for the target host; and enabling a security association between the source host and the target host based on the temporal neighbor entry in the neighbor cache table, which allows IPv6 communications to be exchanged between the target host and the source host. | 06-30-2011 |
20110231657 | APPARATUS AND METHOD FOR EMPLOYING CODES FOR TELECOMMUNICATIONS - A transmitting apparatus generates a first bit stream from a second bit stream by encoding at least a portion of the bits from the second bit stream, generates a code for the second bit stream, and attaches the code to the first bit stream for transmission to a receiving apparatus. A receiving apparatus receive from a transmitting apparatus a first bit stream with a code, generates a second bit stream from the first bit stream by decoding at least a portion of the bits from the first bit stream, computes the code for the second bit stream, and compares the computed code with the code from the first bit stream. | 09-22-2011 |
20120023330 | METHOD AND APPARATUS FOR PROVIDING ADAPTIVE SELF-SYNCHRONIZED DYNAMIC ADDRESS TRANSLATION AS AN INTRUSION DETECTION SENSOR - A translator is provided for translating predetermined portions of packet header information including an address of a data packet according to a cipher algorithm keyed by a cipher key derived by a key exchanger. A mapping device is also provided for mapping the address to a host table stored in memory. If the address does not match an entry in the host table, a security device is triggered. | 01-26-2012 |
20120124371 | SYSTEM AND METHOD FOR AUTHENTICATING STREAMED DATA - One embodiment of a method of authenticating data comprises: receiving, at a device, data in a plurality of indexed packets transmitted by a data server, the data of the indexed packets being at least a portion of a larger data stream; receiving, at the device, from a data authentication server connected to the device by a network, a server-computed authentication value based on a subset of the data transmitted by the data server, the data authentication server having access to the data that was transmitted from the data server to the device; and comparing a device-computed authentication value based on a subset of the received data, corresponding to the subset of the data transmitted by the data server, with the server-computed authentication value in order to determine whether the subset of the data received at the device is authentic. | 05-17-2012 |
20120210125 | ENCRYPTED TRAFFIC TEST SYSTEM - An encrypted traffic test system is disclosed which tests whether or not traffic involving packets over a network is encrypted, the encrypted traffic test system including: a test data acquisition portion configured to receive each of the packets on the network so as to acquire test data from the received packet; an encrypted traffic test portion configured to evaluate the test data acquired by the test data acquisition portion for randomness using a random number testing scheme and, if the test data is evaluated to have randomness, to further determine that the traffic involving the packets including the test data is encrypted traffic; and a test result display portion configured to display a test result from the encrypted traffic test portion on a test result display screen. | 08-16-2012 |
20130145159 | TERMINAL APPARATUS FOR TRANSMITTING OR RECEIVING A SIGNAL CONTAINING PREDETERMINED INFORMATION - A modem unit and the like receive packets sent from a base station apparatus and receives packets sent from other terminal apparatuses. A processing unit processes the received packets. For the packets received by the modem unit and the like from the base station apparatus, a private key complying with a public key cryptosystem is used for a digital signature, whereas a symmetric key complying with a symmetric key cryptosystem is used for data. For the packets received from the other terminal apparatuses, a symmetric key complying with the symmetric key cryptosystem is used for the digital signature. | 06-06-2013 |
20130290707 | INFORMATION DISTRIBUTION SYSTEM - A data delivery system is disclosed in this specification. The system implements an authentication process that verifies data recipients using anonymised geospatial references. Verifying information for each user is stored in client accounts. A server system uses the information to process data requests and generate verification tags for data deliveries. The verification tags include an irreversible encoding of a delivery reference for receipt of a data delivery. Recipient client systems implement a compatible encoding process to generate a delivery authentication tag. The encoded authentication tags are compared to corresponding verification tags to validate data deliveries based on the location of the client system. | 10-31-2013 |
20140108790 | Secure Communication Methods - Secure communication of user inputs is achieved by isolating part of an endpoint device such that certificates and encryption keys are protected from corruption by malware. Further, the communication is passed through a trusted data relay that is configured to decrypt and/or certify the user inputs encrypted by the isolated part of the endpoint device. The trusted data relay can determine that the user inputs were encrypted or certified by the protected certificates and encryption keys, thus authenticating their origin within the endpoint device. The trusted data relay then forwards the inputs to an intended destination. In some embodiments, the isolated part of the endpoint device is configured to detect input created by auto-completion logic and/or spell checking logic. | 04-17-2014 |
20140173275 | SECURING DATA TRANSMISSIONS BETWEEN PROCESSOR PACKAGES - Embodiments of an invention for securing transmissions between processor packages are disclosed. In one embodiment, an apparatus includes an encryption unit to encrypt first content to be transmitted from the apparatus to a processor package directly through a point-to-point link. | 06-19-2014 |
20140201523 | TRANSMISSION APPARATUS, RECEPTION APPARATUS, COMMUNICATION SYSTEM, TRANSMISSION METHOD, AND RECEPTION METHOD - Provided is a transmission apparatus capable of avoiding unnecessary decryption and preventing a denial-of-service attack. The transmission apparatus that establishes a secure communications channel (SA) between the transmission apparatus and a reception apparatus includes a creation section that creates a packet, an encryption section that, based on a ratio of a redundant packet to the packets created by the packet creation section and on an instruction from the reception apparatus, determines an encryption coverage in the created packet and encrypts data in the encryption coverage, and a transmission section that transmits the encrypted packet through SA. | 07-17-2014 |
20140208099 | SERVICE PLANE ENCRYPTION IN IP/MPLS NETWORKS - A method for providing service plane encryption in IP/MPLS and GRE networks is disclosed. The method for providing service plane encryption in IP/MPLS and GRE networks includes receiving a first Security Parameter Index with associated first encryption key and associated first authentication key at a first network element supporting the first Service Distribution Point; receiving an instruction at the first network element to encrypt data entering the first Service Distribution point with the first encryption key; receiving an instruction at the first network element to associate a data communication service provided at the first network element to the first Service Distribution Point; providing an encryption label; and providing data associated with the first communication service to the first Service Distribution Point for transmission to the second Service Distribution Point. The method for providing service plane encryption in IP/MPLS and GRE networks provides encryption advantages over systems known in the art by providing capability for selectively encrypting services connected via a data tunnel. | 07-24-2014 |
20140281507 | TECHNIQUES FOR DETECTING INCORRECT WEP KEY FOR OPEN AUTHENTICATION - Techniques for detecting reason for connection attempt failure for DHCP with an Open Key authentication (WEP) protocol are discussed. | 09-18-2014 |
20150033012 | SECURE PROCESSING ENVIRONMENT MEASUREMENT AND ATTESTATION - Embodiments of an invention for secure processing environment measurement and attestation are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction associated with a build or a rebuild of a secure enclave. The execution unit is to execute the first instruction. Execution of the first instruction, when associated with the build, includes calculation of a first measurement and a second measurement of the secure enclave. Execution of the first instruction, when associated with the rebuild, includes calculation of the second measurement without calculation of the first measurement. | 01-29-2015 |
20150082028 | SECURING DIGITAL CONTENT SYSTEM AND METHOD - A system and method of encrypting digital content in a digital container and securely locking the encrypted content to a particular user and/or computer or other computing device is provided. The system uses a token-based authentication and authorization procedure and involves the use of an authentication/authorization server. This system provides a high level of encryption security equivalent to that provided by public key/asymmetric cryptography without the complexity and expense of the associated PKI infrastructure. The system enjoys the simplicity and ease of use of single key/symmetric cryptography without the risk inherent in passing unsecured hidden keys. The secured digital container when locked to a user or user's device may not open or permit access to the contents if the digital container is transferred to another user's device. The digital container provides a secure technique of distributing electronic content such as videos, text, data, photos, financial data, sales solicitations, or the like. | 03-19-2015 |
20150089218 | SECURE STORAGE WITH SCSI STORAGE DEVICES - A security command protocol provides secure authenticated access to an auxiliary security memory within a SCSI storage device. The auxiliary security memory acts as an authenticated separate secure storage area that stores sensitive data separately from the user data area of the SCSI storage device. The security command protocol is used to access the auxiliary security memory. The security command protocol allows a trusted execution environment to transport sensitive data to and from storage in the auxiliary security memory. The regular execution environment does not have access to the security command protocol or the auxiliary security memory. The security command protocol and auxiliary security memory eliminate the need for additional secure storage components in devices that provide the security features of firmware TPM. | 03-26-2015 |
20150095642 | CLIENT COMPUTER FOR QUERYING A DATABASE STORED ON A SERVER VIA A NETWORK - The invention relates to a client computer for querying a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises first data items and suffix items, wherein each suffix item describes a suffix of at least one first data item of the first data items, wherein for each suffix item a first referential connection exists in the database assigning said suffix item to the at least one first data item comprising the suffix of said suffix item, wherein each suffix item is encrypted with a suffix cryptographic key in the database, wherein each first data item is encrypted with a first cryptographic key in the database, wherein the client computer has installed thereon an application program, the application program being operational to:
| 04-02-2015 |
20160050189 | END POINT SECURED NETWORK - The disclosed embodiments include a method for receiving data packets at a host system. In one embodiment, the method includes the steps of: intercepting a data packet, at a data link layer, that is being sent to an input/output (I/O) port of the host system using a hardware device that is located between a hardware network interface and the input/output port of the host system; reading, using the hardware device, at least one parameter from the data packet; determining, by the hardware device using instructions written in memory of the hardware device, whether the at least one parameter meets an authentication criteria, wherein the host system is unable to write to the memory of the hardware device; and in response to determining that the at least one parameter meets an authentication criteria, forwarding, by the hardware device, the data packet to the input/output port of the host system. | 02-18-2016 |
20160173283 | SECURITY PROCESSING ENGINES, CIRCUITS AND SYSTEMS AND ADAPTIVE PROCESSES AND OTHER PROCESSES | 06-16-2016 |
20170237562 | NETWORK SERVICE PACKET HEADER SECURITY | 08-17-2017 |
20180025156 | Anti-Spoofing Defense System for a Can Bus | 01-25-2018 |
20190150223 | METHOD AND SYSTEM FOR PROVIDING SIGNED USER LOCATION INFORMATION | 05-16-2019 |