Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Authentication of an entity and a message

Subclass of:

713 - Electrical computers and digital processing systems: support

713150000 - MULTIPLE COMPUTER COMMUNICATION USING CRYPTOGRAPHY

713168000 - Particular communication authentication technique

Patent class list (only not empty are listed)

Deeper subclasses:

Entries
DocumentTitleDate
20110191588METHOD AND APPARATUS FOR FACILITATING EFFICIENT AUTHENTICATED ENCRYPTION - A shared-key encryption scheme that uses identically keyed block-cipher calls, low additional overhead, supports the encryption of arbitrary-length strings, produces a minimal-length-ciphertext, and is fully parallelizable. In one embodiment, “OCB”, a key shared between communicating parties is mapped to a key variant using the block cipher. The key variant is mapped into a sequence of basis offsets using shifts and conditional xors. To encrypt a message using a nonce, a nonce-dependent base offset is formed, and then a sequence of offsets is constructed by starting with the base offset and then xoring, for each offset, an appropriate basis offset. The message is partitioned into message blocks of the same length as the block length of the block cipher, along with a message fragment that may be shorter. Each message block is combined with a corresponding offset, enciphered, and then combined again with the offset, yielding a ciphertext block. The message fragment is xored with an appropriately computed pad to give a ciphertext fragment. A checksum is formed using the message blocks, the message fragment, and the pad. The checksum is combined with an offset and enciphered to yield a tag. The encrypted message includes the ciphertext blocks, the ciphertext fragment, and the tag.08-04-2011
20090037736System and Method for Establishing a Secure Group of Entities in a Computer Network - This invention relates to a system and method for establishing a secure group of entities in a computer network, such as those originating from different trust domains, for the purpose of protecting the activity being executed. The invention allows for the on-demand automated creation of a virtual security perimeter around an arbitrary group of services originating from different trust domains. The security perimeter allows the activity being executed within the group to be protected, and for inter-group messages and communication to be kept confidential. A shared security context is also provided by which the group can be regulated, and new entities can be invited to join the group. The preferred embodiment of the invention has application to service orientated architectures and preferably makes use of existing technologies, such as W3C web services and security protocols, and OASIS service co-ordination protocols.02-05-2009
20100077214Host Device and Method for Protecting Data Stored in a Storage Device - The owner of proprietor interest is in a better position to control access to the encrypted content in the medium if the encryption-decryption key is stored in the medium itself and substantially inaccessible to external devices. Only those host devices with the proper credentials are able to access the key. An access policy may be stored which grants different permissions (e.g. to different authorized entities) for accessing data stored in the medium. A system incorporating a combination of the two above features is particularly advantageous. On the one hand, the content owner or proprietor has the ability to control access to the content by using keys that are substantially inaccessible to external devices and at the same time has the ability to grant different permissions for accessing content in the medium. Thus, even where external devices gain access, their access may still be subject to the different permissions set by the content owner or proprietor recorded in the storage medium. When implemented in a flash memory, the above features result in a particularly useful medium for content protection. Many storage devices are not aware of file systems while many computer host devices read and write data in the form of files. The host device provides a key reference or ID, while the storage device generates a key value in response which is associated with the key ID, which is used as the handle through which the memory retains complete and exclusive control over the generation and use of the key value for cryptographic processes, while the host retains control of files.03-25-2010
20100115277METHOD AND DEVICE FOR MUTUAL AUTHENTICATION - A method of authenticating communication between a first and second party (or node) over an insecure, high bandwidth communications network, in which the first party (C) authenticates the second party (M) using a communications protocol comprising a first communications phase through a first communications channel over the insecure, high bandwidth communications network to establish a secure mode of communications between the first and second party, followed by a second communications phase of receiving information from the second party over a second communications channel, such as an empirical channel, and enabling a user to make a human comparison of the information received from the second party with information generated by the first party thereby enabling the user to authenticate the second party in the event of the information from both parties agrees.05-06-2010
20100037054METHOD, SYSTEM AND APPARATUS FOR TRANSMITTING DHCP MESSAGES - Methods, systems and devices for transmitting DHCP message are provided according to the present invention so that encrypted transmission of user sensitive information is achieved. The method includes receiving, by a Dynamic Host Configuration Protocol (DHCP) server, a DHCP request from a DHCP relay agent, wherein the request carries encrypted relay agent options; decrypting, by the DHCP server, the encrypted relay agent options to obtain the relay agent options. With the present invention, safe transmission of the user sensitive information in the DHCP message is ensured.02-11-2010
20090119508DISABLING ON/OFF CAPACITY ON DEMAND - Apparatus and article of manufacture for disabling on-demand access to computerized resources on a computerized apparatus are disclosed. The method comprises receiving a disablement code; validating the disablement code; and disabling an on-demand resource if the validating is successful, thereby rendering the disabled on-demand resource unavailable for use by users of the computerized apparatus, wherein the disabled on-demand resource is a hardware resource of the computerized apparatus. Another embodiment includes receiving a disablement code comprising encrypted data, validating the disablement code, disabling at least one on-demand resource if the validating is successful. The validating includes generating a first key using system information unique to the computerized apparatus; decrypting the encrypted data using a second key to produce decrypted data; encrypting a value to produce an encrypted value; decrypting the encrypted value to produce a decrypted value; and comparing the value to the decrypted value.05-07-2009
20130042111SECURING TRANSACTIONS AGAINST CYBERATTACKS - Methods and systems are provided for performing a secure transaction. Users register biometric and/or other identifying information. A registration code and an encryption key are generated from the biometric information and/or information obtained from a unpredictable physical process and are stored in a secure area of a device and also transmitted to a service provider. A transaction passcode generator may be computed based on the stored registration code. In at least one embodiment, a unique transaction passcode depends upon the transaction information, so that on the next step of that transaction, only that unique transaction passcode will be valid. In an embodiment, the passcode includes the transaction information. In at least one embodiment, if the transaction information has been altered relative to the transaction information stored in the device's secure area, then the transaction passcode sent during this step will be invalid and transaction may be aborted.02-14-2013
20100100739SYSTEM AND METHOD FOR SECURE COMMUNICATION, AND A MEDIUM HAVING COMPUTER READABLE PROGRAM EXECUTING THE METHOD - A system and a method for a secure communication, and a medium having a computer readable program therefor. The system for a secure communication comprises an identification information extracting unit for extracting identification information from a request message sent from a web browser, and a response message sending unit for sending a response message corresponding to the request message to the web browser when the identification information satisfies a predetermined reference. Since a response message is sent only to a web browser that sends identification information that satisfies a predetermined reference, a secure HTTP communication can be implemented even when session key information is leaked.04-22-2010
20120216040System for Email Message Authentication, Classification, Encryption and Message Authenticity - A system and method for tracking sender activities to provide proper classifications as a sender or of its email messages. Certain embodiments of the present invention can track the number of messages sent from a specific email address. By doing so, the system and method permits each user to define an acceptable threshold of the number of recipients of each one message received by the user.08-23-2012
20090044013Systems and Methods for Preventing Spam - Systems and methods are disclosed for preventing spam, including email spam and telephone spam, through the use of dynamic passcodes or dynamic signatures included with transmitted messages. Both the dynamic passcodes and dynamic signatures may be changed periodically or continually, according to an example embodiment of the invention. Qualified senders may include a dynamic signature that is automatically generated by the sender's node or exchange entity. The recipient's node or exchange entity can then use a graylist associated with the recipient account in verifying the qualified sender and/or dynamic signature. On the other hand, non-qualified senders may need to manually obtain a dynamic passcode from a dynamic passcode provider and include the dynamic passcode with the transmitted message. The dynamic passcode provider may be a public website using human interactive proofs. According to an embodiment, a non-qualified sender may be optionally pre-charged with a fee to obtain a dynamic passcode. The recipient of the message may then refund the charge if the received message is not spam.02-12-2009
20090307494METHODS AND DEVICE FOR ELECTRONIC ENTITIES FOR THE EXCHANGE AND USE OF RIGHTS - A method of transferring an item of data representative of a right between two electronic entities, at least one of the electronic entities including short range wireless communication elements suitable for transmitting the item of data to use the right, the electronic entities being suitable for communicating directly or indirectly via a long range communication interface. The method includes steps of transmission and of reception of the item of data by the electronic entities, the item of data being transmitted via the long range communication interface, of authentication and of storage of the item of data in the electronic entity having received it.12-10-2009
20090307493SYSTEM AND METHOD FOR COMBINING USER AND PLATFORM AUTHENTICATION IN NEGOTIATED CHANNEL SECURITY PROTOCOLS - A network security handshake exchange for combining user and platform authentication. The security handshake exchange performs operations on a pre-master secret to increase identity verification and security. The pre-master secret is augmented and authenticated with platform identity and user identity credentials of one endpoint. A second phase of exchanges may include exchange of a master secret that is the pre-master secret modified with platform identity and user identity of the other endpoint.12-10-2009
20120191977SECURE TRANSACTION FACILITATOR - A method, system, and devices are provided in which modified digital signatures are used to provide a dynamically generated number suitable for use in transactions requiring validation. The method uses symmetric key encryption to encode a message comprising authorization information and may use compression algorithms to provide a truncated message digest such that the dynamic number may be processed by existing credit card or other authorization systems. In part, this method is an improvement over other validation methods as decryption, which requires greater computing power, is not required. The method may be performed through the use of various devices. For example, credit cards may utilize the method to dispose the dynamic number in a magnetic strip or to transmit the dynamic number via radio transmitter. Smart cards, smart phones, or USB devices, optionally may be utilized to perform the inventive method.07-26-2012
20130061053RECORDING MEDIUM DEVICE, TERMINAL DEVICE, DISTRIBUTION DEVICE, CONTROL METHOD, AND PROGRAM RECORDING MEDIUM - When the terminal device 03-07-2013
20120311335Efficient Terminal Authentication In Telecommunication Networks - The invention relates to AKA procedures for terminals (12-06-2012
20090282248METHOD AND SYSTEM FOR SECURING ELECTRONIC MAIL - A system and method for securing electronic mail by providing secure access to e-mail folders. A number of folders can be created in order to classify electronic mail content. Folders can be encrypted and locked utilizing a password. A “closed lock” symbol can be displayed by the side of a folder when the folder is locked and an “open lock” symbol can be displayed when the folder is opened, thereby providing a visual indication of the status of the folder. The folders can also be automatically locked after a period of time, which can be defined by a user or the e-mail system. The electronic mail content in the locked folders cannot be displayed when a user elects to display the contents of all folders, thereby providing an additional level of security. Similarly, restricted access can also be provided to a user or a group of users to access the locked folder(s).11-12-2009
20090271626METHODS AND DEVICES FOR ESTABLISHING SECURITY ASSOCIATIONS IN COMMUNICATIONS SYSTEMS - A method of providing secure communications between a base station, a relay station, and a mobile station in a communication network includes authenticating the mobile station over the communication network; generating, by the base station, security material, wherein the security material comprises at least one of a traffic encryption key (TEK) and a message authentication code key (MACK); transmitting, by the base station, the security material to the mobile station; and transmitting, by the base station, the security material to the relay station.10-29-2009
20090271625SYSTEM AND METHOD FOR POOL-BASED IDENTITY GENERATION AND USE FOR SERVICE ACCESS - A computer-implemented system and method for pool-based identity generation and use for service access is disclosed. The method in an example embodiment includes seeding an identity generator with a private key; retrieving independently verifiable data corresponding to a service consumer; using the independently verifiable data to create signed assertions corresponding to the service consumer; generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions; signing the identity document with the private key; and conveying the signed identity document to the service consumer via a secure link.10-29-2009
20110022844AUTHENTICATION SYSTEMS AND METHODS USING A PACKET TELEPHONY DEVICE - Packet telephony devices with encryption keys are configured to enable authentication systems and methods for increasing the security of online account access and transactions. The instant disclosure leverages the security in customer equipment hardware such as a terminal adaptor (TA) or router to authenticate a web transaction. A packet telephony device has an encoded encryption key. The encryption key may be used with a display, a user actuable trigger or in a secure connection with a web-enabled device to authenticate a user or a website.01-27-2011
20120144198USER AUTHENTICATION IN A MOBILE ENVIRONMENT - A data channel transmission can be used to authenticate a voice channel transmission. A third party trusted authentication server can be used to authenticate the identity of one or more parties to a call where at least one of the parties to the call is using a mobile device. A PKI authentication methodology or other symmetric or asymmetric encryption/decryption methodology can be used in a mobile network environment to identify and authenticate a first user to a second user. The authentication request sent to the third party trusted server can be encrypted, signed and transmitted over a data channel (such as an internet connection or SMS or MMS connection), concurrent with the voice channel transmission. In response to validation by the third party trusted server, the third party trusted server can send an authentication indication to the second user's device, which can display identification information and other (optional) data associated with the first user.06-07-2012
20090235075METHOD FOR MANAGING GROUP TRAFFIC ENCRYPTION KEY IN WIRELESS PORTABLE INTERNET SYSTEM - The present invention relates to a method for managing a group traffic encryption key (GTEK) in a wireless portable Internet system. In the method, for higher security of a group traffic service such as a multicast service, a broadcast service, and a multicast-broadcast service (MBS), a base station periodically generates and distributes a GTEK to a subscriber station served with the group traffic service. A lifetime of a group key encryption key (GKEK) used for encrypting a GTEK is set greater than that of the GTEK. That is, the GKEK is updated once while the GTEK is updated several times. According to the present invention, security for the group traffic service is increased while reducing radio resource consumption.09-17-2009
20120272062APPARATUS AND METHOD FOR CONTROLLING DEVICES USING PORTABLE TERMINAL IN DEVICE AUTOMATION SYSTEM - A method is provided for controlling a device by a portable terminal in a device automation system. Upon detecting an execution request for a single remote control mode for remotely controlling a device, the portable terminal sends a single remote control mode execution request message for requesting to execute the single remote control mode, to the device. Upon receiving from the device a single remote control mode execution response message being responsive to the single remote control mode execution request message, the portable terminal switches an operation mode thereof to the single remote control mode. Upon receiving from the device a device data message including device data output by the device, the portable terminal outputs the device data. Upon detecting a remote control command to remotely control the device while outputting the device data, the portable terminal sends a remote control message including the remote control command to the device.10-25-2012
20090013186METHOD AND SYSTEM FOR THE AUTHORIZATION MANAGEMENT - A method is provided for the authorization management of digital contents between at least one owner of authorizations with a first electronic work environment and at least one user of the contents with a second electronic work environment. The owner of the authorizations provides the digital contents to the user of the contents by means of the first electronic work environment at a defined scope of authorizations and the user of the contents is entitled to use the provided digital contents on the second electronic work environment only at the defined scope of authorization. The digital contents are encoded with encryption, the encoded contents are exchanged between the first electronic work environment and the second electronic work environment and the encoded contents are subsequently decoded by means of decryption pertaining to the digital contents.01-08-2009
20090013185COMPATIBLE SYSTEM OF DIGITAL RIGHTS MANAGEMENT AND METHOD FOR OPERATING THE SAME - Disclosed is a compatible system of digital rights management which enables the reproduction of the same contents between apparatuses each employing a different digital rights management system. The compatible system of digital rights management comprises: a user server including a first authentication document of a first apparatus; a second apparatus connected to the first apparatus and outputting a contents request signal and a second authentication document to reproduce substantially the same contents; and a provider server forming a virtual safe channel with the user server based on the contents request signal to receive the first authentication document, and generating first and second licenses encrypted through the first and second authentication documents to transmit the same to the second apparatus.01-08-2009
20090006851CONFIDENTIAL MAIL WITH TRACKING AND AUTHENTICATION - A method for confidential electronic communication between a sender workstation and a receiver workstation is provided, whereby privacy is guaranteed for the electronic communications transmitted over the public Internet. The method of confidential communication is equipped with message tracking and message receipt verification. The system for implementing the method includes a sender server that creates a session content encryption key along with a message envelope that includes a content encryption key encrypted message and a confidential mail token. The content encryption key is stored securely inside the sender organization's system which transmits the message envelope to an intended recipient. The intended recipient processes the message envelope in order to generate a message receipt verification, which is transmitted to the sender. The message receipt verification is processed by the sender server to verify that the message envelope reached the intended recipient. The message receipt verification, which is comprised of the confidential mail token and unique verification data generated by the intended recipient allows the sender server to verify that the message envelope reached the intended receiver and that the message envelope identified as received is authentic. Following verification that the message transmitted by the sender reached the intended receiver and is authorized, the sender transmits the content encryption key to the intended receiver.01-01-2009
20130166913Encryption Device and Method - A method is disclosed of encrypting a value input into a user device storing an authentication key, a code generation algorithm, and a value verification code generation algorithm. The method includes the user device processing the authentication key using the code generation algorithm to generate an authentication code; and the user device processing the value using the value verification code generation algorithm to generate a value verification code. The method further includes the user device using the authentication code, the value and the value verification code to construct a message encrypting the value, the message for communicating to an authentication system via a communications network for processing by the authentication system to determine and verify the value, and authenticate the user device and/or the user. A method of communicating a value input into a user device to an authentication system and of verifying the value so communicated as well as an associated user device and authentication system are also disclosed.06-27-2013
20080294899SECURE MANAGEMENT OF DOCUMENT IN A CLIENT-SERVER ENVIRONMENT - A computer-implemented method for securely handling a document in a client-server environment includes receiving at a server a request from a user to initiate a session to access a plurality of documents stored in a server. The documents include a first type that is allowed to be accessed only while the user is online and a second type that is allowed to be accessed while the user is both online and offline. The server transfers at least one offline vault key and at least one online vault key to a client enable the client to load the documents and enable the user to access the documents, the documents including at least one document of first type and at least one document of second type.11-27-2008
20110035594Apparatus and method for providing elective message tagging - A computer-implemented apparatus and method for providing elective message tagging related services, comprising: receiving a request to receive, processing information regarding the request; and transmitting in response to the request, an elective message tag in conjunction with a second communication, wherein the elective message tag consists of any one or more of data, information, advertisements, offers, solicitations, promotions, confirmations, tickets, receipts, content, digital content, activations, authorizations, authentications, hyper-links, programs, applications, code, scripts, files, video, audio, images, avatars, pixel tags, clear gifs, web beacons, voice, text, signals, warnings, prompts, requests, restrictions, limitations, monitoring functions, management operations, rules, policies, practices, aggregated information, implementations, dissolutions, disallowances, messages, notifications, controls, communications, and/or an embodiment of information, and/or an embodiment of control functionality.02-10-2011
20100049979SYSTEM AND METHOD FOR SENDING ENCRYPTED MESSAGES TO A DISTRIBUTION LIST - A system and method for sending encrypted messages to a distribution list that facilitates the sending of such messages only to individuals or other entities associated with the distribution list that will be able to read the message. In one embodiment, the method comprises the steps of: identifying a distribution list address in a message; determining one or more member addresses associated with the distribution list address; for each member address, determining if a public key for a member identified by the respective member address is available on the computing device; encrypting the message to each member identified by the one or more member addresses for which a public key for the respective member is available on the computing device; sending the encrypted message to the distribution list address if each of the one or more member addresses associated with the distribution list identifies a member for which a public key is available on the computing device; and sending the message to each of the one or more member addresses that identifies a member for which a public key is available on the computing device otherwise.02-25-2010
20080313461SECURITY ASSOCIATION VERIFICATION AND RECOVERY - Example embodiments herein include a verification process that provides a safe and efficient mechanism for recovering security associations between network devices. More specifically, the verification process transmits a secured message from a first network device to a second network device across a network. Furthermore, the security association includes a parent process and a corresponding child process. The verification process detects, at the first network device, an incompatibility in the security association between the first network device and the second network device. Next, the verification process transmits a status query from the first network device to the second network device in order to determine the status of the security association between the first network device and the second network device. In response, the verification process receives a verifiable reply message that is indicative of the status of the security association between the first network device and the second network device.12-18-2008
20120290845SOFT MESSAGE SIGNING - A message is signed using a PUF without having to exactly regenerate a cryptographic key. Another party that shares information about the PUF is able to verify the signature to a high degree of accuracy (i.e., high probability of rejection of a forged signature and a low probably of false rejection of a true signature). In some examples, the information shared by a recipient of a message signature includes a parametric model of operational characteristics of the PUF used to form the signature.11-15-2012
20120272063METHOD AND SYSTEM FOR DIGITAL RIGHTS MANAGEMENT OF DOCUMENTS - A method and system for transmission of digital content via e-mail with point of use digital rights management is disclosed. The secured access rights to the digital content may be customized for individual recipients by the sender, and may evolve over time. The access rights are enforced according to a time-dependent scheme. A key server is used to arbitrate session keys for the encrypted content, eliminating the requirement to exchange public keys prior to transmission of the digital content. During the entire process of transmitting and receiving e-mail messages and documents, the exchange of cryptographic keys remains totally transparent to the users of the system. Additionally, electronic documents may be digitally signed with authentication of the signature.10-25-2012
20110296184MAINTAINING TRIGGERED SESSION STATE IN SECURE USER PLANE LOCATION (SUPL) ENABLED SYSTEM - A method is provided for maintaining session state in a Secure User Plane Location (SUPL) enabled system during a triggered session. The method includes modifying at least one parameter of a session message to include state data indicating the session state, and transmitting a request to a SUPL Enabled Terminal (SET) to initiate the triggered session, the request comprising the session message having the at least one modified parameter to be stored at the SET. The method further includes receiving a triggered message from the SET in response to occurrence of a trigger event detected by the SET, the triggered message comprising the stored state data. The triggered session is identified using the state data received in the triggered message.12-01-2011
20110296183AUTHENTICATION IN DATA MANAGEMENT - Systems and methods for authentication in a data management system are provided. In one embodiment, the method comprises identifying a plurality of data ciphers based on a pre-defined set of properties associated with a plurality of data sources; and generating an authentication response having at least a subset of the identified plurality of data ciphers, wherein the authentication response authenticates access to at least some data sources from among the plurality of data sources.12-01-2011
20100005298Resource scheduling in workflow management systems - A system for improved scheduling of resources within a Workflow-Management-System or a computer system with comparable functionality (WFMS). Based on a new resource specification comprised within a process model and associated with an activity, the WFMS determines the resources required for execution of said activity. The invention further schedules a request for allocation of said resources on behalf and in advance of starting execution of said activity. This approach reduces the execution time of the activity as all resources required by the activity will be available when execution of the activity begins; the activity does not have to wait for these resources. Moreover, a WFMS knowing the required resources of the activities it is administrating is able to schedule resource requests to avoid resource conflicts between the activities.01-07-2010
20090031130SYSTEM, ASSOCIATED METHODS AND APPARATUS FOR SECURING PREFIX-SCOPED BINDING UPDATES - Route optimization between a mobile network and correspondent node may be achieved by having the mobile router of the mobile network sending prefix-scoped binding update messages to the correspondent node. In order to allow the recipient of a prefix-scoped binding update message to verify the mobile network prefix information contained in the said prefix-scoped binding update message, the present invention provides a system, and associated methods and apparatus thereof, of using special cryptographic certificates to prove the ownership of the network prefixes. The certificates, or parameters derived from the certificates, are transmitted alongside the network prefix in the binding update message sent to the correspondent node. By verifying the network prefix against the certificates, or parameters derived from the certificates, a correspondent node can determine the validity of a prefix-scoped binding update message.01-29-2009
20090177887METHOD AND APPARATUS FOR BINDING UPDATE BETWEEN MOBILE NODE AND CORRESPONDENT NODE - A method and apparatus for binding update between a mobile node and a correspondent node is disclosed. The method includes: encrypting, by the correspondent node, a parameter for generating a binding management key with a key, and transmitting the encrypted parameter to the mobile node or a home agent which performs binding update on behalf of the mobile node; obtaining, by the mobile node or the home agent, the parameter via decryption, generating a binding management key with the parameter, generating authentication data with the binding management key, and transmitting a binding update message carrying the authentication data to the correspondent node; and verifying, by the correspondent node, the binding update message based on the authentication data, and returning a binding acknowledgement message to the mobile node or the home agent. With the present invention, the security of the binding update process may be improved.07-09-2009
20110264914COMMUNICATION SYSTEM HAVING PLURAL TERMINALS AND METHOD FOR CONTROLLING TERMINAL IN COMMUNICATION SYSTEM - A method and communication system for assigning the control authorization for controlling functions of a device from a terminal to another terminal in a communication system is provided. Through the method, it is possible to simplify the authentication process of a terminal having the communication function based on the short messaging service, and to reduce the security information size generated in the authentication process.10-27-2011
20100169645KEY TRANSPORT IN AUTHENTICATION OR CRYPTOGRAPHY - A computer system for authenticating, encrypting, and transmitting a secret communication, where the encryption key is transmitted along with the encrypted message, is disclosed. In an embodiment, a first transmitting processor encrypts a plaintext message to a ciphertext message using a data key, encrypts the data key using a key encrypting key, and sends a communication comprising the encrypted data key and the ciphertext message. A second receiving processor receives the communication and then decrypts the encrypted data key using the key encrypting key and decrypts the ciphertext message using the data key to recover the plaintext message.07-01-2010
20100268952Optimization of Signing SOAP Body Element - An XML digital signature mechanism for providing message integrity. A sending party serializes a source XML document into a serialized byte array, calculates the source offset and length of the array of the signed part in the serialized byte array, and calculates a source hash value using the serialized array and the source offset and length. The serialized byte array is a non-canonicalized array. The array and source hash value used to sign a part or the whole of the serialized byte array is sent to a receiving party. The receiving party calculates the target offset and length of the signed part in the serialized byte array and calculates a target hash value of the signed part by using the array and the target offset and length. The receiving party compares the target hash value and the source hash value to verify the integrity of the target XML document.10-21-2010
20090150673Authentication of Entitlement Authorization in Conditional Access Systems - A method for determining whether the terminal is authorized to receive the selected service is practiced in a terminal of a conditional access system in which a user selects a service, the selected service being associated with a frequency, the terminal having a tuner and a secure element with at least one authorized entitlement unit number stored therein. The method includes receiving at least one encrypted entitlement control message corresponding to the service, and decrypting each of the at least one encrypted entitlement control message in the secure element, each decrypted entitlement control message revealing at least one first entitlement number associated with the selected service. The method further includes determining that the terminal is authorized to receive the selected service when any first entitlement number of any decrypted entitlement control message represents any number of the at least one authorized entitlement unit number. Alternatively, the method includes receiving at least one entitlement control message corresponding to the service, and authenticating each of the at least one entitlement control message in the secure element, each authenticated entitlement control message revealing at least one first entitlement number associated with the selected service. The method further including determining that the terminal is authorized to receive the selected service when any first entitlement number of any authenticated entitlement control message represents any number of the at least one authorized entitlement unit number.06-11-2009
20120239932METHOD FOR VERIFICATION OF THE CORRECT RECORDING OF INFORMATION - Method for verifying that an item of information relating to an issuer has been registered correctly by a receiving entity while preserving the issuer's privacy, which method includes the following steps: a) the information relating to the issuer is coded in an issuing entity and said coding is sent to the receiving entity; b) the receiving entity generates a content test on the basis of the information coded in step a), and the content test is subsequently sent to the issuing entity; and c) the issuer verifies that the content test corresponds to the information which has been coded09-20-2012
20120110332Secure Messaging with Automatic Recipient Enrollment - A public-key based secure messaging system with automatic receiver enrollment is disclosed. A sender in the system first determines whether a receiver has a public key. If the receiver has a public key, the messages will be sent to the receiver using a standard public-key based encryption. If the receiver does not have a public key, the first message will be sent to the receiver using a delivery method that does not require the receiver to have a pair of public and private keys prior to sending the message. However, when the receiver accesses the first message, a pair of public and private keys will be automatically generated at the receiver and the public key will be made available for encrypting subsequent messages sent to the receiver.05-03-2012
20100082985Methods for integrating security in network communications and systems thereof - A method, computer readable medium, and system for integrating security in network communications includes generating a private key and a public key by encrypting the private key with a first encryption. The generated private key and public key are provided in an initial response to an initial request over the secure connection. At least one additional received request is validated based on the public key and a requesting signature signed using the key received with the at least one additional request. An additional response with a responding signature signed using the private key is provided in response to the validated additional request.04-01-2010
20100082984Protocol-Independent Remote Attestation And Sealing - Messages, including messages in conformance with various protocols, can be hashed and the hash values added to an event log and provided to a Trusted Platform Module (TPM), which can extend one or more Platform Configuration Registers (PCRs) with the hash value, much as it would with the hash of a component that was installed or executed on the computing device with the TPM. Subsequently, the TPM can sign one or more of the PCRs and the signed PCRs can be transmitted, together with the event log and a copy of the messages. The recipient can verify the sender based on the signed PCRs, can confirm that the signed PCRs match the event log, and can verify the hash of the message in the event log by independently hashing it. In another embodiment, an intermediate hashing of the message can avoid transmission of potentially malicious executable instructions within a message.04-01-2010
20090249070Method for Managing User Rights to Electronic Data Objects by a Person Who Acquires Rights - Digital right management systems are technically constructed for protecting and carrying out wishes of a copyright holder such that the digital content is connected in a cryptographic and unique manner to any particular device and/or data carrier. Use of the digital content on other devices of the person who acquires rights is only possible after previous registration by the copyright holder. The person who acquires rights is enabled to manage the acquired rights thereof themselves on the electronic data object without instructing the intervention of a central copyright holder. This is accomplished by the person who acquires the rights creating partial amounts of the user rights having individual user rights. The digital content can be used, respectively, in the periphery of the created partial amounts of the individual user rights.10-01-2009
20110197065SECURE AND AUTOMATED CREDENTIAL INFORMATION TRANSFER MECHANISM - A mechanism for securely transmitting credentials to instantiated virtual machines is provided. A central server is used to turn on a virtual machine. When the virtual machine is turned on, the central server sends it a secret text string. The virtual machine requests the credentials from the central server by transmitting the secret string and its instance ID. The central server validates the secret string and source IP to determine whether they are authentic. Once verified, the central server transmits the credentials to the virtual machine in a secure channel and invalidates the secret string. The credentials can now be used to authenticate API calls.08-11-2011
20080209217SYSTEM AND METHOD FOR IMPLEMENTING A ROBOT PROOF WEB SITE - The invention prevents robots from browsing a Web site beyond a welcome page. When an initial request from an undefined originator is received, the Web site responds to it with a welcome page including a challenge. Then, on receiving a further request from the undefined originator, the Web site can check whether the challenge is fulfilled or not. If fulfilled, the undefined originator is assumed to be a human being and authorized to go on. If the challenge is not fulfilled, the undefined originator is assumed to be a robot, in which case site access is further denied.08-28-2008
20110173449Broadcast Area Authentication - Systems, methods, apparatus, and computer program products are provided for authenticating local and remote devices associated with a broadcast area. For example, in one embodiment, a broadcast station can broadcast a first over-the-air broadcast that includes a token. A local device can scan for and identify the token in the first over-the-air broadcast it receives. The local device can then transmit the received token and user registration to an authentication server. The authentication server can use the token and user registration information to create a unique broadcast identifier. The authentication server can then transmit the unique broadcast identifier to the broadcast station and the local device. The broadcast station then broadcasts a second over-the-air broadcast that includes a unique broadcast identifier. Once the local device receives the unique broadcast identifier from the second over-the-air broadcast and the authentication server, it can be authenticated as being in the broadcast area.07-14-2011
20080215885SYSTEM AND METHOD FOR GUARANTEEING SOFTWARE INTEGRITY VIA COMBINED HARDWARE AND SOFTWARE AUTHENTICATION - A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center's public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, preferably unique hardware-based numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K′, which equal K if and only if new messages originated from the center and have not been corrupted.09-04-2008
20100005300METHOD IN A PEER FOR AUTHENTICATING THE PEER TO AN AUTHENTICATOR, CORRESPONDING DEVICE, AND COMPUTER PROGRAM PRODUCT THEREFORE - The invention concerns a method in a peer (01-07-2010
20100005299METHOD FOR MANUFACTURING A PRODUCT, SYSTEM FOR MANUFACTURING A PRODUCT, AND PRODUCT - Provided is a product on which is imprinted an encrypted message obtained by encrypting a message sent along with the product from a sender to a recipient, a method for manufacturing the product, and a system for manufacturing the product. The product manufacturing system has a general web server, an encryption calculating apparatus, an issued encryption values database, a specialized web server, an archive database, and an imprinting apparatus. The product manufacturing system is provided with a message acquiring section that acquires the original message sent along with the product from the sender to the recipient, an encryption calculating apparatus that generates a calculated encryption value by using a hash function to compress a calculation target message extracted from the original message, and an imprinting control section that controls imprinting of the calculated encryption value onto the product.01-07-2010
20100138659ELECTRONIC NOTARY - A process is disclosed for notarizing document, by a client in the presence of a notary, comprising the steps of registering the notary, the client and the document, from a local workstation coupled to a central office, to provide for assigning at least one respective encryption key for identifying each of the notary, the client and the document to be notarized; associating in the central office, the respective encryption keys of the client with the notary and with the document; generating a transaction code, based on the step of associating the respective encryption keys, for authorizing execution of the document to provide the notarizing; executing the document; and embedding selected ones of the respective encryption keys together with a notary seal in the document.06-03-2010
20080276091Mobile Device File Sharing Method and Apparatus - File sharing between mobile devices is enabled using a hierarchical Distributed Hash Table (DHT) based message routing system. According to one embodiment, mobile device electronic content is shared via an overlay network of computer nodes arranged according to a hierarchical DHT by a mobile device generating a message. The message includes a key configured to identify mobile device electronic content and to enable routing of the message based on the hierarchical DHT through the overlay network upon reception of the message at any of the computer nodes. The message is transmitted to a packet-switched radio access network, the packet-switched radio access network configured to send the message to one or more of the computer nodes. The message is eventually routed to the computer node responsible for the key. The responsible computer node processes the message, e.g., by registering electronic content, deregistering electronic content or responding to an electronic content request.11-06-2008
20080313463Method and Apparatus For Use in a Downloadable Conditional Access System - In a downloadable conditional access system (DCAS), preferably all DCAS-specific code is implemented in a configurable secure (CS) processor that is in communication with the host processor. Preferably, no DCAS-specific code is executed in the host processor. The host processor delivers commands to the CS processor, which the CS processor performs to configure itself in accordance with the particular DCAS encryption scheme used by the DCAS. Once configured, the CS processor executes a DCAS software module that has been downloaded to the CS processor, which looks for the corresponding EMMs and ECMs, processes them to obtain the CW, and then uses the CW to decrypt the content stream.12-18-2008
20100138658Electronic Message System with Federation of Trusted Senders - Systems and methods for allowing challenge messages to be sent directly to a recipient's inbox where normally the challenge message would be sent to a pending folder or deleted. Challenge messages sent between federated messaging services contain a federated token which can be identified, authenticated and validated to determine whether the challenge message should be sent to a recipient's inbox. The federated token can include an authentication portion and a validation portion. Authentication methods for the authentication portion can include, for example, checksums, salts, hashes and digital signatures. Once a federated token is authenticated by decrypting the authentication portion according to one or more of these authentication methods, the federated token is validated by determining the defined use-base and determining whether the receipt of the federated token satisfies the defined use.06-03-2010
20090138710Message Authentication Device, Message Authentication Method, Message Authentication Program and Storage Medium therefor - A message authentication device, a message authentication method, a message authentication program and a storage medium therefor are provided, so as to realize higher speed processing than an authentication mode of existing block cipher, in combination of block cipher and one of its parts, with theoretical security in accordance with a high efficient preliminary process and with an efficient amount of available memory. The message authentication device includes: input means for inputting a message: padding means for padding the message, setting its length always to a constant of a block length, and outputting the message as a padded message; modified tree hash means for outputting hash values of one block by repeating a process of arranging hash functions with small input/output widths, corresponding to the padded message, generated based on parts of block cipher; adjustment value added encryption means for encrypting the hash values so as to set a tag; and output means for coupling and outputting the tag and the message.05-28-2009
20090138711Sender Email Address Verification Using Reachback - A Reachback email system includes methods and software products for intercepting a sent email message from an email client, algorithmically determining a first Reachback URL from an email address of the email client, adding the first Reachback URL to the sent email message to form a sent Reachback email message, digitally signing the sent Reachback email message, sending the sent Reachback email message to at least one recipient, publishing Reachback validation information (RVI) accessible by the at least one recipient using the first Reachback URL, intercepting a received Reachback email message before delivery to the email client, retrieving RVI for the received Reachback email message using a Reachback URL, validating the RVI, the Reachback URL and the Reachback email message contents, providing an indication of the Reachback email message validation, and delivering the received Reachback email message to the email client.05-28-2009
20120079276CONTENT SELECTION AND DELIVERY FOR RANDOM DEVICES - Intelligent content delivery enables content to be delivered to different devices in formats appropriate for those devices based on the capabilities of those devices. A user might access the same piece of content on two different devices, and can automatically receive a higher quality format on a device capable of playing that higher quality format. The user can purchase rights to content in any format, such that as new formats emerge or the user upgrades to devices with enhanced capabilities, the user can receive the improved formats automatically without having to repurchase the content. Further, the user can pause and resume content between devices even when those devices utilize different formats, and can access content on devices not otherwise associated with the user, receiving content in formats that are appropriate for those unknown devices even if the user has not previously accessed content in those formats.03-29-2012
20120079275CONTENT FILTERING OF SECURE E-MAIL - Content filtering of e-mail in a network environment. The network environment includes a client machine, a policy server and an e-mail server. An e-mail message is authored at the client machine. Filter policy information is obtained by the client machine from the policy server, wherein the filter policy information defines a filtering policy for filtering of e-mail messages. The filter policy information is applied to the e-mail message by the client machine so as to effect the filtering policy. The filtered e-mail message is secured by the client machine, such as by securing based on a key obtained by the client machine from a key store. The secure e-mail message is sent by the client machine to a recipient via the e-mail server.03-29-2012
20090100264COMMUNICATION DEVICE AND COMMUNICATION SYSTEM - A communication device is secure against an impersonation attack as well. The communication device secretly communicates, with an external device, target data with use of a key shared with the external device. Without being known to a third party, the communication device generates a key shared with the external device using a scheme of which security is proved. Validity of the external device is determined by authentication with use of a key dependent function that is shared with the external device and is dependent on the shared key. If the external device is determined to be valid, for secretly communicating the target data, verification data for verifying validity of the target data is generated from the target data with use of the key dependent function.04-16-2009
20090210707Out-of Band Authentication Method and System for Communication Over a Data Network - A method and system for out-of-band authentication of messages transmitted, e.g. as packets, on a communication network, whereby a first stream of data is received by a sender control module from a sender; the first stream of data is transmitted over a first channel, e.g. a non-secure data channel, toward a receiver control module; the sender control module generates authentication data of the first stream of data; the authentication data are transmitted from the sender control module to the receiver control module on a second channel, e.g. a secure data channel, distinct from the first channel; and a stream of data received by the receiver control module is checked using the authentication data. Before sending the authentication data, the sender control module transmits a control message including synchronization data to the receiver control module over the second channel.08-20-2009
20090210708Systems and Methods for Authenticating and Authorizing a Message Receiver - Systems and methods for authenticating a message receiver and for authorizing the authenticated receiver to manipulate the received message are disclosed. Various message delivery mechanisms and sender authentication mechanisms are used to perform receiver authentication. When a message (message A) is delivered to the receiver, the receiver cannot view or manipulate the message until the receiver is authenticated by the sender or by a sender-authorized third party. In this system, the receiver sends out a message (message B) to the sender to indicate the reception of the message A. Message B is then authenticated using a sender authentication mechanism. Once Message B is authenticated as coming from the intended receiver, the sender of message A authorizes the appropriate privilege for the receiver to manipulate message A.08-20-2009
20090222664UNIT USING OS AND IMAGE FORMING APPARATUS USING THE SAME - A chip mountable on a replaceable unit used in an image forming job is disclosed. The chip includes a central processing unit (CPU) to perform at least one of authentication and cryptographic data communication with a main body of the image forming apparatus using an operating system (OS) of the CPU which operates separately from an OS of the image forming apparatus. With the use of such a configuration, security for a unit in which the chip is mounted can thereby be reinforced.09-03-2009
20090222663System and Method for Authenticating the Identity of a Remote Fax Machine - A system and method of authenticating the identity of a remote fax machine during a faxing operation is provided. An X.509-type Certificate received from the remote fax machine is validated to affirm it can be properly associated with the remote machine. The Certificate's public key is used to verify the remote fax machine has the corresponding private key. A Certificate's Common Name then compared to an Expected Name to authenticate the identity of the remote fax machine prior to sending a fax to prevent an unwanted misdirection of faxed information and to screen incoming faxes for unwanted spam.09-03-2009
20090254750SYSTEMS AND METHODS FOR SECURE WORKGROUP MANAGEMENT AND COMMUNICATION - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser.10-08-2009
20100161988METHOD OF AUTHENTICATING AN ENTITY BY A VERIFICATION ENTITY - A method of authenticating an entity by a verification entity, said entities sharing a pair of secret keys X and Y. According to the invention said secret keys X and Y are n×m (n, m>1) binary matrices, said method comprising steps repeated r times (r≧1) of: 06-24-2010
20100275020COMMUNICATION METHOD, COMMUNICATION SYSTEM, MOBILE NODE AND COMMUNICATION NODE - The invention discloses a technique, by which the number of messages can be decreased when RR (Return Routability) procedure is performed to give authentication between a mobile node (MN) and a correspondent node (CN). According to this technique, CN 10-28-2010
20100262826SYSTEM AND METHOD FOR ACQUIRING TERMINAL BINDING KEY - A first terminal subscribes to at least one service using a service guide in which information necessary for reception of each service is stored, and sends the service guide and an identifier (ID) of the subscribed service to a smartcard. The smartcard stores the service guide and the ID of the subscribed service, and sends the service guide and the ID of the subscribed service to a second terminal through a response message to a request message used for acquiring TBK information, received from the second terminal. The second terminal receives the response message by sending the request message to the smartcard, acquires TBK information corresponding to a service that the second terminal intends to play back, from the service guide depending on the subscribed service's ID included in the response message, and acquires the TBK by performing an authentication process using the TBK information.10-14-2010
20100262827Secure Storage Device For Transfer Of Data - Described herein are methods and devices of securing data. For example, a method of securing data comprises receiving, by a secure storage device, unsecure data from a source. The secure storage device is removably attached to the source. The method further comprises securing the unsecure data within the secure storage device by performing digital processing related to the unsecure data to create secure data. The secure storage device is responsive to the same protocol as an unsecure storage device and as a result the secure storage device is transparent to the source. The source responds to the secure storage device as if it were an unsecure storage device.10-14-2010
20100191968AUTHENTICATION FOR A MULTI-TIER WIRELESS HOME MESH NETWORK - An apparatus and method for a multi-tier wireless home mesh network is described. The method may include authentication of a node within a wireless home networking environment after discovering a wireless home mesh network. The authentication comprises (1) transmitting a first message, the first message including (i) an encrypted pass-phrase being a pass-phrase encrypted with a public key of the node of the wireless home mesh network, (ii) a checksum of the encrypted pass-phrase, (iii) a public key of the wireless node, and (iv) a checksum of the public key of the wireless node, and (2) receiving a second message, the second message including a code to indicate whether the wireless node has been successfully authenticated along with the challenge text verification process to ensure the message was not tampered or sent by another node. Other embodiments are described and claimed.07-29-2010
20090077381SYSTEMS AND METHOD FOR THE TRANSPARENT MANAGEMENT OF DOCUMENT RIGHTS - Systems and methods are described for enabling documents to be controlled by a sender, in a manner which is transparent to any end recipients. The invention include mechanisms enabling a sender to control documents sent to recipient, in a manner that (1) encrypts the message to ensure its security, and (2) restricts operations the recipient may perform on the received message. The recipient and sender need not agree on a control protocol in advance of the communication. Wide distribution of a Digital Rights Management System may be facilitated by use of self-installing modules, which integrate with existing software used for document publishing and retrieval. The modules are forwarded to unregistered recipients upon authentication of the recipient, and install automatically on the recipient's computer. The modules authenticate instructions from a sender, and, per instructions from the sender, may pre-empt certain types of operations on the e-mail by the recipient03-19-2009
20090077380Resource scheduling in workflow management systems - A system for improved scheduling of resources within a Workflow-Management-System or a computer system with comparable functionality (WFMS). Based on a new resource specification comprised within a process model and associated with an activity, the WFMS determines the resources required for execution of said activity. The invention further schedules a request for allocation of said resources on behalf and in advance of starting execution of said activity. This approach reduces the execution time of the activity as all resources required by the activity will be available when execution of the activity begins; the activity does not have to wait for these resources. Moreover, a WFMS knowing the required resources of the activities it is administrating is able to schedule resource requests to avoid resource conflicts between the activities.03-19-2009
20090077379Network Security System - A system for restricting access to encrypted content stored in a consuming device (03-19-2009
20100241860KEY-UPDATING METHOD, ENCRYPTION PROCESSING METHOD, KEY-INSULATED CRYPTOSYSTEM AND TERMINAL DEVICE - In a key-insulated cryptosystem according to the present invention, a plurality of external devices are associated with a number of updates of a terminal secret key which has already been updated, and a different piece of secret information is stored in each of the external devices. In addition, a key-updating method in the key-insulated cryptosystem according to the present invention includes steps of: selecting one of the external devices depending on the number of updates of the terminal secret key; and causing the selected external device to generate key-updating information used for updating the terminal secret key based on the number of updates and the stored secret information.09-23-2010
20100241859Mode of information transmission and complex protection - The mode is intended for application in simplex and duplex channels of arbitrary including low, quality with implementation of tasks for complex protection of information.09-23-2010
20100235641SECURITY TECHNIQUES FOR COOPERATIVE FILE DISTRIBUTION - Security techniques are provided for cooperative file distribution. An encryption key or a nonce (or both) are generated for a package containing one or more files that are to be sent in a cooperative file distribution system. Random access encryption techniques can be employed to encrypt a package containing one or more files to be sent in a cooperative file distribution system. One or more storage proxies are allocated to a package to be transmitted in a cooperative file distribution system, based on load. Access to trackers in the cooperative file distribution system is controlled using security tokens. Content can automatically expire using a defined expiration period when the content is uploaded into the system. Variable announce intervals allow the tracker to control how often the tracker will receive a message, such as an announcement or a heartbeat message, from peers in the system.09-16-2010
20100211788NETWORK APPARATUS AND COMMUNICATION CONTROLLING METHOD - Disclosed is a network apparatuses, which makes it possible to effectively re-establish the cryptographic communication without increasing its processing burden and deteriorating the security aspects of them. The network apparatus that communicates with another network apparatus through a network to exchange cryptographic communication information including a key of cryptograph transmits, when a power off sequence is detected, a request for deleting the cryptographic communication information to the other network apparatus through a communication interface section, before a power source section is turned OFF so as to actually deactivate the network apparatus.08-19-2010
20100250937Method And System For Securely Caching Authentication Elements - A system and method for authorizing a user to a plurality of secure servers. Each server is adapted to store user information. The secure server receives a request for access to one of the plurality of secure servers from a first user device from a user possessing an authorized account identifier. An authentication server may intervene and request the user authenticate to the authentication server and transmit a client-side electronic lockbox stored at the first user device to the authentication server. The authentication server retrieves a key′ corresponding to the received client-side lockbox and uses the key to decrypt an encrypted file contained within the lockbox. The decrypted file may contain authentication information that is forwarded to the secure server. The secure server grants the user access to the user's content stored thereon when the authentication information received from the authentication server corresponds to the authentication information stored at the secure server for the user. The present method provides the user the ability to manage access to the user's content by permitting the user to delete or disable a client-side lockbox or associated key from a remote location.09-30-2010
20110066857Method for secure delivery of digital content - Methods and apparatus for the secure and copy-proof distribution of digital content are disclosed. In a preferred embodiment of the invention cryptographic primitives (encryption algorithms, message-authentication codes, hash functions, random-number generators, etc.) are used in a novel security protocol. The invention may be utilized to protect a first-run movie that has been digitized in accordance with one of the current or forthcoming MPEG standards (e.g., MPEG-7). Content receivers or users first register their boxes. This registration information is stored in a secure database. When a subscriber registers, he then receives a box (interface to his player) that has been initialized to contain a number of tamper-proof secrets that are shared between the station and that particular box. The station stores an encrypted version of the digital content. This encrypted version ultimately arrives at some unprotected storage medium local to the player. Upon demand, the station delivers to the box the use-once computational ability to decrypt the content and display it on the player or terminal.03-17-2011
20110066856Communication data freshness confirmation system - A receiving device sends challenge information to a transmitting device. The transmitting device initializes a time varying parameter and transmits communication data together with data derived from the challenge information to the receiving device. Subsequent communication data, if any, are then transmitted together with data derived from the time varying parameter. The receiving device uses the challenge information to verify the freshness of the communication data transmitted first, and uses the time varying parameter to verify the freshness of the subsequent communication data. Freshness can be verified without having to maintain any type of verification data during sleep periods, and without having to send a separate challenge for each data transmission.03-17-2011
20080313462APPARATUS AND METHOD FOR DERIVING KEYS FOR SECURING PEER LINKS - Apparatus and methods to establish a secure peer-to-peer link in which the construction of a link authentication and key encryption keys are separated from the session encryption key are described herein. In an embodiment, a secure peer-to-peer link is established in a wireless mesh network.12-18-2008
20090319792RESYNCHRONIZATION FOR PUSH MESSAGE SECURITY USING SECRET KEYS - A method for a server to initiate resynchronization with an access terminal, when synchronization has been lost, that cannot be exploited by attackers is provided. The server may provide the access terminal with a secret key that is only known to the access terminal and the server. The access terminal may store the secret key in a secure storage device to prevent the secret key from being hacked. If the server determines that synchronization has been lost, the server may send a resynchronization message to the access terminal with the secret key attached. The access terminal retrieves the stored secret key from the secure memory device and compares it to the secret key attached to the resynchronization message. If there is a match, the access terminal may initiate a secure communication link with the server to reestablish synchronization.12-24-2009
20110131414METHODS AND SYSTEMS FOR END-TO-END SECURE SIP PAYLOADS - Methods, systems and communication nodes for protecting Session Initiation Protocol (SIP) message payloads are described. Different protection techniques can be used to protect SIP payloads depending upon, for example, whether a recipient client application resides in a user equipment or an application server and/or whether a recipient client application resides in a same SIP/IP domain as the target SIP application server which is sending the SIP payloads.06-02-2011
20090138712Simple Authentication of Messages - Methods and systems for using simple authenticated messages are disclosed for use with implementing (i) synchronization schemes, (ii) encoded control messaging schemes, and (iii) encrypted data communication schemes. Messages are authenticated by applying a secure hash function to one or more authentication tokens to produce hash results which are compared to stored trusted bit strings, wherein the stored trusted bit strings are replaced with the most-recently received authentication token whose corresponding hash result matched the stored bit string.05-28-2009
20090037735METHOD AND SYSTEM FOR DELIVERING SECURE MESSAGES TO A COMPUTER DESKTOP - A system and method for delivering a secure message to the desktop of a computer for a user. The system comprises polling a server to determine if any messages are waiting for the user. The polling includes providing and authenticating security credentials associated with the user. If a message is waiting on the server, a notification is generated on the computer of the user. A portion of the message may be delivered to the desktop as part of the notification. The message is encrypted with a public-private key pair associated with the user and delivered to the desktop of the computer. The communication link between the computer and the server may comprise a secure channel.02-05-2009
20100306541HASH FUNCTION USING A CARD SHUFFLING PROCESS - In the computer data security field, a cryptographic hash function process embodied in a computer system and which is typically keyless, but is highly secure. The process is based on the type of chaos introduction exhibited by a game process such as the well known shuffling of a deck of playing cards. Computation of the hash value (digest) is the result of executing in a model (such as computer code or logic circuitry) a game algorithm that models the actual game such as a playing card shuffling algorithm using the message as an input to the algorithm, then executing the card shuffling algorithm on the input. A state (order) of the modeled deck of cards after a shuffle (or multiple shuffles) gives the hash digest value.12-02-2010
20130138960Systems and Methods for Secure Communication Using a Communication Encryption Bios based Upon a Message Specific Identifier - An apparatus and methods of securely communicating a message between a first device and a second device using a message specific identifier is disclosed. The method begins by receiving the message and the message specific identifier from the first device by the second device where the message specific identifier is associated with one or more attributes associated with the message and the first device. A decryption key request is transmitted to a server in communication with the second device, wherein the decryption key request is based upon the message specific identifier received and a second device attribute. A decryption key is received from the server, wherein the decryption key is based on the message specific identifier and a stored random character set. The encrypted message is then decrypted using the received decryption key.05-30-2013
20110145580TRUSTWORTHY EXTENSIBLE MARKUP LANGUAGE FOR TRUSTWORTHY COMPUTING AND DATA SERVICES - A digital escrow pattern for data services can include selective access for obscured data at a remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Based on the pattern, a “trustworthy envelope” for any kind of payload enables curtained access through a variety of decorations or seals placed on the envelope that allow for a gamut of trust ranging with guarantees such as, but not limited to, confidentiality, privacy, anonymity, tamper detection, integrity, etc. For instance, XML tags can be applied or augmented to create trust envelopes for structured XML data. Some examples of mathematical transformations or ‘decorations’ that can be applied to the XML data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof(s) of Application, blind fingerprints, Proof(s) of Retrievability, etc.06-16-2011
20100332834METHOD AND APPARATUS FOR PROVIDING A SCALABLE SERVICE PLATFORM USING A NETWORK CACHE - An approach is provided for building a scalable service platform by initiating transmission of encrypted data from a public network cache. An access control server platform determines a first authorization key for a user and a second authorization key for a resource, and then encrypts the resource with the second authorization key, and encrypts the second authorization key with the first authorization key. The access control server platform initiates distribution of the encrypted second authorization key with the encrypted resource over a network. The access control server platform further initiates caching the encrypted second authorization key with the encrypted resource that meets a predefined threshold value (e.g., a data size, an access frequency, a modification frequency, or an auditing requirement) in a cache in the network, and initiates transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity.12-30-2010
20110010548SECURE E-MAIL SYSTEM - An email system for securely sending an email message to a recipient comprising: one or more computers connected to the internet at least one of computer being suitable for receiving data identifying a recipient; a communicator for sending messages; an encryption engine configured to encrypt the email message using the encryption key to produce an encrypted email message; a computer of the one or more computers programmed to identifying an encryption key; a computer of the one or more computers programmed to identify a first contact identifier of the recipient based on data received by a computer of the one or more computers, and to determine a first address of the recipient from the first contact identifier; a computer of the one or more computers programmed to determine a second address of the recipient from data received by the input means or from the first contact identifier using a lookup table or database; wherein at least the first address is an email address and the email system is configured to send the encrypted email message to the email address of the recipient and create an encryption key message, containing the encryption key, and send to the second address of the recipient.01-13-2011
20110016319METHOD FOR RESTRICTING ACCESS TO MEDIA DATA GENERATED BY A CAMERA - A method for restricting access to media data generated by a camera comprising: setting a non-public initial user key, KICU, in the camera, providing a user client with the initial user key, KICU, establishing an authenticated relation between the user client and the camera by sending an authentication message including information based on the initial user key, KICU, from the user client to the camera, checking if an operational user key (K01-20-2011
20110113249METHOD AND SYSTEM FOR SHARING TRUSTED CONTACT INFORMATION - A method and system for sharing trusted contact information between trusted, known and unknown parties, without revealing the contact information itself, thus protecting the party defined in the contact from possible unsolicited messages known as “Spam”. Addresses of trusted senders are encrypted using a one-way encryption and stored in a whitelist repository that can be shared by different users. When a message is received, its senders address is extracted, encrypted using the same encryption method, and compared if it is found in the whitelist repository.05-12-2011
20090327727System and method for upgrading the functionality of a controlling device via a secure portable adapter device - Secure access to a database of upgrade data is provided by storing an encryption key value in an adapter device used to interconnect a first device to be upgraded and a second device that is associated with the database of upgrade data. The second device allows access to the database of upgrade data via the adapter only once the adapter is positively authenticated by the second device through use of the encryption key value stored in the adapter device.12-31-2009
20090327728Methods for Supplying Cryptographic Algorithm Constants to a Storage-Constrained Target - The present invention provides for authenticating a message. A security function is performed upon the message. The message is sent to a target. The output of the security function is sent to the target. At least one publicly known constant is sent to the target. The received message is authenticated as a function of at least a shared key, the received publicly known constants, the security function, the received message, and the output of the security function. If the output of the security function received by the target is the same as the output generated as a function of at least the received message, the received publicly known constants, the security function, and the shared key, neither the message nor the constants have been altered.12-31-2009
20100131762SECURED COMMUNICATION METHOD FOR WIRELESS MESH NETWORK - A secured communication method for Wireless Mesh Network (WMN) in the field of network technology includes initial authentication request, authentication negotiation process of the authentication server and encrypted data communication via pre-shared key and other valid Mesh Point (MP) in the WMN in order to implement the functions of the WMN. The present invention not only meets the new needs of the WMN dynamic self-organization, but also provides the security performance almost the same as the IEEE 802.11 standard requirements. The present invention is easily applied into WMN upon IEEE 802.11 links, and furthermore, the architecture disclosed in the present invention is quite simple and easy to implement with full compatibility and flexibility.05-27-2010
20090313471EXTENDING THE DRM REALM TO EXTERNAL DEVICES - Disclosed is a method and a system for rendering content on external devices securely. The method comprises setting up a communication channel between a proxy rendering server of a mobile device and an external rendering server of an external device, authenticating at least the external rendering server and upon successful authentication transferring a key from the proxy rendering server to the external rendering server, transferring the content encrypted with the transferred key from the proxy rendering server to the external rendering server for rendering the content, wherein the rendering of the content is performed in one of two modes, either in a preprocessing mode or in a non-preprocessing mode, and wherein a DRM agent is only present in the mobile device.12-17-2009
20110154038Multi-band/multi-link secure key generation and delivery protocol - A method is described for negotiating the use of multi-link ciphering and for the generation of unique keys for each of the links using a single 4-way handshake protocol exchange.06-23-2011
20110072267METHOD, MOBILE AND NETWORK NODES FOR SHARING CONTENT BETWEEN USERS AND FOR TRACKING MESSAGES - A method for sharing multimedia content protected by RM by a first subscriber with at least one second subscriber of a communication system comprises: receiving the protected multimedia content by the at least one second subscriber from the first subscriber, who previously received the multimedia content; and requesting a license key for unlocking the protected multimedia content by the at least one second subscriber; wherein requesting the license key allows for correlating the license key with the multimedia content.03-24-2011
20110060909TRAPDOOR ONE-WAY FUNCTIONS ON ELLIPTIC CURVES AND THEIR APPLICATION TO SHORTER SIGNATURES AND ASYMMETRIC ENCRYPTION - The present invention provides a new trapdoor one-way function. In a general sense, some quadratic algebraic integer z is used. One then finds a curve E and a rational map defining [z] on E. The rational map [z] is the trapdoor one-way function. A judicious selection of z will ensure that [z] can be efficiently computed, that it is difficult to invert, that determination of [z] from the rational functions defined by [z] is difficult, and knowledge of z allows one to invert [z] on a certain set of elliptic curve points. Every rational map is a composition of a translation and an endomorphism. The most secure part of the rational map is the endomorphism as the translation is easy to invert. If the problem of inverting the endomorphism and thus [z] is as hard as the discrete logarithm problem in E, then the size of the cryptographic group can be smaller than the group used for RSA trapdoor one-way functions.03-10-2011
20110016318TECHNIQUES FOR SECURING SUPPLY CHAIN ELECTRONIC TRANSACTIONS - Techniques for authenticating the identity of shippers and receivers of goods at each point along a supply chain. A central hub repository issues shippers and receivers a pair of public and private keys for encrypting communications between the shippers and receivers and the hub repository and for authenticating the identity of shippers and receivers. The hub repository may also maintain a log of all transactions between shippers and receivers to provide an audit trail that may be used to track the progress of goods along a supply chain.01-20-2011
20120204032Encryption key exchange system and method - The present invention is a computer-implemented key exchange system and methods for improving the usability of encryption technologies such as Public Key Infrastructure (PKI). One aspect of the present invention includes registering users, verifying user identity, and classifying users such that the users may send a communications such that communication recipients can verify the user identity and classification of the communication sender. Another aspect of the present invention includes users initiating relationships with other users, approving the establishment of relationships, and exchanging encryption keys between users after the establishment of a relationship.08-09-2012
20110154039STATION-TO-STATION SECURITY ASSOCIATIONS IN PERSONAL BASIC SERVICE SETS - A personal basic service set (PBSS) includes a first device configured to communicate in the PBSS and a second device configured to communicate in the PBSS. The first device is configured to establish a robust security network association (RSNA) with the second device (i) without associating with a PBSS control point (PCP) and (ii) without associating with the second device.06-23-2011
20080320307Method for Session Security - A secret string is established so as to be known only to a client computing system and a server computing system. A non-encrypted version of a message, a message counter value, and first hash value are received by the server computing system from the client computing system. The first hash value, based on a content of the message, the message counter value, and the secret string, is generated at the client computing system using a first hash algorithm. Using the first hash algorithm, the server generates second hash value based on the content of the received message, the received message counter value, and the secret string. The server computing system accepts the received non-encrypted version of the message as authentic upon determining that the received message counter value is greater than a previously received message counter value and that the second hash value matches the first hash value.12-25-2008
20110055569ROAMING AUTHENTICATION METHOD BASED ON WAPI - A roaming authentication method based on WAPI. The present invention includes the steps of adopting a terminal and a wireless access point to initiate a WAPI security mechanism, relating the terminal to the wireless access point, and initiating a WAPI authentication process and so on. And a highly safe and convenient roaming authentication method based on WAPI is provided, so as to solve the technical problem that how the specific method of certificate roaming authentication is realized, the certificate of external network authentication server can not be obtained to establish a trustful relationship, and the terminal perhaps can not realize roaming authentication.03-03-2011
20110055568ZERO-KNOWLEDGE BASED AUTHENTICATION METHOD, SYSTEM, AND APPARATUS - In the fields of data security and system reliability and qualification, this disclosure is of a method, system and apparatus for verifying or authenticating a device to a host using a zero-knowledge based authentication technique which includes a keyed message authentication code such as an HMAC or keyed cipher function and which operates on secret information shared between the host and the device. This is useful both for security purposes and also to make sure that a device such as a computer peripheral or accessory or component is qualified to be interoperable with the host.03-03-2011
20080256359Method and apparatus for file sharing between a group of user devices with encryption-decryption information sent via satellite and the content sent separately - A communication system 10-16-2008
20110167270SECURE KEY AUTHENTICATION METHOD FOR COMMUNICATION NETWORK - A key authentication method between a user equipment (UE) and a serving network (SN) for binary CDMA network and a key re-authentication method during which the UE performs a handover within the same SN in binary CDMA network are provided. The key authentication method for the user equipment includes receiving a terminal authentication request message from a wireless access point, transmitting a terminal authentication response message that includes identification information for the user terminal, receiving user authentication request message that includes at least two random numbers and code information for message authentication from the wireless access point, and transmitting a user authentication response message that comprises first information that is generated using a master key.07-07-2011
20110016320METHOD FOR AUTHENTICATION AND SIGNATURE OF A USER IN AN APPLICATION SERVICE, USING A MOBILE TELEPHONE AS A SECOND FACTOR IN ADDITION TO AND INDEPENDENTLY OF A FIRST FACTOR - The invention relates to a method for the two-factor authentication of a user in an application service running on an application server. The first authentication factor is a PIN authentication code known only by the user and the application service, and the second authentication factor is the mobile communication terminal of the user on which is installed a reliability application obtained from a reliable third party or certified by the same. The reliability application is capable of generating, using the PIN authentication code and a secret key shared only with the reliable third party, a single use authentication code for each authentication of the user in the application service.01-20-2011
20100241861DHCP CLIENT SERVER SYSTEM, DHCP CLIENT DEVICE AND DHCP SERVER DEVICE - A conventional DHCP authentication method could not cope with a one-phase two-messages DHCP sequence involved in a Rapid-Commit option. Further, in the conventional DHCP authentication method, it is possible to replay attack at lease renewal timing and, when information used in a retransmission method between a client and a server becomes the loss of synchronization, the conventional DHCP authentication method cannot detect the loss of synchronization and has such a problem that unnecessary traffics are continuously produced. A DHCP client device includes a means that stores a user ID, a secret key, and retransmission detection method (RDM) information. A DHCP server device includes a database that is available for the retrieval of a secret key and RMD information based on a user ID as a key or an access mechanism to an external DB with the same function as that of the database.09-23-2010
20100287373DATA SECURITY SYSTEM WITH ENCRYPTION - A data security system (11-11-2010
20110040973Selective Encryption in Broker-Based Messaging Systems and Methods - An exemplary method includes transmitting, by a software application subsystem, a request to an encryption services subsystem to route a message generated by an originating software application to a recipient software application through a message broker subsystem, acquiring, by the software application subsystem, data representative of a current encryption configuration of the message broker subsystem from the encryption services subsystem in response to the request, and determining, by the software application subsystem, during a run time of the originating software application whether to encrypt the message before the message is transmitted to the message broker subsystem for routing to the recipient software application, the determination based at least in part on the current encryption configuration of the message broker subsystem. Corresponding methods and systems are also disclosed.02-17-2011
20090300356REMOTE STORAGE ENCRYPTION SYSTEM - An exemplary remote storage encryption system includes a data storage unit and a key server having a key management module configured to communicate with a client device. The key management module stores at least one key access map that maps at least one access credential to at least one encryption key to determine which encryption key to provide to the client device. An exemplary method includes mapping the at least one access credential to the at least one encryption key, receiving a request for the encryption key from a remote requestor, accepting the access credential with the request, validating the access credential against a previously stored version thereof, retrieving the encryption key associated with the access credential based on the mapping, and sending the key to the remote requester.12-03-2009
20100031043PORTABLE ELECTRONIC AUTHORIZATION SYSTEM AND METHOD - A method is disclosed for enabling a user interface on a computer operated by a user to cause memory content of an electronic device distinct from the computer to be modified. A communication link may be established between the user interface and the electronic device by establishing a first connection between the user interface and a server distinct from each of the computer and the electronic device, and establishing a second connection between the electronic device and the server. The user interface may be used to communicate with the server via the first connection so as to cause the server to communicate with the electronic device via the second connection and thereby cause new information to be added to the memory of the electronic device via the second connection.02-04-2010
20110154040MESSAGE STORAGE AND RETRIEVAL - A method of obfuscating messages stored in a message store or messages received by a computing device by comparing portions of the messages to user-specified criteria and encrypting or hiding portions of the message if the criteria are matched. The obfuscated messages are stored and access thereto is controlled by only permitting authorised users or applications to decrypt or access the message.06-23-2011
20100125735Method and System for Establishing a User-Friendly Data Transfer Service Application Executing Within a Heterogeneous Distributed Service Application Execution Environment - Various embodiments of the present invention are directed to methods and systems for data transfer between electronic, hand-held devices, including cell phones, and computer systems, including servers and PCs, as well as component methods and systems of these data-transfer methods and systems. Component methods and systems of the present invention include secure links between various devices, enhancements to electronic hand-held devices that enable service applications to run continuously or intermittently on the devices, deployment of dynamically created service applications to electronic, hand-held devices, and various additional component methods and systems that facilitate the above-mentioned component methods and systems. One embodiment of the present invention is a robust, efficient, secure, and user-friendly method and system for transferring data between cell phones and personal computers.05-20-2010
20120233466METHOD FOR INSTALLING RIGHTS OBJECT FOR CONTENT IN MEMORY CARD - A method of receiving, by a memory card, a rights object (RO) from a rights issuer (RI) via a terminal. The method includes: receiving from the terminal, a provisioning setup request message including information about a size of rights to be installed in the memory card; checking whether there is a space in the memory card for the rights; transmitting, to the terminal, a provisioning setup response message including a status indicating a result of processing the provisioning setup request message; and receiving, from the terminal, a rights provisioning request message for installing the rights into the memory card, the rights provisioning request message including rights information. The rights information is based on rights being extracted from a RO response message if a device identifier (ID) in the RO response message matches an ID of the memory card which is different from an ID of the terminal.09-13-2012
20110167271SECURE MESSAGE AND FILE DELIVERY - The present disclosure provides systems and methods for accessing secure and certified electronic messages using a combination of biometric security, a separate and secure network and email infrastructure, email management processes, and the addition of text, audio and visual format options to sending emails messages. In an exemplary embodiment, a secure message and file delivery method includes biometrically authenticating a sender of an electronic message; receiving the electronic message through a secure connection to the sender; storing the electronic message, wherein the electronic message is encrypted prior to storing; notifying a recipient of the electronic message; and delivering the electronic message through a secure connection to the recipient.07-07-2011
20120011366Method for Controlling and Recording the Security of an Enclosure - A method for controlling and recording the security of an enclosure is disclosed. A mobile electronic control device, such as an electronic key, is used to access or otherwise control the operations of a field device, such as an appliance, power tool, shipping container, and the like. In a control event in which the mobile control device interacts with the field device via wired or wireless communications, the control device obtains the current location and the field device ID. The communications between the mobile control device and the field device may be secured with encryption. The location information is used by the mobile control device to determine whether the field device should be accessed or enabled. Alternatively, the location information may be stored separately in a location sensing device, and the control event data recorded by the key and the location information recorded by the location sensing device are later combined when they are downloaded into a management system for auditing. Moreover, an electronic access control device is disclosed comprising two microprocessors.01-12-2012
20120011367Method for Controlling and Recording the Security of an Enclosure - A method for controlling and recording the security of an enclosure is disclosed. A mobile electronic control device, such as an electronic key, is used to access or otherwise control the operations of a field device, such as an appliance, power tool, shipping container, and the like. In a control event in which the mobile control device interacts with the field device via wired or wireless communications, the control device obtains the current location and the field device ID. The communications between the mobile control device and the field device may be secured with encryption. The location information is used by the mobile control device to determine whether the field device should be accessed or enabled. Alternatively, the location information may be stored separately in a location sensing device, and the control event data recorded by the key and the location information recorded by the location sensing device are later combined when they are downloaded into a management system for auditing. Moreover, an electronic access control device is disclosed comprising two microprocessors.01-12-2012
20110078444RE-AUTHENTICATION APPARATUS AND METHOD IN DOWNLOADABLE CONDITIONAL ACCESS SYSTEM - Provided is a re-authentication apparatus in a Downloadable Conditional Access System (DCAS), the re-authentication apparatus includes: a receiving unit to receive a key request message from a Secure Micro (SM); a determination unit to determine whether to perform re-authentication depending on downloading of SM client image; an identification unit to identify an SM identifier using the key request message, when the re-authentication is performed as a result of the determination; an extraction unit to retrieve previous session information corresponding to the SM identifier and to extract keying information about the previous session information; and an encryption unit to control an encryption key about the SM client image to be reused, the SM client image being encrypted in a previous session based on the previous session information using the keying information.03-31-2011
20110107102METHOD FOR AUTHENTICATING AN ENTITY BY A VERIFIER - A method for authenticating an entity by a verifier, the entity having an identifier, the verifier having a pair of private and public keys, comprising: sending to the entity a first random number selected by the verifier; a step wherein the entity encrypts a value by means of the public key of the verifier, said value including the first random number and an authentication datum on which the identifier of the entity depends; and the entity of said encrypted value sending a reply to authenticate said entity. The invention can be applied to the field of low-cost cryptography, especially the field of radio-identification.05-05-2011
20110107100METHOD AND SYSTEM FOR PROVIDING SECURE CODES FOR MARKING ON ITEMS - A method and system for creating a group of marking codes for marking items in a code generation and validation system and validating the marking codes. The code generation and validation system includes a first subsystem and a second subsystem, where first and second keys in each of the subsystems are respectively used to encode a first input message in the first subsystem with an output message being the second input message in the second subsystem to solve the problem of data integrity of the validated data.05-05-2011
20100095122SYSTEM AND METHOD FOR COLLABORATION OVER SHARED STORAGE - In accordance with one or more embodiments of the present disclosure, systems and methods disclosed herein enable synergy among a group of users by providing a real-time, secure collaboration environment that allows for cooperative interaction and decision making and provide the ability for users to simultaneously view, revise, and review a document or multimedia file that resides in a shared data storage location. Real-time, low latency, rich collaboration between producers and consumers provides organization efficiency, and this collaboration provides real-time, low latency transmission of data.04-15-2010
20100095121IMPARTING REAL-TIME PRIORITY-BASED NETWORK COMMUNICATIONS IN AN ENCRYPTED COMMUNICATION SESSION - This specification describes technologies relating to imparting real-time priority-based network communications in an encrypted session. In general, aspects of the subject matter described can be embodied in methods that include establishing, based on cryptographic information in a reserved, random-data portion of a handshake communication, a session, receiving parameter values relating to a sub media stream, included in a header of a network communication, storing the parameter values, obtaining state information and a data payload included in a second network communication, identifying, from the state information, a purpose of the second network communication, and whether a header of the second network communication includes one or more new values corresponding to one or more of the parameters, updating one or more of the stored values based on the one or more new values, and processing the data payload based on the identified purpose and the stored parameter values.04-15-2010
20100095120TRUSTED AND CONFIDENTIAL REMOTE TPM INITIALIZATION - Techniques are provided to allow remote initialization of a Trusted Platform Module. The results may be trusted and confidential even if the target device has malicious operating system or other software running.04-15-2010
20090132821INFORMATION SECURITY DEVICE - The present invention provides an apparatus for securely acquire a circuit configuration information set corresponding to a new cryptosystem without increasing the number of reconfigurable circuits. A content playback apparatus 05-21-2009
20110119491SIMPLIFIED PAIRING FOR WIRELESS DEVICES - A first wireless device is paired with a second wireless device for communication over a wireless connection. The first wireless device receives an input that indicates a device identifier of the second wireless device, and then matches the device identifier with one of the data entries in a data repository to obtain a code of the second wireless device without user interactions. The data repository contains a plurality of data entries associating a plurality of wireless devices with their corresponding codes. Based on the code of the second wireless device, the first wireless device authenticates the second wireless device and establishes the wireless connection.05-19-2011
20100082986CERTIFICATE-BASED ENCRYPTION AND PUBLIC KEY INFRASTRUCTURE - The present invention provides methods for sending a digital message from a sender to a recipient in a public-key based cryptosystem comprising an authorizer. The authorizer can be a single entity or comprise a hierarchical or distributed entity. The present invention allows communication of messages by an efficient protocol, not involving key status queries or key escrow, where a message recipient can decrypt a message from a message sender only if the recipient possesses up-to-date authority from the authorizer. The invention allows such communication in a system comprising a large number (e.g. millions) of users.04-01-2010
20100205441Method and System for Generating Ciphertext and Message Authentication Codes Utilizing Shared Hardware - A method and system for generating ciphertext and message authentication codes utilizing shared hardware are disclosed. According to one embodiment, a method is provided of generating ciphertext message data and message authentication codes utilizing shared authenticated encryption unit hardware. In the described embodiment, plaintext message data is received at an authenticated encryption unit which comprises first and second authenticated encryption hardware modules. Thereafter, a first message authentication code (MAC) associated with a first authenticated encryption mode and a second MAC associated with a second authenticated encryption mode are generated. More specifically, the first MAC is generated utilizing the plaintext message data and first authenticated encryption hardware module and ciphertext message data and the second MAC are generated utilizing the plaintext message data and second authenticated encryption hardware module.08-12-2010
20100049978CLIENT DEVICE, MAIL SYSTEM, PROGRAM, AND RECORDING MEDIUM - A mail system having high security is realized by mounting TCP2 for mail communication between client apparatuses. The present invention relates to a mail communication system which is connected to a network and exchanges mails between client apparatuses provided with the existing mailers, and each client apparatus is mounted with a TCP2 driver. A TCP2 driver 02-25-2010
20110107101PASSWORD-AUTHENTICATED ASYMMETRIC KEY EXCHANGE - Communicating keys between network devices on a network using asymmetric cryptographic techniques, for which asymmetric keys may be derived from a single (same) password. Knowledge or partial knowledge of the password may be the only information shared between parties prior to execution of a key exchange, and may be the only criteria by which one party will base trust in the other. A first network device may encrypt a key using a password-based key derived from a password, and authenticate a second device based on the second network device's ability to decrypt the encrypted key using a key derived from the same password. Knowledge of the password may be conveyed by the second device to the first device—a session key may be generated as a function of the decrypted key, and a function of this session key may be communicated from the second device to the first device.05-05-2011
20120260093Portable Security Transaction Protocol - A technique for providing message authenticity includes accepting transaction information, accepting a first data item used for authenticating an originating user, cryptographically processing the transaction information using only a second data item, wherein the entropy of the first data item is less than the entropy of the second data item, and authenticating the originating user using the first data item. The first data item can be a sequence of digits corresponding to those displayed on an external device, such as, for example, an RSA authorization token, credit card, etc.10-11-2012
20090019284AUTHENTICATION METHOD AND KEY GENERATING METHOD IN WIRELESS PORTABLE INTERNET SYSTEM - An authentication method and authorization key generation method in a wireless portable Internet system is provided. In a wireless portable Internet system, the base station and the subscriber station share an authorization key when an authentication process is performed according to a predetermined authentication method negotiated therebetween. Particularly, the subscriber station and the base station perform an additional authentication process including an authorization key-related parameter and a security-related parameter and exchanges a security algorithm and SA (Security Association) information. In addition, an authorization key is derived from one or more basic key obtained through various authentication processes as an input key of an authorization key generation algorithm. Therefore, reliability of a security related parameter received from the receiving node can be enhanced and an authorization key having a hierarchical and secure structure can be provided.01-15-2009
20120239931INFORMATION PROCESSING APPARATUS, RECOVERY APPARATUS, AND DISK RECOVERY METHOD - An information processing apparatus includes: a disk to store data; a transmitting and receiving unit to exchange information with a recovery apparatus over a network; an authentication processor to, when receiving a first authentication key from the recovery apparatus, perform an authentication process based on the first authentication key and a second authentication key; and a writing controller to write an image file to the disk upon the authentication performed by the authentication processor and issue a completion message to the recovery apparatus on completion of the writing.09-20-2012
20110047382FAST AUTHENTICATION BETWEEN HETEROGENEOUS WIRELESS NETWORKS - A method for preparing for handover of an apparatus from a first wireless network to a second, different wireless network, a master session key (MSK) having been generated during establishment of a connectivity of the apparatus to the first wireless network includes detecting signals of the second wireless network. In response thereto, establishing a connectivity of the apparatus to the second wireless network, using a pairwise master key (PMK) derived from the MSK generated during establishment of the connectivity to the first wireless network, one or more encryption keys being derivable from the PMK to support secure communication over the second wireless network.02-24-2011
20120096268ELECTRONIC FILE SENDING METHOD - An electronic file sending method is provided to securely and easily send en electronic file to a receiver. A receiving apparatus receives from a sending apparatus an electronic mail including an encrypted electronic file. The sending apparatus uses a public key of a management server to encrypt a decryption password that is necessary to decrypt the encrypted electronic file and sends the encrypted decryption password to the management server. In association with a file identifier of the electronic file, the management server stores the decryption password and an electronic mail address of a correct receiver, who is a receiver of the receiving apparatus. The receiving apparatus sends to the management server the file identifier of the electronic file and the electronic mail address of the receiver. The management server uses a public key of the receiving apparatus to encrypt the password and sends the encrypted password to the receiving apparatus.04-19-2012
20120331296Method and Apparatus for Communicating between Low Message Rate Wireless Devices and Users via Monitoring, Control and Information Systems - The present invention relates to a method and apparatus for the communicating between remote devices using a low message rate wireless connection via monitoring, control and information systems. The network described in this invention is capable of supporting billions of such devices in an efficient and cost effective manner. The network uses a very low signaling rate and centrally controlled architecture in order to achieve this efficiency. The network can easily support numerous applications each controlling large numbers of devices. As the complexity of protocol used in the network is very much reduced in comparison to existing hierarchical mobile wireless networks, it is possible to produce devices that use very little energy allowing their use in many new and novel applications.12-27-2012
20100153725TRAFFIC ENCRYPTION KEY UPDATING METHOD USING SYSTEM SYNCHRONIZATION AND APPARATUS USING THE SAME - Provided are a TEK update method using system synchronization, and an apparatus using the same. The method and apparatus according to the present invention periodically update a TEK used for traffic encryption in a DOCSIS system by using system synchronization. As described, the TEK can be updated by using system synchronization without performing a TEK update negotiation process.06-17-2010
20080244266AUTHENTICATING A COMMUNICATION DEVICE AND A USER OF THE COMMUNICATION DEVICE IN AN IMS NETWORK - IMS networks and methods are disclosed for authenticating a communication device and a user of the communication device. When a communication device attempts to register with an IMS network, the IMS network receives a register message from the device that includes device authentication information, such as a public or private identifier for the device. The IMS network processes the device authentication information to authenticate the communication device. The IMS network also receives user authentication information from the device, such as a password. The IMS network processes the user authentication information to authenticate the user of the device. The device and the user are both authenticated by the IMS network. Authentication of the user may also occur when originating a session or terminating a session over the IMS network with the device.10-02-2008
20100281260HASH FUNCTION BASED ON POLYMORPHIC CODE - In the field of computer data security, a hash process which is typically keyless and embodied in a computing apparatus is highly secure in terms of being resistant to attack. The hash process uses computer code (software) polymorphism, wherein computation of the hash value for a given message is partly dependent on the content (data) of the message. Hence the computer code changes dynamically while computing each hash value.11-04-2010
20090187764ELECTRONIC CERTIFICATION, IDENTIFICATION AND COMMUNICATION UTILIZING ENCRYPTED GRAPHICAL IMAGES - A system and method for electronic certification, identification and communication. According to an exemplary implementation, these processes are performed by using an electronic graphic image with encrypted information concerning the certified object. The object is accompanied with an application specific image hereafter called Electronic Virtual Stamp (EV-Stamp) having embedded and encrypted control information (keys and electronic signatures, identifiers of senders and receivers, date and other transaction related information) as well as any message to be passed. Each transaction of the EV-Stamp is monitored by a specialized Web server that maintains the records of all issued electronic stamps, all subscribed users, all involved financial transactions, and all registered assets. It is also possible to use any other graphical images to reflect on various possible applications such as exchange of the EV-Stamp for a good/service.07-23-2009
20090172402Multi-factor authentication and certification system for electronic transactions - The present invention provides computer-enable certification and authentication in, for example, e-commerce with wireless and mobile devices. The present authentication method offers ease of operation by automatically embedding a one-time passcode to the message without the sender input. A one-time key can also be used to encrypt the message, further providing transmission security. In addition, sensitive information and one-time passcode generator are pre-arranged and stored at both sender and receiver devices, avoiding information comprising in wireless environment transmission.07-02-2009
20100318798MESSAGE HANDLING AT A MOBILE DEVICE - A method for sending a message from a mobile device via a first application running on the mobile device is proposed. The method comprises a challenge step for supplying the first application with a challenge, a response step for receiving a response to the challenge, an equality check step for determining whether the received response corresponds to an expected response, a signature step for providing a signature for the message, using a cryptographic key and the result of the equality check step, and a send step for sending the signed message via the first application from the mobile device to a backend system.12-16-2010
20130185561MANAGEMENT OF PUBLIC KEYS FOR VERIFICATION OF PUBLIC WARNING MESSAGES - Techniques are disclosed for managing one or more public keys used for verification of one or more messages transferred over a communication network associated with a public warning system. In one example, a method comprises the following steps. A computing device of a communication network obtains key material for at least one source of a message generated for a public warning system. The computing device also obtains an identity of the source. A public key is computed by the computing device from the key material and the identity of the source. The public key is thus useable by the computing device to verify a message received from the source that is digitally signed using a corresponding private key of the source. In one example, the computing device comprises user equipment.07-18-2013
20110314285REGISTRATION METHOD OF BIOLOGIC INFORMATION, APPLICATION METHOD OF USING TEMPLATE AND AUTHENTICATION METHOD IN BIOMETRIC AUTHENTICATION - When a registration station appends an anonymous ID (AID), a linking validity of the anonymous ID and actual user ID (UID) is assured for an application businessperson in the case of applying to use a biometric authentication. Specifically, a biometric authentication service system includes a biometric authentication server, an application server, a registration station server and a client server, for holding a hash value alone of personal information (P) in the registration station server, supplying again the personal information on applying to use a template (T) for the application server, collating the hash with the previously held hash, and verifying that the user applying to use the template is identical with the user registered the biologic information in the registration station server, in addition, secret information (S) different for every user is added to the personal information to generate unique data and identify the user correctly.12-22-2011
20130198518SECURE PEER DISCOVERY AND AUTHENTICATION USING A SHARED SECRET - During a security technique, an electronic device determines a name by a applying a function to a shared secret, which is shared between a user and another user. This name is advertised in a network. After discovery by another electronic device (which is associated with the other user), the electronic device generates a first encrypted message from an unencrypted message using a cryptographic key. The electronic device provides the first encrypted message to the other electronic device, and receives a second encrypted message from the other electronic device. Using the cryptographic key, the electronic device decrypts the second encrypted message. Moreover, the electronic device receives confirmation that the other electronic device was able to decrypt the first encrypted message, thereby authenticating that the secure connection has been established.08-01-2013
20120066499SYSTEM AND METHOD FOR PERFORMING A MANAGEMENT OPERATION - There is provided a system and method of performing a management operation. An exemplary method comprises receiving a command that comprises information derived from a private key in response to a request to generate the command for an electronic device. The exemplary method also comprises verifying a source of the command using the information derived from the private key and a corresponding public key stored in an immutable memory of the electronic device. The exemplary method additionally comprises performing a management operation corresponding to the command if the verifying of the source of the command determines that the command is from an authorized source.03-15-2012
20120066498VERIFYING AUTHENTICITY OF A SENDER OF AN ELECTRONIC MESSAGE SENT TO A RECIPIENT USING MESSAGE SALT - A server receives a verification request sent by a client associated with a recipient of an electronic message to verify authenticity of a sender of the electronic message, where the verification request comprises message data of the electronic message and a salt hash value. The server identifies a key for the sender for generating a salt hash value and generates the salt hash value using the salt key and the message data. The server determines whether the generated salt hash value matches the salt hash value received in the verification request and sends a result to the client based on the determination of whether the salt hash values match.03-15-2012
20130212391ELLIPTIC CURVE CRYPTOGRAPHIC SIGNATURE - A method includes generating a randomized base point and causing the randomized base point and a private key to be loaded into a signature engine device. The method also includes signing a message using the randomized base point and the private key as a base point as well as the private key in an elliptic curve cryptographic (ECC) signature.08-15-2013

Patent applications in class Authentication of an entity and a message