Entries |
Document | Title | Date |
20080209217 | SYSTEM AND METHOD FOR IMPLEMENTING A ROBOT PROOF WEB SITE - The invention prevents robots from browsing a Web site beyond a welcome page. When an initial request from an undefined originator is received, the Web site responds to it with a welcome page including a challenge. Then, on receiving a further request from the undefined originator, the Web site can check whether the challenge is fulfilled or not. If fulfilled, the undefined originator is assumed to be a human being and authorized to go on. If the challenge is not fulfilled, the undefined originator is assumed to be a robot, in which case site access is further denied. | 08-28-2008 |
20080215885 | SYSTEM AND METHOD FOR GUARANTEEING SOFTWARE INTEGRITY VIA COMBINED HARDWARE AND SOFTWARE AUTHENTICATION - A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center's public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, preferably unique hardware-based numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K′, which equal K if and only if new messages originated from the center and have not been corrupted. | 09-04-2008 |
20080244266 | AUTHENTICATING A COMMUNICATION DEVICE AND A USER OF THE COMMUNICATION DEVICE IN AN IMS NETWORK - IMS networks and methods are disclosed for authenticating a communication device and a user of the communication device. When a communication device attempts to register with an IMS network, the IMS network receives a register message from the device that includes device authentication information, such as a public or private identifier for the device. The IMS network processes the device authentication information to authenticate the communication device. The IMS network also receives user authentication information from the device, such as a password. The IMS network processes the user authentication information to authenticate the user of the device. The device and the user are both authenticated by the IMS network. Authentication of the user may also occur when originating a session or terminating a session over the IMS network with the device. | 10-02-2008 |
20080256359 | Method and apparatus for file sharing between a group of user devices with encryption-decryption information sent via satellite and the content sent separately - A communication system | 10-16-2008 |
20080276091 | Mobile Device File Sharing Method and Apparatus - File sharing between mobile devices is enabled using a hierarchical Distributed Hash Table (DHT) based message routing system. According to one embodiment, mobile device electronic content is shared via an overlay network of computer nodes arranged according to a hierarchical DHT by a mobile device generating a message. The message includes a key configured to identify mobile device electronic content and to enable routing of the message based on the hierarchical DHT through the overlay network upon reception of the message at any of the computer nodes. The message is transmitted to a packet-switched radio access network, the packet-switched radio access network configured to send the message to one or more of the computer nodes. The message is eventually routed to the computer node responsible for the key. The responsible computer node processes the message, e.g., by registering electronic content, deregistering electronic content or responding to an electronic content request. | 11-06-2008 |
20080294899 | SECURE MANAGEMENT OF DOCUMENT IN A CLIENT-SERVER ENVIRONMENT - A computer-implemented method for securely handling a document in a client-server environment includes receiving at a server a request from a user to initiate a session to access a plurality of documents stored in a server. The documents include a first type that is allowed to be accessed only while the user is online and a second type that is allowed to be accessed while the user is both online and offline. The server transfers at least one offline vault key and at least one online vault key to a client enable the client to load the documents and enable the user to access the documents, the documents including at least one document of first type and at least one document of second type. | 11-27-2008 |
20080313461 | SECURITY ASSOCIATION VERIFICATION AND RECOVERY - Example embodiments herein include a verification process that provides a safe and efficient mechanism for recovering security associations between network devices. More specifically, the verification process transmits a secured message from a first network device to a second network device across a network. Furthermore, the security association includes a parent process and a corresponding child process. The verification process detects, at the first network device, an incompatibility in the security association between the first network device and the second network device. Next, the verification process transmits a status query from the first network device to the second network device in order to determine the status of the security association between the first network device and the second network device. In response, the verification process receives a verifiable reply message that is indicative of the status of the security association between the first network device and the second network device. | 12-18-2008 |
20080313462 | APPARATUS AND METHOD FOR DERIVING KEYS FOR SECURING PEER LINKS - Apparatus and methods to establish a secure peer-to-peer link in which the construction of a link authentication and key encryption keys are separated from the session encryption key are described herein. In an embodiment, a secure peer-to-peer link is established in a wireless mesh network. | 12-18-2008 |
20080313463 | Method and Apparatus For Use in a Downloadable Conditional Access System - In a downloadable conditional access system (DCAS), preferably all DCAS-specific code is implemented in a configurable secure (CS) processor that is in communication with the host processor. Preferably, no DCAS-specific code is executed in the host processor. The host processor delivers commands to the CS processor, which the CS processor performs to configure itself in accordance with the particular DCAS encryption scheme used by the DCAS. Once configured, the CS processor executes a DCAS software module that has been downloaded to the CS processor, which looks for the corresponding EMMs and ECMs, processes them to obtain the CW, and then uses the CW to decrypt the content stream. | 12-18-2008 |
20080320307 | Method for Session Security - A secret string is established so as to be known only to a client computing system and a server computing system. A non-encrypted version of a message, a message counter value, and first hash value are received by the server computing system from the client computing system. The first hash value, based on a content of the message, the message counter value, and the secret string, is generated at the client computing system using a first hash algorithm. Using the first hash algorithm, the server generates second hash value based on the content of the received message, the received message counter value, and the secret string. The server computing system accepts the received non-encrypted version of the message as authentic upon determining that the received message counter value is greater than a previously received message counter value and that the second hash value matches the first hash value. | 12-25-2008 |
20090006851 | CONFIDENTIAL MAIL WITH TRACKING AND AUTHENTICATION - A method for confidential electronic communication between a sender workstation and a receiver workstation is provided, whereby privacy is guaranteed for the electronic communications transmitted over the public Internet. The method of confidential communication is equipped with message tracking and message receipt verification. The system for implementing the method includes a sender server that creates a session content encryption key along with a message envelope that includes a content encryption key encrypted message and a confidential mail token. The content encryption key is stored securely inside the sender organization's system which transmits the message envelope to an intended recipient. The intended recipient processes the message envelope in order to generate a message receipt verification, which is transmitted to the sender. The message receipt verification is processed by the sender server to verify that the message envelope reached the intended recipient. The message receipt verification, which is comprised of the confidential mail token and unique verification data generated by the intended recipient allows the sender server to verify that the message envelope reached the intended receiver and that the message envelope identified as received is authentic. Following verification that the message transmitted by the sender reached the intended receiver and is authorized, the sender transmits the content encryption key to the intended receiver. | 01-01-2009 |
20090013185 | COMPATIBLE SYSTEM OF DIGITAL RIGHTS MANAGEMENT AND METHOD FOR OPERATING THE SAME - Disclosed is a compatible system of digital rights management which enables the reproduction of the same contents between apparatuses each employing a different digital rights management system. The compatible system of digital rights management comprises: a user server including a first authentication document of a first apparatus; a second apparatus connected to the first apparatus and outputting a contents request signal and a second authentication document to reproduce substantially the same contents; and a provider server forming a virtual safe channel with the user server based on the contents request signal to receive the first authentication document, and generating first and second licenses encrypted through the first and second authentication documents to transmit the same to the second apparatus. | 01-08-2009 |
20090013186 | METHOD AND SYSTEM FOR THE AUTHORIZATION MANAGEMENT - A method is provided for the authorization management of digital contents between at least one owner of authorizations with a first electronic work environment and at least one user of the contents with a second electronic work environment. The owner of the authorizations provides the digital contents to the user of the contents by means of the first electronic work environment at a defined scope of authorizations and the user of the contents is entitled to use the provided digital contents on the second electronic work environment only at the defined scope of authorization. The digital contents are encoded with encryption, the encoded contents are exchanged between the first electronic work environment and the second electronic work environment and the encoded contents are subsequently decoded by means of decryption pertaining to the digital contents. | 01-08-2009 |
20090019284 | AUTHENTICATION METHOD AND KEY GENERATING METHOD IN WIRELESS PORTABLE INTERNET SYSTEM - An authentication method and authorization key generation method in a wireless portable Internet system is provided. In a wireless portable Internet system, the base station and the subscriber station share an authorization key when an authentication process is performed according to a predetermined authentication method negotiated therebetween. Particularly, the subscriber station and the base station perform an additional authentication process including an authorization key-related parameter and a security-related parameter and exchanges a security algorithm and SA (Security Association) information. In addition, an authorization key is derived from one or more basic key obtained through various authentication processes as an input key of an authorization key generation algorithm. Therefore, reliability of a security related parameter received from the receiving node can be enhanced and an authorization key having a hierarchical and secure structure can be provided. | 01-15-2009 |
20090031130 | SYSTEM, ASSOCIATED METHODS AND APPARATUS FOR SECURING PREFIX-SCOPED BINDING UPDATES - Route optimization between a mobile network and correspondent node may be achieved by having the mobile router of the mobile network sending prefix-scoped binding update messages to the correspondent node. In order to allow the recipient of a prefix-scoped binding update message to verify the mobile network prefix information contained in the said prefix-scoped binding update message, the present invention provides a system, and associated methods and apparatus thereof, of using special cryptographic certificates to prove the ownership of the network prefixes. The certificates, or parameters derived from the certificates, are transmitted alongside the network prefix in the binding update message sent to the correspondent node. By verifying the network prefix against the certificates, or parameters derived from the certificates, a correspondent node can determine the validity of a prefix-scoped binding update message. | 01-29-2009 |
20090037735 | METHOD AND SYSTEM FOR DELIVERING SECURE MESSAGES TO A COMPUTER DESKTOP - A system and method for delivering a secure message to the desktop of a computer for a user. The system comprises polling a server to determine if any messages are waiting for the user. The polling includes providing and authenticating security credentials associated with the user. If a message is waiting on the server, a notification is generated on the computer of the user. A portion of the message may be delivered to the desktop as part of the notification. The message is encrypted with a public-private key pair associated with the user and delivered to the desktop of the computer. The communication link between the computer and the server may comprise a secure channel. | 02-05-2009 |
20090037736 | System and Method for Establishing a Secure Group of Entities in a Computer Network - This invention relates to a system and method for establishing a secure group of entities in a computer network, such as those originating from different trust domains, for the purpose of protecting the activity being executed. The invention allows for the on-demand automated creation of a virtual security perimeter around an arbitrary group of services originating from different trust domains. The security perimeter allows the activity being executed within the group to be protected, and for inter-group messages and communication to be kept confidential. A shared security context is also provided by which the group can be regulated, and new entities can be invited to join the group. The preferred embodiment of the invention has application to service orientated architectures and preferably makes use of existing technologies, such as W3C web services and security protocols, and OASIS service co-ordination protocols. | 02-05-2009 |
20090044013 | Systems and Methods for Preventing Spam - Systems and methods are disclosed for preventing spam, including email spam and telephone spam, through the use of dynamic passcodes or dynamic signatures included with transmitted messages. Both the dynamic passcodes and dynamic signatures may be changed periodically or continually, according to an example embodiment of the invention. Qualified senders may include a dynamic signature that is automatically generated by the sender's node or exchange entity. The recipient's node or exchange entity can then use a graylist associated with the recipient account in verifying the qualified sender and/or dynamic signature. On the other hand, non-qualified senders may need to manually obtain a dynamic passcode from a dynamic passcode provider and include the dynamic passcode with the transmitted message. The dynamic passcode provider may be a public website using human interactive proofs. According to an embodiment, a non-qualified sender may be optionally pre-charged with a fee to obtain a dynamic passcode. The recipient of the message may then refund the charge if the received message is not spam. | 02-12-2009 |
20090077379 | Network Security System - A system for restricting access to encrypted content stored in a consuming device ( | 03-19-2009 |
20090077380 | Resource scheduling in workflow management systems - A system for improved scheduling of resources within a Workflow-Management-System or a computer system with comparable functionality (WFMS). Based on a new resource specification comprised within a process model and associated with an activity, the WFMS determines the resources required for execution of said activity. The invention further schedules a request for allocation of said resources on behalf and in advance of starting execution of said activity. This approach reduces the execution time of the activity as all resources required by the activity will be available when execution of the activity begins; the activity does not have to wait for these resources. Moreover, a WFMS knowing the required resources of the activities it is administrating is able to schedule resource requests to avoid resource conflicts between the activities. | 03-19-2009 |
20090077381 | SYSTEMS AND METHOD FOR THE TRANSPARENT MANAGEMENT OF DOCUMENT RIGHTS - Systems and methods are described for enabling documents to be controlled by a sender, in a manner which is transparent to any end recipients. The invention include mechanisms enabling a sender to control documents sent to recipient, in a manner that (1) encrypts the message to ensure its security, and (2) restricts operations the recipient may perform on the received message. The recipient and sender need not agree on a control protocol in advance of the communication. Wide distribution of a Digital Rights Management System may be facilitated by use of self-installing modules, which integrate with existing software used for document publishing and retrieval. The modules are forwarded to unregistered recipients upon authentication of the recipient, and install automatically on the recipient's computer. The modules authenticate instructions from a sender, and, per instructions from the sender, may pre-empt certain types of operations on the e-mail by the recipient | 03-19-2009 |
20090100264 | COMMUNICATION DEVICE AND COMMUNICATION SYSTEM - A communication device is secure against an impersonation attack as well. The communication device secretly communicates, with an external device, target data with use of a key shared with the external device. Without being known to a third party, the communication device generates a key shared with the external device using a scheme of which security is proved. Validity of the external device is determined by authentication with use of a key dependent function that is shared with the external device and is dependent on the shared key. If the external device is determined to be valid, for secretly communicating the target data, verification data for verifying validity of the target data is generated from the target data with use of the key dependent function. | 04-16-2009 |
20090119508 | DISABLING ON/OFF CAPACITY ON DEMAND - Apparatus and article of manufacture for disabling on-demand access to computerized resources on a computerized apparatus are disclosed. The method comprises receiving a disablement code; validating the disablement code; and disabling an on-demand resource if the validating is successful, thereby rendering the disabled on-demand resource unavailable for use by users of the computerized apparatus, wherein the disabled on-demand resource is a hardware resource of the computerized apparatus. Another embodiment includes receiving a disablement code comprising encrypted data, validating the disablement code, disabling at least one on-demand resource if the validating is successful. The validating includes generating a first key using system information unique to the computerized apparatus; decrypting the encrypted data using a second key to produce decrypted data; encrypting a value to produce an encrypted value; decrypting the encrypted value to produce a decrypted value; and comparing the value to the decrypted value. | 05-07-2009 |
20090132821 | INFORMATION SECURITY DEVICE - The present invention provides an apparatus for securely acquire a circuit configuration information set corresponding to a new cryptosystem without increasing the number of reconfigurable circuits. A content playback apparatus | 05-21-2009 |
20090138710 | Message Authentication Device, Message Authentication Method, Message Authentication Program and Storage Medium therefor - A message authentication device, a message authentication method, a message authentication program and a storage medium therefor are provided, so as to realize higher speed processing than an authentication mode of existing block cipher, in combination of block cipher and one of its parts, with theoretical security in accordance with a high efficient preliminary process and with an efficient amount of available memory. The message authentication device includes: input means for inputting a message: padding means for padding the message, setting its length always to a constant of a block length, and outputting the message as a padded message; modified tree hash means for outputting hash values of one block by repeating a process of arranging hash functions with small input/output widths, corresponding to the padded message, generated based on parts of block cipher; adjustment value added encryption means for encrypting the hash values so as to set a tag; and output means for coupling and outputting the tag and the message. | 05-28-2009 |
20090138711 | Sender Email Address Verification Using Reachback - A Reachback email system includes methods and software products for intercepting a sent email message from an email client, algorithmically determining a first Reachback URL from an email address of the email client, adding the first Reachback URL to the sent email message to form a sent Reachback email message, digitally signing the sent Reachback email message, sending the sent Reachback email message to at least one recipient, publishing Reachback validation information (RVI) accessible by the at least one recipient using the first Reachback URL, intercepting a received Reachback email message before delivery to the email client, retrieving RVI for the received Reachback email message using a Reachback URL, validating the RVI, the Reachback URL and the Reachback email message contents, providing an indication of the Reachback email message validation, and delivering the received Reachback email message to the email client. | 05-28-2009 |
20090138712 | Simple Authentication of Messages - Methods and systems for using simple authenticated messages are disclosed for use with implementing (i) synchronization schemes, (ii) encoded control messaging schemes, and (iii) encrypted data communication schemes. Messages are authenticated by applying a secure hash function to one or more authentication tokens to produce hash results which are compared to stored trusted bit strings, wherein the stored trusted bit strings are replaced with the most-recently received authentication token whose corresponding hash result matched the stored bit string. | 05-28-2009 |
20090150673 | Authentication of Entitlement Authorization in Conditional Access Systems - A method for determining whether the terminal is authorized to receive the selected service is practiced in a terminal of a conditional access system in which a user selects a service, the selected service being associated with a frequency, the terminal having a tuner and a secure element with at least one authorized entitlement unit number stored therein. The method includes receiving at least one encrypted entitlement control message corresponding to the service, and decrypting each of the at least one encrypted entitlement control message in the secure element, each decrypted entitlement control message revealing at least one first entitlement number associated with the selected service. The method further includes determining that the terminal is authorized to receive the selected service when any first entitlement number of any decrypted entitlement control message represents any number of the at least one authorized entitlement unit number. Alternatively, the method includes receiving at least one entitlement control message corresponding to the service, and authenticating each of the at least one entitlement control message in the secure element, each authenticated entitlement control message revealing at least one first entitlement number associated with the selected service. The method further including determining that the terminal is authorized to receive the selected service when any first entitlement number of any authenticated entitlement control message represents any number of the at least one authorized entitlement unit number. | 06-11-2009 |
20090172402 | Multi-factor authentication and certification system for electronic transactions - The present invention provides computer-enable certification and authentication in, for example, e-commerce with wireless and mobile devices. The present authentication method offers ease of operation by automatically embedding a one-time passcode to the message without the sender input. A one-time key can also be used to encrypt the message, further providing transmission security. In addition, sensitive information and one-time passcode generator are pre-arranged and stored at both sender and receiver devices, avoiding information comprising in wireless environment transmission. | 07-02-2009 |
20090177887 | METHOD AND APPARATUS FOR BINDING UPDATE BETWEEN MOBILE NODE AND CORRESPONDENT NODE - A method and apparatus for binding update between a mobile node and a correspondent node is disclosed. The method includes: encrypting, by the correspondent node, a parameter for generating a binding management key with a key, and transmitting the encrypted parameter to the mobile node or a home agent which performs binding update on behalf of the mobile node; obtaining, by the mobile node or the home agent, the parameter via decryption, generating a binding management key with the parameter, generating authentication data with the binding management key, and transmitting a binding update message carrying the authentication data to the correspondent node; and verifying, by the correspondent node, the binding update message based on the authentication data, and returning a binding acknowledgement message to the mobile node or the home agent. With the present invention, the security of the binding update process may be improved. | 07-09-2009 |
20090187764 | ELECTRONIC CERTIFICATION, IDENTIFICATION AND COMMUNICATION UTILIZING ENCRYPTED GRAPHICAL IMAGES - A system and method for electronic certification, identification and communication. According to an exemplary implementation, these processes are performed by using an electronic graphic image with encrypted information concerning the certified object. The object is accompanied with an application specific image hereafter called Electronic Virtual Stamp (EV-Stamp) having embedded and encrypted control information (keys and electronic signatures, identifiers of senders and receivers, date and other transaction related information) as well as any message to be passed. Each transaction of the EV-Stamp is monitored by a specialized Web server that maintains the records of all issued electronic stamps, all subscribed users, all involved financial transactions, and all registered assets. It is also possible to use any other graphical images to reflect on various possible applications such as exchange of the EV-Stamp for a good/service. | 07-23-2009 |
20090210707 | Out-of Band Authentication Method and System for Communication Over a Data Network - A method and system for out-of-band authentication of messages transmitted, e.g. as packets, on a communication network, whereby a first stream of data is received by a sender control module from a sender; the first stream of data is transmitted over a first channel, e.g. a non-secure data channel, toward a receiver control module; the sender control module generates authentication data of the first stream of data; the authentication data are transmitted from the sender control module to the receiver control module on a second channel, e.g. a secure data channel, distinct from the first channel; and a stream of data received by the receiver control module is checked using the authentication data. Before sending the authentication data, the sender control module transmits a control message including synchronization data to the receiver control module over the second channel. | 08-20-2009 |
20090210708 | Systems and Methods for Authenticating and Authorizing a Message Receiver - Systems and methods for authenticating a message receiver and for authorizing the authenticated receiver to manipulate the received message are disclosed. Various message delivery mechanisms and sender authentication mechanisms are used to perform receiver authentication. When a message (message A) is delivered to the receiver, the receiver cannot view or manipulate the message until the receiver is authenticated by the sender or by a sender-authorized third party. In this system, the receiver sends out a message (message B) to the sender to indicate the reception of the message A. Message B is then authenticated using a sender authentication mechanism. Once Message B is authenticated as coming from the intended receiver, the sender of message A authorizes the appropriate privilege for the receiver to manipulate message A. | 08-20-2009 |
20090222663 | System and Method for Authenticating the Identity of a Remote Fax Machine - A system and method of authenticating the identity of a remote fax machine during a faxing operation is provided. An X.509-type Certificate received from the remote fax machine is validated to affirm it can be properly associated with the remote machine. The Certificate's public key is used to verify the remote fax machine has the corresponding private key. A Certificate's Common Name then compared to an Expected Name to authenticate the identity of the remote fax machine prior to sending a fax to prevent an unwanted misdirection of faxed information and to screen incoming faxes for unwanted spam. | 09-03-2009 |
20090222664 | UNIT USING OS AND IMAGE FORMING APPARATUS USING THE SAME - A chip mountable on a replaceable unit used in an image forming job is disclosed. The chip includes a central processing unit (CPU) to perform at least one of authentication and cryptographic data communication with a main body of the image forming apparatus using an operating system (OS) of the CPU which operates separately from an OS of the image forming apparatus. With the use of such a configuration, security for a unit in which the chip is mounted can thereby be reinforced. | 09-03-2009 |
20090235075 | METHOD FOR MANAGING GROUP TRAFFIC ENCRYPTION KEY IN WIRELESS PORTABLE INTERNET SYSTEM - The present invention relates to a method for managing a group traffic encryption key (GTEK) in a wireless portable Internet system. In the method, for higher security of a group traffic service such as a multicast service, a broadcast service, and a multicast-broadcast service (MBS), a base station periodically generates and distributes a GTEK to a subscriber station served with the group traffic service. A lifetime of a group key encryption key (GKEK) used for encrypting a GTEK is set greater than that of the GTEK. That is, the GKEK is updated once while the GTEK is updated several times. According to the present invention, security for the group traffic service is increased while reducing radio resource consumption. | 09-17-2009 |
20090249070 | Method for Managing User Rights to Electronic Data Objects by a Person Who Acquires Rights - Digital right management systems are technically constructed for protecting and carrying out wishes of a copyright holder such that the digital content is connected in a cryptographic and unique manner to any particular device and/or data carrier. Use of the digital content on other devices of the person who acquires rights is only possible after previous registration by the copyright holder. The person who acquires rights is enabled to manage the acquired rights thereof themselves on the electronic data object without instructing the intervention of a central copyright holder. This is accomplished by the person who acquires the rights creating partial amounts of the user rights having individual user rights. The digital content can be used, respectively, in the periphery of the created partial amounts of the individual user rights. | 10-01-2009 |
20090254750 | SYSTEMS AND METHODS FOR SECURE WORKGROUP MANAGEMENT AND COMMUNICATION - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser. | 10-08-2009 |
20090271625 | SYSTEM AND METHOD FOR POOL-BASED IDENTITY GENERATION AND USE FOR SERVICE ACCESS - A computer-implemented system and method for pool-based identity generation and use for service access is disclosed. The method in an example embodiment includes seeding an identity generator with a private key; retrieving independently verifiable data corresponding to a service consumer; using the independently verifiable data to create signed assertions corresponding to the service consumer; generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions; signing the identity document with the private key; and conveying the signed identity document to the service consumer via a secure link. | 10-29-2009 |
20090271626 | METHODS AND DEVICES FOR ESTABLISHING SECURITY ASSOCIATIONS IN COMMUNICATIONS SYSTEMS - A method of providing secure communications between a base station, a relay station, and a mobile station in a communication network includes authenticating the mobile station over the communication network; generating, by the base station, security material, wherein the security material comprises at least one of a traffic encryption key (TEK) and a message authentication code key (MACK); transmitting, by the base station, the security material to the mobile station; and transmitting, by the base station, the security material to the relay station. | 10-29-2009 |
20090282248 | METHOD AND SYSTEM FOR SECURING ELECTRONIC MAIL - A system and method for securing electronic mail by providing secure access to e-mail folders. A number of folders can be created in order to classify electronic mail content. Folders can be encrypted and locked utilizing a password. A “closed lock” symbol can be displayed by the side of a folder when the folder is locked and an “open lock” symbol can be displayed when the folder is opened, thereby providing a visual indication of the status of the folder. The folders can also be automatically locked after a period of time, which can be defined by a user or the e-mail system. The electronic mail content in the locked folders cannot be displayed when a user elects to display the contents of all folders, thereby providing an additional level of security. Similarly, restricted access can also be provided to a user or a group of users to access the locked folder(s). | 11-12-2009 |
20090300356 | REMOTE STORAGE ENCRYPTION SYSTEM - An exemplary remote storage encryption system includes a data storage unit and a key server having a key management module configured to communicate with a client device. The key management module stores at least one key access map that maps at least one access credential to at least one encryption key to determine which encryption key to provide to the client device. An exemplary method includes mapping the at least one access credential to the at least one encryption key, receiving a request for the encryption key from a remote requestor, accepting the access credential with the request, validating the access credential against a previously stored version thereof, retrieving the encryption key associated with the access credential based on the mapping, and sending the key to the remote requester. | 12-03-2009 |
20090307493 | SYSTEM AND METHOD FOR COMBINING USER AND PLATFORM AUTHENTICATION IN NEGOTIATED CHANNEL SECURITY PROTOCOLS - A network security handshake exchange for combining user and platform authentication. The security handshake exchange performs operations on a pre-master secret to increase identity verification and security. The pre-master secret is augmented and authenticated with platform identity and user identity credentials of one endpoint. A second phase of exchanges may include exchange of a master secret that is the pre-master secret modified with platform identity and user identity of the other endpoint. | 12-10-2009 |
20090307494 | METHODS AND DEVICE FOR ELECTRONIC ENTITIES FOR THE EXCHANGE AND USE OF RIGHTS - A method of transferring an item of data representative of a right between two electronic entities, at least one of the electronic entities including short range wireless communication elements suitable for transmitting the item of data to use the right, the electronic entities being suitable for communicating directly or indirectly via a long range communication interface. The method includes steps of transmission and of reception of the item of data by the electronic entities, the item of data being transmitted via the long range communication interface, of authentication and of storage of the item of data in the electronic entity having received it. | 12-10-2009 |
20090313471 | EXTENDING THE DRM REALM TO EXTERNAL DEVICES - Disclosed is a method and a system for rendering content on external devices securely. The method comprises setting up a communication channel between a proxy rendering server of a mobile device and an external rendering server of an external device, authenticating at least the external rendering server and upon successful authentication transferring a key from the proxy rendering server to the external rendering server, transferring the content encrypted with the transferred key from the proxy rendering server to the external rendering server for rendering the content, wherein the rendering of the content is performed in one of two modes, either in a preprocessing mode or in a non-preprocessing mode, and wherein a DRM agent is only present in the mobile device. | 12-17-2009 |
20090319792 | RESYNCHRONIZATION FOR PUSH MESSAGE SECURITY USING SECRET KEYS - A method for a server to initiate resynchronization with an access terminal, when synchronization has been lost, that cannot be exploited by attackers is provided. The server may provide the access terminal with a secret key that is only known to the access terminal and the server. The access terminal may store the secret key in a secure storage device to prevent the secret key from being hacked. If the server determines that synchronization has been lost, the server may send a resynchronization message to the access terminal with the secret key attached. The access terminal retrieves the stored secret key from the secure memory device and compares it to the secret key attached to the resynchronization message. If there is a match, the access terminal may initiate a secure communication link with the server to reestablish synchronization. | 12-24-2009 |
20090327727 | System and method for upgrading the functionality of a controlling device via a secure portable adapter device - Secure access to a database of upgrade data is provided by storing an encryption key value in an adapter device used to interconnect a first device to be upgraded and a second device that is associated with the database of upgrade data. The second device allows access to the database of upgrade data via the adapter only once the adapter is positively authenticated by the second device through use of the encryption key value stored in the adapter device. | 12-31-2009 |
20090327728 | Methods for Supplying Cryptographic Algorithm Constants to a Storage-Constrained Target - The present invention provides for authenticating a message. A security function is performed upon the message. The message is sent to a target. The output of the security function is sent to the target. At least one publicly known constant is sent to the target. The received message is authenticated as a function of at least a shared key, the received publicly known constants, the security function, the received message, and the output of the security function. If the output of the security function received by the target is the same as the output generated as a function of at least the received message, the received publicly known constants, the security function, and the shared key, neither the message nor the constants have been altered. | 12-31-2009 |
20100005298 | Resource scheduling in workflow management systems - A system for improved scheduling of resources within a Workflow-Management-System or a computer system with comparable functionality (WFMS). Based on a new resource specification comprised within a process model and associated with an activity, the WFMS determines the resources required for execution of said activity. The invention further schedules a request for allocation of said resources on behalf and in advance of starting execution of said activity. This approach reduces the execution time of the activity as all resources required by the activity will be available when execution of the activity begins; the activity does not have to wait for these resources. Moreover, a WFMS knowing the required resources of the activities it is administrating is able to schedule resource requests to avoid resource conflicts between the activities. | 01-07-2010 |
20100005299 | METHOD FOR MANUFACTURING A PRODUCT, SYSTEM FOR MANUFACTURING A PRODUCT, AND PRODUCT - Provided is a product on which is imprinted an encrypted message obtained by encrypting a message sent along with the product from a sender to a recipient, a method for manufacturing the product, and a system for manufacturing the product. The product manufacturing system has a general web server, an encryption calculating apparatus, an issued encryption values database, a specialized web server, an archive database, and an imprinting apparatus. The product manufacturing system is provided with a message acquiring section that acquires the original message sent along with the product from the sender to the recipient, an encryption calculating apparatus that generates a calculated encryption value by using a hash function to compress a calculation target message extracted from the original message, and an imprinting control section that controls imprinting of the calculated encryption value onto the product. | 01-07-2010 |
20100005300 | METHOD IN A PEER FOR AUTHENTICATING THE PEER TO AN AUTHENTICATOR, CORRESPONDING DEVICE, AND COMPUTER PROGRAM PRODUCT THEREFORE - The invention concerns a method in a peer ( | 01-07-2010 |
20100031043 | PORTABLE ELECTRONIC AUTHORIZATION SYSTEM AND METHOD - A method is disclosed for enabling a user interface on a computer operated by a user to cause memory content of an electronic device distinct from the computer to be modified. A communication link may be established between the user interface and the electronic device by establishing a first connection between the user interface and a server distinct from each of the computer and the electronic device, and establishing a second connection between the electronic device and the server. The user interface may be used to communicate with the server via the first connection so as to cause the server to communicate with the electronic device via the second connection and thereby cause new information to be added to the memory of the electronic device via the second connection. | 02-04-2010 |
20100037054 | METHOD, SYSTEM AND APPARATUS FOR TRANSMITTING DHCP MESSAGES - Methods, systems and devices for transmitting DHCP message are provided according to the present invention so that encrypted transmission of user sensitive information is achieved. The method includes receiving, by a Dynamic Host Configuration Protocol (DHCP) server, a DHCP request from a DHCP relay agent, wherein the request carries encrypted relay agent options; decrypting, by the DHCP server, the encrypted relay agent options to obtain the relay agent options. With the present invention, safe transmission of the user sensitive information in the DHCP message is ensured. | 02-11-2010 |
20100049978 | CLIENT DEVICE, MAIL SYSTEM, PROGRAM, AND RECORDING MEDIUM - A mail system having high security is realized by mounting TCP2 for mail communication between client apparatuses. The present invention relates to a mail communication system which is connected to a network and exchanges mails between client apparatuses provided with the existing mailers, and each client apparatus is mounted with a TCP2 driver. A TCP2 driver | 02-25-2010 |
20100049979 | SYSTEM AND METHOD FOR SENDING ENCRYPTED MESSAGES TO A DISTRIBUTION LIST - A system and method for sending encrypted messages to a distribution list that facilitates the sending of such messages only to individuals or other entities associated with the distribution list that will be able to read the message. In one embodiment, the method comprises the steps of: identifying a distribution list address in a message; determining one or more member addresses associated with the distribution list address; for each member address, determining if a public key for a member identified by the respective member address is available on the computing device; encrypting the message to each member identified by the one or more member addresses for which a public key for the respective member is available on the computing device; sending the encrypted message to the distribution list address if each of the one or more member addresses associated with the distribution list identifies a member for which a public key is available on the computing device; and sending the message to each of the one or more member addresses that identifies a member for which a public key is available on the computing device otherwise. | 02-25-2010 |
20100077214 | Host Device and Method for Protecting Data Stored in a Storage Device - The owner of proprietor interest is in a better position to control access to the encrypted content in the medium if the encryption-decryption key is stored in the medium itself and substantially inaccessible to external devices. Only those host devices with the proper credentials are able to access the key. An access policy may be stored which grants different permissions (e.g. to different authorized entities) for accessing data stored in the medium. A system incorporating a combination of the two above features is particularly advantageous. On the one hand, the content owner or proprietor has the ability to control access to the content by using keys that are substantially inaccessible to external devices and at the same time has the ability to grant different permissions for accessing content in the medium. Thus, even where external devices gain access, their access may still be subject to the different permissions set by the content owner or proprietor recorded in the storage medium. When implemented in a flash memory, the above features result in a particularly useful medium for content protection. Many storage devices are not aware of file systems while many computer host devices read and write data in the form of files. The host device provides a key reference or ID, while the storage device generates a key value in response which is associated with the key ID, which is used as the handle through which the memory retains complete and exclusive control over the generation and use of the key value for cryptographic processes, while the host retains control of files. | 03-25-2010 |
20100082984 | Protocol-Independent Remote Attestation And Sealing - Messages, including messages in conformance with various protocols, can be hashed and the hash values added to an event log and provided to a Trusted Platform Module (TPM), which can extend one or more Platform Configuration Registers (PCRs) with the hash value, much as it would with the hash of a component that was installed or executed on the computing device with the TPM. Subsequently, the TPM can sign one or more of the PCRs and the signed PCRs can be transmitted, together with the event log and a copy of the messages. The recipient can verify the sender based on the signed PCRs, can confirm that the signed PCRs match the event log, and can verify the hash of the message in the event log by independently hashing it. In another embodiment, an intermediate hashing of the message can avoid transmission of potentially malicious executable instructions within a message. | 04-01-2010 |
20100082985 | Methods for integrating security in network communications and systems thereof - A method, computer readable medium, and system for integrating security in network communications includes generating a private key and a public key by encrypting the private key with a first encryption. The generated private key and public key are provided in an initial response to an initial request over the secure connection. At least one additional received request is validated based on the public key and a requesting signature signed using the key received with the at least one additional request. An additional response with a responding signature signed using the private key is provided in response to the validated additional request. | 04-01-2010 |
20100082986 | CERTIFICATE-BASED ENCRYPTION AND PUBLIC KEY INFRASTRUCTURE - The present invention provides methods for sending a digital message from a sender to a recipient in a public-key based cryptosystem comprising an authorizer. The authorizer can be a single entity or comprise a hierarchical or distributed entity. The present invention allows communication of messages by an efficient protocol, not involving key status queries or key escrow, where a message recipient can decrypt a message from a message sender only if the recipient possesses up-to-date authority from the authorizer. The invention allows such communication in a system comprising a large number (e.g. millions) of users. | 04-01-2010 |
20100095120 | TRUSTED AND CONFIDENTIAL REMOTE TPM INITIALIZATION - Techniques are provided to allow remote initialization of a Trusted Platform Module. The results may be trusted and confidential even if the target device has malicious operating system or other software running. | 04-15-2010 |
20100095121 | IMPARTING REAL-TIME PRIORITY-BASED NETWORK COMMUNICATIONS IN AN ENCRYPTED COMMUNICATION SESSION - This specification describes technologies relating to imparting real-time priority-based network communications in an encrypted session. In general, aspects of the subject matter described can be embodied in methods that include establishing, based on cryptographic information in a reserved, random-data portion of a handshake communication, a session, receiving parameter values relating to a sub media stream, included in a header of a network communication, storing the parameter values, obtaining state information and a data payload included in a second network communication, identifying, from the state information, a purpose of the second network communication, and whether a header of the second network communication includes one or more new values corresponding to one or more of the parameters, updating one or more of the stored values based on the one or more new values, and processing the data payload based on the identified purpose and the stored parameter values. | 04-15-2010 |
20100095122 | SYSTEM AND METHOD FOR COLLABORATION OVER SHARED STORAGE - In accordance with one or more embodiments of the present disclosure, systems and methods disclosed herein enable synergy among a group of users by providing a real-time, secure collaboration environment that allows for cooperative interaction and decision making and provide the ability for users to simultaneously view, revise, and review a document or multimedia file that resides in a shared data storage location. Real-time, low latency, rich collaboration between producers and consumers provides organization efficiency, and this collaboration provides real-time, low latency transmission of data. | 04-15-2010 |
20100100739 | SYSTEM AND METHOD FOR SECURE COMMUNICATION, AND A MEDIUM HAVING COMPUTER READABLE PROGRAM EXECUTING THE METHOD - A system and a method for a secure communication, and a medium having a computer readable program therefor. The system for a secure communication comprises an identification information extracting unit for extracting identification information from a request message sent from a web browser, and a response message sending unit for sending a response message corresponding to the request message to the web browser when the identification information satisfies a predetermined reference. Since a response message is sent only to a web browser that sends identification information that satisfies a predetermined reference, a secure HTTP communication can be implemented even when session key information is leaked. | 04-22-2010 |
20100115277 | METHOD AND DEVICE FOR MUTUAL AUTHENTICATION - A method of authenticating communication between a first and second party (or node) over an insecure, high bandwidth communications network, in which the first party (C) authenticates the second party (M) using a communications protocol comprising a first communications phase through a first communications channel over the insecure, high bandwidth communications network to establish a secure mode of communications between the first and second party, followed by a second communications phase of receiving information from the second party over a second communications channel, such as an empirical channel, and enabling a user to make a human comparison of the information received from the second party with information generated by the first party thereby enabling the user to authenticate the second party in the event of the information from both parties agrees. | 05-06-2010 |
20100125735 | Method and System for Establishing a User-Friendly Data Transfer Service Application Executing Within a Heterogeneous Distributed Service Application Execution Environment - Various embodiments of the present invention are directed to methods and systems for data transfer between electronic, hand-held devices, including cell phones, and computer systems, including servers and PCs, as well as component methods and systems of these data-transfer methods and systems. Component methods and systems of the present invention include secure links between various devices, enhancements to electronic hand-held devices that enable service applications to run continuously or intermittently on the devices, deployment of dynamically created service applications to electronic, hand-held devices, and various additional component methods and systems that facilitate the above-mentioned component methods and systems. One embodiment of the present invention is a robust, efficient, secure, and user-friendly method and system for transferring data between cell phones and personal computers. | 05-20-2010 |
20100131762 | SECURED COMMUNICATION METHOD FOR WIRELESS MESH NETWORK - A secured communication method for Wireless Mesh Network (WMN) in the field of network technology includes initial authentication request, authentication negotiation process of the authentication server and encrypted data communication via pre-shared key and other valid Mesh Point (MP) in the WMN in order to implement the functions of the WMN. The present invention not only meets the new needs of the WMN dynamic self-organization, but also provides the security performance almost the same as the IEEE 802.11 standard requirements. The present invention is easily applied into WMN upon IEEE 802.11 links, and furthermore, the architecture disclosed in the present invention is quite simple and easy to implement with full compatibility and flexibility. | 05-27-2010 |
20100138658 | Electronic Message System with Federation of Trusted Senders - Systems and methods for allowing challenge messages to be sent directly to a recipient's inbox where normally the challenge message would be sent to a pending folder or deleted. Challenge messages sent between federated messaging services contain a federated token which can be identified, authenticated and validated to determine whether the challenge message should be sent to a recipient's inbox. The federated token can include an authentication portion and a validation portion. Authentication methods for the authentication portion can include, for example, checksums, salts, hashes and digital signatures. Once a federated token is authenticated by decrypting the authentication portion according to one or more of these authentication methods, the federated token is validated by determining the defined use-base and determining whether the receipt of the federated token satisfies the defined use. | 06-03-2010 |
20100138659 | ELECTRONIC NOTARY - A process is disclosed for notarizing document, by a client in the presence of a notary, comprising the steps of registering the notary, the client and the document, from a local workstation coupled to a central office, to provide for assigning at least one respective encryption key for identifying each of the notary, the client and the document to be notarized; associating in the central office, the respective encryption keys of the client with the notary and with the document; generating a transaction code, based on the step of associating the respective encryption keys, for authorizing execution of the document to provide the notarizing; executing the document; and embedding selected ones of the respective encryption keys together with a notary seal in the document. | 06-03-2010 |
20100153725 | TRAFFIC ENCRYPTION KEY UPDATING METHOD USING SYSTEM SYNCHRONIZATION AND APPARATUS USING THE SAME - Provided are a TEK update method using system synchronization, and an apparatus using the same. The method and apparatus according to the present invention periodically update a TEK used for traffic encryption in a DOCSIS system by using system synchronization. As described, the TEK can be updated by using system synchronization without performing a TEK update negotiation process. | 06-17-2010 |
20100161988 | METHOD OF AUTHENTICATING AN ENTITY BY A VERIFICATION ENTITY - A method of authenticating an entity by a verification entity, said entities sharing a pair of secret keys X and Y. According to the invention said secret keys X and Y are n×m (n, m>1) binary matrices, said method comprising steps repeated r times (r≧1) of:
| 06-24-2010 |
20100169645 | KEY TRANSPORT IN AUTHENTICATION OR CRYPTOGRAPHY - A computer system for authenticating, encrypting, and transmitting a secret communication, where the encryption key is transmitted along with the encrypted message, is disclosed. In an embodiment, a first transmitting processor encrypts a plaintext message to a ciphertext message using a data key, encrypts the data key using a key encrypting key, and sends a communication comprising the encrypted data key and the ciphertext message. A second receiving processor receives the communication and then decrypts the encrypted data key using the key encrypting key and decrypts the ciphertext message using the data key to recover the plaintext message. | 07-01-2010 |
20100191968 | AUTHENTICATION FOR A MULTI-TIER WIRELESS HOME MESH NETWORK - An apparatus and method for a multi-tier wireless home mesh network is described. The method may include authentication of a node within a wireless home networking environment after discovering a wireless home mesh network. The authentication comprises (1) transmitting a first message, the first message including (i) an encrypted pass-phrase being a pass-phrase encrypted with a public key of the node of the wireless home mesh network, (ii) a checksum of the encrypted pass-phrase, (iii) a public key of the wireless node, and (iv) a checksum of the public key of the wireless node, and (2) receiving a second message, the second message including a code to indicate whether the wireless node has been successfully authenticated along with the challenge text verification process to ensure the message was not tampered or sent by another node. Other embodiments are described and claimed. | 07-29-2010 |
20100205441 | Method and System for Generating Ciphertext and Message Authentication Codes Utilizing Shared Hardware - A method and system for generating ciphertext and message authentication codes utilizing shared hardware are disclosed. According to one embodiment, a method is provided of generating ciphertext message data and message authentication codes utilizing shared authenticated encryption unit hardware. In the described embodiment, plaintext message data is received at an authenticated encryption unit which comprises first and second authenticated encryption hardware modules. Thereafter, a first message authentication code (MAC) associated with a first authenticated encryption mode and a second MAC associated with a second authenticated encryption mode are generated. More specifically, the first MAC is generated utilizing the plaintext message data and first authenticated encryption hardware module and ciphertext message data and the second MAC are generated utilizing the plaintext message data and second authenticated encryption hardware module. | 08-12-2010 |
20100211788 | NETWORK APPARATUS AND COMMUNICATION CONTROLLING METHOD - Disclosed is a network apparatuses, which makes it possible to effectively re-establish the cryptographic communication without increasing its processing burden and deteriorating the security aspects of them. The network apparatus that communicates with another network apparatus through a network to exchange cryptographic communication information including a key of cryptograph transmits, when a power off sequence is detected, a request for deleting the cryptographic communication information to the other network apparatus through a communication interface section, before a power source section is turned OFF so as to actually deactivate the network apparatus. | 08-19-2010 |
20100235641 | SECURITY TECHNIQUES FOR COOPERATIVE FILE DISTRIBUTION - Security techniques are provided for cooperative file distribution. An encryption key or a nonce (or both) are generated for a package containing one or more files that are to be sent in a cooperative file distribution system. Random access encryption techniques can be employed to encrypt a package containing one or more files to be sent in a cooperative file distribution system. One or more storage proxies are allocated to a package to be transmitted in a cooperative file distribution system, based on load. Access to trackers in the cooperative file distribution system is controlled using security tokens. Content can automatically expire using a defined expiration period when the content is uploaded into the system. Variable announce intervals allow the tracker to control how often the tracker will receive a message, such as an announcement or a heartbeat message, from peers in the system. | 09-16-2010 |
20100241859 | Mode of information transmission and complex protection - The mode is intended for application in simplex and duplex channels of arbitrary including low, quality with implementation of tasks for complex protection of information. | 09-23-2010 |
20100241860 | KEY-UPDATING METHOD, ENCRYPTION PROCESSING METHOD, KEY-INSULATED CRYPTOSYSTEM AND TERMINAL DEVICE - In a key-insulated cryptosystem according to the present invention, a plurality of external devices are associated with a number of updates of a terminal secret key which has already been updated, and a different piece of secret information is stored in each of the external devices. In addition, a key-updating method in the key-insulated cryptosystem according to the present invention includes steps of: selecting one of the external devices depending on the number of updates of the terminal secret key; and causing the selected external device to generate key-updating information used for updating the terminal secret key based on the number of updates and the stored secret information. | 09-23-2010 |
20100241861 | DHCP CLIENT SERVER SYSTEM, DHCP CLIENT DEVICE AND DHCP SERVER DEVICE - A conventional DHCP authentication method could not cope with a one-phase two-messages DHCP sequence involved in a Rapid-Commit option. Further, in the conventional DHCP authentication method, it is possible to replay attack at lease renewal timing and, when information used in a retransmission method between a client and a server becomes the loss of synchronization, the conventional DHCP authentication method cannot detect the loss of synchronization and has such a problem that unnecessary traffics are continuously produced. A DHCP client device includes a means that stores a user ID, a secret key, and retransmission detection method (RDM) information. A DHCP server device includes a database that is available for the retrieval of a secret key and RMD information based on a user ID as a key or an access mechanism to an external DB with the same function as that of the database. | 09-23-2010 |
20100250937 | Method And System For Securely Caching Authentication Elements - A system and method for authorizing a user to a plurality of secure servers. Each server is adapted to store user information. The secure server receives a request for access to one of the plurality of secure servers from a first user device from a user possessing an authorized account identifier. An authentication server may intervene and request the user authenticate to the authentication server and transmit a client-side electronic lockbox stored at the first user device to the authentication server. The authentication server retrieves a key′ corresponding to the received client-side lockbox and uses the key to decrypt an encrypted file contained within the lockbox. The decrypted file may contain authentication information that is forwarded to the secure server. The secure server grants the user access to the user's content stored thereon when the authentication information received from the authentication server corresponds to the authentication information stored at the secure server for the user. The present method provides the user the ability to manage access to the user's content by permitting the user to delete or disable a client-side lockbox or associated key from a remote location. | 09-30-2010 |
20100262826 | SYSTEM AND METHOD FOR ACQUIRING TERMINAL BINDING KEY - A first terminal subscribes to at least one service using a service guide in which information necessary for reception of each service is stored, and sends the service guide and an identifier (ID) of the subscribed service to a smartcard. The smartcard stores the service guide and the ID of the subscribed service, and sends the service guide and the ID of the subscribed service to a second terminal through a response message to a request message used for acquiring TBK information, received from the second terminal. The second terminal receives the response message by sending the request message to the smartcard, acquires TBK information corresponding to a service that the second terminal intends to play back, from the service guide depending on the subscribed service's ID included in the response message, and acquires the TBK by performing an authentication process using the TBK information. | 10-14-2010 |
20100262827 | Secure Storage Device For Transfer Of Data - Described herein are methods and devices of securing data. For example, a method of securing data comprises receiving, by a secure storage device, unsecure data from a source. The secure storage device is removably attached to the source. The method further comprises securing the unsecure data within the secure storage device by performing digital processing related to the unsecure data to create secure data. The secure storage device is responsive to the same protocol as an unsecure storage device and as a result the secure storage device is transparent to the source. The source responds to the secure storage device as if it were an unsecure storage device. | 10-14-2010 |
20100268952 | Optimization of Signing SOAP Body Element - An XML digital signature mechanism for providing message integrity. A sending party serializes a source XML document into a serialized byte array, calculates the source offset and length of the array of the signed part in the serialized byte array, and calculates a source hash value using the serialized array and the source offset and length. The serialized byte array is a non-canonicalized array. The array and source hash value used to sign a part or the whole of the serialized byte array is sent to a receiving party. The receiving party calculates the target offset and length of the signed part in the serialized byte array and calculates a target hash value of the signed part by using the array and the target offset and length. The receiving party compares the target hash value and the source hash value to verify the integrity of the target XML document. | 10-21-2010 |
20100275020 | COMMUNICATION METHOD, COMMUNICATION SYSTEM, MOBILE NODE AND COMMUNICATION NODE - The invention discloses a technique, by which the number of messages can be decreased when RR (Return Routability) procedure is performed to give authentication between a mobile node (MN) and a correspondent node (CN). According to this technique, CN | 10-28-2010 |
20100281260 | HASH FUNCTION BASED ON POLYMORPHIC CODE - In the field of computer data security, a hash process which is typically keyless and embodied in a computing apparatus is highly secure in terms of being resistant to attack. The hash process uses computer code (software) polymorphism, wherein computation of the hash value for a given message is partly dependent on the content (data) of the message. Hence the computer code changes dynamically while computing each hash value. | 11-04-2010 |
20100287373 | DATA SECURITY SYSTEM WITH ENCRYPTION - A data security system ( | 11-11-2010 |
20100306541 | HASH FUNCTION USING A CARD SHUFFLING PROCESS - In the computer data security field, a cryptographic hash function process embodied in a computer system and which is typically keyless, but is highly secure. The process is based on the type of chaos introduction exhibited by a game process such as the well known shuffling of a deck of playing cards. Computation of the hash value (digest) is the result of executing in a model (such as computer code or logic circuitry) a game algorithm that models the actual game such as a playing card shuffling algorithm using the message as an input to the algorithm, then executing the card shuffling algorithm on the input. A state (order) of the modeled deck of cards after a shuffle (or multiple shuffles) gives the hash digest value. | 12-02-2010 |
20100318798 | MESSAGE HANDLING AT A MOBILE DEVICE - A method for sending a message from a mobile device via a first application running on the mobile device is proposed. The method comprises a challenge step for supplying the first application with a challenge, a response step for receiving a response to the challenge, an equality check step for determining whether the received response corresponds to an expected response, a signature step for providing a signature for the message, using a cryptographic key and the result of the equality check step, and a send step for sending the signed message via the first application from the mobile device to a backend system. | 12-16-2010 |
20100332834 | METHOD AND APPARATUS FOR PROVIDING A SCALABLE SERVICE PLATFORM USING A NETWORK CACHE - An approach is provided for building a scalable service platform by initiating transmission of encrypted data from a public network cache. An access control server platform determines a first authorization key for a user and a second authorization key for a resource, and then encrypts the resource with the second authorization key, and encrypts the second authorization key with the first authorization key. The access control server platform initiates distribution of the encrypted second authorization key with the encrypted resource over a network. The access control server platform further initiates caching the encrypted second authorization key with the encrypted resource that meets a predefined threshold value (e.g., a data size, an access frequency, a modification frequency, or an auditing requirement) in a cache in the network, and initiates transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity. | 12-30-2010 |
20110010548 | SECURE E-MAIL SYSTEM - An email system for securely sending an email message to a recipient comprising: one or more computers connected to the internet at least one of computer being suitable for receiving data identifying a recipient; a communicator for sending messages; an encryption engine configured to encrypt the email message using the encryption key to produce an encrypted email message; a computer of the one or more computers programmed to identifying an encryption key; a computer of the one or more computers programmed to identify a first contact identifier of the recipient based on data received by a computer of the one or more computers, and to determine a first address of the recipient from the first contact identifier; a computer of the one or more computers programmed to determine a second address of the recipient from data received by the input means or from the first contact identifier using a lookup table or database; wherein at least the first address is an email address and the email system is configured to send the encrypted email message to the email address of the recipient and create an encryption key message, containing the encryption key, and send to the second address of the recipient. | 01-13-2011 |
20110016318 | TECHNIQUES FOR SECURING SUPPLY CHAIN ELECTRONIC TRANSACTIONS - Techniques for authenticating the identity of shippers and receivers of goods at each point along a supply chain. A central hub repository issues shippers and receivers a pair of public and private keys for encrypting communications between the shippers and receivers and the hub repository and for authenticating the identity of shippers and receivers. The hub repository may also maintain a log of all transactions between shippers and receivers to provide an audit trail that may be used to track the progress of goods along a supply chain. | 01-20-2011 |
20110016319 | METHOD FOR RESTRICTING ACCESS TO MEDIA DATA GENERATED BY A CAMERA - A method for restricting access to media data generated by a camera comprising: setting a non-public initial user key, KICU, in the camera, providing a user client with the initial user key, KICU, establishing an authenticated relation between the user client and the camera by sending an authentication message including information based on the initial user key, KICU, from the user client to the camera, checking if an operational user key (K | 01-20-2011 |
20110016320 | METHOD FOR AUTHENTICATION AND SIGNATURE OF A USER IN AN APPLICATION SERVICE, USING A MOBILE TELEPHONE AS A SECOND FACTOR IN ADDITION TO AND INDEPENDENTLY OF A FIRST FACTOR - The invention relates to a method for the two-factor authentication of a user in an application service running on an application server. The first authentication factor is a PIN authentication code known only by the user and the application service, and the second authentication factor is the mobile communication terminal of the user on which is installed a reliability application obtained from a reliable third party or certified by the same. The reliability application is capable of generating, using the PIN authentication code and a secret key shared only with the reliable third party, a single use authentication code for each authentication of the user in the application service. | 01-20-2011 |
20110022844 | AUTHENTICATION SYSTEMS AND METHODS USING A PACKET TELEPHONY DEVICE - Packet telephony devices with encryption keys are configured to enable authentication systems and methods for increasing the security of online account access and transactions. The instant disclosure leverages the security in customer equipment hardware such as a terminal adaptor (TA) or router to authenticate a web transaction. A packet telephony device has an encoded encryption key. The encryption key may be used with a display, a user actuable trigger or in a secure connection with a web-enabled device to authenticate a user or a website. | 01-27-2011 |
20110035594 | Apparatus and method for providing elective message tagging - A computer-implemented apparatus and method for providing elective message tagging related services, comprising: receiving a request to receive, processing information regarding the request; and transmitting in response to the request, an elective message tag in conjunction with a second communication, wherein the elective message tag consists of any one or more of data, information, advertisements, offers, solicitations, promotions, confirmations, tickets, receipts, content, digital content, activations, authorizations, authentications, hyper-links, programs, applications, code, scripts, files, video, audio, images, avatars, pixel tags, clear gifs, web beacons, voice, text, signals, warnings, prompts, requests, restrictions, limitations, monitoring functions, management operations, rules, policies, practices, aggregated information, implementations, dissolutions, disallowances, messages, notifications, controls, communications, and/or an embodiment of information, and/or an embodiment of control functionality. | 02-10-2011 |
20110040973 | Selective Encryption in Broker-Based Messaging Systems and Methods - An exemplary method includes transmitting, by a software application subsystem, a request to an encryption services subsystem to route a message generated by an originating software application to a recipient software application through a message broker subsystem, acquiring, by the software application subsystem, data representative of a current encryption configuration of the message broker subsystem from the encryption services subsystem in response to the request, and determining, by the software application subsystem, during a run time of the originating software application whether to encrypt the message before the message is transmitted to the message broker subsystem for routing to the recipient software application, the determination based at least in part on the current encryption configuration of the message broker subsystem. Corresponding methods and systems are also disclosed. | 02-17-2011 |
20110047382 | FAST AUTHENTICATION BETWEEN HETEROGENEOUS WIRELESS NETWORKS - A method for preparing for handover of an apparatus from a first wireless network to a second, different wireless network, a master session key (MSK) having been generated during establishment of a connectivity of the apparatus to the first wireless network includes detecting signals of the second wireless network. In response thereto, establishing a connectivity of the apparatus to the second wireless network, using a pairwise master key (PMK) derived from the MSK generated during establishment of the connectivity to the first wireless network, one or more encryption keys being derivable from the PMK to support secure communication over the second wireless network. | 02-24-2011 |
20110055568 | ZERO-KNOWLEDGE BASED AUTHENTICATION METHOD, SYSTEM, AND APPARATUS - In the fields of data security and system reliability and qualification, this disclosure is of a method, system and apparatus for verifying or authenticating a device to a host using a zero-knowledge based authentication technique which includes a keyed message authentication code such as an HMAC or keyed cipher function and which operates on secret information shared between the host and the device. This is useful both for security purposes and also to make sure that a device such as a computer peripheral or accessory or component is qualified to be interoperable with the host. | 03-03-2011 |
20110055569 | ROAMING AUTHENTICATION METHOD BASED ON WAPI - A roaming authentication method based on WAPI. The present invention includes the steps of adopting a terminal and a wireless access point to initiate a WAPI security mechanism, relating the terminal to the wireless access point, and initiating a WAPI authentication process and so on. And a highly safe and convenient roaming authentication method based on WAPI is provided, so as to solve the technical problem that how the specific method of certificate roaming authentication is realized, the certificate of external network authentication server can not be obtained to establish a trustful relationship, and the terminal perhaps can not realize roaming authentication. | 03-03-2011 |
20110060909 | TRAPDOOR ONE-WAY FUNCTIONS ON ELLIPTIC CURVES AND THEIR APPLICATION TO SHORTER SIGNATURES AND ASYMMETRIC ENCRYPTION - The present invention provides a new trapdoor one-way function. In a general sense, some quadratic algebraic integer z is used. One then finds a curve E and a rational map defining [z] on E. The rational map [z] is the trapdoor one-way function. A judicious selection of z will ensure that [z] can be efficiently computed, that it is difficult to invert, that determination of [z] from the rational functions defined by [z] is difficult, and knowledge of z allows one to invert [z] on a certain set of elliptic curve points. Every rational map is a composition of a translation and an endomorphism. The most secure part of the rational map is the endomorphism as the translation is easy to invert. If the problem of inverting the endomorphism and thus [z] is as hard as the discrete logarithm problem in E, then the size of the cryptographic group can be smaller than the group used for RSA trapdoor one-way functions. | 03-10-2011 |
20110066856 | Communication data freshness confirmation system - A receiving device sends challenge information to a transmitting device. The transmitting device initializes a time varying parameter and transmits communication data together with data derived from the challenge information to the receiving device. Subsequent communication data, if any, are then transmitted together with data derived from the time varying parameter. The receiving device uses the challenge information to verify the freshness of the communication data transmitted first, and uses the time varying parameter to verify the freshness of the subsequent communication data. Freshness can be verified without having to maintain any type of verification data during sleep periods, and without having to send a separate challenge for each data transmission. | 03-17-2011 |
20110066857 | Method for secure delivery of digital content - Methods and apparatus for the secure and copy-proof distribution of digital content are disclosed. In a preferred embodiment of the invention cryptographic primitives (encryption algorithms, message-authentication codes, hash functions, random-number generators, etc.) are used in a novel security protocol. The invention may be utilized to protect a first-run movie that has been digitized in accordance with one of the current or forthcoming MPEG standards (e.g., MPEG-7). Content receivers or users first register their boxes. This registration information is stored in a secure database. When a subscriber registers, he then receives a box (interface to his player) that has been initialized to contain a number of tamper-proof secrets that are shared between the station and that particular box. The station stores an encrypted version of the digital content. This encrypted version ultimately arrives at some unprotected storage medium local to the player. Upon demand, the station delivers to the box the use-once computational ability to decrypt the content and display it on the player or terminal. | 03-17-2011 |
20110072267 | METHOD, MOBILE AND NETWORK NODES FOR SHARING CONTENT BETWEEN USERS AND FOR TRACKING MESSAGES - A method for sharing multimedia content protected by RM by a first subscriber with at least one second subscriber of a communication system comprises: receiving the protected multimedia content by the at least one second subscriber from the first subscriber, who previously received the multimedia content; and requesting a license key for unlocking the protected multimedia content by the at least one second subscriber; wherein requesting the license key allows for correlating the license key with the multimedia content. | 03-24-2011 |
20110078444 | RE-AUTHENTICATION APPARATUS AND METHOD IN DOWNLOADABLE CONDITIONAL ACCESS SYSTEM - Provided is a re-authentication apparatus in a Downloadable Conditional Access System (DCAS), the re-authentication apparatus includes: a receiving unit to receive a key request message from a Secure Micro (SM); a determination unit to determine whether to perform re-authentication depending on downloading of SM client image; an identification unit to identify an SM identifier using the key request message, when the re-authentication is performed as a result of the determination; an extraction unit to retrieve previous session information corresponding to the SM identifier and to extract keying information about the previous session information; and an encryption unit to control an encryption key about the SM client image to be reused, the SM client image being encrypted in a previous session based on the previous session information using the keying information. | 03-31-2011 |
20110107100 | METHOD AND SYSTEM FOR PROVIDING SECURE CODES FOR MARKING ON ITEMS - A method and system for creating a group of marking codes for marking items in a code generation and validation system and validating the marking codes. The code generation and validation system includes a first subsystem and a second subsystem, where first and second keys in each of the subsystems are respectively used to encode a first input message in the first subsystem with an output message being the second input message in the second subsystem to solve the problem of data integrity of the validated data. | 05-05-2011 |
20110107101 | PASSWORD-AUTHENTICATED ASYMMETRIC KEY EXCHANGE - Communicating keys between network devices on a network using asymmetric cryptographic techniques, for which asymmetric keys may be derived from a single (same) password. Knowledge or partial knowledge of the password may be the only information shared between parties prior to execution of a key exchange, and may be the only criteria by which one party will base trust in the other. A first network device may encrypt a key using a password-based key derived from a password, and authenticate a second device based on the second network device's ability to decrypt the encrypted key using a key derived from the same password. Knowledge of the password may be conveyed by the second device to the first device—a session key may be generated as a function of the decrypted key, and a function of this session key may be communicated from the second device to the first device. | 05-05-2011 |
20110107102 | METHOD FOR AUTHENTICATING AN ENTITY BY A VERIFIER - A method for authenticating an entity by a verifier, the entity having an identifier, the verifier having a pair of private and public keys, comprising: sending to the entity a first random number selected by the verifier; a step wherein the entity encrypts a value by means of the public key of the verifier, said value including the first random number and an authentication datum on which the identifier of the entity depends; and the entity of said encrypted value sending a reply to authenticate said entity. The invention can be applied to the field of low-cost cryptography, especially the field of radio-identification. | 05-05-2011 |
20110113249 | METHOD AND SYSTEM FOR SHARING TRUSTED CONTACT INFORMATION - A method and system for sharing trusted contact information between trusted, known and unknown parties, without revealing the contact information itself, thus protecting the party defined in the contact from possible unsolicited messages known as “Spam”. Addresses of trusted senders are encrypted using a one-way encryption and stored in a whitelist repository that can be shared by different users. When a message is received, its senders address is extracted, encrypted using the same encryption method, and compared if it is found in the whitelist repository. | 05-12-2011 |
20110119491 | SIMPLIFIED PAIRING FOR WIRELESS DEVICES - A first wireless device is paired with a second wireless device for communication over a wireless connection. The first wireless device receives an input that indicates a device identifier of the second wireless device, and then matches the device identifier with one of the data entries in a data repository to obtain a code of the second wireless device without user interactions. The data repository contains a plurality of data entries associating a plurality of wireless devices with their corresponding codes. Based on the code of the second wireless device, the first wireless device authenticates the second wireless device and establishes the wireless connection. | 05-19-2011 |
20110131414 | METHODS AND SYSTEMS FOR END-TO-END SECURE SIP PAYLOADS - Methods, systems and communication nodes for protecting Session Initiation Protocol (SIP) message payloads are described. Different protection techniques can be used to protect SIP payloads depending upon, for example, whether a recipient client application resides in a user equipment or an application server and/or whether a recipient client application resides in a same SIP/IP domain as the target SIP application server which is sending the SIP payloads. | 06-02-2011 |
20110145580 | TRUSTWORTHY EXTENSIBLE MARKUP LANGUAGE FOR TRUSTWORTHY COMPUTING AND DATA SERVICES - A digital escrow pattern for data services can include selective access for obscured data at a remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Based on the pattern, a “trustworthy envelope” for any kind of payload enables curtained access through a variety of decorations or seals placed on the envelope that allow for a gamut of trust ranging with guarantees such as, but not limited to, confidentiality, privacy, anonymity, tamper detection, integrity, etc. For instance, XML tags can be applied or augmented to create trust envelopes for structured XML data. Some examples of mathematical transformations or ‘decorations’ that can be applied to the XML data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof(s) of Application, blind fingerprints, Proof(s) of Retrievability, etc. | 06-16-2011 |
20110154038 | Multi-band/multi-link secure key generation and delivery protocol - A method is described for negotiating the use of multi-link ciphering and for the generation of unique keys for each of the links using a single 4-way handshake protocol exchange. | 06-23-2011 |
20110154039 | STATION-TO-STATION SECURITY ASSOCIATIONS IN PERSONAL BASIC SERVICE SETS - A personal basic service set (PBSS) includes a first device configured to communicate in the PBSS and a second device configured to communicate in the PBSS. The first device is configured to establish a robust security network association (RSNA) with the second device (i) without associating with a PBSS control point (PCP) and (ii) without associating with the second device. | 06-23-2011 |
20110154040 | MESSAGE STORAGE AND RETRIEVAL - A method of obfuscating messages stored in a message store or messages received by a computing device by comparing portions of the messages to user-specified criteria and encrypting or hiding portions of the message if the criteria are matched. The obfuscated messages are stored and access thereto is controlled by only permitting authorised users or applications to decrypt or access the message. | 06-23-2011 |
20110167270 | SECURE KEY AUTHENTICATION METHOD FOR COMMUNICATION NETWORK - A key authentication method between a user equipment (UE) and a serving network (SN) for binary CDMA network and a key re-authentication method during which the UE performs a handover within the same SN in binary CDMA network are provided. The key authentication method for the user equipment includes receiving a terminal authentication request message from a wireless access point, transmitting a terminal authentication response message that includes identification information for the user terminal, receiving user authentication request message that includes at least two random numbers and code information for message authentication from the wireless access point, and transmitting a user authentication response message that comprises first information that is generated using a master key. | 07-07-2011 |
20110167271 | SECURE MESSAGE AND FILE DELIVERY - The present disclosure provides systems and methods for accessing secure and certified electronic messages using a combination of biometric security, a separate and secure network and email infrastructure, email management processes, and the addition of text, audio and visual format options to sending emails messages. In an exemplary embodiment, a secure message and file delivery method includes biometrically authenticating a sender of an electronic message; receiving the electronic message through a secure connection to the sender; storing the electronic message, wherein the electronic message is encrypted prior to storing; notifying a recipient of the electronic message; and delivering the electronic message through a secure connection to the recipient. | 07-07-2011 |
20110173449 | Broadcast Area Authentication - Systems, methods, apparatus, and computer program products are provided for authenticating local and remote devices associated with a broadcast area. For example, in one embodiment, a broadcast station can broadcast a first over-the-air broadcast that includes a token. A local device can scan for and identify the token in the first over-the-air broadcast it receives. The local device can then transmit the received token and user registration to an authentication server. The authentication server can use the token and user registration information to create a unique broadcast identifier. The authentication server can then transmit the unique broadcast identifier to the broadcast station and the local device. The broadcast station then broadcasts a second over-the-air broadcast that includes a unique broadcast identifier. Once the local device receives the unique broadcast identifier from the second over-the-air broadcast and the authentication server, it can be authenticated as being in the broadcast area. | 07-14-2011 |
20110191588 | METHOD AND APPARATUS FOR FACILITATING EFFICIENT AUTHENTICATED ENCRYPTION - A shared-key encryption scheme that uses identically keyed block-cipher calls, low additional overhead, supports the encryption of arbitrary-length strings, produces a minimal-length-ciphertext, and is fully parallelizable. In one embodiment, “OCB”, a key shared between communicating parties is mapped to a key variant using the block cipher. The key variant is mapped into a sequence of basis offsets using shifts and conditional xors. To encrypt a message using a nonce, a nonce-dependent base offset is formed, and then a sequence of offsets is constructed by starting with the base offset and then xoring, for each offset, an appropriate basis offset. The message is partitioned into message blocks of the same length as the block length of the block cipher, along with a message fragment that may be shorter. Each message block is combined with a corresponding offset, enciphered, and then combined again with the offset, yielding a ciphertext block. The message fragment is xored with an appropriately computed pad to give a ciphertext fragment. A checksum is formed using the message blocks, the message fragment, and the pad. The checksum is combined with an offset and enciphered to yield a tag. The encrypted message includes the ciphertext blocks, the ciphertext fragment, and the tag. | 08-04-2011 |
20110197065 | SECURE AND AUTOMATED CREDENTIAL INFORMATION TRANSFER MECHANISM - A mechanism for securely transmitting credentials to instantiated virtual machines is provided. A central server is used to turn on a virtual machine. When the virtual machine is turned on, the central server sends it a secret text string. The virtual machine requests the credentials from the central server by transmitting the secret string and its instance ID. The central server validates the secret string and source IP to determine whether they are authentic. Once verified, the central server transmits the credentials to the virtual machine in a secure channel and invalidates the secret string. The credentials can now be used to authenticate API calls. | 08-11-2011 |
20110264914 | COMMUNICATION SYSTEM HAVING PLURAL TERMINALS AND METHOD FOR CONTROLLING TERMINAL IN COMMUNICATION SYSTEM - A method and communication system for assigning the control authorization for controlling functions of a device from a terminal to another terminal in a communication system is provided. Through the method, it is possible to simplify the authentication process of a terminal having the communication function based on the short messaging service, and to reduce the security information size generated in the authentication process. | 10-27-2011 |
20110296183 | AUTHENTICATION IN DATA MANAGEMENT - Systems and methods for authentication in a data management system are provided. In one embodiment, the method comprises identifying a plurality of data ciphers based on a pre-defined set of properties associated with a plurality of data sources; and generating an authentication response having at least a subset of the identified plurality of data ciphers, wherein the authentication response authenticates access to at least some data sources from among the plurality of data sources. | 12-01-2011 |
20110296184 | MAINTAINING TRIGGERED SESSION STATE IN SECURE USER PLANE LOCATION (SUPL) ENABLED SYSTEM - A method is provided for maintaining session state in a Secure User Plane Location (SUPL) enabled system during a triggered session. The method includes modifying at least one parameter of a session message to include state data indicating the session state, and transmitting a request to a SUPL Enabled Terminal (SET) to initiate the triggered session, the request comprising the session message having the at least one modified parameter to be stored at the SET. The method further includes receiving a triggered message from the SET in response to occurrence of a trigger event detected by the SET, the triggered message comprising the stored state data. The triggered session is identified using the state data received in the triggered message. | 12-01-2011 |
20110314285 | REGISTRATION METHOD OF BIOLOGIC INFORMATION, APPLICATION METHOD OF USING TEMPLATE AND AUTHENTICATION METHOD IN BIOMETRIC AUTHENTICATION - When a registration station appends an anonymous ID (AID), a linking validity of the anonymous ID and actual user ID (UID) is assured for an application businessperson in the case of applying to use a biometric authentication. Specifically, a biometric authentication service system includes a biometric authentication server, an application server, a registration station server and a client server, for holding a hash value alone of personal information (P) in the registration station server, supplying again the personal information on applying to use a template (T) for the application server, collating the hash with the previously held hash, and verifying that the user applying to use the template is identical with the user registered the biologic information in the registration station server, in addition, secret information (S) different for every user is added to the personal information to generate unique data and identify the user correctly. | 12-22-2011 |
20120011366 | Method for Controlling and Recording the Security of an Enclosure - A method for controlling and recording the security of an enclosure is disclosed. A mobile electronic control device, such as an electronic key, is used to access or otherwise control the operations of a field device, such as an appliance, power tool, shipping container, and the like. In a control event in which the mobile control device interacts with the field device via wired or wireless communications, the control device obtains the current location and the field device ID. The communications between the mobile control device and the field device may be secured with encryption. The location information is used by the mobile control device to determine whether the field device should be accessed or enabled. Alternatively, the location information may be stored separately in a location sensing device, and the control event data recorded by the key and the location information recorded by the location sensing device are later combined when they are downloaded into a management system for auditing. Moreover, an electronic access control device is disclosed comprising two microprocessors. | 01-12-2012 |
20120011367 | Method for Controlling and Recording the Security of an Enclosure - A method for controlling and recording the security of an enclosure is disclosed. A mobile electronic control device, such as an electronic key, is used to access or otherwise control the operations of a field device, such as an appliance, power tool, shipping container, and the like. In a control event in which the mobile control device interacts with the field device via wired or wireless communications, the control device obtains the current location and the field device ID. The communications between the mobile control device and the field device may be secured with encryption. The location information is used by the mobile control device to determine whether the field device should be accessed or enabled. Alternatively, the location information may be stored separately in a location sensing device, and the control event data recorded by the key and the location information recorded by the location sensing device are later combined when they are downloaded into a management system for auditing. Moreover, an electronic access control device is disclosed comprising two microprocessors. | 01-12-2012 |
20120066498 | VERIFYING AUTHENTICITY OF A SENDER OF AN ELECTRONIC MESSAGE SENT TO A RECIPIENT USING MESSAGE SALT - A server receives a verification request sent by a client associated with a recipient of an electronic message to verify authenticity of a sender of the electronic message, where the verification request comprises message data of the electronic message and a salt hash value. The server identifies a key for the sender for generating a salt hash value and generates the salt hash value using the salt key and the message data. The server determines whether the generated salt hash value matches the salt hash value received in the verification request and sends a result to the client based on the determination of whether the salt hash values match. | 03-15-2012 |
20120066499 | SYSTEM AND METHOD FOR PERFORMING A MANAGEMENT OPERATION - There is provided a system and method of performing a management operation. An exemplary method comprises receiving a command that comprises information derived from a private key in response to a request to generate the command for an electronic device. The exemplary method also comprises verifying a source of the command using the information derived from the private key and a corresponding public key stored in an immutable memory of the electronic device. The exemplary method additionally comprises performing a management operation corresponding to the command if the verifying of the source of the command determines that the command is from an authorized source. | 03-15-2012 |
20120079275 | CONTENT FILTERING OF SECURE E-MAIL - Content filtering of e-mail in a network environment. The network environment includes a client machine, a policy server and an e-mail server. An e-mail message is authored at the client machine. Filter policy information is obtained by the client machine from the policy server, wherein the filter policy information defines a filtering policy for filtering of e-mail messages. The filter policy information is applied to the e-mail message by the client machine so as to effect the filtering policy. The filtered e-mail message is secured by the client machine, such as by securing based on a key obtained by the client machine from a key store. The secure e-mail message is sent by the client machine to a recipient via the e-mail server. | 03-29-2012 |
20120079276 | CONTENT SELECTION AND DELIVERY FOR RANDOM DEVICES - Intelligent content delivery enables content to be delivered to different devices in formats appropriate for those devices based on the capabilities of those devices. A user might access the same piece of content on two different devices, and can automatically receive a higher quality format on a device capable of playing that higher quality format. The user can purchase rights to content in any format, such that as new formats emerge or the user upgrades to devices with enhanced capabilities, the user can receive the improved formats automatically without having to repurchase the content. Further, the user can pause and resume content between devices even when those devices utilize different formats, and can access content on devices not otherwise associated with the user, receiving content in formats that are appropriate for those unknown devices even if the user has not previously accessed content in those formats. | 03-29-2012 |
20120096268 | ELECTRONIC FILE SENDING METHOD - An electronic file sending method is provided to securely and easily send en electronic file to a receiver. A receiving apparatus receives from a sending apparatus an electronic mail including an encrypted electronic file. The sending apparatus uses a public key of a management server to encrypt a decryption password that is necessary to decrypt the encrypted electronic file and sends the encrypted decryption password to the management server. In association with a file identifier of the electronic file, the management server stores the decryption password and an electronic mail address of a correct receiver, who is a receiver of the receiving apparatus. The receiving apparatus sends to the management server the file identifier of the electronic file and the electronic mail address of the receiver. The management server uses a public key of the receiving apparatus to encrypt the password and sends the encrypted password to the receiving apparatus. | 04-19-2012 |
20120110332 | Secure Messaging with Automatic Recipient Enrollment - A public-key based secure messaging system with automatic receiver enrollment is disclosed. A sender in the system first determines whether a receiver has a public key. If the receiver has a public key, the messages will be sent to the receiver using a standard public-key based encryption. If the receiver does not have a public key, the first message will be sent to the receiver using a delivery method that does not require the receiver to have a pair of public and private keys prior to sending the message. However, when the receiver accesses the first message, a pair of public and private keys will be automatically generated at the receiver and the public key will be made available for encrypting subsequent messages sent to the receiver. | 05-03-2012 |
20120144198 | USER AUTHENTICATION IN A MOBILE ENVIRONMENT - A data channel transmission can be used to authenticate a voice channel transmission. A third party trusted authentication server can be used to authenticate the identity of one or more parties to a call where at least one of the parties to the call is using a mobile device. A PKI authentication methodology or other symmetric or asymmetric encryption/decryption methodology can be used in a mobile network environment to identify and authenticate a first user to a second user. The authentication request sent to the third party trusted server can be encrypted, signed and transmitted over a data channel (such as an internet connection or SMS or MMS connection), concurrent with the voice channel transmission. In response to validation by the third party trusted server, the third party trusted server can send an authentication indication to the second user's device, which can display identification information and other (optional) data associated with the first user. | 06-07-2012 |
20120191977 | SECURE TRANSACTION FACILITATOR - A method, system, and devices are provided in which modified digital signatures are used to provide a dynamically generated number suitable for use in transactions requiring validation. The method uses symmetric key encryption to encode a message comprising authorization information and may use compression algorithms to provide a truncated message digest such that the dynamic number may be processed by existing credit card or other authorization systems. In part, this method is an improvement over other validation methods as decryption, which requires greater computing power, is not required. The method may be performed through the use of various devices. For example, credit cards may utilize the method to dispose the dynamic number in a magnetic strip or to transmit the dynamic number via radio transmitter. Smart cards, smart phones, or USB devices, optionally may be utilized to perform the inventive method. | 07-26-2012 |
20120204032 | Encryption key exchange system and method - The present invention is a computer-implemented key exchange system and methods for improving the usability of encryption technologies such as Public Key Infrastructure (PKI). One aspect of the present invention includes registering users, verifying user identity, and classifying users such that the users may send a communications such that communication recipients can verify the user identity and classification of the communication sender. Another aspect of the present invention includes users initiating relationships with other users, approving the establishment of relationships, and exchanging encryption keys between users after the establishment of a relationship. | 08-09-2012 |
20120216040 | System for Email Message Authentication, Classification, Encryption and Message Authenticity - A system and method for tracking sender activities to provide proper classifications as a sender or of its email messages. Certain embodiments of the present invention can track the number of messages sent from a specific email address. By doing so, the system and method permits each user to define an acceptable threshold of the number of recipients of each one message received by the user. | 08-23-2012 |
20120233466 | METHOD FOR INSTALLING RIGHTS OBJECT FOR CONTENT IN MEMORY CARD - A method of receiving, by a memory card, a rights object (RO) from a rights issuer (RI) via a terminal. The method includes: receiving from the terminal, a provisioning setup request message including information about a size of rights to be installed in the memory card; checking whether there is a space in the memory card for the rights; transmitting, to the terminal, a provisioning setup response message including a status indicating a result of processing the provisioning setup request message; and receiving, from the terminal, a rights provisioning request message for installing the rights into the memory card, the rights provisioning request message including rights information. The rights information is based on rights being extracted from a RO response message if a device identifier (ID) in the RO response message matches an ID of the memory card which is different from an ID of the terminal. | 09-13-2012 |
20120239931 | INFORMATION PROCESSING APPARATUS, RECOVERY APPARATUS, AND DISK RECOVERY METHOD - An information processing apparatus includes: a disk to store data; a transmitting and receiving unit to exchange information with a recovery apparatus over a network; an authentication processor to, when receiving a first authentication key from the recovery apparatus, perform an authentication process based on the first authentication key and a second authentication key; and a writing controller to write an image file to the disk upon the authentication performed by the authentication processor and issue a completion message to the recovery apparatus on completion of the writing. | 09-20-2012 |
20120239932 | METHOD FOR VERIFICATION OF THE CORRECT RECORDING OF INFORMATION - Method for verifying that an item of information relating to an issuer has been registered correctly by a receiving entity while preserving the issuer's privacy, which method includes the following steps: a) the information relating to the issuer is coded in an issuing entity and said coding is sent to the receiving entity; b) the receiving entity generates a content test on the basis of the information coded in step a), and the content test is subsequently sent to the issuing entity; and c) the issuer verifies that the content test corresponds to the information which has been coded | 09-20-2012 |
20120260093 | Portable Security Transaction Protocol - A technique for providing message authenticity includes accepting transaction information, accepting a first data item used for authenticating an originating user, cryptographically processing the transaction information using only a second data item, wherein the entropy of the first data item is less than the entropy of the second data item, and authenticating the originating user using the first data item. The first data item can be a sequence of digits corresponding to those displayed on an external device, such as, for example, an RSA authorization token, credit card, etc. | 10-11-2012 |
20120272062 | APPARATUS AND METHOD FOR CONTROLLING DEVICES USING PORTABLE TERMINAL IN DEVICE AUTOMATION SYSTEM - A method is provided for controlling a device by a portable terminal in a device automation system. Upon detecting an execution request for a single remote control mode for remotely controlling a device, the portable terminal sends a single remote control mode execution request message for requesting to execute the single remote control mode, to the device. Upon receiving from the device a single remote control mode execution response message being responsive to the single remote control mode execution request message, the portable terminal switches an operation mode thereof to the single remote control mode. Upon receiving from the device a device data message including device data output by the device, the portable terminal outputs the device data. Upon detecting a remote control command to remotely control the device while outputting the device data, the portable terminal sends a remote control message including the remote control command to the device. | 10-25-2012 |
20120272063 | METHOD AND SYSTEM FOR DIGITAL RIGHTS MANAGEMENT OF DOCUMENTS - A method and system for transmission of digital content via e-mail with point of use digital rights management is disclosed. The secured access rights to the digital content may be customized for individual recipients by the sender, and may evolve over time. The access rights are enforced according to a time-dependent scheme. A key server is used to arbitrate session keys for the encrypted content, eliminating the requirement to exchange public keys prior to transmission of the digital content. During the entire process of transmitting and receiving e-mail messages and documents, the exchange of cryptographic keys remains totally transparent to the users of the system. Additionally, electronic documents may be digitally signed with authentication of the signature. | 10-25-2012 |
20120290845 | SOFT MESSAGE SIGNING - A message is signed using a PUF without having to exactly regenerate a cryptographic key. Another party that shares information about the PUF is able to verify the signature to a high degree of accuracy (i.e., high probability of rejection of a forged signature and a low probably of false rejection of a true signature). In some examples, the information shared by a recipient of a message signature includes a parametric model of operational characteristics of the PUF used to form the signature. | 11-15-2012 |
20120311335 | Efficient Terminal Authentication In Telecommunication Networks - The invention relates to AKA procedures for terminals ( | 12-06-2012 |
20120331296 | Method and Apparatus for Communicating between Low Message Rate Wireless Devices and Users via Monitoring, Control and Information Systems - The present invention relates to a method and apparatus for the communicating between remote devices using a low message rate wireless connection via monitoring, control and information systems. The network described in this invention is capable of supporting billions of such devices in an efficient and cost effective manner. The network uses a very low signaling rate and centrally controlled architecture in order to achieve this efficiency. The network can easily support numerous applications each controlling large numbers of devices. As the complexity of protocol used in the network is very much reduced in comparison to existing hierarchical mobile wireless networks, it is possible to produce devices that use very little energy allowing their use in many new and novel applications. | 12-27-2012 |
20130007454 | SYSTEMS, DEVICES, AND METHODS FOR OUTPUTTING ALERTS TO INDICATE THE USE OF A WEAK HASH FUNCTION - Systems, devices, and methods for outputting an alert on a mobile device to indicate the use of a weak hash function are disclosed herein. In one example embodiment, the method comprises receiving data (e.g. from a server) that identifies at least one first hash function, identifying a hash digest generated using a second hash function, determining if the second hash function is weak using the received data, and outputting an alert indicating that the second hash function is weak if it is determined that the second hash function is weak. | 01-03-2013 |
20130042111 | SECURING TRANSACTIONS AGAINST CYBERATTACKS - Methods and systems are provided for performing a secure transaction. Users register biometric and/or other identifying information. A registration code and an encryption key are generated from the biometric information and/or information obtained from a unpredictable physical process and are stored in a secure area of a device and also transmitted to a service provider. A transaction passcode generator may be computed based on the stored registration code. In at least one embodiment, a unique transaction passcode depends upon the transaction information, so that on the next step of that transaction, only that unique transaction passcode will be valid. In an embodiment, the passcode includes the transaction information. In at least one embodiment, if the transaction information has been altered relative to the transaction information stored in the device's secure area, then the transaction passcode sent during this step will be invalid and transaction may be aborted. | 02-14-2013 |
20130061053 | RECORDING MEDIUM DEVICE, TERMINAL DEVICE, DISTRIBUTION DEVICE, CONTROL METHOD, AND PROGRAM RECORDING MEDIUM - When the terminal device | 03-07-2013 |
20130117567 | MANAGING SECURITY FOR COMPUTER SERVICES - A method for providing security for a business application including receiving a request from a server including a server public key and a security token, deploying a virtual node implementing the business application in response to the request, using the security token in a bootstrap process by the virtual node to provide authentication to the server, and authenticating a message from the server using a server public key. | 05-09-2013 |
20130138960 | Systems and Methods for Secure Communication Using a Communication Encryption Bios based Upon a Message Specific Identifier - An apparatus and methods of securely communicating a message between a first device and a second device using a message specific identifier is disclosed. The method begins by receiving the message and the message specific identifier from the first device by the second device where the message specific identifier is associated with one or more attributes associated with the message and the first device. A decryption key request is transmitted to a server in communication with the second device, wherein the decryption key request is based upon the message specific identifier received and a second device attribute. A decryption key is received from the server, wherein the decryption key is based on the message specific identifier and a stored random character set. The encrypted message is then decrypted using the received decryption key. | 05-30-2013 |
20130166913 | Encryption Device and Method - A method is disclosed of encrypting a value input into a user device storing an authentication key, a code generation algorithm, and a value verification code generation algorithm. The method includes the user device processing the authentication key using the code generation algorithm to generate an authentication code; and the user device processing the value using the value verification code generation algorithm to generate a value verification code. The method further includes the user device using the authentication code, the value and the value verification code to construct a message encrypting the value, the message for communicating to an authentication system via a communications network for processing by the authentication system to determine and verify the value, and authenticate the user device and/or the user. A method of communicating a value input into a user device to an authentication system and of verifying the value so communicated as well as an associated user device and authentication system are also disclosed. | 06-27-2013 |
20130185561 | MANAGEMENT OF PUBLIC KEYS FOR VERIFICATION OF PUBLIC WARNING MESSAGES - Techniques are disclosed for managing one or more public keys used for verification of one or more messages transferred over a communication network associated with a public warning system. In one example, a method comprises the following steps. A computing device of a communication network obtains key material for at least one source of a message generated for a public warning system. The computing device also obtains an identity of the source. A public key is computed by the computing device from the key material and the identity of the source. The public key is thus useable by the computing device to verify a message received from the source that is digitally signed using a corresponding private key of the source. In one example, the computing device comprises user equipment. | 07-18-2013 |
20130198518 | SECURE PEER DISCOVERY AND AUTHENTICATION USING A SHARED SECRET - During a security technique, an electronic device determines a name by a applying a function to a shared secret, which is shared between a user and another user. This name is advertised in a network. After discovery by another electronic device (which is associated with the other user), the electronic device generates a first encrypted message from an unencrypted message using a cryptographic key. The electronic device provides the first encrypted message to the other electronic device, and receives a second encrypted message from the other electronic device. Using the cryptographic key, the electronic device decrypts the second encrypted message. Moreover, the electronic device receives confirmation that the other electronic device was able to decrypt the first encrypted message, thereby authenticating that the secure connection has been established. | 08-01-2013 |
20130212391 | ELLIPTIC CURVE CRYPTOGRAPHIC SIGNATURE - A method includes generating a randomized base point and causing the randomized base point and a private key to be loaded into a signature engine device. The method also includes signing a message using the randomized base point and the private key as a base point as well as the private key in an elliptic curve cryptographic (ECC) signature. | 08-15-2013 |
20130246793 | METHOD AND APPARATUS FOR ENCRYPTION AND PASS-THROUGH HANDLING OF CONFIDENTIAL INFORMATION IN SOFTWARE APPLICATIONS - Methods and apparatus for securely transmitting sensitive information to a remote device at the request of an application program are provided. The application program generates a request to a secure channel provider to make a transmission to a remote device. A first message is passed from the from the application program to the secure channel provider containing insertion point codes indicating locations within the first message where the sensitive information should be inserted. Sensitive information is obtained from a source outside of the application program and the sensitive information is inserted into the first message at the locations in the first message indicated by the insertion point codes to form a second message containing the sensitive information. The second message is encrypted and this encrypted message is transmitted to the remote device. The sensitive information is unaccessed by the application program during the execution of the method. | 09-19-2013 |
20130268761 | System and Method for Secure Asynchronous Event Notification for Adaptive Streaming Based on ISO Base Media File Format - System and method embodiments are provided for asynchronous event notification and message handling in dynamic adaptive streaming over hypertext transfer protocol (DASH). The embodiments includes sending in a segment file, from a network server to a client, a message box that is configurable for encryption, for scheduling a callback from the client, and with one or more arguments according to a messaging scheme of the message box. The network server further sends a message handling descriptor to the client for reloading a media presentation description (MPD) for obtaining a DASH event. The client then configures a universal resource locator (URL) for the MPD using the message box and the message handling descriptor, and sends the URL back to the network server. After receiving the URL, the network server sends the MPD to the client, which then uses the MPD to request segments of an asynchronous event. | 10-10-2013 |
20130297937 | Operator-Assisted Key Establishment - The invention relates to a method and system for key distribution and encryption/decryption. An encryption key (K | 11-07-2013 |
20130305049 | SECURE MESSAGE TRANSFER AND STORAGE - Messages are transmitted from a computer sending device to a first main server. The first main server splits the message into a plurality of message parts and the plurality of message parts is transmitted to a plurality of parallel file servers. The message parts are stored in the file servers or are transmitted to a second main server. The second main server triggers the transmission of the plurality of message parts to the second main server and the second main server recombines the plurality of message parts to a complete message. The message is then transmitted from the second main server to the computer receiving device. The message transfer and the message part transfer are encrypted processes. | 11-14-2013 |
20130339736 | PERIODIC PLATFORM BASED WEB SESSION RE-VALIDATION - Systems, apparatus and methods for periodically validating the identity of two or more machines that have established a secure communication connection over a network. A client may initiate a secure communication session with a server by providing an identification certificate. Upon establishing a secure connection with the server, the client may periodically reaffirm its identity by sending a secure heartbeat message that includes a timestamp offset and a client identifier in order to keep the connection open. The server can require periodic receipt of the secure heartbeat message in order to maintain the secure communication session. The client identifier may include a code or value based on a unique physical attribute of the client. The timestamp offset may be calculated by the client based on a timestamp provided by the server. | 12-19-2013 |
20130339737 | System for Efficiently Handling Cryptographic Messages Containing Nonce Values in a Wireless Connectionless Environment - A system for determining the validity of a received cryptographic message while ensuring for out-of-order messages is utilized to provide for secure communications among peers in a network. In particular, a secure communication module may be configured to accept the cryptographic message in response to a received nonce value of the received message is greater than the largest nonce value yet seen, the secure communication module may be configured to compare the received nonce value with a nonce value acceptance window. If the received nonce value falls outside the nonce acceptance window, the secure communication module may be further configured to reject the received message and assume that a replay attack has been detected. If the received nonce value falls within the nonce acceptance window, the secure communication module may be further configured to determine if the received nonce value has been seen before by comparing the received nonce value with a replay window mask. If the received nonce has been seen before, the secure communication module may be further configured to reject the received message and assume a replay attack. Otherwise, the secure communication module may be further configured to accept the message and add the received nonce value to the replay window mask. | 12-19-2013 |
20140006785 | SYSTEMS AND METHODS FOR AUTHENTICATING DEVICES BY ADDING SECURE FEATURES TO WI-FI TAGS | 01-02-2014 |
20140068265 | METHOD AND SYSTEM FOR TRANSMITTING DATA WITHIN A SECURE COMPUTER SYSTEM - Methods and systems related to the secure transmission of information within a vehicle's computing systems are presented. Transmitting a message within the secure computer system includes receiving a message that includes a remote encryption key from a module, validating the module, loading security metadata, then validating the security metadata using the remote encryption key. Thereafter, the valid destination modules are determined and the message is sent to them. Metadata labels may be securely attached to data using a local encryption key, in order to maintain the integrity of the data. | 03-06-2014 |
20140075191 | SYSTEM AND METHOD FOR TRANSMITTING AND UTILIZING ATTACHMENTS - A method of handling cryptographic information in a communication comprising body elements and attachment elements to a mobile device includes the steps of determining if the communication includes an attachment element comprising cryptographic information and converting the attachment element into a body element upon determining that the communication includes an attachment element comprising cryptographic information. | 03-13-2014 |
20140082363 | AUTOMATIC USER AUTHENTICATION AND IDENTIFICATION FOR MOBILE INSTANT MESSAGING APPLICATION - Automatic identification and authentication of a user of a mobile application entails receiving from the wireless communications device a unique device identifier and an e-mail address corresponding to the wireless communications device, associating a registration identifier with the unique device identifier and the e-mail address, generating an authentication token, and communicating the authentication token and the registration identifier to the wireless communications device. | 03-20-2014 |
20140089665 | SYSTEM AND METHOD FOR USING A STREAMING PROTOCOL - An initialization vector (IV) is employed to decrypt a block of a stream that has been encrypted with Cypher Block Chaining (CBC) encryption, without requiring decryption of previous blocks within the stream. For example, a listener who accesses a distribution point to retrieve encrypted content authenticates himself to an application server that regulates access to encrypted content on the distribution point, and responsively receives a key. The listener then requests access to a reference point within the encrypted content stream somewhere after its beginning (e.g., using preview clips). The distribution point relates the reference point to a corresponding block of the encrypted stream, and identifies an IV previously used for encryption of that block. The distribution point provides the associated encrypted block of content and the IV to the listener to enable mid-stream rendering of the encrypted content, without requiring the listener to decrypt previous blocks within the encrypted stream. | 03-27-2014 |
20140089666 | TIME SYNCHRONIZATION IN A MACHINE TO MACHINE COMMUNICATION - The present disclosure is related to performing a time synchronization between entities in a machine to machine (M2M) communication. | 03-27-2014 |
20140101448 | SYSTEM AND METHOD FOR SECURE MESSAGING IN A HYBRID PEER-TO-PEER NETWORK - An improved system and method are disclosed for peer-to-peer communications. In one example, the method enables endpoints to securely send and receive messages to one another within a hybrid peer-to-peer environment. | 04-10-2014 |
20140108803 | STEGANOGRAPHIC MESSAGING SYSTEM USING CODE INVARIANTS - A steganographic method to prevent the execution of malicious code and mitigate software piracy. The method uses invariant portions of machine instructions to create an executable watermark within unmodified code. This watermark can be verified at any stage of the software lifecycle, including dynamically and continuously during execution, to detect foreign code by verifying the integrity of the watermark prior to execution. In addition, the watermark may serve as a steganographic covert channel concealing additional information. Code invariants are not altered by binding operations such as loading and linking on different machines, and thus may be employed to consistently and repeatedly identify an unmodified instantiation of a particular program. The use of opcodes and register references as invariants avoids trivial register substitution as a means of program differentiation that eludes detection. The split key structure of the resulting cipher implies that knowledge of only the code (first key) or the cipher table (second key) alone is insufficient to derive the message. | 04-17-2014 |
20140108804 | SYSTEM AND METHOD FOR VERIFYING THE AUTHENTICITY OF AN ELECTRONIC DEVICE - Methods and systems are provided for verifying the authenticity of an electronic device by a security server comprising a processor and a memory. The method, for example, may include, but is not limited to, receiving, from the electronic device, a unique identifier associated with the electronic device, determining, by the processor, a public key corresponding to the unique identifier, generating, by the processor, a message, encrypting, by the processor, the message with the determined public key, transmitting, to the electronic device, the encrypted message; receiving, from the electronic device, a response message, comparing the response message to the generated message, and authorizing the electronic device based upon the comparison. | 04-17-2014 |
20140115336 | METHOD AND APPARATUS OF PROVISIONING HOME ENERGY MANAGEMENT SERVICES - A method for provisioning home energy management services includes supplying a service user with a list of home energy management services; and transmitting a request to subscribe to a service to a home energy management service provider server on a communication network. Further, the method includes performing an authentication with the home energy management service provider server and receiving a secret key for encryption and decryption of a message that is transmitted and received for the service; searching for home energy devices on a home network and transmitting a list of searched home energy devices to the home energy management service provider server; and sending the message received from the home energy management service provider server to the same home energy devices. | 04-24-2014 |
20140122882 | METHODS AND APPARATUS FOR DATA SECURITY IN MOBILE AD HOC NETWORKS - Systems and techniques for key management in mobile ad hoc networks are described. Pseudonyms are defined for group members of mobile ad hoc networks such that a pseudonym in a message can be deterministically identified with the sending device only by the sending device and the message recipient. Key management for a group is performed by a group manager, and key management may include key renewal and revocation. Key renewal is performed by a group manager, with the group manager using a set of couple pseudonyms, including a couple pseudonym between the manger and each group member. Key renewal employs a renewal key used to encrypt the updated group key, and the group manager updates the group key be transmitting a message to each group member in proximity, with the message being identified using the couple pseudonym of the manager and the group member. | 05-01-2014 |
20140122883 | Secure Electronic Mail System - An e-mail system is disclosed that overcomes many deficiencies of, but is backward compatible with, existing e-mail systems. Embodiments of the system may include various features, including but not limited to: (1) secure transfer of e-mail messages, without the need for users to replace existing e-mail clients or to change e-mail addresses; (2) tracking of all actions performed in connection with an e-mail transmission; (3) the ability for a recipient to view information about an e-mail message, optionally including information about how other addressees have responded to it, before deciding whether to retrieve the e-mail message; (4) the aggregation of entire e-mail conversations into a single threaded view; (5) the ability to include both private and public messages in a single e-mail communication; (6) sender control over downstream actions performed in connection with an e-mail message; (7) flexible control over cryptographic methods used to encrypt emails messages for storage. | 05-01-2014 |
20140136846 | METHOD AND SYSTEM FOR GENERATING A SECURE MESSAGE AS A URL MESSAGE - A method for generating and delivering a message via a web service is provided. A message for a recipient is converted to a URL and sent. A request is received from a sender to send a message to a recipient. A URL message is created in response to receiving the request to send the message to the recipient and the URL message is sent to the recipient. A URL message response is received from the recipient and a landing message is sent to the recipient in response to receiving the URL message response. The landing message includes a hint requesting an answer from the recipient. An answer is received from the recipient and the message is displayed to the recipient in response to receiving the answer. | 05-15-2014 |
20140136847 | SECURITY AND AUTHENTICATION SYSTEMS AND METHODS FOR PERSONALIZED PORTABLE DEVICES AND ASSOCIATED SYSTEMS - Systems and methods for client authentication and verification in a distributed client-server system are described. An authentication and verification system may include a plurality of client devices containing private keys, a first server configured to interface with the plurality of client devices, and a second, secure server configured to interface with the first server and store public keys associated with the private keys on the client devices. A method is further described for verifying client devices in conjunction with the first and second servers. The first server may contain secure tokens that can be decrypted in conjunction with the authentication and verification method. | 05-15-2014 |
20140164770 | ADVANCED METERING INFRASTRUCTURE NETWORK SYSTEM AND MESSAGE BROADCASTING METHOD - An advanced metering infrastructure (AMI) server, an AMI network node, an AMI network system and a message broadcasting method thereof are provided. The AMI server generates a broadcasting key from a broadcasting message through a hash function, encrypts the broadcasting message into an encrypted broadcasting message via the broadcasting key, encrypts the broadcasting key into an encrypted key via a symmetric key, and transmits the encrypted broadcasting message and the encrypted key to the AMI network node. The AMI network node decrypts the encrypted key into the broadcasting key via the symmetric key, decrypts the encrypted broadcasting message into the broadcasting message via the broadcasting key, and processes the broadcasting message after determining that the broadcasting message corresponds to the broadcasting key through the hash function. | 06-12-2014 |
20140164771 | METHOD AND SYSTEM FOR MANAGING AN EMBEDDED SECURE ELEMENT eSE - A method and system for managing an embedded secure element ( | 06-12-2014 |
20140195808 | SECURE MESSAGE FILTERING TO VEHICLE ELECTRONIC CONTROL UNITS WITH SECURE PROVISIONING OF MESSAGE FILTERING RULES - A method according to one embodiment includes the operations of configuring a host processor to receive a message filtering rule, the host processor associated with a vehicle; configuring a bus controller to verify authenticity of the message filtering rule, wherein the bus controller is programmed through an interface, the interface inaccessible from the host processor; filtering messages from the host processor using the verified message filtering rule, wherein the filtering is performed by the bus controller; and transmitting the filtered messages from the bus controller over a bus to one or more electronic control units (ECUs), the ECUs communicatively coupled to the bus. | 07-10-2014 |
20140201530 | Broadband Certified Mail - The present invention provides system and method for providing certified voice and/or multimedia mail messages in a broadband signed communication system which uses packetized digital information. Cryptography is used to authenticate a message that has been compiled from streaming voice or multimedia packets. A certificate of the originator's identity and electronic signature authenticates the message. A broadband communication system user may be provisioned for certified voice and/or multimedia mail by registering with a certified mail service provider and thereby receiving certification. The called system user's CPE electronically signs the bits in received communication packets and returns the message with an electronic signature of the called system user to the calling party, along with the system user's certificate obtained from the service provider/certifying authority during registration. The electronic signature is a cryptographic key of the called party. | 07-17-2014 |
20140208109 | METHOD AND SYSTEM FOR PROTECTING MEMORY INFORMATION IN A PLATFORM - A method and system to provide an effective, scalable and yet low-cost solution for Confidentiality, Integrity and Replay protection for sensitive information stored in a memory and prevent an attacker from observing and/or modifying the state of the system. In one embodiment of the invention, the system has strong hardware protection for its memory contents via XTS-tweak mode of encryption where the tweak is derived based on “Global and Local Counters”. This scheme offers to enable die-area efficient Replay protection for any sized memory by allowing multiple counter levels and facilitates using small counter-sizes to derive the “tweak” used in the XTS encryption without sacrificing cryptographic strength. | 07-24-2014 |
20140208110 | INFORMATION PROCESSING APPARATUS, SIGNATURE GENERATION APPARATUS, SIGNATURE VERIFICATION APPARATUS, INFORMATION PROCESSING METHOD, SIGNATURE GENERATION METHOD, AND SIGNATURE VERIFICATION METHOD - Provided is an information processing apparatus including a message generation unit configured to generate a message based on a pair of quadratic multivariate polynomials F=(f | 07-24-2014 |
20140258724 | SECURE SIMPLE ENROLLMENT - Methods, systems, and apparatus are disclosed for generating one or more device identifiers based on a public key associated with a respective device. Various embodiments include condensing and/or hashing a device public key to generate the corresponding device identifier. By using the relationship between a device public key and its device identifier, public key exchanges are implemented to verify this relationship and facilitate device enrollment into one or more networks. The embodiments further describe enrolling one or more devices into networks and/or authorizing devices to enroll one more devices into networks based on public key exchanges and verification that the one or more device identifiers match the respective public keys. Embodiments for authorizing other devices describe a first device enrolling a second device in a first network and authorizing a third device to enroll the second device in a second network using an exchange of public keys and/or messages. | 09-11-2014 |
20140281542 | SYSTEMS AND METHODS FOR SECURE WORKGROUP MANAGEMENT AND COMMUNICATION - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser. | 09-18-2014 |
20140289524 | METHODS AND APPARATUSES FOR REDUCING OR ELIMINATING UNAUTHORIZED ACCESS TO TETHERED DATA - Embodiments of a method and apparatus for reducing or eliminating unauthorized access to secured files are generally described herein. In some embodiments, the method includes establishing a connection between a communication portion of the secured file and an authentication agent. The method may include requesting a decryption key from the authentication agent for accessing the secured file on a first computing device. The decryption key may be based on device information retrieved from devices in an authenticated environment of devices. The authenticated environment may be an environment in which the secured the was encrypted. The method may include destroying the secured file subsequent to receiving a message indicating that the requesting has failed. | 09-25-2014 |
20140304510 | Secure authentication system with automatic cancellation of fraudulent operations - The present invention relates to a method and system to securely authenticate an operation request using a secure device. Automatic rejections are initiated on the basis of detection of mismatch of information by the secure device received from a server computer and an insecure terminal. The system and method further enables the user to manually confirm/reject operation requests by providing user inputs on an insecure terminal. | 10-09-2014 |
20140304511 | Sensor module and method for operating a sensor module - A sensor module for detecting at least one physical variable. The sensor module is configured to relay measured values, which characterize the at least one physical variable, to an external unit. The sensor module is configured to form a message authentication code and relay it to the external unit. The message authentication code allows the authenticity and integrity of at least one measured value to be checked. | 10-09-2014 |
20140310524 | DATA MANAGEMENT DEVICE, POWER USAGE CALCULATION SYSTEM, DATA MANAGEMENT METHOD, AND COMPUTER PROGRAM PRODUCT - According to an embodiment, a data management device includes a receiver; a first calculator; a second calculator; and a transmitter. The receiver is configured to receive at least one piece of encrypted data obtained by encrypting a piece of data and at least one message authentication code for the piece of encrypted data. The first calculator is configured to aggregate pieces of encrypted data received to calculate aggregated encrypted data corresponding to a sum of the pieces of data encrypted. The second calculator is configured to sum up message authentication codes received to calculate a total value of the message authentication codes for the aggregated encrypted data. The transmitter is configured to transmit the aggregated encrypted data and the total value of the message authentication codes. | 10-16-2014 |
20140317406 | COMMUNICATION BETWEEN NETWORK NODES THAT ARE NOT DIRECTLY CONNECTED - A first node sends a sequence of packets to another node to which it is connected over a communication network. A second node monitors network traffic in the communication network and intercepts the sequence of packets in the network traffic sent by the first node. The second node decodes a message in the sequence of packets intended for the second node, wherein the message is encoded using lengths of the packets in the sequence of packets. | 10-23-2014 |
20140317407 | INCREMENTAL MAC TAG GENERATION DEVICE, METHOD, AND PROGRAM, AND MESSAGE AUTHENTICATION DEVICE - Provided is an incremental MAC tag generation device that enables incremental tag calculations that can support the editing of all block units, without losing the efficiency of normal tag calculations. A padding unit ( | 10-23-2014 |
20140337627 | Secured transmission of a sequence of data to be transmitted - A method for transmitting a sequence of data blocks to be transmitted includes: one first piece of authentication data and one second piece of authentication data different from the first are formed relative to a selected data block; the selected data block, the first piece of authentication data and the second piece of authentication data are transmitted to a receiver; and the receiver checks (i) a validity of the received data block with the aid of the received first piece of authentication data and (ii) a validity of the received first piece of authentication data with the aid of the received second piece of authentication data. | 11-13-2014 |
20140351596 | METHOD, SYSTEM AND APPARATUS FOR AUTHENTICATING USER IDENTITY - The present invention relates to a method and system for authenticating user identity with a user terminal, authentication front-end computer system, and authentication server. In a first scheme, the user terminal transmits an authentication instruction comprising an authentication message to the authentication front-end computer system. Then, the authentication front-end computer system transmits an authentication request comprising the authentication message to a specific authentication server. In a second scheme, the user terminal transmits an authentication request comprising an authentication message to a specific authentication server. In any schemes, after receiving the authentication request, the authentication server authenticates a user's identity according to the authentication message. Preferably, the authentication server transmits an authentication result to the authentication front-end computer system. When a user pays a certain amount of money to an operator, the authentication server transfers the specific amount from a specific user payment account to a specific operator account after successful authentication. | 11-27-2014 |
20140372758 | METHOD AND SYSTEM FOR SECURED COMMUNICATION OF CONTROL INFORMATION IN A WIRELESS NETWORK ENVIRONMENT - A method and system for securely communicating control information in a wireless network environment is provided. When a transmitting station has to transmit control information to a receiving station, the transmitting station determines whether the control information belongs to first type or second type. If the control information is the second type of control information, the transmitting station secures the second type of control information using a counter value, a Cipher based Message Authentication Code (CMAC) value and security keys computed for protecting the second type of control information. Upon securing the control information, the transmitting station transmits the secured control information to a receiving station. | 12-18-2014 |
20140380053 | OBTAINING TARGETED SERVICES USING A UNIQUE IDENTIFICATION HEADER (UIDH) - A system is configured to receive, from a user device, a request for content; obtain, based on receiving the request, an identifier for a subscriber associated with the system and a key; encode the identifier and the key to create a unique identifier; store the unique identifier in the request to create a modified request; provide the modified request to a content provider identified by the request; receive, from the content provider, the content and targeted content, the targeted content being associated with the unique identifier and conforming to an attribute of the subscriber; and provide, to the user device, the content and the targeted content. | 12-25-2014 |
20150019868 | PUBLIC ENCRYPTION METHOD BASED ON USER ID - A public encryption method based on user ID includes: setting, by a key generation server, at least one public parameter and master key used for generating a private key; receiving, by the key generation server, an inherent ID of a user from a receiving terminal, generating a private key based on the public parameter, the master key and the ID, and transmitting the generated private key to the receiving terminal; receiving, by a transmitting terminal, the public parameter and the ID from the key generation server, encrypting a message to generate a ciphertext, and transmitting the generated ciphertext to the receiving terminal; and receiving, by the receiving terminal, the ciphertext and the private key, and decrypting the ciphertext based on the received private key to obtain a message. | 01-15-2015 |
20150033015 | METHODS AND SYSTEMS FOR SECURELY UPLOADING FILES ONTO AIRCRAFT - Embodiments described herein provide for a system for verifying integrity of files uplinked to a remote vehicle. The system is configured to receive a first message authentication code (MAC) for the uplinked file, a first acknowledgement MAC for the MAC, and a first cyclic redundancy check (CRC) for the first MAC and the acknowledgement MAC. The system is also configured to compute a second MAC from the uplinked file, a second acknowledgement MAC from the second MAC and a second CRC from the second MAC and second acknowledgement MAC. Integrity of the uplinked file is verified by comparing the first CRC with the second CRC. If integrity of the uplinked file is confirmed, the uplinked file is accepted. If integrity of the uplinked file is not confirmed, the uplinked file is rejected. | 01-29-2015 |
20150039889 | SYSTEM AND METHOD FOR EMAIL AND FILE DECRYPTION WITHOUT DIRECT ACCESS TO REQUIRED DECRYPTION KEY - Exemplary systems and methods are directed to decrypting electronic messages in a network. The system includes a processor configured to receive or monitor message sources for encrypted messages, where private keys associated with the encrypted messages are not previously provided to the system. For each message, extract a set of user certificate identifiers and corresponding encrypted session keys, securely communicate with private key provider to decrypt the encrypted session key with an acquired private key, and decrypt the message with the unencrypted session key. | 02-05-2015 |
20150046711 | ADAPTIVE METHOD FOR BIOMETRICALLY CERTIFIED COMMUNICATION - A communication device and method for authentication of a message being transmitted from the communication device. The method includes receiving, by a messaging utility, content of a message provided for transmission from the communication device. Based on a determination that the message requires user authentication before the message is transmitted to a recipient, the method further includes selecting, based on contextual data, one or more biometric capturing components of the communication device; triggering at least one selected biometric capturing component to capture a corresponding biometric input from a user of the communication device; and transmitting the message when the biometric input as belonging to an authorized user of the communication device. In one embodiment, a clearinghouse service authenticates a biometric input from a user of the communication device in order to certify the user and/or the message. | 02-12-2015 |
20150046712 | METHOD OF OPERATING DATA SECURITY AND ELECTRONIC DEVICE SUPPORTING THE SAME - A method of operating data security and an electronic device supporting the same are provided. The method includes executing a general Application (App) based on a non-trusted execution module; executing a first trusted App related to the execution of the general App based on a trusted execution module; generating a message by encrypting data generated in the first trusted App; transmitting the encrypted message to the general App; and transmitting the encrypted message to a second trusted App related to the execution of the general App and executed based on the trusted execution module. | 02-12-2015 |
20150074404 | METHOD FOR THE PROTECTED TRANSMISSION OF DATA - A method for authenticating a transmitter to a receiver, as well as for the protected transmission of messages; both the transmitter, as well as the receiver at least having a first common key; a random number, as well as at least one first partial code of a first code calculated from the random number with the aid of the first key from the receiver to the transmitter being transmitted in a synchronization message; the first partial code being checked by the transmitter; a first counter being generated by the transmitter; useful data, as well as a first partial counter of first counter and at least one second partial code of a second code calculated with the aid of a second key being transmitted by the transmitter to the receiver in a message; and the receiver checking the second partial code to verify the transmitter, as well as the transmitted message. | 03-12-2015 |
20150074405 | SECURING DATA USING INTEGRATED HOST-BASED DATA LOSS AGENT WITH ENCRYPTION DETECTION - A method and system for securing data in a computer system provides the capability to secure information even when it leaves the boundaries of the organization using a data loss agent integrated with encryption software. A method for securing data in a computer system comprises detecting attempted connection or access to a data destination to which sensitive data may be written, determining an encryption status of the data destination, allowing the connection or access to the data destination when the data destination is encrypted, and taking action to secure the sensitive data when the data destination is not encrypted. | 03-12-2015 |
20150089228 | USER AUTHENTICATION METHOD AND APPARATUS - A user authentication method and apparatus are disclosed. One embodiment of the invention can provide a method for authenticating a user from a server that includes: (a) transmitting a one-time server certification message in response to an authentication request including a user ID of a client terminal, and receiving a one-time terminal certification message from the client terminal; and (b) authenticating the user by verifying the one-time terminal certification message by using a hash value stored beforehand in correspondence to the user ID. | 03-26-2015 |
20150089229 | RAPID IDENTIFICATION OF MESSAGE AUTHENTICATION - Techniques are presented for uniquely identifying authentication associated with messages. A message is inspected for sender or domain identifying information associated with a sender of the message or a sender's domain. The identifying information is authenticated, and if authentication, then distinctive metadata is associated with the message. The distinctive metadata is presented or played in connection with the message for purposes of readily identifying the authentication. | 03-26-2015 |
20150089230 | RANDOM NUMBER DISTRIBUTION - A computer device includes means for receiving a request for at least one random number; means for generating a message authentication code from the identifier and at least one random number to be transmitted; and means for creating a message for transmission, including the random number in plain text and the message authentication code. A random number distribution system includes the computer device; a communication network; and a receiver device connectable to the computer device via the network to transmit requests for random numbers to the computer device and to receive messages from the computer device. | 03-26-2015 |
20150095648 | Secure PKI Communications for "Machine-to-Machine" Modules, including Key Derivation by Modules and Authenticating Public Keys - Methods and systems are provided for efficient and secure “Machine-to-Machine” (M2M) between modules and servers. A module can communicate with a server by accessing the Internet, and the module can include a sensor and/or actuator. The module and server can utilize public key infrastructure (PKI) such as public keys to encrypt messages. The module and server can use private keys to generate digital signatures for datagrams sent and decrypt messages received. The module can internally derive pairs of private/public keys using cryptographic algorithms and a set of parameters. A server can use a shared secret key to authenticate the submission of derived public keys with an associated module identity. For the very first submission of a public key derived the module, the shared secret key can comprise a pre-shared secret key which can be loaded into the module using a pre-shared secret key code. | 04-02-2015 |
20150100789 | Proof Of Device Genuineness - A cryptographic process is provided which allows a server to verify that a client device is genuine. The client device is provisioned with first and second data elements and a key which can be stored in fuses at the time of manufacture. When the client device requests digital content such as multimedia from the server, the server issues a genuineness challenge to the client device. The genuineness challenge is a message which includes a message authentication code (MAC) derived from a secret key of the server, in addition to an encrypted timestamp nonce. The client device prepares a response which includes a MAC derived from the client's key and the genuineness challenge. The response also includes the first and second data elements but not the client's key. The server processes the response to confirm that the client device is genuine. | 04-09-2015 |
20150121075 | ELECTRONIC MAIL SENDER VERIFICATION - An e-mail server decrypts attachments of an e-mail message with a key associated with a sending device such that failure of the decryption indicates the e-mail message can be harmful. The sending device inserts its device identifier into the e-mail message as a header and uses an encryption key associated with the device identifier and a digital fingerprint of the sending device to encrypt all attachments of the e-mail message. The delivering e-mail server processes the e-mail message. If the e-mail message contains no identifier, if no key is associated with the parsed identifier, or if attempted encryption fails, the e-mail server determines that the e-mail message is potentially harmful and disarms the e-mail message. | 04-30-2015 |
20150127944 | METHOD FOR SECURE AND ANONYMOUS ELECTRONIC COMMUNICATION VIA CRYPTOGRAPHY-FACILITATED DELIVERY - A method for secure and anonymous electronic communication via cryptography-facilitated delivery. The method handles and delivers messages such that the intended recipients are not revealed to any third party, nor is the sender revealed to any third party other than the server (or equivalent distribution mechanism). Messages are cryptographically signed and encrypted by the sender, after which the resulting encrypted payloads are distributed to all clients. Clients then attempt to decrypt the payloads, where successful decryption indicates that a client is the intended recipient of a message. The decrypted message is then processed with all known public keys (of which the client is aware) to determine whether any of the keys successfully validate the message against the included signature provided by the sender. If the message is successfully validated, the recipient has successfully received the message and identified the sender. | 05-07-2015 |
20150127945 | APPARATUS AND METHOD FOR SECURE PROVISIONING OF A COMMUNICATION DEVICE - A system that incorporates the subject disclosure may perform, for example, receiving an over-the-air programming message that includes programming data for use by the mobile communication device, decrypting the over-the-air programming message utilizing a first keyset to generate a decrypted over-the-air programming message, determining a schedule for providing messages from a secure device processor to a secure element of the mobile communication device where the secure device processor is separate from the secure element and in communication with the secure element, and providing the decrypted over-the-air programming message to the secure element according to the schedule. Other embodiments are disclosed. | 05-07-2015 |
20150143121 | PORTABLE COMPUTERIZED DEVICE ADAPTED FOR AD HOC SECURITY ASSOCIATIONS - A portable computing device configured to provide secure data communications with a network via a network communications interface. In one embodiment, the portable computing device includes a network security apparatus configured to communicate data with other network security apparatus over the network via the establishment of an association, the establishment of the association between the network security apparatus and the other network security apparatus resultant in the execution of a key generation algorithm configured to cause the network security apparatus and the other network security apparatus to exchange information utilized in the generation of cryptogaphic keys. | 05-21-2015 |
20150143122 | METHODS AND APPARATUS FOR PRIVATE SERVICE IDENTIFIERS IN NEIGHBORHOOD AWARE NETWORKS - Methods and apparatus in accordance with various embodiments provide for private service IDs for utilization in wireless devices in neighbor aware networks. One aspect of the subject matter described in the disclosure provides a method of transmitting service information in a wireless neighborhood aware network. The method includes generating a first message comprising a first service identifier, wherein the first service identifier includes a first hash value based on a service name and timing information, wherein the first hash value is generated by applying a first hash function. The method further includes transmitting the first message. | 05-21-2015 |
20150326659 | MOBILE COMPUTING RESOURCE - A high-performance handheld mobile computing resource need not be provided a display or any peripheral devices to augment the performance of a client device. The mobile computing resource may include a motherboard, a central processing unit (CPU), a read-only memory (ROM), a random access memory (RAM), a basic input/output system (BIOS), and an operating system (OS). A wireless module may be provided to enable wireless services. A power module may be provided to allow the mobile computing resource to serve as a power source. The mobile computing resource may serve as local cloud computation and storage resources to the client device, or as a remote desktop computer. | 11-12-2015 |
20150327067 | AUTHENTICATION MECHANISMS FOR WIRELESS NETWORKS - Security techniques and security mechanisms for wireless networks that transmit content such as advertisements. According to exemplary techniques, control messages comprising unrequested content (e.g., advertisement data) may be transmitted in response to a request from a client device, while in other exemplary techniques the control messages may be transmitted without any request from a client device. In some exemplary implementations, security mechanisms such as public key cryptography algorithms may be used to secure transmissions. In some of these techniques which implement public key cryptography, a user may be required to retrieve a public key from a source other than the wireless access point transmitting encrypted advertisements (e.g., a sign or terminal in a commercial entity transmitting such advertisements, or from a web service), such that the user may confirm that the encrypted content is from a source matching the retrieved public key and thus confirm the authenticity of a wireless access point. | 11-12-2015 |
20150334114 | METHOD AND APPARATUS FOR SECURELY SAVING AND RESTORING THE STATE OF A COMPUTING PLATFORM - An apparatus and method for securely suspending and resuming the state of a processor. For example, one embodiment of a method comprises: generating a data structure including at least the monotonic counter value; generating a message authentication code (MAC) over the data structure using a first key; securely providing the data structure and the MAC to a module executed on the processor; the module verifying the MAC, comparing the monotonic counter value with a counter value stored during a previous suspend operation and, if the counter values match, then loading processor state required for the resume operation to complete. Another embodiment of a method comprises: generating a first key by a processor; securely sharing the first key with an off-processor component; and using the first key to generate a pairing ID usable to identify a pairing between the processor and the off-processor component. | 11-19-2015 |
20150334120 | Server verification of secure electronic messages - Systems and methods for processing encoded messages within a wireless communications system are disclosed. A server within the wireless communications system determines whether the size of an encoded message is too large for a wireless communications device. If the message is too large, the server removes part of the message and sends an abbreviated message to the wireless device, together with additional information relating to processing of the encoded message, such as, for example, hash context values, that assist the wireless communications device in verifying the abbreviated message. | 11-19-2015 |
20150350171 | SEMI-DETERMINISTIC DIGITAL SIGNATURE GENERATION - Various features pertain to digital signatures for use in signing messages. In one aspect, a digital signature is generated based on a nonce derived using a per-message salt value, particularly a salt selected to provide a semi-deterministic nonce (i.e. a nonce that is neither fully deterministic nor completely random.) In one example, the nonce is generated by concatenating the salt value with a long-term private key and then applying the result to a key derivation function along with a hash of the message to be signed. The salt value may be, e.g., a counter, a context-specific message or may be randomly generated within a restricted range of values (relative to a full range of values associated with the particular digital signature generation protocol used to generate a digital signature from the nonce.) | 12-03-2015 |
20150350206 | STORAGE SYSTEM AND METHOD FOR PERFORMING SECURE WRITE PROTECT THEREOF - A storage system includes a host configured to provide a request for setting or clearing secure write protection; and a storage device including a register, the register including fields that store information for controlling write protection attributes and a secure mode of the storage device, the storage device being configured to authenticate a request of the host when the secure mode is enabled, wherein the storage device is configured set or clear the secure write protection based on the request of the host when the storage device authenticates the request of the host, wherein after the secure mode is set, the storage device restricts an access of an unauthenticated host for setting and clearing write protection, and wherein the register comprises a secure write protection (WP) configuration masking field for controlling register fields of the register that are associated with write protection. | 12-03-2015 |
20150350207 | METHOD AND APPARATUS FOR PROVIDING SECURITY FUNCTION - A method for providing a security function includes obtaining a request for executing a function of application through an electronic device if the electronic device is located within a predetermined distance from a user, identifying a success or failure of a first authentication which is previously performed for the user in response to the request, and determining whether to perform a second authentication for executing the function of the application based on the success or failure of the first authentication, wherein determining whether to perform the second authentication comprises performing the second authentication by using a security level lower than a security level related to the first authentication if the success of the first authentication is identified. An electronic device includes a processor configured to determine a success or failure of a first authentication, and decide whether to perform a second authentication with a second security level for executing the function. | 12-03-2015 |
20150365408 | SECURE TRANSACTIONS USING ALPHACODES - Systems and method for sending a first alphacode to a first participant over a secure channel. Sending a second alphacode to a second participant over a secure channel. Receiving a first encoded message, a second encoded message, and a plaintext message. The first encoded message is based on the first alphacode and the second encoded message is based on the second alphacode. Generating a first ciphertext based on the first alphacode and the plaintext message. Comparing the first ciphertext to the first encoded message and determining the authenticity of the first encoded message based at least on the comparing to the first ciphertext. Comparing the second ciphertext to the second encoded message and determining the authenticity of the second encoded message based at least on the comparing to the second ciphertext. Sending a first confirmation to the first participant and sending a second confirmation to the second participant. | 12-17-2015 |
20150365409 | NETWORK CONTROLLER PROVISIONED MACSEC KEYS - Methods, network controllers, and machine-readable and executable instructions are provided for network controller provisioned MACsec keys. A network controller can provision a first network device with a media access control security (MACsec) key for a for a MACsec flow. The network controller can provision a second network device with the MACsec key for the MACsec flow. | 12-17-2015 |
20150365424 | CRYPTOGRAPHIC METHOD FOR SECURELY EXCHANGING MESSAGES AND DEVICE AND SYSTEM FOR IMPLEMENTING THIS METHOD - At least one embodiment refers to a method for securely exchanging messages between at least two devices, each of them storing a shared secret key. The method comprises: at each device: generating a random number, then sending it to the other devices; determining a first key by a first operation based onto said secret key and each random number; determining a second key based on said first key and said random numbers; at a sending device: determining a pseudo message on the basis of the message and said random numbers; calculating then sending a cryptogram on the basis of said pseudo message and said second key; and at the receiving device: decrypting said cryptogram by means of said second key; and retrieving said message from said pseudo message. | 12-17-2015 |
20150373020 | Secure Communications Methods for Use with Entrepreneurial Prediction Systems and Methods - Secure communications methods for use with entrepreneurial prediction systems and methods are provided herein. An example method can include a two factor authentication of both a communications channel used by the entrepreneur (either by device or message attributes) and an identification of an identity of the entrepreneur from biometric parameters. This allows for secure communication with an entrepreneur when the entrepreneur is communicating from a geographical location of low trust, such as where device or identity theft is common. | 12-24-2015 |
20150373021 | Methods and Systems for Exchanging Private Messages - A method and server are provided for sending a secure message from a first computing device to a second computing device. A first computing device sends an encrypted, secure message a message server. The message server processes the secure message to unencrypt and separate the secure message contents into two or more separately downloadable message parts. The server sends a complex link to the second computing device, or sends a complex link to the first computing device for sending to the second computing device. When the complex link is selected by a user of the second computing device the server transmits a first part of the message to the second computing device. After transmitting the first part, the server then separately transmits a second part of the message to the second computing device. | 12-24-2015 |
20150381367 | Secure Router Authentication - Systems and methods involving secure device authentication using aspects of a zero-knowledge password proof approach are disclosed. In one example, a device may generate a self-authenticating message including its identity and/or its capabilities. The device may use a secret value, random nonce, public ephemeral value (PEV), session key, and/or other values to generate the self-authenticating message. The secret value may be unknown to device receiving the self-authenticating message. With the use of pre-loaded values, including a verifier, the receiving device may compare a host-HMAC with the router-HMAC to verify the authenticity of the message. Such authentication may be used, inter alia, on an Internet Protocol network utilizing Neighbor Discovery protocol. | 12-31-2015 |
20150381620 | DIGITAL VERIFIED IDENTIFICATION SYSTEM AND METHOD - A digital verified identification system and method are presented for verifying and/or authenticating the identification of an entity associated with an electronic file, such as, for example the digital signatory thereof. In particular, the system and method include a module generating assembly structured to receive at least one verification data element, and at least one digital identification module structured to be associated with at least one entity. The digital identification module is capable of being disposed or embedded within at least one electronic file. Further, the digital Identification module with the entity, and one or more metadata identification module includes at least one primary components identification module includes at least one primary component structured to at least partially associate the digital. | 12-31-2015 |
20160021063 | System for Efficiently Handling Cryptographic Messages Containing Nonce Values in a Wireless Connectionless Environment - A system for determining the validity of a received cryptographic message while ensuring for out-of-order messages is utilized to provide for secure communications among peers in a network. In particular, a secure communication module may be configured to accept the cryptographic message in response to a received nonce value of the received message is greater than the largest nonce value yet seen, the secure communication module may be configured to compare the received nonce value with a nonce value acceptance window. If the received nonce value falls outside the nonce acceptance window, the secure communication module may be further configured to reject the received message and assume that a replay attack has been detected. If the received nonce value fails within the nonce acceptance window, the secure communication module may be further configured to determine if the received nonce value has been seen before by comparing the received nonce value with a replay window mask. If the received nonce has been seen before, the secure communication module may be further configured to reject the received message and assume a replay attack. Otherwise, the secure communication module may be further configured to accept the message and add the received nonce value to the replay window mask. | 01-21-2016 |
20160028744 | Computer Implemented System And Method For Authenticating A Sender Of Electronic Data To A Recipient - A sever receives data from a sender to be dispatched to a recipient. Before dispatching the data to the recipient the server sends a message to the sender's email address requesting a response which will confirm the sender's authorship of the data. Upon receiving the confirmation about sender's authorship of the data, the server transmits the data together with an identification of the sender to the recipient. | 01-28-2016 |
20160036785 | SECURE NETWORK COMMUNICATION - A client device configured to intercept an outgoing packet. The outgoing packet includes a destination network address. The client device is further configured to use an encryption key to encrypt the outgoing packet to generate an encrypted packet, scatter the encryption key into the encrypted packet according to pattern logic defined by a unique identifier of a routing server, and send the encrypted packet containing the scattered encryption key to the routing server. The routing server is configured to receive the encrypted packet containing the scattered encryption key, extract the encryption key from the encrypted packet using the pattern logic defined by the unique identifier, use the encryption key to decrypt the encrypted packet to obtain the outgoing packet including the destination network address, and send the outgoing packet to the destination network address. | 02-04-2016 |
20160036812 | Database Queries Integrity and External Security Mechanisms in Database Forensic Examinations - A method, system and computer-usable medium are disclosed for performing forensic database security operations to verify database query integrity. A database protocol packet is intercepted, inspected and then processed by an external database security mechanism (EDSM) system to extract a database query. The database query is then processed with a secret key to generate a first keyed-hash message authentication code (HMAC) value, which is then inserted into the intercepted database protocol packet according to database protocol rules to generate a modified database protocol packet in a way that HMAC values and database query will be stored in predetermined database server session tracking tables. The modified database protocol packet is then provided to a database server, where database server subsequently accessed by the EDSM system to retrieve the database query and the first HMAC value. The EDSM system then uses the same secret key to calculate a second HMAC value for the retrieved database query, which is compared to the first HMAC value to determine whether they match. If not, then the database query is marked as having been modified after being inspected by the EDSM system. | 02-04-2016 |
20160044031 | PROTECTING AGAINST MALICIOUS MODIFICATION IN CRYPTOGRAPHIC OPERATIONS - A message and an identifying parameter associated with the message are obtained. The message comprises a plurality of units. A plurality of one-unit message authentication codes is generated, wherein each one-unit message authentication code corresponds to a respective unit of the plurality of units of the message, and wherein each one-unit message authentication code is generated based on the identifying parameter associated with the message, a given one of the plurality of units, and the position of the given unit in the message. Verification of each unit of the message may then be efficiently performed inside a method of secure computation such as, by way of example only, a garbled circuit. | 02-11-2016 |
20160056959 | Key Management For Secure Communication - A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary. | 02-25-2016 |
20160057156 | TRANSMITTING AND RECEIVING SELF-DESTRUCTING MESSAGES - A device may receive, from a first user device, a request to transmit a message to a user of a second user device. The request may include particular information indicating that content of the message is to be displayed to the user for a particular amount of time. The device may encrypt, based on receiving the request and using a key, the content of the message to obtain an encrypted message. The device may transmit the encrypted message to the second user device and receive, from the second user device, a request for the key. The device may transmit, to the second user device, the key and information identifying the particular amount of time to cause the second user device to decrypt the encrypted message, using the key, to obtain a decrypted message and cause the second user device to delete the decrypted message after the particular amount of time. | 02-25-2016 |
20160065549 | HIERARCHICAL DATA ACCESS TECHNIQUES - A plurality of keys is obtained, with each obtained key of the plurality of keys being based at least in part on an information set for the plurality of keys and at least one other key distinct from the plurality of keys. A signing key is calculated by inputting a combination of the plurality of keys into a function with the information set for the plurality of keys, and the signing key is used to evaluate whether access to one or more computing resources is to be granted, with the information set preventing access from being granted when a request for the access is submitted out of compliance with the information set for the plurality of keys. | 03-03-2016 |
20160072811 | PROXY SSL AUTHENTICATION IN SPLIT SSL FOR CLIENT-SIDE PROXY AGENT RESOURCES WITH CONTENT INSERTION - A traffic management device (TMD), system, and processor-readable storage medium are directed to determining that an end-to-end encrypted session has been established between a client and an authentication server, intercepting and decrypting subsequent task traffic from the client, and forwarding the intercepted traffic toward a server. In some embodiments, a second connection between the TMD and server may be employed to forward the intercepted traffic, and the second connection may be unencrypted or encrypted with a different mechanism than the encrypted connection to the authentication server. The encrypted connection to the authentication server may be maintained following authentication to enable termination of the second connection if the client becomes untrusted, and/or to enable logging of client requests, connection information, and the like. In some embodiments, the TMD may act as a proxy to provide client access to a number of servers and/or resources. | 03-10-2016 |
20160080376 | METHOD AND DEVICE FOR CHECKING AN IDENTIFIER - An embodiment relates to a method for processing data that includes (a) calculating a second identifier based on input data, (b) conducting a first operation comparing the second identifier with a first identifier, and (c) conducting a second operation comparing the second identifier with a modified first identifier. | 03-17-2016 |
20160087949 | ESTABLISHING SECURE DIGITAL RELATIONSHIP USING SYMBOLOGY - An embodiment includes an apparatus comprising: a display module; at least one memory coupled to the display module; at least one processor, coupled to the at least one memory, to perform operations comprising: (a) encoding first content, which is based on a first value, in a first bar code, (b) displaying the first bar code with the display module; (c) receiving a second bar code, which includes second content based on a second value, from a second computing node; (d) encoding third content, which is based on a third value, in a third bar code, (e) displaying the third bar code with the display module; (f) determining an encryption key based on the first and second values; and (g) exchanging a message, encrypted based on the encryption key, with the second computing node. Other embodiments are described herein. | 03-24-2016 |
20160099939 | METHOD OF AUTHENTICATING CAN PACKETS USING MIXTURE OF MACS AND APPARATUS FOR IMPLEMENTING THE SAME - A method and apparatus for authenticating packets in a controller area network (CAN) are disclosed. The method includes transmitting messages using a mixture of message authentication codes (MACs) in a controller area network (CAN). In addition, a first MAC is generated using a first message and the first MAC is divided into a first MAC part and a second MAC part. A second MAC is generated using a second message and the second MAC is divided into a third MAC part and a fourth MAC part. A linear operation is performed between the second MAC part and the third MAC part to generate a first authentication MAC. The first message is transmitted with the first MAC part and the second message is transmitted with the first authentication MAC. | 04-07-2016 |
20160112456 | POLICY-BASED DATA MANAGEMENT - Compliance to a policy about how to treat data in a computer network environment is ensured by checking that conditions in the policy are satisfied by the entity before access to the data is provided. | 04-21-2016 |
20160119346 | METHOD, APPARATUS, AND SYSTEM FOR AUTHENTICATING FULLY HOMOMORPHIC MESSAGE - Embodiments of the present disclosure provide a method, an apparatus, and a system for authenticating a fully homomorphic message, where the method includes: acquiring a message authentication key, where: the message authentication key includes a public key, a first character string, and a second character string; the first character string is a character string that consists of 0 and 1 and has a length of n; the second character string is a character string that consists of 0 and 1 and has a length of n; generating an authentication fingerprint corresponding to each bit of to-be-computed data; sending a computation request to a server; receiving an authentication fingerprint corresponding to the computation result; and performing correctness authentication on the computation result according to the received authentication fingerprint, which effectively reduces an amount of computation in a verification process. | 04-28-2016 |
20160127366 | ANONYMOUS SIGNATURE SCHEME - Technologies are generally described for providing an anonymous signature scheme. In some examples, a method performed under control of an end device ma | 05-05-2016 |
20160127385 | METHOD AND APPARATUS FOR SYNCHRONIZING AN ADAPTABLE SECURITY LEVEL IN AN ELECTRONIC COMMUNICATION - A method of communicating in a secure communication system, comprises the steps of assembling as message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient. | 05-05-2016 |
20160134593 | MANICODING FOR COMMUNICATION VERIFICATION - Verifiable, secure communications between a sender and a receiver on at least one shared communication channel is provided. A manicoded key encoder produces an argument of knowledge for a secret key to the at least one shared communication channel, and a manicoded message encoder provides an implication argument indicating that knowledge of the secret key enables access to message content of the manicoded message. The argument of knowledge is included in a key manifest for the secret key within a manicoded key, and the implication argument is included in a message manifest of a manicoded message. In this way, the sender may provide message content within the manicoded message, and the receiver may operate a decoder to access the message content. A verifier may use the manicoded key and the manicoded message to verify that the receiver has access to the message content. | 05-12-2016 |
20160134628 | INTEGRITY PROTECTION FOR DATA STORAGE - A system for protecting the integrity of a memory system maintains an age counter and an opportunity counter for each of multiple memory blocks; maintains an epoch counter for the memory system; writes data in a selected memory block; increases the local sequence number of the selected memory block; updates the opportunity counter for the selected memory block if the local sequence number of the selected memory block rolls over; computes a message authentication code (MAC) in the selected memory block based on a global sequence number and the local sequence number; updates the age counter and the opportunity counter for any non-selected memory blocks if the opportunity counter for the non-selected memory blocks does not match the LSB of the epoch counter for the non-selected memory blocks; and computes a new MAC for any memory block for which the updating is performed. | 05-12-2016 |
20160142381 | DIGITAL RIGHTS MANAGEMENT FOR EMAILS AND ATTACHMENTS - A digital rights management (DRM) method for protecting emails can apply different protection policies to different components of an email such as the message body and the attached digital files. While an email application of the client encrypts the entire email document including both the message and the attachments, a plugin module on the client obtains user input regarding the DRM policies to be applied to individual attachments and then transmits the encrypted email along with the information about the DRM policies for the individual attachments to a digital rights management server. The server first decrypts the entire email document, then applies the user-specified DRM policies to the attachments individually. The server re-composes an email and attaches the individually protected attachments, and transmits the email to the exchange server. | 05-19-2016 |
20160142401 | GENERALIZED CERTIFICATE USE IN POLICY-BASED SECURE MESSAGING ENVIRONMENTS - Within a secure messaging environment, a determination is made that a request to send a message has been generated by a message sender. A message protection policy configured to process the message within the secure messaging environment is identified. The message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a digital certificate of the message sender, is configured with an associated private key to digitally sign the message on behalf of the message sender. Based upon the message protection policy, a determination is made to digitally sign the message using the private key of the secured digital certificate. The message is signed on behalf of the message sender using the private key of the secured digital certificate. | 05-19-2016 |
20160149879 | METHOD FOR GENERATING CRYPTOGRAPHIC "ONE-TIME PADS" AND KEYS FOR SECURE NETWORK COMMUNICATIONS - A method of generating random and pseudo-random material which is incorporated in devices located at each end of a communications network for secure communications through a channel of the network. The material is used to generate time based one-time pads, one-time keys, and the keys themselves. The one-time pads, one-time keys, and the keys support a key-based or pad based cryptographic technique employed to produce secure communications of messages transmitted through the channel with a one-time pad, one-time key, or a key generated at one interval of time being different and unique from a one-time pad, one-time key, or a key generated at any other interval of time. | 05-26-2016 |
20160149908 | AUTHENTICATION METHOD AND AUTHENTICATION SYSTEM - A system performs mutual authentication between a controller and a first device, creates a group key, shares the group key, and sets the first device as a reference device. The system performs mutual authentication between the controller and a second device, and shares the group key with the second device. Thereafter, the system, performs mutual authentication between the controller and the first device, updates the group key, and shares the updated group key between the controller and the first device. At a group key update timing when the group key is updated, the system performs mutual authentication between the controller and the second device, and shares the updated group key with the second device. | 05-26-2016 |
20160149915 | METHOD OF PROVIDING FRESH KEYS FOR MESSAGE AUTHENTICATION - The present invention provides a method of operating a mobile unit in a wireless communication system. Embodiments of the method may include providing access request message(s) including information indicative of a first counter and a message authentication code formed using a first key. The first key is derived from a second key and the first counter. The second key is derived from a third key established for a security session between the mobile unit and an authenticator. The first counter is incremented in response to each access request provided by the mobile unit. | 05-26-2016 |
20160173505 | ON-VEHICLE COMMUNICATION SYSTEM | 06-16-2016 |
20160182464 | TECHNIQUES FOR SECURING DELIVERY OF AN AUDIO MESSAGE | 06-23-2016 |
20160182512 | APPARATUS AND METHOD FOR SECURE PROVISIONING OF A COMMUNICATION DEVICE | 06-23-2016 |
20160191542 | MESSAGE SENDER AUTHENTICITY VALIDATION - In an example, a system and method are provided for validating the sender of a message, such as an e-mail, text message, voice mail, network message, internet posting, or other electronic message. An authenticity server engine may first prescreen the message with anti-spam, anti-malware, and other filters. The screened message is then provided to the end user. If the end user deems the message suspicious, he may request additional validation. The authenticity server engine may then apply an example four-phase validation scheme, including analyzing header data for consistency with the message body, analyzing public data sources, analyzing private data sources, and receiving a result of an off-channel challenge to the sender. The server may then assign the message a sender validity confidence score. | 06-30-2016 |
20160380772 | KEYED-HASH MESSAGE AUTHENTICATION CODE PROCESSORS, METHODS, SYSTEMS, AND INSTRUCTIONS - A processor of an aspect includes a decode unit to decode a keyed-hash message authentication code instruction. The keyed-hash message authentication code instruction is to indicate a message, to indicate at least one value that is to represent at least one of key information and key indication information, and to indicate a destination storage location. An execution unit is coupled with the decode unit. The execution unit, in response to the keyed-hash message authentication code instruction, is to store a message authentication code corresponding to the message in the destination storage location. The message authentication code is to be consistent with a keyed-hash message authentication code algorithm that is to use a cryptographic hash algorithm. The message authentication code is to be based on a cryptographic key associated with the at least one value. Other processors, methods, systems, and instructions are disclosed. | 12-29-2016 |
20160381016 | SIMPLE TRUSTED TRANSFER TO INTERNET OF THINGS DEVICES - A system and method for updating multiple devices that are coupled to a network by a hub provides a trusted platform module in each of the devices, sends messages from the network to the hub for updating the devices, sends each of the devices messages from the hub to update the device, executes the content of each message in the device to which that message is sent, and deletes each message after it has been executed. Each of the messages preferably includes trusted code, and the device receiving each message executes the trusted code in the trusted platform module. The trusted code may include an update function, an image, and control data, and preferably has integrity. The hub may receive trusted code from a remote server, execute the trusted code to send a message to one of the devices, and then delete the trusted code. | 12-29-2016 |
20190147150 | DIGITAL CERTIFICATE CONTAINING MULTIMEDIA CONTENT | 05-16-2019 |