Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Having key exchange

Subclass of:

713 - Electrical computers and digital processing systems: support

713150000 - MULTIPLE COMPUTER COMMUNICATION USING CRYPTOGRAPHY

713168000 - Particular communication authentication technique

Patent class list (only not empty are listed)

Deeper subclasses:

Entries
DocumentTitleDate
20110179277Key Distribution to a Set of Routers - Before actually communicating information/data between two endpoints (C, S) connected to a network a secure and confidential distribution of a special key (K h) is performed to nodes (R j) along a path in the network. This is allowed by performing a path handshaking procedure in which first a hint token is forwarded along the path in a first direction and then a disclosure token is forwarded in the opposite direction. In forwarding the disclosure token it is verified in the nodes against the already received hint token. This assures that only nodes on the particular path will receive the special key or possibly some other information related thereto.07-21-2011
20110185177Method for generating an asymmetric cryptographic key pair and its application - The invention pertains to a method, computer readable medium, and data processing system for generation of an asymmetric cryptographic key pair including reception of an arbitrarily selectable login name, calculation of a first data object key, whereby a random value and the login name are included in the calculation, and calculation of a second data object key from the first data object key, whereby the first and second data object keys form the asymmetric cryptographic key pair.07-28-2011
20090217044AUTOMATED KEY MANAGEMENT SYSTEM AND METHOD - A system and method for automatic key and certificate management is disclosed. In particular, a key store in a base computer contains both new and previously viewed cryptographic keys. In one embodiment, for each new key, if a corresponding certificate matches an existing certificate, the new certificate may be automatically downloaded to a mobile communications device without prompting a user.08-27-2009
20110208968WIRELESS LAN DEVICE, WIRELESS LAN SYSTEM, AND COMMUNICATION METHOD FOR RELAYING PACKET - A wireless LAN device which performs wireless communication in a wireless network comprises: a communication section for performing the wireless communication such that a packet can be relayed in the wireless network; and a setting section for obtaining first identification information from another wireless LAN device present in a communicable state within a radio wave arrival range of the wireless LAN device, which first identification information can identify the other wireless LAN device, and setting a role for executing an asymmetric protocol asymmetric between the wireless LAN device and the other wireless LAN device, the role being set based on the first identification information, and second identification information, stored in the wireless LAN device, that can identify the wireless LAN device. The wireless LAN device shares an encryption key, based on the set role, and relays a packet by encrypting the packet by using the encryption key.08-25-2011
20100023769METHODS AND APPARATUS FOR SECURE DOCUMENT PRINTING - Methods and apparatus are provided for securely printing a print job on a networked printer. An application program running on a networked computer instructs the printer to generate and exchange cryptographic keys. The application program then encrypts the print job using the keys, and then communicates the encrypted print job to the printer. The printer decrypts the received print job and prints the document.01-28-2010
20100023767API for Diffie-Hellman secret agreement - Various technologies and techniques are disclosed for implementing a Diffie-Hellman secret agreement. An application programming interface is provided that is operable to allow a first computer to generate a Diffie-Hellman secret agreement for communicating securely with a second computer over an insecure channel. A get public key operation is performed upon receiving a request to perform the get public key operation. The get public key operation gets a public key of the first computer. A retrieval operation is performed upon receiving a request to perform the retrieval operation. The retrieval operation retrieves the Diffie-Hellman secret agreement upon supplying a public key of the second computer.01-28-2010
20100082987TRANSPARENT TRUST VALIDATION OF AN UNKNOWN PLATFORM - A transparent trust validation of an unknown platform can be performed by communicationally coupling it to a trusted device, such as a portable peripheral device carried by a user, or one or more remote computing devices. Information from the unknown platform can be obtained by boot code copied to it from the trusted device and such information can be validated by the trusted device. The trusted device can then provide an encrypted version of decryption key to the boot code which can request the Trusted Platform Module (TPM) of the unknown platform to decrypt and return the decryption key. If the information originally obtained from the unknown platform and validated by the trusted device was authentic, the TPM will be able to provide the decryption key to the boot code, enabling it to decrypt an encrypted volume comprising applications, operating systems or other components.04-01-2010
20100049980METHODS AND SYSTEMS FOR BOOTSTRAPPING SECURITY KEY INFORMATION USING SESSION INITIATION PROTOCOL - Methods, systems and communication nodes for bootstrapping key establishment to exchange encryption keys between a terminal-based client and an application server using Session Initiation Protocol (SIP) signaling are described.02-25-2010
20110202770SECURITY OF DATA OVER A NETWORK - A method for securing data transmitted over a network to an image display device. In one embodiment, the method may include identifying at least one image display device on the network, selecting the at least one image display device for transmission of data, activating a data protection process to generate locked data and transmitting the locked data to the image display device. The method may further include receiving a key to unlock the locked data such that the data is available to the image display device.08-18-2011
20110202769SYSTEM AND METHOD FOR DETECTING COPY OF SECURE MICRO - A Secure Micro (SM) copy detection system includes at least one Access Point (AP) that is connected to at least one host group including at least one SM, at least one Multiple-Services Operator (MSO) that is used to manage the at least one SM and includes the at least one AP, and a host information management server that is used to perform authentication of the at least one SM and that is independently connected to the at least one MSO.08-18-2011
20100077215METHOD FOR TRANSMITTING INFORMATION WITH A SEMANTIC ACKNOWLEDGEMENT OF RECEIPT - The method for transmitting information between an emitter and a receiver includes a phase of authentication of the receiver using a pair of encryption keys of the private key/public key types, a phase of sending a series of information from the emitter to the receiver, a phase of retransmission by the receiver towards the emitter of an acknowledgement of receipt including at least one element semantically associated with the series of information transmitted.03-25-2010
20130086383VIRTUAL MACHINE IMAGES ENCRYPTION USING TRUSTED COMPUTING GROUP SEALING - A host machine provisions a virtual machine from a catalog of stock virtual machines. The host machine instantiates the virtual machine. The host machine configures the virtual machine, based on customer inputs, to form a customer's configured virtual machine. The host machine creates an image from the customer's configured virtual machine. The host machine unwraps a sealed customer's symmetric key to form a customer's symmetric key. The host machine encrypts the customer's configured virtual machine with the customer's symmetric key to form an encrypted configured virtual machine. The host machine stores the encrypted configured virtual machine to non-volatile storage.04-04-2013
20130080783METHOD FOR ESTABLISHING SECURE NETWORK ARCHITECTURE, METHOD AND SYSTEM FOR SECURE COMMUNICATION - A method for establishing a secure network architecture, a method and system for secure communication are provided. Said method for establishing a secure network architecture includes: 1) constructing the network architecture where the identities of nodes are legal, including: neighboring node discovery; performing identities certification and shared key negotiation between a node and the neighbor node; 2) constructing a secure switching device architecture, including: establishing a shared key between every two of the switch devices.03-28-2013
20130080782METHOD AND SYSTEM OF SECURING GROUP COMMUNICATION IN A MACHINE-TO-MACHINE COMMUNICATION ENVIRONMENT - A method and system for securing group communication in a Machine-to-Machine (M2M) communication environment including a plurality of Machine Type Communication (MTC) groups, wherein each of the plurality of MTC groups includes a plurality of MTC devices. The method includes generating a unique group key for securing communication with MTC devices associated with an MTC group in an M2M communication environment, securely providing information on the unique group key to the MTC devices associated with the MTC group, and securely communicating at least one broadcast group message with the MTC devices using the unique group key information.03-28-2013
20130080781METHOD AND SYSTEM FOR SENDING A MESSAGE THROUGH A SECURE CONNECTION - The method and system enable secure forwarding of a message from a first computer to a second computer via an intermediate computer in a telecommunication network. A message is formed in the first computer or in a computer that is served by the first computer, and in the latter case, sending the message to the first computer. In the first computer, a secure message is then formed by giving the message a unique identity and a destination address. The message is sent from the first computer to the intermediate computer after which the destination address and the unique identity are used to find an address to the second computer. The current destination address is substituted with the found address to the second computer, and the unique identity is substituted with another unique identity. Then the message is forwarded to the second computer.03-28-2013
20090119511AUTOMATED KEY MANAGEMENT SYSTEM AND METHOD - A system and method for automatic key and certificate management is disclosed. In particular, a key store in a base computer contains both new and previously viewed cryptographic keys. In one embodiment, for each new key, if a corresponding certificate matches an existing certificate, the new certificate may be automatically downloaded to a mobile communications device without prompting a user.05-07-2009
20090119510END-TO-END NETWORK SECURITY WITH TRAFFIC VISIBILITY - End-to-end security between clients and a server, and traffic visibility to intermediate network devices, achieved through combined mode, single pass encryption and authentication using two keys is disclosed. In various embodiments, a combined encryption-authentication unit includes a cipher unit and an authentication unit coupled in parallel to the cipher unit, and generates an authentication tag using an authentication key in parallel with the generation of the cipher text using an encryption key, where the authentication and encryption key have different key values. In various embodiments, the cipher unit operates in AES counter mode, and the authentication unit operates in parallel, in AES-GMAC mode Using a two key, single pass combined mode algorithm preserves network performance using a limited number of HW gates, while allowing an intermediate device access to the encryption key for deciphering the data, without providing that device the ability to compromise data integrity, which is preserved between the end to end devices.05-07-2009
20090119509METHOD FOR NEGOTIATING SECURITY-RELATED FUNCTIONS OF SUBSCRIBER STATION IN WIRELESS PORTABLE INTERNET SYSTEM - The present invention relates to a subscriber station security-related parameter negotiation method in a wireless portable Internet system. The subscriber station security-related parameter negotiation method includes security-related parameters in transmitting/receiving basic capability negotiation request messages and basic capability negotiation response messages such that the subscriber station and the base station negotiate the subscriber station security-related parameters. The security-related parameters include an authorization policy support subfield used to negotiate an authorization policy between the subscriber station and the base station, and message authentication code mode subfields used to negotiate a message authentication code mode. The base station can inform the subscriber station that authentication or message authentication is not performed and is omitted according to a service provider policy by writing it on the authorization policy support subfield or message authentication code mode subfield. In addition, the subscriber station and the base station can select an authorization policy formed with at least one combination through the authorization policy support subfield of the security negotiation parameters. According to the present invention, the service provider of the wireless portable Internet system can more efficiently and flexibly manage the system by providing a scheme for omitting an authentication function and a message authentication function as well as for supporting various authorization policies and message authentication functions.05-07-2009
20130036307AUTHENTICATION OF CACHE DNS SERVER RESPONSES - A response to a Domain Name System (DNS) query can be protected with authentication information to be used by a host that originated the query. In one example, a DNS server is not among servers that can be authenticated by the Domain Name System Security Extensions (DNSSEC). The DNS server generates a public-private key pair and uses the private key for signing DNS resolutions. The corresponding public key can be distributed to hosts that will communicate with the DNS server. In various implementations, the public key is distributed by the DNS server and/or routers or as part of a neighbor discovery interaction. In one example, the public key is distributed in certificate path advertisements of the IPv6 Secure Neighbor Discovery Protocol (SEND) protocol.02-07-2013
20130036308END-TO-END AUTHENTICATION OF SESSION INITIATION PROTOCOL MESSAGES USING CERTIFICATES - End-to-end authentication capability based on public-key certificates is combined with the Session Initiation Protocol (SIP) to allow a SIP node that receives a SIP request message to authenticate the sender of request. The SIP request message is sent with a digital signature generated with a private key of the sender and may include a certificate of the sender. The SIP request message my also be encrypted with a public key of the recipient. After receiving the SIP request, the receiving SIP node obtains a certificate of the sender and authenticates the sender based on the digital signature. The digital signature may be included in an Authorization header of the SIP request, or in a multipart message body constructed according to the S/MIME standard.02-07-2013
20090183005Distributing Access to a Data Item - A method is provided for use in distributing access to a data item. The method includes allowing multiple transfers between computers of a single instance of permission to gain access to the data item, the transfers occurring across data connections and including a first transfer between a first computer and a second computer and a subsequent transfer between the second computer and a third computer, wherein at any one time only one computer retains the instance of permission and is able to use the instance of permission to gain access to the data item.07-16-2009
20120210134METHOD OF SECURING COMMUNICATION - A method for securing data to be transmitted between a plurality of devices which includes exchanging encryption keys between first and second devices of the plurality of devices, selecting digital rights management (DRM) features for the data which is to be transmitted from the first device, encrypting the data to be transmitted and the selected digital rights management features using at least one distinct key, transmitting the encrypted data and the selected DRM features to the second device and a third device, and decrypting the encrypted data on the second device using the exchanged encryption keys and displaying the data according to the selected DRM features.08-16-2012
20130042113DATA SHARING SYSTEM, DATA DISTRIBUTION SYSTEM, AND DATA PROTECTION METHOD - Embodiments of the present invention provide a data protection method, used by a data owner to share data with a data sharer securely through a data distribution system. The data owner first establishes a proxy relationship with the data sharer, while the data distribution system is configured to maintain a proxy relationship between the data owner and the data sharer, and after receiving encrypted shared data sent by the data owner, the data distribution system changes the encrypted shared data according to the proxy relationship, so that the data sharer may decrypt the data. By using the data protection method in the embodiments of the present invention, both encryption and decryption of data are a result of coordination of three parties, thereby avoiding a problem of data leakage caused by a problem of a single party.02-14-2013
20130042112USE OF NON-INTERACTIVE IDENTITY BASED KEY AGREEMENT DERIVED SECRET KEYS WITH AUTHENTICATED ENCRYPTION - A sender private key is created from a master key. The sender private key and public information about a recipient is used to produce a secret key. Data is encrypted with the secret key. The encryption uses authentication data. The encrypted data is sent to the recipient. A recipient private key is created from the master key. The recipient private key is different from the sender private key. The recipient private key and public information about the sender is used to recreate the secret key. At the recipient, the secret key is used to decrypt the encrypted data and the authentication data is used to authenticate the data.02-14-2013
20100042841Updating and Distributing Encryption Keys - System and method for providing secure communications is provided. Initially, an exchange protocol, such as a password-authenticated key exchange protocol, is used to create a shared secret. From the shared secret, two keys are created: a utilized key and a stored key. The utilized key is used to encrypt messages between nodes. When it is time to replace the utilized key to maintain security, the stored key is utilized to encrypt messages for generating/distributing a new shared secret. The new shared secret is then used to generate a new utilized key and a new stored key. This process may be repeated any number of times to maintain security.02-18-2010
20100325435Two-factor authenticated key exchange method and authentication method using the same, and recording medium storing program including the same - A two-factor authenticated key exchange method. A subscriber station transmits a value generated by using an identifier and an authentication server's public key to the authentication server through an access point. The authentication server uses the value to detect the subscriber's password, a key stored in a token, and the authentication server's secret key, generate a random number. The subscriber station uses the random number, password, and the key to transmit an encrypted value and the subscriber's authenticator to the authentication server. The authentication server establishes a second value generated by using the password, key, and random number to be a decrypted key to decrypt the encrypted value, authenticate the subscriber's authenticator, and transmits the authentication server's authenticator to the subscriber station. The subscriber station authenticates the authentication server's authenticator by using the key and password.12-23-2010
20090158042Managed Access Point Protocol - Methods, apparatuses and systems facilitating deployment and configuration of managed access points in hierarchical wireless network systems. An embodiment of the invention facilitates deployment and configuration of conventional, substantially autonomous access points operating in connection with a central management node, such as a server or appliance. In another embodiment, the present invention facilitates deployment and configuration of light-weight access points in a hierarchical wireless network system. In one embodiment, the present invention also provides a streamlined encryption key exchange protocol adapted to hierarchical wireless network system architectures.06-18-2009
20090158041METHODS AND DEVICES FOR CREATING SECURITY GROUP AND AUTHENTICATION OVER P2P NETWORK - A method of creating a security group over a Peer-To-Peer (P2P) network is disclosed. An invitee terminal attaches a public key to a peer advertisement in which its own identification information is encrypted using its own private key, and then sends a resulting peer advertisement over the P2P network. An inviter terminal, which has found the peer advertisement, encrypts a group advertisement, including group information about the security group, using public keys of the corresponding invitee terminal, and then sends a resulting group advertisement to the invitee terminal desired to be invited to the security group. The invitee terminal decrypts the group advertisement using its own private key, and participates in the security group using the group information.06-18-2009
20090158040METHOD AND SYSTEM FOR SECURE EXCHANGE OF DATA IN A NETWORK - A first network device implements a method for the secure exchange of data in a network. The network also includes a second network device and a remote device. The method includes establishing an indirect path to the remote device and pre-negotiating first security parameters with the remote device over the indirect path using a network layer protocol, when the second network device has an active first data link. The method further includes establishing an active second data link with the remote device and exchanging first data with the remote device over the active second data link using the first security parameters, when the first data link becomes inactive.06-18-2009
20100332836METHOD AND APPARATUS FOR RECOVERING SESSIONS - A method for recovering sessions includes storing, by a client, session information after a session is established between the server and the client. When the session needs to be recovered upon interruption, the client sends all state information before interruption of the session and the session information to the server, and the server recovers the session upon the received session information and all state information before interruption of the session. After a session is interrupted, the server does not need to store any session-related information, thus saving the resources of the server, and all information about the previous session can be recovered completely.12-30-2010
20100106972SIGNALLING DELEGATION IN A MOVING NETWORK - In order to delegate location update signaling responsibility from a Mobile Node to a Mobile Router, the Mobile Router is provided with a second symmetric key generated by a Mobile Node using a first symmetric key shared between the Mobile Node and a Peer Node. The Mobile Router is additionally provided with a “certificate” authenticating the second symmetric key using the first symmetric key. In this way, the mobile router can sign location update related messages sent to the Peer Node with the second symmetric key, and can provide the Peer Node with the certificate in order to allow the Peer Node to authenticate the right of the Mobile Router to act on behalf of the Mobile Node.04-29-2010
20100106971METHOD AND COMMUNICATION SYSTEM FOR PROTECTING AN AUTHENTICATION CONNECTION - A method for protecting an authentication connection is described, comprising generating a first keying material by generating a first authentication connection, deriving from the generated first keying material a second keying material and utilizing the second keying material for protecting a second authentication connection.04-29-2010
20090125719METHODS OF ENSURING LEGITIMATE PAY-PER-CLICK ADVERTISING - A method for transferring state information between a client device and a server, the client device being configured to select content, and the server having a memory module and being configured to store referenced content and to transmit referenced content to at least one client device. The method includes receiving a request on the server from the client device, wherein the request includes the state information from the client device; detecting whether the state information has previously been received by the server; updating the state information; and transmitting a response including the updated state information to the client device.05-14-2009
20090125720System Having Secure Access Between IC Entities - A system is provided having first and second integrated circuits. The first integrated circuit implements a first entity which stores an encryption or decryption function, one or more secret keys for use with the function, and an identity of each of the secret keys which are each indicative of an access permission to the first entity associated with each of the secret keys. The second integrated circuit implements a second entity which stores the function and is programmed and configured to issue a request to the first integrated circuit for one or more of the access permissions and associated key identities for one or more of the secret keys stored in the first entity. The first integrated circuit being programmed and configured to respond to the request by outputting the access permissions and key identities to the second entity for use with the function without outputting the secret keys.05-14-2009
20130046981SECURE PROVISIONING OF INTEGRATED CIRCUITS AT VARIOUS STATES OF DEPLOYMENT, METHODS THEREOF - An integrated circuit is provisioned after the integrated circuit has been sold and integrated into a customer's product. During provisioning, the integrated circuit is booted in a secure manner using a security value, such as a cryptographic key, owned by a manufacturer of the integrated circuit, or by a purchaser of the integrated circuit, to establish a secure communications channel with a provisioning server. Once the secure communications channel is established, the integrated circuit can be provisioned with a security value that is owned by the purchaser of the integrated circuit and the manufacturer's security value is disabled.02-21-2013
20130046985Method and Apparatus for Cryptographic Key Storage Wherein Key Servers are Authenticated by Possession and Secure Distribution of Stored Keys - A key management system includes secured data stored on a first system secured by a control key stored securely on a key server. The secured data is secured against attacks such as unauthorized use, modification or access, where authorization to access the secured data is determined by knowledge of an access private key of an access key pair. When an authorized user is to access the secured data, the first system generates a request to the key server, signed with the access private key, wherein the request is for a decryption control key and the request includes a one-time public key of a key pair generated by the first system for the request. The first system can decrypt the decryption control key from the response, using a one-time private key. The first system can then decrypt the secured data with the decryption control key remaining secured in transport.02-21-2013
20130046984Establishing a Secured Communication Session - The present invention relates to a method for establishing a secured communication session in a communication system between a user using an untrusted device and a server. According to the present invention the user first obtains an authentication algorithm and an encryption algorithm and then creates a session key. Next the user obtains a public key of the server and sends a personal identity number to the server for authentication by using the authentication algorithm, the personal identity number being encrypted by using the encryption algorithm and the public key of the server. The user also sends the session key to the server for encrypting purpose between the user and the server, the session key being encrypted by using the encryption algorithm and the public key of the server.02-21-2013
20130046983AUTHENTICATION METHOD AND DEVICE, AUTHENTICATION CENTRE AND SYSTEM - An authentication method and device, authentication centre and system are provided. The method comprises: receiving at least one access request and obtaining sub-key information from the access request; generating a group key according to the obtained sub-key information, and interacting with the network side according to the group key to perform the group authentication. The solution can solve the problem that the one-to-one authentication causes network load in the present art, implement the authentication of multiple nodes at one time, reduce network resources and the network load of the server, and can be appropriate for the authentication of the terminal nodes in the internet of things, and can greatly improve the availability of services in the internet of things.02-21-2013
20130046982APPARATUS AND METHOD FOR SUPPORTING FAMILY CLOUD IN CLOUD COMPUTING SYSTEM - A method and an apparatus for effective data sharing between users in a cloud computing system are provided. The cloud computing system includes a first cloud hub and a User Equipment (UE). The first cloud hub provides a cloud service to a UE connected by a public cloud access and provides a cloud service to a UE connected to a public personal cloud system installed by a service provider, and is installed by a user. The UE subscribes to the first cloud hub as a main cloud and inquires as to data stored in the first cloud hub.02-21-2013
20130046986ELECTRONIC DATA COMMUNICATION SYSTEM - There is described an electronic data communication system in which encrypted mail messages for a recipient are sent in two parts: message data encrypted by a symmetric encryption algorithm using a session key and session key data encrypted by an asymmetric encryption algorithm using a public key associated with the recipient. If the recipient uses a webmail service to access the encrypted electronic mail message, the encrypted session key data is sent to a trusted third party server which has access to the private key of the user. The trusted third party server decrypts the encrypted session key using the private key of the user, and then sends the decrypted session key to a remote network device for decryption of the encrypted message.02-21-2013
20090044014NETWORK CONSTRUCTING METHOD AND COMMUNICATION APPARATUS - In a wireless network communication device, multiple items of network identification information, which are for identifying wireless network systems, are read out of a memory and displayed on a display unit. Network identification information of a wireless network system, which is capable of being constructed anew, is selected from the multiple items of network identification information displayed and a wireless network system corresponding to the network identification information selected is constructed.02-12-2009
20090307497IDENTITY-BASED-ENCRYPTION MESSAGING SYSTEM - A system is provided that uses identity-based encryption to support secure communications between senders and recipients over a communications network. Private key generators are used to provide public parameter information. Senders encrypt messages for recipients using public keys based on recipient identities and using the public parameter information as inputs to an identity-based encryption algorithm. Recipients use private keys to decrypt the messages. There may be multiple private key generators in the system and a given recipient may have multiple private keys. Senders can include private key identifying information in the messages they send to recipients. The private key identifying information may be used by the recipients to determine which of their private keys to use in decrypting a message. Recipients may obtain the correct private key to use to decrypt a message from a local database of private keys or from an appropriate private key server.12-10-2009
20090307496METHOD OF DERIVING AND UPDATING TRAFFIC ENCRYPTION KEY - A method for efficiently deriving a traffic encryption key for data encryption is disclosed. A method of generating a traffic encryption key (TEK) comprises the steps of receiving, by a mobile station from base station, a first nonce and first security materials for deriving the traffic encryption key (TEK) and deriving the traffic encryption key (TEK) using one or more of the first nonce, the authentication key (AK), and the first security materials.12-10-2009
20090307495CONFIDENTIAL COMMUNICATION METHOD - In SSL encryption communication in which a client and a server share a password, the client generates random number data, encrypts the random number data with a public key and a password, and transmits the encrypted random number data to the server, so that the client and the server safely share the random number data having a bit length longer than that of the password. Safe cryptographic communication is performed without intermediaries by using the random number data or by mutually presenting a hash value of the random number data.12-10-2009
20130073855Collision Based Multivariate Signature Scheme - A cryptographic method and system is described, the method and system including providing a key pair that includes a private key and a corresponding public key, which defines a multivariate polynomial mapping, computing, using a processor and the private key, a digital signature for a message such that a first application of the mapping to the digital signature gives a first result, and a second application of the mapping to the message gives a second result that is equal to the first result, and conveying the message with the digital signature to a recipient for authentication using the public key. Related hardware, methods, and systems are also described.03-21-2013
20130073854DATA STORAGE INCORPORATING CRYTPOGRAPHICALLY ENHANCED DATA PROTECTION - Various exemplary embodiments relate to a system for storing encrypted data and providing access to a group of users. The system may include: a record of user accounts including: a user identifier and a public encryption key; an access control list (ACL) defining an access control policy including: permissions defining access to data objects associated with the ACL and an ACL key list including copies of a an ACL key encrypted with the public keys of the users; a user-data storage medium including: encrypted user data, stored as a plurality of data objects, each object associated with an ACL and encrypted with the ACL key, and meta-data; and an access controller configured to: receive a request for a data object, and send a copy of the data object and the ACL key encrypted with the public key of the user if the user has permission to access the data object.03-21-2013
20130061054METHOD TO CONTROL AND LIMIT READABILITY OF ELECTRONIC DOCUMENTS - A series of data treatment processes, software applications and hardware devices jointly used to achieve the ability to make an electronic document available to the public or to a limited audience to either cease being readable, or start being readable, at a given moment in time or after a given event has occurred. A typical usage scenario consists in “automatic destruction” of documents used internally by an organization and that must be made unreadable after a certain project is complete. Conversely, public offers for auctions may be posted to all the participants and the issuer in an unreadable form, and made then readable after the deadline of the auction is expired. Again, documents may be made unreadable after a certain number of reads, or forwarded to a specific address under some conditions, or accessed only through well-known unmodified clients.03-07-2013
20090271628METHOD AND SYSTEM FOR KEY EXCHANGE AND METHOD AND APPARATUS FOR REDUCING PARAMETER TRANSMISSION BANDWIDTH - The embodiments of the present disclosure disclose a method and apparatus for reducing the parameter transmission bandwidth. The parameter sender reduces the values of the parameters before sending the parameters to the parameter receiver. This scheme reduces the bandwidth consumed during parameter transmission, thus makes the transmission more efficient. The embodiment of the present disclosure also discloses a method for key exchange. This method reduces the values of the transmission parameters before sending the transmission parameters. This saves the bandwidth compared with the protocol in the prior art. Besides, the embodiment of the present disclosure discloses a system for key exchange. The parameter sender sends the transmission parameters to the bandwidth processing unit. The bandwidth processing unit performs a modulo operation on the received transmission parameters and then sends the processed transmission parameters to the parameter receiver, thus reducing the bandwidth consumed in the transmission of transmission parameters.10-29-2009
20090271627Secure Data Transmission - A method of facilitating secure sending of a message from a sender to a recipient over a network, comprising establishing communication between a sender side and a recipient trusted server having knowledge of an encryption key of recipient; obtaining a messaging key comprising a messaging encryption key and a messaging decryption key; exchanging messaging key data between sender side and recipient trusted server such that sender side has knowledge of the messaging encryption key and recipient trusted server has knowledge of the messaging decryption key; encrypting messaging decryption key with recipient's encryption key by recipient trusted server; transmitting messaging decryption key encrypted by recipient's encryption key from recipient trusted server to sender side, and transmitting messaging decryption key encrypted by recipient's encryption key from sender side to recipient and transmitting the message encrypted by messaging encryption key directly from sender side to recipient.10-29-2009
20090089583Method of establishing authentication keys and secure wireless communication - A method of establishing authentication keys at both a network and mobile equipment are provided. The authentication key generated by the mobile equipment is based on both mobile keys and network keys, which are each calculated by the mobile equipment. The authentication key generated by the network is based on both mobile keys and network keys, which are each calculated by the network. The mobile keys are calculated from a challenge generated by the mobile equipment and the network keys generated by the mobile based on a challenge generated by network.04-02-2009
20090089582METHODS AND APPARATUS FOR PROVIDING UPGRADEABLE KEY BINDINGS FOR TRUSTED PLATFORM MODULES - A processing system with a trusted platform module (TPM) supports migration of digital keys. For instance, an application in the processing system may create a first configuration key as a child of a TPM storage root key (SRK) when the processing system has a first configuration. The application may also create an upgradable root user key associated with an upgrade authority as a child of the first configuration key. The application may also create a user key as a child of the upgradable root user key. When the processing system has a second configuration, the application may create a second configuration key as a child of the SRK. The application may request migration approval from the upgrade authority. In response to receiving the approval from the upgrade authority, the application may migrate the root user key to be a child of the second configuration key. Other embodiments are described and claimed.04-02-2009
20120226909Method of Configuring a Node, Related Node and Configuration Server - A method for configuring a node, said node holding a public key depending on an identifier relating to said node, a related secret key and an address of a configuration server storing sets of configuration parameters for respective nodes, the method comprising the following steps carried out at the configuration server: 09-06-2012
20130067230METHOD FOR GENERATING RIGHTS OBJECT AND DEVICE TO PERFORM THE METHOD, METHOD FOR TRANSMITTING RIGHTS OBJECT AND DEVICE TO PERFORM THE METHOD, AND METHOD FOR RECEIVING RIGHTS OBJECT AND DEVICE TO PERFORM THE METHOD - A method for transmitting a Rights Object (RO) includes generating a password key by encrypting a password, generating the RO using the password key, and transmitting the RO from a first device to a second device. The second device and the first device share the password and the second device generates the password key using the same encryption method as that used by the first device to generate the password key. The second device decrypts a Message Authentication Code (MAC) key and a Rights Object Encryption Key (REK) using the password key, decrypts a Content Encryption Key (CEK) using the decrypted REK, and verifies integrity of the RO using the decrypted MAC key. The second device can use and/or access content associated with the RO using the decrypted CEK. The CEK may be generated by the first device or may be the CEK from a Rights Issuer.03-14-2013
20130067228METHOD AND DEVICE FOR SECURELY SHARING IMAGES ACROSS UNTRUSTED CHANNELS - A method and device for securely sharing images across untrusted channels includes downloading an encrypted image from a remote server to a computing device. The encrypted image may be encrypted at the time of uploading by another user. The current user of the computing device is authenticated using a facial recognition procedure. If the current user is authenticated and is determined to be authorized to view the decrypted image, the encrypted image is decrypted and displayed to the user. If the user becomes unauthenticated (e.g., the user leaves the computing device or another user replaces the current user), the encrypted image is displayed in place of the encrypted image such that the decrypted image is displayed only for authorized persons physically present at the computing device.03-14-2013
20130067229METHOD AND APPARATUS FOR KEY SHARING OVER REMOTE DESKTOP PROTOCOL - Various methods for the secure exchange of private keys for authenticating a user to an RDP service are provided. One example method may comprise receiving a request comprising a session token to provide a user with access to an RDP service, and retrieving a username and password associated with the user using the session token. The method may further comprise assigning a time period of validity to the password. Furthermore, the method may comprise generating a first secret key based on user information, generating a second secret key based on the first secret key and a salt, and encrypting a packet comprising the password and the time period using the second secret key. Additionally, the method may comprise transmitting the username and encrypted packet to the device for authenticating the user with the requested RDP service. Similar and related example methods, apparatuses, systems, and computer program products are also provided.03-14-2013
20090235077NETWORK INFRASTRUCTURE VALIDATION OF NETWORK MANAGEMENT FRAMES - A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.09-17-2009
20090235076Extensible and flexible electronic information tracking systems and methods - A method and system for tracking electronic information includes the steps of: encrypting an electronic file stored on a hardware storage device; attaching or incorporating with the file a standalone executable program that implements a request for a decryption key accompanied by tracking information when an attempt is made to access the file; verifying the tracking information by a central processing unit; if the tracking information is verified as acceptable, providing the decryption key; and if the tracking information is not verified as acceptable, modifying the file to include a record of the failed attempt to access the file and the tracking information, and storing said modified file on the hardware storage device.09-17-2009
20120272064DISCOVERY OF SECURITY ASSOCIATIONS - Techniques are disclosed for discovering security associations formed in communication environments. For example, a method for forming a discoverable security association between a first computing device (e.g., a first client) and a second computing device (e.g., a second client) comprises the following steps. The first computing device is provided with a seed that is used by the first computing device to generate a secret that is used by the first computing device to compute a key for use in securing communications with the second computing device. The secret is re-computable based on knowledge of the seed and the key is re-computable based on knowledge of the secret such that a third computing device (e.g., an intercepting server) can use the re-computed key to intercept communications between the first computing device and the second computing device unbeknownst to the first computing device and the second computing device. By way of example, the key may be a result of an identity based authenticated key exchange.10-25-2012
20090199002Methods and Systems for Shortened Hash Authentication and Implicit Session Key Agreement - A first hash result is generated at a client system in accordance with hash input parameters known to the client system. A second hash result is generated at a server system in accordance with hash input parameters known to the server system. Each of the first hash result and the second hash result is truncated in a same manner. The truncated first hash result is transmitted from the client system to the server system. The truncated first hash result as transmitted to the server system is compared with the truncated second hash result generated at the server system. Equality between the truncated first hash result as transmitted to the server system and the truncated second hash result generated at the server system authenticates the client system to the server system.08-06-2009
20120239933Methods and Devices Having a Key Distributor Function for Improving the Speed and Quality of a Handover - Embodiments relate to a key distributer node (AS) for a network, which comprises: 09-20-2012
20100211789INLINE KEY-BASED PEER-TO-PEER PROCESSING - Various exemplary embodiments relate to a method and related network element including one or more of the following: receiving, in a network element in the telecommunications network, a first plurality of packets transmitted from a P2P client to a P2P central entity, the first plurality of packets relating to a request for peer location information; performing deep packet inspection (DPI) to extract a key from the request for peer location information, the key identifying a P2P content item; querying a key storage module using the key to determine whether the key corresponds to a P2P content item for which transfers are to be prevented; and preventing subsequent transfers of the P2P content item between the P2P client and one or more peers that maintain the P2P content item.08-19-2010
20100306544SECURE COMPUTING ENVIRONMENT IN A TRANSPORTABLE CONTAINER - A secure container can comprise a security server, one or more container servers, and one or more sensors that can detect a breach of the physically secure computing environment provided by the container. A management server external to the container can be informed when the container is sealed and authorized and can subsequently provide a cryptographic key enabling the security server in the container to boot. Each container server can request and receive a cryptographic key from the security server enabling them to boot. If the container is breached, such keys can be withheld and any computing device that is powered off, or restarted, will be unable to complete a subsequent boot. If the container loses a support system and is degraded, so long as the security server does not lose power, it can provide the cryptographic keys to container servers restarted after the degradation is removed.12-02-2010
20120047367METHOD AND APPARATUS FOR GENERATING SECURITY CONTEXT - A method and an apparatus for generating a security context are provided. The implementation of the method includes: receiving a first message carrying a network capability of a User Equipment (UE); and generating the security context according to the network capability of the UE carried in the first message if the network capability of the UE carried in the first message is inconsistent with the stored network capability of the UE. After the network capability of the UE changes, information carrying the network capability of the UE is sent to a network side, so as to inform the network side that the network capability of the UE changes; therefore the network side can obtain the network capability of the UE, generate the security context according to the changed network capability of the UE, and further trigger a Radio Resource Control (RRC) connection establishment process.02-23-2012
20100268955CONTENT TRANSMISSION DEVICE AND CONTENT RECEPTION DEVICE - A content reception equipment for accessing an in-home content transmission equipment from a remote place executes a first authentication process with the content transmission equipment in advance, executes the remote access information sharing process required for access from a remote place, and causes the information on the content reception equipment and the remote access information to be registered in an equipment information table of the content transmission equipment.10-21-2010
20110296185Protection of Control Plane Traffic Against Replayed and Delayed Packet Attack - Techniques are provided for determining freshness of control messages in a network. At a first device that is to enter into a secure communication session with a second device, timestamp information and time window size information are sent to the second device in a control message during a first exchange between a first device and a second device. At the first device, timestamp information and time window size information are obtained from a control message received from the second device by the first device during the first exchange. At the first device, the freshness of a control message is tested based on the timestamp information of the control message during a second exchange and the time window size information received from the second device during the first exchange.12-01-2011
20110296186SYSTEM AND METHOD FOR PROVIDING SECURED ACCESS TO SERVICES - A system and method for providing authenticated access to an initiating terminal in relation to the services provided by a terminating terminal via a communications network are disclosed. In one aspect, a global server comprises a communications module, which receives and processes a key exchange initiation message from the initiating terminal so as to establish an encrypted communications channel with the terminating terminal. The communications module, responsive to a received key exchange initiation message, performs an encrypted communication establishment process in respect of the received key exchange initiation message. The encrypted communication establishment process comprises authenticating the initiating terminal, and in the event that the initiating terminal is successfully authenticated, transmitting keying data corresponding to the received key exchange initiation message to the terminating terminal. The keying data is identified on the basis of data associated with the initiating terminal.12-01-2011
20090282251AUTHENTICATING A WIRELESS DEVICE IN A VISITED NETWORK - Alternative authentication approaches for service request are provided. For a mobile station roaming in a visited network that does not support conventional updating of cryptographic keys (such as Dynamic Mobile IP Key Update) for a desired service, such cryptographic key authentication may be accomplished in a different way. Instead of merely rejecting a service request when a cryptographic key for the mobile station is not found at the home network, the home network may initiate a process by which a text messaging channel is utilized to establish such cryptographic key with the requesting mobile station. Alternatively, the home network may utilize other information, such as a verifiable identifier or credential for the requesting mobile station (e.g., IMSI, MIN, etc.) along with a roaming status of the requesting mobile station to authenticate the mobile station and grant access to network services allowing a requested service to be established.11-12-2009
20090282250COMMUNICATION APPARATUS, SERVER, AND COMPUTER PROGRAM PRODUCT THEREFOR - A communication apparatus receives, from another communication apparatus, a plurality of encrypted pieces obtained by encrypting a plurality of pieces constituting a part of a content and obtains a part or all of decryption keys used for decrypting the encrypted pieces. The communication apparatus also obtains an invalid piece list showing one or more identifiers of one or more encrypted pieces that can respectively be decrypted by using one or more decryption keys that have already been invalidated. In the case where at least one of the encrypted pieces is listed in the invalid piece list, the communication apparatus deletes the at least one of the encrypted pieces, based on an obtainment status of the encrypted pieces or an obtainment status of the decryption keys.11-12-2009
20100005302TECHNIQUES FOR VALIDATING AND SHARING SECRETS - Techniques for validating and sharing secrets are presented. A secret is divided into a plurality of parts. Each part is represented by a unique value. Each value is distributed to a unique user that shares in the secret. The secret is recreated when each user presents each user's unique value. Each unique value is then used to recreate its corresponding part of the key and when all parts are present and validated, the secret is reproduced.01-07-2010
20090287929METHOD AND APPARATUS FOR TWO-FACTOR KEY EXCHANGE PROTOCOL RESILIENT TO PASSWORD MISTYPING - A system and method for two factor key exchange protocol resilient to password mistyping is disclosed. This authentication process is based on two factors including both electronically stored (long keys) and human supplied credentials (password or biometrics). The disclosed system and method ensures security in the presence of mistyping. The system includes receiving a message from a client signifying a request to establish a secure connection and sending a first random number to the client. The method continues with receiving a string and authorization code with parameters comprising the first random number and the string where the string includes an identifier, a short key and a second random number encrypted with a public key. The method continues with decrypting the string with a private key verifying the authentication code, verifying the short key and session key derivation by both server and client.11-19-2009
20090063861Information security transmission system - An information security transmission system is disclosed. The system comprises a first information equipment and a second information equipment, wherein the first information equipment can obtain at least one certification data, connecting to the second information equipment through a network for processing an information transmission, accordingly, a key pair used for encryption/decryption can be obtained through the certificate authority or that can be obtained without the certificate authority selectively, such that the information transmission security channel can be established and the data transmission security can be ensured. The first information equipment and the second information equipment respectively comprises a first dynamic codec and a second dynamic codec for processing a coding/decoding process depending on a dynamic code book, furthermore, an automatic error detecting mechanism and an error correcting mechanism can be associated for ensuring the data transmission security and the data correction especially at one time transmission. The transmission data is under the protection of accessing limit, such as time limit, number of times limit, or equipment limit, such that once the receiver end has received the transmission data, the transmission data can be read under the accessing limit, therefore, if the accessing limit is overtook, then the transmission data would be removed for preventing the data to be lost.03-05-2009
20090282252METHOD FOR AUTHENTICATION - A client is intended to be authenticated with a server. The present disclosure relates to a method that includes using an algorithm for the client and server, but independently of one another, to produce a first key. A second key is produced by the client such that its distance from the first key is within a predetermined distance. The second key is sent to the server. The server successfully authenticates the client if the distance between the received second key and the first key is within the predetermined delta. The second key is used as a new start key for further authentication of the client with the server.11-12-2009
20100169646SECURE AND EFFICIENT DOMAIN KEY DISTRIBUTION FOR DEVICE REGISTRATION - A domain key is securely distributed from a device in an existing network to a device outside the network. Each device generates the session key on its own using the first random number, the second random number, the Personal Identification Number, and the same key generation function. The device in the existing network sends the domain key encrypted with the session key to the other device.07-01-2010
20090204817COMMUNICATION SYSTEM - In a method and system for a communications system, identifying at least one of a received message that has been decrypted using a first decryption method and a message to be sent that is to be encrypted using a first encryption method, generating a copy of the at least one of the received message and the message to be sent, encrypting the copy of the at least one of the received message and the message to be sent using a second encryption method to create an encrypted copy of the at least one of the received message and the message to be sent, and transmitting the encrypted copy of the at least one of the received message and the message to be sent from the communications device for decryption and storage.08-13-2009
20100115278SUPPORT OF MULTIPLE PRE-SHARED KEYS IN ACCESS POINT - A method of operating an access point (AP) configured to support multiple pre-shared keys at a given time to authenticate its associated client devices. Each client device associated with the AP is provisioned with a key. To authenticate the client device tat attempts to connect to the AP, the AP determines which pre-shared key (PSK) of the multiple supported pre-shared keys (PSKs). if any, matches information including the key received from the client device. When the information matches, the client device is allowed to connect to the AP. Provisioning the AP with multiple PSKs allows selectively disconnecting associated client devices from the AP. The AP may be configured to support PSKs of different lifetime and complexity. Removing a PSK of the multiple PSKs supported by the AP and disconnecting a client device that uses this PSK does not disconnect other client devices using different keys to access the AP.05-06-2010
20100268954METHOD OF ONE-WAY ACCESS AUTHENTICATION - A method of one-way access authentication is disclosed. The method includes the following steps. According to system parameters set up by a third entity, a second entity sends an authentication request and key distribution grouping message to a first entity. The first entity verifies the validity of the message sent from the second entity, and if it is valid, the first entity generates authentication and key response grouping message and sends it to the second entity, which verifies the validity of the message sent from the first entity, and if it is valid, the second entity generates the authentication and key confirmation grouping message and sends the message to the first entity. The first entity verifies the validity of the authentication and key conformation grouping message, and if it is valid, the authentication succeeds and the key is regarded as the master key of agreement.10-21-2010
20100268953RECORDING DEVICE, AND CONTENT-DATA PLAYBACK SYSTEM - A recording device configured to store content data in an encrypted manner, the recording device comprises a memory unit which stores various data, and a controller which controls the memory unit. The controller possesses a controller key and unique identification information, and is configured to generate a controller-unique key unique for each controller in accordance with the controller key and the identification information. The memory unit stores an MKB generated by encrypting a medium key with a device key set that is a collection of a plurality of device keys, an encrypted device key set generated by encrypting the device key set with the controller-unique key, and a device-key-set index which uniquely identifies the device key set. The controller comprises a decryption unit which obtains a device key set by decrypting the encrypted device key set with the controller-unique key, an ID generating unit which generates a medium ID from the identification information and the device-key-set index, and an authentication unit which executes an authentication process with an exterior in accordance with the device key set, the medium ID and the MKB.10-21-2010
20090150674System and Method for Device Bound Public Key Infrastructure - Techniques are provided secured communication of data, such as in the context of a public key infrastructure (PKI). In one embodiment, the technique may involve using a private key that is bound to the device requesting the secure data, thereby making it harder for someone to copy, steal or fake. The private key may be generated by adding a filler code to a unique device identifier. The identifier may be based on at least one user-configurable parameter and at least one non-user-configurable parameter of the device.06-11-2009
20090063863Secure authenticated channel - A protocol (i.e. method) and corresponding apparatuses for calculating a session key. Two peers with knowledge of a common Diffie-Hellman permanent key, K03-05-2009
20100058061CONTROLLING ACCESS TO DATA STREAMS - Access to one or more data streams can be controlled by encrypting a description of how segments of the data streams can be assembled, for example, to produce an audio or video program. Access to the one or more data streams can also be provided by obfuscating names of at least some of the segments in order to make it more difficult to determine the proper order for assembling the segments. In at least some embodiments, the data contained in at least some of the segments themselves is not encrypted.03-04-2010
20090193253METHOD AND SERVER FOR PROVIDING A MOBILE KEY - After a radio link is established between a mobile subscriber terminal and an access network, the subscriber is authenticated by a proxy server of an intermediate network forwarding, from the access network to a home network of the subscriber, authentication message(s) containing a subscriber identification. If the subscriber is authenticated and the subscriber identification is already stored in the proxy server, the proxy server assigns a group-specific mobile key to the subscriber identification. When the home agent receives a registration request message originating from a subscriber terminal and containing a subscriber identification and transmits a key request message, containing the subscriber identification, for a mobile key to the proxy server, if the subscriber identification in the key request message matches a subscriber identification stored by the proxy server, a mobile key for cryptographic protection of mobile signalling messages is provided to the home agent by the proxy server.07-30-2009
20090327731SECURITY DEVICE FOR CRYPTOGRAPHIC COMMUNICATIONS - Cryptographic systems and methods are provided in which authentication operations, digital signature operations, and encryption operations may be performed. Authentication operations may be performed using authentication information. The authentication information may be constructed using a symmetric authentication key or a public/private pair of authentication keys. Users may digitally sign data using private signing keys. Corresponding public signing keys may be used to verify user signatures. Identity-based-encryption (IBE) arrangements may be used for encrypting messages using the identity of a recipient. IBE-encrypted messages may be decrypted using appropriate IBE private keys. A smart card, universal serial bus key, or other security device having a tamper-proof enclosure may use the authentication information to obtain secret key information. Information such as IBE private key information, private signature key information, and authentication information may be stored in the tamper-proof enclosure.12-31-2009
20120036363METHOD FOR KEY IDENTIFICATION USING AN INTERNET SECURITY ASSOCIATION AND KEY MANAGEMENT BASED PROTOCOL - An initiating device: generates a message having an ISAKMP-based header that includes a security parameter index (SPI) field; identifies a key in the SPI field of the ISKMP-based header; and sends the message to a responding device. The responding device: receives the message; extracts the key identifier; and when a shared key is selected using the key identifier, uses the selected shared key to establish, with the initiating device, a session having a secure tunnel.02-09-2012
20090094458PROCESS AND SYSTEM FOR CONFIRMING TRANSACTIONS BY MEANS OF MOBILE UNITS - Process for confirming transactions by means of mobile units (MU), wherein a control device (CD) sends a request message (RM) containing transaction data (TD) to a mobile unit (MU), which can send to the control device (CD) a confirmation message (CM) containing a confirmation code (CD), wherein the control device (CD) and/or the mobile unit (MU) are provided with one or more digital memories (DM) in which security applications (SA) are stored for encoding and digitally signing the request message (RM) and/or the confirmation message (CM), respectively, before sending them. The present invention also relates to a system for carrying out said process.04-09-2009
20090313472SECURE SESSION KEY GENERATION - A method and apparatus for securing the interface between a Universal Integrated Circuit Card (UICC) and a Terminal in wireless communications is disclosed. The security of Authentication and Key Agreement (AKA) and application level generic bootstrapping architecture (GBA) with UICC-based enhancements (GBA_U) procedures is improved. A secure shared session key is used to encrypt communications between the UICC and the Terminal. The secure shared session key generated using authenticating or non-authenticating procedures.12-17-2009
20100125736METHOD AND SYSTEM FOR SHARING CONTENTS WITH REMOVABLE STORAGE - Disclosed is a content sharing method and system using an external memory. A method for transmitting encrypted contents to an external memory device list includes receiving a device list and public keys for devices, encrypting a domain key by using a public key to generate at least one device domain key, and transmitting the device domain key to the external memory. The method for performing encrypted contents further includes checking a public key of a device, extracting a device domain key corresponding to a public key checked by at least one device domain key stored in an external memory, decoding the extracted device domain key, decoding the encrypted contents by using the decoded device domain key, and performing the decoded encrypted contents. According to the present invention, since a single piece of contents stored in an external memory is reproducible by a plurality of devices, the existing problem of repeatedly settling the single piece of contents is solved and external memory resources are efficiently used.05-20-2010
20090070586Method, Device and Computer Program Product for the Encoded Transmission of Media Data Between the Media Server and the Subscriber Terminal - A request is transmitted from a subscriber terminal via a control channel of an access network to an application function for determining a set of encoding parameters. An encoding context is generated by the application function in accordance with the set of encoding parameters. The encoding context is transmitted from the application function to a media server via a control interface of a core network. Either encoded media data are then decoded or unencoded media data are encoded by the media server using the encoding context in such a way that an encoded transmission of media data is carried out between the media server and the subscriber terminal. A network and a computer program are suitable for carrying out the method.03-12-2009
20100082988WIRELESS SENSOR NETWORK KEY DISTRIBUTION - When installing and maintaining a wireless sensor network in a medical or factory environment, distribution of keying material to sensor nodes (04-01-2010
20100088517Method and Apparatus for Logging Based Identification - A method and apparatus for logging based identification are described. In one embodiment, the method comprises extracting entries of a hash chained log that represents a series of previous transactions. The method may also comprise ordering hash values of the entries extracted from the hash chained log into an ordered list. In one embodiment, the method may further comprise producing a cryptographic hash of the ordered list.04-08-2010
20090282249PROCESS FOR ESTABLISHING A SECRET KEY - A method for establishing a secret key for a data transmission between communication partners in a network, in particular in a personal area network (PAN), or in a body area network (BAN), wherein one or several inefficient communication partners (B) in comparison to a strong, preferably central communication partner (A) of the network, have reduced power resources, is characterized through the following steps: the strong communication partner (A) transmits a plurality of data pairs, each comprising a possible key (K11-12-2009
20090287928Methods, Portable Electronic Devices, Systems and Computer Program Products for Securing Electronic Conference Room Whiteboards - Methods, portable electronic devices, systems and computer program products for securing an electronic whiteboard. A near field communication (NFC) session is established between a portable electronic device and the electronic whiteboard to secure information provided on the electronic whiteboard. Dispersion of the information provided on the electronic whiteboard is enabled and/or disabled using security credentials associated with the established NFC session.11-19-2009
20110197066MULTI-FUNCTIONAL SYSTEM, SECURITY METHOD, SECURITY PROGRAM, AND STORAGE MEDIUM - A multi-functional system includes a main system, and sub-systems operated by sub-programs and the main system. The sub-systems includes a first memory storing a first public key, and a second memory storing an encrypted sub-program and second public key, a first communication controller transmitting the first public key for encrypted communication, a decryption unit decrypting the encrypted sub-program and second public key using an encryption key, and a second controller transmitting the decrypted second public key for encrypted communication. The main system includes a first public key, a second public key, a security device, and first and second communication controllers. The sub-systems execute a plurality of corresponding subprograms under the control of the main system.08-11-2011
20090287930IDENTITY BASED SYMMETRIC CRYPTOSYSTEM USING SECURE BIOMETRIC MODEL - Methods, apparatus, and computer program products are herein described that provide for an identity-based cryptosystem using a highly secure biometric model through which both access and data transmission are effectively made very secure. Through implementation of generating and securely storing biometric data as syndrome vectors tolerance is provided for the inherent variability of biometric data. In addition, to insure that the biometric data is not duplicated by adversaries who might gain access to the syndrome generation algorithm and the biometric data, present aspects, provide for keeping the private key more secure and making the cryptosystem user-identity dependent. As such the systems, apparatus and computer program products herein disclosed provide end-to-end authentication of end users using secure biometry, which constitute the symmetric and/or asymmetric identity-based cryptosystem.11-19-2009
20100299525METHOD AND APPARATUS FOR SPLIT-TERMINATING A SECURE NETWORK CONNECTION, WITH CLIENT AUTHENTICATION - A method and apparatus are provided for split-terminating a secure client-server communication connection, with client authentication. During handshaking between the client and the server, cooperating network intermediaries relay the handshaking messages, without altering the messages. At least one of the intermediaries possesses a private key of the server, and extracts a set of data fields from the handshaking messages, including a Client-Key-Exchange message that can be decrypted with the private key. The intermediary uses the extracted data to compute the client-server session key separate from the client's and the server's similar computation, and may transmit the key to the other intermediary via a secure communication channel. The client and the server thus establish the end-to-end client-server connection, and may authenticate each other, after which the network intermediaries may intercept and optimize the client-server communications transparently to the client and the server.11-25-2010
20100138661MOBILE STATION, ACCESS POINT, GATEWAY APPARATUS, BASE STATION, AND HANDSHAKE METHOD THEREOF FOR USE IN A WIRELESS NETWORK FRAMEWORK - A mobile station, an access point, a gateway apparatus, a base station, and a handshake method thereof for use in a wireless network framework are provided. The wireless network framework comprises a first wireless network comprising the access point, and a second wireless network comprising the gateway apparatus and base station. There is an IP security tunnel between the access point and the gateway apparatus. When the mobile station handovers from the first wireless network to the second wireless network, it transmits a master session key to the gateway apparatus via the access point and the IP security tunnel. Additionally, when the mobile station handovers from the second wireless network to the first wireless network, it transmits a master session key to the access point. As a result, the authentication time, which is needed in handover procedure between the first wireless network and the second wireless network, is reduced effectively.06-03-2010
20080215886FUNCTION LICENSE AUTHENTICATION METHOD AND FUNCTION LICENSE AUTHENTICATION SYSTEM - There is provided a function license authentication method and system capable of preventing the illegal creation of a license key.09-04-2008
20100281262Method for Digital Rights Management in a Mobile Communications Network - The present invention relates to a method and an operator network node for enabling a user-defined DRM domain of *SIMs hosted by *SIM-enabled devices. The operator network node is connectable to a *SIM based device and to a content provider node, and comprises means for establishing a secure channel between a *SIM-based device and an operator network node, means for creating a DRM domain defined by at least one user of *SIM-based devices, means for receiving at the operator network node a registration request from the *SIM-based device to register the *SIM of the *SIM-based device into the created user-defined DRM domain, means for registering at the operator network node the *SIM of the *SIM-based device into the registered user-defined DRM domain, and means for making the registered information associated with the user-defined DRM domain available to the content provider. The invention also relates to a further method and the content provider comprising means for accessing in the operator network node registered information associated with a registered user-defined DRM domain comprising *SIMs of a user, and means for establishing a content provider defined DRM domain comprising at least one of the *SIMs of the user-defined DRM domain.11-04-2010
20100281261DEVICE AND METHOD FOR NEAR FIELD COMMUNICATIONS USING AUDIO TRANSDUCERS - Secure wireless communication links are established between proximately-located devices, each of which includes respective audio transmitters and audio receivers. The audio transmitter of the first device can be used to transmit a device-dependent authentication key, which is received by the audio receiver of the second device. The audio transmitter of the second device can be used to transmit an acknowledgement, which is received at the audio receiver of the first device. The round-trip time from transmitting the authentication key from the first device to receiving the acknowledgement at the first device can be determined, and the decision of whether to establish the secure wireless communication link can be based on the determined round-trip time. In certain embodiments, these steps can be repeated starting with the second device to establish a two-way trust between the devices.11-04-2010
20120297194Device Authentication - A first device in possession of a value is able to determine, without communicating the value and without communicating any information from which the value can be identified, whether a second device is also in possession of the value. The first device accomplishes this with the assistance of a third device that is able to communicate with the first device and with the second device. The second device also does not communicate the value and does not communicate any information from which the value can be identified. The first device may send additional information to the third device which, if passed to the second device, enables the second device to determine that the first device is in possession of the value. The value may be a secret.11-22-2012
20080244268End-to-end network security with traffic visibility - Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. The key may be derived using a cryptographic one way function and a client identifier so that end-to-end security may be achieved.10-02-2008
20130219180DATA PROCESSING FOR SECURING LOCAL RESOURCES IN A MOBILE DEVICE - A method of data processing for securing local resources in a mobile device. The method includes: a) when network connectivity is available: coupling the mobile device with a first identity module associated to a first International Mobile Subscriber Identity (IMSI), receiving in the first identity module a network challenge from a communication network, ciphering the network challenge using a secret key, and sending a corresponding response to the network for subsequent successful authentication, b) after a successful authentication to the communication network: associating at least a part of the local resources to the first IMSI, and storing, in a database of the mobile device, authentication data related to the challenge/response duplet, granting access to local resources associated to the first IMSI.08-22-2013
20100058060Username Based Key Exchange - A method and apparatus for an system and process for sharing a secret over an unsecured channel in conjunction with an authentication system. A client computes a message authentication code based on a hashed password value and a first random string received from the server. The client sends a response to the server that includes authentication data including a second random string. Both the client and server concatenate the first random string, second random string and username. Theses values are processed to generate as a shared master secret to further generate shared secrets or keys to establish a secured communication channel between the client and server. The secured communication can be based on stateless messaging where the decryption key associated with the message is identified by the message authentication code, which is placed within the message.03-04-2010
20080313464SYSTEM AND METHOD OF CREATING AND SENDING BROADCAST AND MULTICAST DATA - A method of encrypting broadcast and multicast data communicated between two or more parties, each party having knowledge of a shared key, is provided. The key is calculated using values, some of which are communicated between the parties, so that the shared key is not itself transferred. Avoiding the transfer of the key offers several advantages over existing encryption methods.12-18-2008
20100005301AUTHENTICATION AND ENCRYPTION UTLIZING COMMAND IDENTIFIERS - A data processing system, recording device, data processing method and program providing medium are provided to execute authentication processing and content storing processing between apparatuses. Program localization is employed to restrict access to program content. A plurality of key blocks store key data for authentication processing. Key block designation information is set in a recorder/reproducer, which is configured for executing authentication processing with the recording device by designating a key block. The recorder/reproducer can set a key block for each product, model or the like. In addition, data stored according to a selected key block cannot be utilized in a recorder/reproducer in which a different key block is set. Furthermore, an encryption processing controlling section of a recording device executes control in accordance with a pre-defined setting sequence. Furthermore, an illegal instrument that has not completed the authentication processing can be prevented from utilizing program content.01-07-2010
20120272065Authentication Method, Host Computer and Recording Medium - According to one embodiment, a host computer updates the media key block MKB in a first updatable memory device in the case where the version number of the media key block MKB read from a recording medium is newer than that of the media key block MKB in the first updatable memory device. The host computer generates a medium unique key Kmu based on a media key Km calculated from the media key block MKB read from the recording medium and a media ID read from the recording medium. The host computer executes the authentication and key exchange AKE process with the recording medium based on the medium unique key Kmu.10-25-2012
20090063860Printer driver that encrypts print data - A system for transmitting encrypted print job data across a network. The printer driver on the client device encrypts the print job data using a random AES key and uses the printer's public key to encrypt the random AES key. The print job data remains encrypted during transmission from the client device to the printer via the server. As such, the contents of the print job cannot be viewed by anyone who eavesdrops on the communications between the client device and the printer or by anyone who obtains the print job data from the server's data storage medium. The printer's public certificate, containing the printer's public key, is promulgated to the client device via the server which stores the printer's public certificate with other data pertinent to the client device's printer driver.03-05-2009
20120198234METHOD AND APPARATUS FOR ENSURING THE INTEGRITY OF A DOWNLOADED DATA SET - The disclosed embodiments provide a system that ensures the integrity of a downloaded data set. During operation, a browser application executing on a computing device receives a data set that was signed using the private key of a host computer. The browser application stores this signed data set in a browser data store. Subsequently, the browser application also receives a public key from the host computer (e.g., while accessing a web page associated with the signed data set). The browser application ensures the integrity of the data set by executing scripted program code that: uses the public key to decode the signature for the data set; calculates a hash value for the signed data set; and compares the decoded signature with the hash value to validate the data set.08-02-2012
20090138714COMMUNICATION APPARATUS, KEY SERVER, MANAGEMENT SERVER, COMMUNICATION SERVER, CONTENT DISTRIBUTION SYSTEM, COMMUNICATION METHOD, AND RECORDING MEDIUM - A plurality of first encrypted pieces is generated by encrypting the pieces with a first encryption key. The second encrypted piece is generated by encrypting at least one of the pieces with a second encryption key. The first encryption key and the second encryption key for encrypting the same piece are different from each other. A communication apparatus receives a first encrypted piece or a second encrypted piece from other communication apparatus for each piece, transmits a request message for requesting a decryption key for decrypting the encrypted piece to a key server, and receives the decryption key from the key server in response to the request message.05-28-2009
20090164786CONTENT DELIVERY METHOD, CONTROL TERMINAL, AND DISPLAY TERMINAL - A content delivery method, a control terminal for content delivery, and a display terminal for receiving content delivery. In a content delivery service, the control terminal for authentication and the display terminal for displaying and/or storing of content are separately provided to perform authentication and exchange of a key so as to select a content delivery destination from a server.06-25-2009
20090144550METHOD AND SYSTEM FOR SECURE COMMUNICATION IN NEAR FIELD COMMUNICATION NETWORK - Disclosed is a method for secure communication between a plurality of electronic devices in a Near Field Communication (NFC) network, and a system for supporting the method. To this end, a first electronic device shares a plurality of keys with the at least one device among the plurality of electronic devices and selects a first key among the plurality of keys and exchanges data encrypted based on the first key with the at least one device among the plurality of electronic devices and replaces the first key with at least one key among the plurality of keys while exchanging the data after at least one predetermined criterion has been satisfied.06-04-2009
20090138715WIRELESS NETWORK SECURITY USING RANDOMNESS - The present invention provides systems and methods for securing communications in a wireless network by utilizing the inherent randomness of propagation errors to enable legitimate users to dynamically create a shared symmetric secret key. In one embodiment, the invention provides a system with two computers each having a wireless network adapter. The sending node encodes the frames, transmits the frames, determines if the frames were correctly received, retransmits the frames if they were not correctly received, stores the frames that were not retransmitted, and applies a uses the stored frames to generate a secret key. The receiving node receives the encoded frames, determines if the frames were retransmitted, stores at least one of the frames that was not retransmitted, and uses the stored frames to generate the same secret key as the receiving node.05-28-2009
20090177888INFORMATION PROCESSING DEVICE, KEY SETTING METHOD, AND PROGRAM - There is provided an information processing device including an identifier setting unit for setting an identifier to a set of terminal devices corresponding to each node of a tree structure, and a key setting unit for setting a key distributed to the terminal device based on the identifier, wherein the identifier setting unit includes a first identifier indicating the set of terminal devices corresponding to each node, and sets the identifier so as to further include a second identifier showing a correspondence relation between plurality of subsets when the set includes a plurality of subsets.07-09-2009
20090055648METHOD OF AND APPARATUS FOR SHARING SECRET INFORMATION BETWEEN DEVICE IN HOME NETWORK - A method and apparatus for sharing secret information between devices in a home network are provided. In the method and apparatus, home network devices receive a password (credential) input by a user and encrypt secret information based on the credential by using keys generated according to a predetermined identity-based encryption (IBE) scheme. Accordingly, it is possible to securely share the secret information between home network devices without any certificate authority or certificate.02-26-2009
20090055649KEY ALLOCATING METHOD AND KEY ALLOCATION SYSTEM FOR ENCRYPTED COMMUNICATION - Both a management server and a validation server are installed. Both a terminal and a terminal register setting information which is usable in an encrypted communication in the management server. When carrying out the encrypted communication, the management server searches the registered setting information for coincident setting information. The management server generates keys for the encrypted communications which can be used by the terminals, and delivers these generated keys in combination with the coincident setting information. The management server authenticates both the terminals in conjunction with the validation server. Since the terminals trust such results that the management server has authenticated the terminals respectively, these terminals need not authenticate the respective communication counter terminals.02-26-2009
20110225424Inter Base Station Interface Establishment - A method of establishing a peer-to-peer IPSec security association between a pair of base stations located within the same or different radio access networks. The base stations communicate with a core network via the same or different security gateways of the core network using respective pre-established IPSec security associations. The method comprises exchanging peer-to-peer IKE security association initiation request and initiation response messages between the base stations using said pre-established security associations.09-15-2011
20090259851Methods and Apparatus for Authentication and Identity Management Using a Public Key Infrastructure (PKI) in an IP-Based Telephony Environment - Methods and apparatus arc provided for user authentication using a Public Key Infrastructure (PKI) in an IP-based telephony environment, such as an IMS network. A user of a user device attempting to access an IP-based telephony network can be authenticated by obtaining one or more private keys of the user from a secure memory associated with the user device; generating an integrity key and a ciphering key; encrypting the integrity key and the ciphering key using a session key; encrypting the session key with a public key of the IP-based telephony network; and providing the encrypted session key, encrypted integrity key and encrypted ciphering key to the IP-based telephony network for authentication. A network-based method is also provided for authenticating a user in an IP-based telephony network.10-15-2009
20110145581MEDIA PLAYBACK ACROSS DEVICES - A method may include displaying media items via a network, wherein the network includes a mobile device, a personal computer, and a set-top box connected to a television. A first communication session may be established with the personal computer via the network. A media item may be identified for display on the television. A request may be transmitted to the personal computer to output the identified media item for display on the television.06-16-2011
20090063862MASHUP SERVICE SUPPORT METHOD AND APPARATUS - A mashup service support method includes externally receiving a mashup service application, acquiring and managing an authentication key corresponding to the received mashup service application, and executing the received mashup service application using the acquired authentication key. A user can use a variety of web services by normally operating a mashup service application through Open API due to the storing and managing of an authentication key.03-05-2009
20110225423SYSTEMS AND METHODS FOR IDENTITY ENCAPSULATED CRYPTOGRAHY - A method and a system to provide identity encapsulated cryptography are provided. A method may comprise receiving a user key to access a service. The service may be provided by an enterprise and hosted within a public cloud. A request for a country key assigned to a country of a user is transmitted and the country key is received. Session data resulting from the use of the service hosted within the public cloud is encrypted using the user key and the user key is encrypted using the country key. The encrypted session data and the encrypted user key are stored in the public cloud. The country key may be provided to a legal agency of the country of the user to decrypt session data of the user and to not decrypt session data of other users of another country.09-15-2011
20120079277VERIFICATION AND PROTECTION OF GENUINE SOFTWARE INSTALLATION USING HARDWARE SUPER KEY - A device, system, and method are disclosed. In one embodiment the device receives a user key from a user application. The device then creates a management engine key by applying a management engine key creation algorithm to the user key. Then the device sends the management engine key to a remote server. Later, the device retrieves a server key from the remote server. The device next performs a hash combination of the user key, the management engine key, and the server key to create a super key. Once the super key has been created, the device authenticates the super key, and if the super key is valid, the device then sends a management engine certification to the user application.03-29-2012
20100122091Access Control System And Method Based On Hierarchical Key, And Authentication Key Exchange Method Thereof - Disclosed relates to an access control system and method based on hierarchical keys. The system comprises an access control server (ACS), a home gateway, and a plurality of sensor devices disposed on a home network. The ACS sets up user's access limits of authority and authorization verifier, and saves the related data of user's password and the user's access limits of authority. The gateway records the authority limits' level and the authority limits' key which are constructed based on a hierarchical key structure. When a user logs in the ACS to request access, an one-time communication key between the user and the home gateway is established by exchanging the ticket and the token that are issued by the ACS. This allows the user to access the information of the sensor devices.05-13-2010
20110231661Content Distribution with Mutual Anonymity - A method for transferring content includes requesting the content from a serving peer and sending the content to a requesting peer. Requesting the content includes sending a request to a tracker, receiving a request token, a path identifier, and a first peer identifier from the tracker, and sending a request message to a second peer. The first peer identifier includes an identity of a first peer, and the request message includes the request token, the path identifier, and the first peer identifier. Sending the content includes receiving the request token and the path identifier from a third peer, sending a return message to a fourth peer, and transferring the content from the serving peer to the requesting peer through a transfer path. The return message includes the path identifier and a second peer identifier. The second peer identifier includes an identity of a fifth peer. The transfer path includes at least the second, fourth, and fifth peers.09-22-2011
20090138716METHOD FOR TRANSMITTING AND RECEIVING DATA, IN PARTICULAR FOR SECURE EXCHANGES BETWEEN AN AIRCRAFT AND A GROUND BASE, RELATED DEVICES AND AIRCRAFT EQUIPPED WITH SUCH DEVICES - A method for transmitting data, a receiving method, related devices, and an aircraft equipped with the devices. The method includes determining an authentication word of the data; processing the data to obtain processed data; and transmitting the processed data on a transmission channel.05-28-2009
20090249073APPARATUS AND METHOD FOR GROUP SESSION KEY AND ESTABLISHMENT USING A CERTIFIED MIGRATION KEY - A method and apparatus for group session key and establishment using a certified migration key are described. In one embodiment, the method includes exporting of a protected certified migration key (CMK) to a target platform. In one embodiment, exporting of the protected CMK requires that the target platform is authorized for participation in a group and has a storage key, including attributes that comply with the group security policy. Once the protected CMK is exported, in one embodiment, a group master key is encrypted with a public portion of the CMK to form a protected group master key. Subsequently, the protected group master key is transmitted to the target platform. In one embodiment, possession of the group master key enables the target platform to participate in a secure group communication session. Other embodiments are described and claimed.10-01-2009
20090249071MANAGING CODE ENTITLEMENTS FOR SOFTWARE DEVELOPERS IN SECURE OPERATING ENVIRONMENTS - Systems and methods for managing access to restricted data and system resources in secure operating environments are disclosed. Developer access profiles are issued by trusted authorities to developers which define entitlements that provide limited access to system resources and data on specified computing devices. The developer access profiles allow software developers to write software which accesses parts of the target platform environment which are typically off limits to third party developers.10-01-2009
20090210709CONTENT TRANSMITTING AND RECEIVING SYSTEM - A transmitting apparatus transmits, to a receiving apparatus, a content that contains at least, in the stated order, a first portion that is encrypted with a shared key shared between the transmitting apparatus and the receiving apparatus, a second portion that is not encrypted, and a third portion that is encrypted with the shared key. In this situation, in the case where the encrypted third portion has become a transmission target after the second portion has been transmitted, and also, there is a possibility that the shared key stored in the receiving apparatus may be invalidated when the encrypted third portion is received, the transmitting apparatus sequentially transmits a fourth portion and the encrypted third portion to the receiving apparatus, the fourth portion containing at least element data that belongs to the last group in the second portion.08-20-2009
20120198236SYSTEMS, DEVICES, AND METHODS FOR SECURELY TRANSMITTING A SECURITY PARAMETER TO A COMPUTING DEVICE - Embodiments of the systems, devices, and methods described herein generally facilitate the secure transmittal of security parameters. In accordance with at least one embodiment, a representation of first data comprising a password is generated at the first computing device as an audio signal. The audio signal is transmitted from the first computing device to the second computing device. The password is determined from the audio signal at the second computing device. A key exchange is performed between the first computing device and the second computing device wherein a key is derived at each of the first and second computing devices. In at least one embodiment, one or more security parameters (e.g. one or more public keys) are exchanged between the first and second computing devices, and techniques for securing the exchange of security parameters or authenticating exchanged security parameters are generally disclosed herein.08-02-2012
20120198235SECURE MESSAGING WITH READ-UNDENIABILITY AND DELETION-VERIFIABILITY - A cryptographically-secure component is used to provide read-undeniability and deletion-verifiability for messaging applications. When a messaging application of a sending node desires to send a message to a messaging application of a receiving node, the sending node requests an encryption key from the receiving node. The cryptographically-secure component of the receiving node generates an encryption key that is bound to a state of the receiving node. The messaging application of the sending node encrypts the message using the encryption key and sends the encrypted message to the messaging application of the receiving node. Because the encryption key used to encrypt the message is bound to the state associated with reading the message by the cryptographically-secure component, if the receiving node desires to decrypt and read the encrypted message, the receiving node may advance its state to the bound state to retrieve the decryption key.08-02-2012
20090222665NON-INTERACTIVE ENTITY APPLICATION PROXY METHOD AND SYSTEM - A security method and system. The method includes retrieving configuration data associated with a non interactive entity (NIE) software application. The configuration data comprises a refresh count, a refresh period, and a session ID. A master refresh period is calculated from the refresh period. Credentials data associated with the NIE software application are retrieved. The credentials data are transmitted to a resource server. A session key generated by the resource server is received by the NIE software application. The NIE software application calculates a stale time associated with the session key. The NIE software application generates a first updated refresh count. The NIE software application stores the session key, the first updated refresh count, the first refresh period, and the first specified stale time.09-03-2009
20090222666Mechanism for generating message sequence order numbers - In one embodiment, a mechanism for generating message sequence order numbers is disclosed. In one embodiment, a method includes generating a timestamp value, and calculating a message authentication code (MAC) using as inputs the timestamp value, public information of an intended recipient, and a shared secret key kept between a broadcaster and the intended recipient. In addition, the method includes extracting, according to a pre-determined process agreed to between the broadcaster and the intended recipient, a required number of bits that define a size of an initial sequence number from the MAC. Lastly, the method includes using the extracted result as the initial sequence number.09-03-2009
20090240943CHALLENGE RESPONSE-BASED DEVICE AUTHENTICATION SYSTEM AND METHOD - A challenge response scheme authenticates a requesting device by an authenticating device. The authenticating device generates and issues a challenge to the requesting device. The requesting device combines the challenge with a hash of a password provided by a user, and the combination is further hashed in order to generate a requesting encryption key used to encrypt the user supplied password. The encrypted user supplied password is sent to the authenticating device as a response to the issued challenge. The authenticating device generates an authenticating encryption key by generating the hash of a combination of the challenge and a stored hash of an authenticating device password. The authenticating encryption key is used to decrypt the response in order to retrieve the user-supplied password. If the user-supplied password hash matches the stored authenticating device password hash, the requesting device is authenticated and the authenticating device is in possession of the password.09-24-2009
20090254751DATA TRANSMISSION APPARATUS, DATA RECEPTION APPARATUS, AND DATA TRANSFER SYSTEM - Provided is a data transmission apparatus, a data reception apparatus, and a data transfer system which can prevent a case where the same usable data is present in plural apparatuses at the same time and can certainly the move data, in MOVE processing of the data between the data transmission apparatus and the data reception apparatus. The data transmission apparatus (10-08-2009
20090210710SECURITY AUTHENTICATION AND KEY MANAGEMENT WITHIN AN INFRASTRUCTURE-BASED WIRELESS MULTI-HOP NETWORK - A system and method of security authentication and key management scheme in a multi-hop wireless network is provided herein with a hop-by-hop security model. The scheme adapts the 802.11r key hierarchy into the meshed AP network. In this approach, a top key holder (R0KH) derives and holds the top Pairwise Master Key (PMK_0) for each supplicant wireless device after the authentication process. All authenticator AP take the level one key holder (R1KH) role and receive the next level Pairwise Master Key (PMK_1) from R0KH. The link level data protection key is derived from PMK_1 via the 802.11i 4-way handshaking.08-20-2009
20120036362Secret-Key Exchange for Wireless and Sensor Networks - A mechanism is provided for establishing a shared secret-key for secure communication between nodes in a wireless network. A first node in the wireless network provides a spreading code to a second node of the wireless network. The second node provides a first input for the key establishment to the first node using communication encoded with the spreading code. Responsive to obtaining the first input from the second node, the first node provides a second input for the key establishment to the second node using communication encoded with the spreading code. Then, the first node and the second node establish the shared secret-key using the first input and the second input.02-09-2012
20100275021DEFINING ACCESS RIGHTS TO CONTENT - A portion of text associated with a message intended for a group of recipients is encrypted at a computing device. The portion of text may include less than an entirety of the message. Access to the portion of text may be restricted for a first subset of the group of recipients and allowed for a second subset of the group of recipients.10-28-2010
20090240942LONG TERM KEY ESTABLISHMENT FOR EMBEDDED DEVICES - A secure communication session is established between a first device and a second device, by generating, in the first device, a first secret key to be utilized for communication sessions with other devices. The second device requests to establish a first communication session with the first device, and the second device generates a second secret key corresponding to the first secret key of the first device. The second device stores the generated second secret key in a non-volatile memory of the second device, the second secret key being stored in the non-volatile memory in association with an identifier of the first device. Finally, a secure communication session is established between the first and second devices utilizing the first and second secret keys.09-24-2009
20080307225Method For Locking on to Encrypted Communication Connections in a Packet-Oriented Network - There is described a method for locking on or legal interception of encrypted communication connections, preferably in a peer-to-peer network. If all users in a communication network have a digital certificate, a good authentication and an end-to-end encryption of communication data is possible. A modification of network elements is disclosed to nevertheless provide legal tapping from authorized positions. The above can be used on a special tapping mode, in which the keys for all incoming and outgoing messages are provided to an authorized control position.12-11-2008
20100161989COMMUNICATION APPARATUS, DATA COMMUNICATION METHOD, AND NETWORK SYSTEM - A communication apparatus includes a storage part configured to store a first key generated according to authentication with a transmission source, identification information of the transmission source, and first information remaining unchanged regardless of the initialization of a coupling status and corresponding to the transmission source, with the first key, the identification information and the first information mapped to each other, an acquisition part configured to acquire a public key from the transmission source holding the identification information responsive to the first information stored on the storage part if the identification information of the transmission source has changed in response to the initialization of the coupling status, and a calculation part configured to generate an encryption key for use in encryption and decryption of data transmitted by the transmission source, based on the first key responsive to the first information, and the public key.06-24-2010
20100262829SYSTEMS, DEVICES, AND METHODS FOR SECURELY TRANSMITTING A SECURITY PARAMETER TO A COMPUTING DEVICE - Embodiments of the systems, devices, and methods described herein generally facilitate the secure transmittal of security parameters. In accordance with at least one embodiment, a representation of first data comprising a password is generated at the first computing device as an image or audio signal. The image or audio signal is transmitted from the first computing device to the second computing device. The password is determined from the image or audio signal at the second computing device. A key exchange is performed between the first computing device and the second computing device wherein a key is derived at each of the first and second computing devices. In at least one embodiment, one or more security parameters (e.g. one or more public keys) are exchanged between the first and second computing devices, and techniques for securing the exchange of security parameters or authenticating exchanged security parameters are generally disclosed herein.10-14-2010
20100185861ANONYMOUS KEY ISSUING FOR ATTRIBUTE-BASED ENCRYPTION - The claimed subject matter provides systems and/or methods that establish a decryption key for use with an attribute authority. The system can include components that identify a pseudonym based a global identifier (GID) associated with a user, initiates communication with the attribute authority, and selects a first random value utilized to determine a first value. The system also includes components that select a second random value, employs the first value and the second random value to generate a second value and a third value, receives the second value and the third value, identifies a third random value, and employs the second value, the third value, the first random value, and the third random value to determine a fourth value which is employed to determine a fifth value. The fifth value is employed to derive the decryption key for use with the attribute authority.07-22-2010
20100174909DATA AUTHENTICATION USING PLURAL ELECTRONIC KEYS - A method for transmitting digital data to a recipient via a communications network includes providing digital data and digitally signing the digital data using N cryptographic keys. Each of the N cryptographic keys is associated with a same sender of the digital data, and N>1. The recipient receives the digital data and verifies the digital signature using N cryptographic keys associated with the N cryptographic keys used to sign the digital data. In dependence upon verifying the digital signature, the recipient accepts the digital data as being authentic.07-08-2010
20100185862Method and System for Encrypting JavaScript Object Notation (JSON) Messages - The confidentiality of JavaScript Object Notation (JSON) message data is secured using an encryption scheme. The encryption scheme implements a JSON encryption syntax, together with a set of processing rules for creating encrypting arbitrary data in JSON messages in a platform/language independent manner. A method for encrypting a data item in a JSON message begins by applying an encryption method and a key to the data item to generate a cipher value. A data object is then constructed that represents an encryption of the data item. The data item in the JSON message is then replaced with the data object, and the resulting modified JSON message is then output from a sending entity. At a receiving entity, information in the data object is used to re-generate the data item, which is then placed back in the original message.07-22-2010
20100191969DIGITAL RIGHTS MANAGEMENT WITH PERSISTENTLY-UNENCRYPTED CONTENT - A digital rights management license provides access to a decryption key that can be used to decrypt an encrypted digital content item. The digital rights management license also includes a policy that defines circumstances in which the decryption key is allowed to decrypt encrypted content data for the purpose of creating a persistently-unencrypted version of the content data.07-29-2010
20100191970GENERATING PROTECTED ACCESS CREDENTIALS - A computer-implemented process comprises receiving, at a first computer, a base cryptographic seed through a secure connection to a second computer; generating one or more protected access credential parameters; combining said base cryptographic seed with at least a portion of said generated protected access credential parameters using a hashed message authentication code function to generate a master key; encrypting at least a portion of said generated protected access credential parameters using at least a portion of said generated master key; incorporating said encrypted protected access credential parameters and at least a portion of said generated protected access credential parameters into a protected access credential. In an embodiment, a master server securely distributes the seed and the process is performed by a plurality of access servers to separately generate the same master key for use in subsequent authentication communications using an authentication protocol such as EAP-FAST.07-29-2010
20100199092SENSOR DERIVED AUTHENTICATION FOR ESTABLISHING PEER-TO-PEER NETWORKS - Methods, systems and devices for generating an authentication key are provided. Two or more communications devices can generate an authentication key by monitoring a physical stimulus that is experienced by both devices (e.g., a common physical stimulus). Each device can then use an identical, predetermined algorithm to generate a common authentication key based on the stimulus. The devices can use the common authentication key to establish a secure network.08-05-2010
20100185863METHOD AND APPARATUS FOR TIME-LAPSE CRYPTOGRAPHY - According to one aspect, provided is a construction and specification for an implementation of a new cryptographic primitive, “Time-Lapse Cryptography”, with which a sender can encrypt a message so that it is guaranteed to be revealed at an exact moment in the future, even if this revelation turns out to be undesirable to the sender. In one embodiment, a Time-Lapse Cryptography Service is provided (“the Service”) based on a network of parties. Senders encrypt their messages with this public key whose secret key is not known to anyone—not even a trusted third party—until a predefined and specific future time T+δ, at which point the secret key is constructed and published. In one example, the secret key can only be known after it is constructed. At or after that time, anyone can decrypt the cipher text using this secret key. Other embodiments describe other applications of such a service, for example, one embodiment is used in sealed bid auctions, others in insider stock sales, clinical trials, and electronic voting, among a variety of possible implementations. In one embodiment, a method for cryptographic encoding is provided, including generation of cryptographic key components by a plurality of parties, where participation of the parties is verified. A public key is constructed from a plurality of key components,07-22-2010
20100180119KEY EXCHANGING APPARATUS - A key exchanging apparatus transmits the contribution data to the plurality of counterpart apparatuses, generates a signer contribution confirmation signature with respect to a contribution data set including all the contribution data received from the plurality of counterpart apparatuses, generates auxiliary data and auxiliary data validity certification sentence from the contribution data set and the contribution random number, transmits the auxiliary data, the auxiliary data validity certification sentence and the contribution confirmation signature to the plurality of counterpart apparatuses, verifies validity of auxiliary data by using the counterpart identifier set, the counterpart public key set, the contribution confirmation signature set including the data received from the plurality of counterpart apparatuses, the auxiliary data set and the auxiliary data validity certification sentence set, and generates a public key from the contribution data set and the auxiliary data received from the plurality of counterpart apparatuses.07-15-2010
20100241862MULTIDIMENSIONAL IDENTIFICATION, AUTHENTICATION, AUTHORIZATION AND KEY DISTRIBUTION SYSTEM FOR PATIENT MONITORING - A method, wireless system and a wireless device are described. The method, system and device provide multidimensional identification, authentication, authorization and key distribution providing secure communications at a deepest common security domain.09-23-2010
20100228980Method and Arrangement for Providing a Wireless Mesh Network - A method and an arrangement are provided wherein a newly added mesh node does not require a link to the AAA server for the purpose of authentication. Authentication is carried out using a node which is already present in the mesh network and which has a link to the AAA server09-09-2010
20100228981Communication method, mesh netwrok system and communication terminal - A communication method in which an operation, such as authentication, required when a new communication terminal participates in a mesh network is carried out in a more efficient manner. A second communication terminal that has already established an adjacent communication link with at least two first communication terminals, out of a plurality of communication terminals, distributes an adjacent terminal list including terminal identifiers of the first communication terminals along with a temporal key generated by the second communication terminal. One of the first communication terminals that received the adjacent terminal list and the temporal key distributes adjacent registration information, which is generated using a second temporal key. The other one of the first communication terminals that received both the adjacent terminal list and the adjacent registration information determines whether the terminal identifier of one of the first communication terminals is included in the adjacent terminal list, and whether the first temporal key distributed along with the adjacent terminal list matches with the second temporal key used for generating the adjacent registration information. If both determination results are affirmative, one of the first communication terminals is authenticated.09-09-2010
20100211790AUTHENTICATION - The present invention relates to at least a method of authenticating a user in a communication network including contacting an authentication entity in a first authentication of a user seeking access to the communication network; supplying to the user first information, the first information being generated based on privacy information of the user and shared information, the shared information being shared among all access nodes of a group of access nodes, the group of access nodes including at least a first access node and a second access node, and verifying the privacy information in a second authentication of the user by applying the shared information to the first information. The present invention further relates to a corresponding apparatus.08-19-2010
20100250939SYSTEM AND METHOD OF HANDLING ENCRYPTED BACKUP DATA - By using a symmetric key to encrypt mobile device data before transmitting the data to a backup location in a backup operation, access to the data, at the backup location, may be restricted. To facilitate later decryption of the backed up mobile device data, the mobile device may also transmit the symmetric key to the off-device location. However, to limit use of the symmetric key, the mobile device may encrypt the symmetric key using authentication data, before transmitting the encrypted symmetric key to the backup location.09-30-2010
20100250942SYSTEM FOR ENABLING AUTHENTICATED COMMUNICATION BETWEEN ENTITIES - A system for enabling authenticated communication between a first entity and at least one other entity is provided. The system has a second entity and a processor. The first entity and the second entity share transport keys. The second entity has at least one variant key configured to be transported from the second entity to the first entity using the transport keys under control of the processor. The variant key is generated by applying a one way function to a base key and a first bit-pattern in the at least one other entity and is usable to enable the authenticated communication by the first entity with the at least one other entity.09-30-2010
20100250941WAPI UNICAST SECRET KEY NEGOTIATION METHOD - A WAPI unicast secret key negotiation method includes the following steps: 1 a authenticator entity adds a message integrity code onto a unicast secret key negotiation request packet, and transmits it to a authentication supplicant entity; 2 after the authentication supplicant entity receives the unicast secret key negotiation request packet, it performs validation, and it discards the packet directly if it is not correct; the authentication supplicant entity performs other validation if it is correct; when the validation is successful, it responds a unicast secret key negotiation response packet to the authenticator entity; 3 after the authenticator entity receives the unicast secret key negotiation response packet, it performs validation, if the validation is successful, it responds the unicast secret key negotiation acknowledge packet to the authentication supplicant entity; 4 after the authentication supplicant entity receives the unicast secret key negotiation acknowledge packet, it performs validation, if the validation is successful it negotiates and obtains a consistent unicast session secret key. The present invention resolves the DoS attacking problem which exists in the unicast secret key management protocol in the present WAPI security mechanism.09-30-2010
20100250940DATA PROCESSOR, RELAY TRANSMITTER, AND DATA TRANSMISSION SYSTEM - A data processor is configured to perform wireless communication with a relay transmitter, store a first physical address for the relay transmitter on a storage unit, receive a second physical address for the relay transmitter from the relay transmitter after the data processor being turned on, determine whether the second physical address for the relay transmitter is identical to the first physical address for the relay transmitter, and, when one or more authentication requirements is satisfied, establish wireless connection with the relay transmitter so as to achieve the data communication with an external device via the wireless communication with the relay transmitter. The authentication requirement includes the determination that the second physical address for the relay transmitter is identical to the first physical address for the relay transmitter.09-30-2010
20100250938DISTRIBUTED GENERATION OF MUTUAL SECRETS - Embodiments provide methods, apparatuses, and systems for determining numbers that correspond to a collection of matching derivative numbers. The matching derivative numbers may be included in both a first plurality of derivative numbers selected by a first computing system, and in a second plurality of derivative numbers selected by a second computing system. The numbers may be used to compute a secret. The secret may be used for secure communication between the first and second computing systems.09-30-2010
20120144200CONTENT SECURITY TRANSMISSION PROTECTION DEVICE AND SYSTEM THEREOF, AND CONTENT SECURITY TRANSMISSION METHOD - The invention relates to information security technologies, provides a content security transmission device and a content security transmission system which separate data transmission function of a digital interface from data management and processing function thereof, and provides a content security transmission method based on the device and the system. The content security transmission protection device comprises digital interfaces and a management/processing unit, the management/processing unit is configured in a specific chip in the device, used for updating a revocation list stored therein and collecting information from downstream devices. A transmitting device and a forwarding device in the content security transmission protection system comprise digital interfaces and management/processing units. The invention employs software in the specific chip CPU to implement data management and processing function without increasing cost, thus being capable of increasing any functions, improving flexibility and expansibility of the system, and greatly reducing size and cost of digital interface chips, namely reducing the development difficulty. The digital interfaces only implement simple data transmission function at fast processing speed.06-07-2012
20100146278MULTIMEDIA ARRANGEMENT - The invention relates to a multimedia arrangement comprising a remote control (06-10-2010
20100205442METHOD AND APPARATUS FOR TRAFFIC COUNT KEY MANAGEMENT AND KEY COUNT MANAGEMENT - Various methods and apparatuses for managing count values (e.g. key counts) to manage a TEK in various communication environments are disclosed. Also, various methods and apparatuses for generating and maintaining a traffic key encryption key by using key count values are disclosed.08-12-2010
20100100741ESTABLISHING SHARED INFORMATION IN A NETWORK - A method for establishing shared information is described. The method includes estimating characteristics of a communication channel between two nodes based on signals transmitted between the nodes. The method also includes transmitting a signal from the first node to the second node, the signal being modulated with a first data sequence according to a first estimated characteristic, and transmitting a signal from the second node to the first node, the signal being modulated with a second data sequence according to a second estimated characteristic. Shared information is formed at each of the first and second nodes based on at least a portion of the first data sequence and at least a portion of the second data sequence.04-22-2010
20100199094Pairwise Temporal Key Creation for Secure Networks - A system and method for establishing a pairwise temporal key (PTK) between two devices based on a shared master key and using a single message authentication codes (MAC) algorithm is disclosed. The devices use the shared master key to independently compute four MACs representing the desired PTK, a KCK, and a first and a second KMAC. The Responder sends its first KMAC to the Initiator, which retains the computed PTK only if it verifies that the received first KMAC equals its computed first KMAC and hence that the Responder indeed possesses the purportedly shared master key. The Initiator sends a third message including the second KMAC to the Responder. The Responder retains the computed PTK only if it has verified that the received second KMAC equals its computed second KMAC and hence that the Initiator indeed possesses the purportedly shared master key.08-05-2010
20100191971METHODS AND APPARATUS FOR LAYER 2 AND LAYER 3 SECURITY BETWEEN WIRELESS TERMINATION POINTS - A method is provided for both layer 2 (L2) and layer 3 (L3) security in the context, for example, of a WISP-e protocol. An AES algorithm in CBC mode is used for encryption and decryption of the control frames. The session keys (e.g., 128-bit session keys) are derived from a pre-shared secret configured on both communicating wireless termination points.07-29-2010
20090249072METHOD FOR GENERATING RIGHTS OBJECT AND DEVICE TO PERFORM THE METHOD, METHOD FOR TRANSMITTING RIGHTS OBJECT AND DEVICE TO PERFORM THE METHOD, AND METHOD FOR RECEIVING RIGHTS OBJECT AND DEVICE TO PERFORM THE METHOD - A method for transmitting a Rights Object (RO) includes generating a password key by encrypting a password, generating the RO using the password key, and transmitting the RO from a first device to a second device. The second device and the first device share the password and the second device generates the password key using the same encryption method as that used by the first device to generate the password key. The second device decrypts a Message Authentication Code (MAC) key and a Rights Object Encryption Key (REK) using the password key, decrypts a Content Encryption Key (CEK) using the decrypted REK, and verifies integrity of the RO using the decrypted MAC key. The second device can use and/or access content associated with the RO using the decrypted CEK. The CEK may be generated by the first device or may be the CEK from a Rights Issuer.10-01-2009
20110066858SYSTEM AND METHOD FOR IPSec LINK CONFIGURATION - A method for configuring Internet Protocol Security (IPsec) protocol. The method includes configuring IPsec phase 1 Security Associations (SA) lifetimes and soft phase 2 SA lifetimes in a manner enabling efficient Dead Peer Detection recovery of secure communication between client and server in the event of a communication disruption and thereby preventing undesirable sustained periods of non-communication between client and server.03-17-2011
20080288777A Peer-to-Peer Access Control Method Based on Ports - A port based peer access control method, comprises the steps of: 1) enabling the authentication control entity; 2) two authentication control entities authenticating each other; 3) setting the status of the controlled port. The method may further comprise the steps of enabling the authentication server entity, two authentication subsystems negotiating the key. By modifying the asymmetry of background technique, the invention has advantages of peer control, distinguishable authentication control entity, good scalability, good security, simple key negotiation process, relatively complete system, high flexibility, thus the invention can satisfy the requirements of central management as well as resolve the technical issues of the prior network access control method, including complex process, poor security, poor scalability, so it provides essential guarantee for secure network access.11-20-2008
20080282087System debug and trace system and method, and applications thereof - An embedded system or system on chip (SoC) includes a secure JTAG system and method to provide secure on-chip control, capture, and export of on chip information in an embedded environment to a probe. In one embodiment, the system comprises encryption logic associated with a JTAG subsystem and decryption logic in the probe for encrypted JTAG read traffic. Inverted encryption/decryption logic provides bi-directional encryption and decryption of JTAG traffic. Encrypted information includes both authentication of valid probe/target interface and encryption of debug data.11-13-2008
20120144199COMMUNICATION APPARATUS, CONTROL METHOD FOR COMMUNICATION APPARATUS, AND PROGRAM - A communication apparatus of the present invention is a communication apparatus that communicates with a plurality of other communication apparatuses, and starts processing for setting an address for the communication apparatus using encrypted communication when encrypted communication with the plurality of communication apparatuses becomes possible by sharing encryption keys for encrypting communication with the other communication apparatuses.06-07-2012
20100299526NETWORK HAVING QUANTUM KEY DISTRIBUTION - A method of performing quantum key distribution across a network. The method involves a first node first agreeing a quantum key with a first intermediate node in the path. Next the intermediate node exchanges a quantum signal with the next node in the path—which is a targeted node. The intermediate node communicates with the first node using the previous established quantum key details of the quantum signal sent or received by the intermediate node. The first node then performs a key agreement step to agree a quantum key directly with the targeted node. Having established a quantum key with the current targeted node the method can be repeated but with the next node in the network path as the targeted node until a destination node is reached. The final quantum key agreed with the destination node can then be used for encrypting communication between those nodes across the network.11-25-2010
20100306543Method of efficient secure function evaluation using resettable tamper-resistant hardware tokens - An embodiment of the present invention provides a computer implemented method for the transfer of private information of one user to another user—a primitive known as Oblivious Transfer. An output from a strong pseudorandom function generation (SPRFG) is calculated by a first user's computing module based on first and second parameters: the first parameter specifying one of two secret keys; the second parameter being a value selected within the domain of the SPRFG by the first user. The first user is prevented from reading or learning the stored two secret keys. The output is transmitted to a computer of a second user which generates first and second encrypted values that are each based on an inverse SPRFG calculation using the first and second secret keys, respectively, and corresponding private values of the second user. The encrypted values are sent to a first computer of the first user that calculates one of the private values using a mathematical computation based on the second parameter and the one of the first and second encrypted values that corresponds to the one of the first and second key used.12-02-2010
20090037737ASYNCHRONOUS ENHANCED SHARED SECRET PROVISIONING PROTOCOL - An Asynchronous Enhanced Shared Secret Provisioning Protocol (ESSPP) provides a novel method and system for adding devices to a network in a secure manner. A registration process is launched by at least one of two network devices together. These two devices then automatically register with each other. When two devices running Asynchronous ESSPP detect each other, they exchange identities and establish a key that can later be used by the devices to mutually authenticate each other and generate session encryption keys. An out-of-band examination of registration signatures generated at the two devices can be performed to help ensure that there was not a man-in-the-middle attacker involved in the key exchange.02-05-2009
20130132722SYSTEM AND METHOD FOR AUTHENTICATING DATA - Systems and methods for authenticating data and timeliness are disclosed. A method for authentication can comprise processing a data block to determine a first secret element, generating a second secret element based upon the first secret element, generating a non-secret element based upon the second secret element, and comparing the non-secret element to a nonce associated with the first secret element to determine authentication.05-23-2013
20130132723CRYPTOGRAPHIC METHOD FOR COMMUNICATING CONFIDENTIAL INFORMATION - A cryptographic method for communicating confidential information m between a first electronic entity (A) and a second electronic entity (B), includes a distribution step and a reconciliation step, the distribution step including a plurality of steps, one of which consists of the first entity (A) and the second entity (B) calculating a first intermediate value P05-23-2013
20130132724SYSTEM AND METHOD FOR AUTHENTICATING A RESOURCE-CONSTRAINED CLIENT - A system and method for authenticating a resource-constrained client are provided. The method includes transmitting, by the server, a query message including a first modified secret key to the client, wherein the first modified secret key is generated using a first secret key and a first blinding value; receiving, from the client, a response message including a response value, wherein the response value is generated using the first blinding value, a second secret key, and an error value; calculating the error value from the response value; and determining, based on the error value, whether authentication of the client is successful.05-23-2013
20130132725PROTECTION METHOD, DECRYPTION METHOD, RECORDING MEDIUM AND TERMINAL FOR SAID PROTECTION METHOD - Protecting data transmission, either multimedia or a control word, between a security processor and a terminal includes, at the security processor, building a current session key by root key diversification as a function of a parameter transmitted by the terminal, decrypting the data, encrypting it with the session key, and transmitting it, and at the terminal, decrypting it using a secret code to obtain plain data, recording, in advance, secret codes, each enabling decryption of only data encrypted by a corresponding session key obtained by root-key diversification with a parameter, which can be the transmitted parameter, receiving the parameter in a message that also contains the data to be decrypted by the security processor, and in response, selecting, from the secret codes, a code for decrypting the data encrypted with the session key, as a function of the parameter or another parameter in the message.05-23-2013
20100318799DISCOVERY OF SECURE NETWORK ENCLAVES - A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.12-16-2010
20100313026INFORMATION PROCESSING APPARATUS AND METHOD - In order to limit use of content, when a source receives a request for transmitting content from a sink, the source performs an authentication process. When the authentication is successful, the source transmits to the sink key information necessary for decrypting the encryption applied to the content. The sink can receive the content by receiving the key information and by decrypting the encryption applied to the content by using the key information.12-09-2010
20100313025METHODS ESTABLISHING A SYMMETRIC ENCRYPTION KEY AND DEVICES THEREOF - A method, computer readable medium, and an apparatus for establishing a symmetric encryption key includes determining at one of a plurality of communication devices a first phase difference based on a first transmission from another one of the plurality of communication devices. A first new encryption key is generated based on the determined first phase difference at the one of the plurality of communication devices. At another one of the plurality of communication devices a second phase difference is generated based on a second transmission from the one of the plurality of communication devices. A second new encryption key is generated based on the determined second phase difference at the another one of the plurality of communication devices. Authenticity of the generated first new encryption key and the generated second new encryption key is determined. Communication between the one of the plurality of communication devices and the another one of the plurality of communication devices is established when the generated first new encryption key and the generated second new encryption key are determined to be authenticated.12-09-2010
20130138961COMMUNICATION TERMINAL, COMMUNICATION SYSTEM, COMMUNICATION METHOD AND COMMUNICATION PROGRAM - A communication terminal that can adjust which section of a one-time pad cipher key is used and achieve cipher communication when there is a possibility that the one-time pad cipher keys are not completely matched between communication terminals. A cipher key transfer device acquires a one-time pad cipher key from a key sharing system, divides the acquired one-time pad cipher key with a predetermined number of bits, and transfers the same to a mobile communication terminal after converting the same into one-time pad cipher key cartridges. Along with the partner's terminal, the mobile communication terminal negotiates which one-time pad cipher key cartridge will be used to perform cipher communication, decides the one-time pad cipher key cartridge to be used, and begins cipher communication.05-30-2013
20110145582METHOD FOR SHARING AND UPDATING KEY USING WATERMARK - A method for sharing and updating a key using a watermark is disclosed. The method includes receiving an image to be encoded from an image input device encoding the image, and inserting a master key value as a watermark into the encoded image, for use as an input of a key derivation function.06-16-2011
20100332835METHOD AND SYSTEM FOR SECURE COMMUNICATION BETWEEN COMPUTERS - Method, system and computer program for exchanging data between a client computer and a storage device are described, in which the storage device may send a long-term DH-component to an intermediate server. The client computer may send a first short-term DH-component to the storage device through the intermediate server that adds a communication expiration time. The storage device may send a second short-term DH-component to the client computer. The client computer and the storage device may calculate a symmetric key from the long-term component and from both short-term DH-components to exchange data and may delete the short-term DH-components upon reaching the expiration time.12-30-2010
20110004761VIRAL FILE TRANSFER - A method of distributing data between mobile devices while retaining control of that data. In particular, Digital Rights Management parameters are monitored and modified to control the distribution, and distribution is only permitted to devices which are approved or authorized. Mechanisms are provided for validating the identity of devices requesting transmission of the file.01-06-2011
20110010549Efficient key management system and method - A system for providing cost effective, secure key exchange from at least one first device to at least one second device through at least one proxy server is provided. The system includes a first key exchange message from the at least one first device to the at least one second device via the at least one proxy server. A second key exchange message from the at least one second device to the at least one first device via a media stream of the Internet is required to complete the computation of the session key. A method of securing a communication system is also set forth. The method includes the steps of providing a routing device for identifying a subscriber, and providing a master key exchange session, the master key exchange session including a key k to find a subscriber and a nonce r to answer a query to the subscriber, wherein the master key exchange session includes both the key k and the nonce r.01-13-2011
20110010551SHARED ENCRYPTION KEY GENERATION VIA ACCELEROMETER DIGITIZATION - An apparatus and method for generating a shared secret between at least two wireless portable electronic devices. A shared secret is generated by holding together the at least two devices and shaking them. An acceleration of the at least two devices is measured at least during a time window beginning at a time corresponding to when a magnitude of the acceleration exceeds a predetermined threshold. The acceleration is sampled, resulting in a plurality of vectors, such that a first vector is an initial sample of the acceleration during the time window. In some embodiments, the acceleration is measured in three dimensions. Dot products are calculated between the first vector and each of a plurality of subsequent vectors, resulting in an array of scalars. At least a portion of this array is used to generate the shared secret between the at least two devices.01-13-2011
20110010550 METHOD FOR LOCKING AN APPLICATION PROGRAM - A method for locking the application program includes: when running a application program stored in a terminal, it judges whether a first unlocking key of the application program exists in the terminal; in the case that the first unlocking key does not exist, the terminal generates and stores the first unlocking key, and sends it to a device; judging whether the device has locked the application program, in the case that the result of judgment is no, proceeding to the first step, otherwise proceeding to the second step: the first step, the device locks the application program, generates a second unlocking key, and notifies the second unlocking key to a user, proceeding to the second step; the second step, performing the authentication process for the user; in the case that the first unlocking key exists in the terminal, the first unlocking key is sent to the device, judging whether the device has locked the application program or not, if not, proceeding to the third step, otherwise proceeding to the forth step; the third step, the device locks the application program, generates the second unlocking key and notifies the second unlocking key to the user, proceeding to the forth step; the forth step, performing the verification process.01-13-2011
20110016322SYSTEM AND METHOD FOR EXCHANGING KEY GENERATION PARAMETERS FOR SECURE COMMUNICATIONS - A communication system exchanges key generation parameters for secure communications. An internet service and communications device of a user are in communication with each other. The internet service includes an account authentication mechanism for a user and includes a database having stored cryptographic keys and key generation parameters. A device client operates on the communications device and initiates a request to the internet service that authenticates the user and establishes a secure communications channel between the internet service and communications device and determine key generation parameters based on an authenticated user identifier and transmits the key generation parameters for initiating key generation and securely establishing a cryptographic key between the internet service and communications device.01-20-2011
20110029778METHOD FOR DISTRIBUTED IDENTIFICATION, A STATION IN A NETWORK - The present invention relates to a method for identifying and/or, authenticating, and/or authorizing a first radio station in a radio network, comprising the steps of (a) at the first radio station, transmitting to a second radio station a first radio station identifier computed from a set of identity parameters based on the identity of the first radio station, comprising at least one identity parameter, (b) at the first radio station, transmitting at least one identity parameter from the set of identity parameters, (c) at the second radio station, comparing an authentication identifier computed on the basis of the transmitted identity parameter to the first radio station identifier for enabling a subsequent communication between the first and second radio stations.02-03-2011
20110029777BOOTSTRAP OF NFC APPLICATION USING GBA - The present invention provides a bootstrap system comprising a network system and a mobile handset where the mobile handset can easily receive services of NFC bootstrap application. The handset is effectively authenticated after a bootstrap controller in the network verifies whether a user credential derived in the mobile handset and a user credential separately received from a network server are equal. The application setting is sent to a handset from a bootstrap controller via ad-hoc near field communication (NFC) between the mobile handset and the bootstrap controller. Then the user of the mobile handset can receive various services of the NFC application after the network server delivers the user credential to the service devices with NFC interface.02-03-2011
20110029775COMMUNICATION CUTOFF DEVICE, SERVER DEVICE AND METHOD - A network monitor device 02-03-2011
20110029776WIRELESS PERSONAL AREA NETWORK ACCESS METHOD BASED ON PRIMITIVE - A wireless personal area network access method based on the primitive, includes: a coordinator broadcasts a beacon frame to the device which requests connecting to the wireless personal area network (WPAN), the beacon frame includes the authentication request information for the device and the authentication and a key management tool supported by the coordinator; the device authenticates the authentication request information, when the coordinator has an authentication request to the device, the coordinator and the device execute the authentication based on the primitive and obtains the conversation key.02-03-2011
20130191639SYSTEM AND METHOD FOR SECURING COMMUNICATIONS BETWEEN DEVICES - A system and method for providing an improved way to secure messages being transmitted between communicating devices. Security mechanisms, operating below the session establishment level, provide fast encryption that is unconditionally secure or becomes stronger over time as devices continue to communicate. After random or arbitrary characters are used to encrypt an initial message, each new message communicated between two devices is encrypted with the most recent message communicated there-between as well as the changing key. Moreover, an exclusive dyadic relationship between the devices is obtained which prevents the cloning or piracy of the devices or the data communicated between them. The disclosed system and method also provide a multi-threading capability, thereby reducing the likelihood of a denial of service of attack.07-25-2013
20110113250SECURITY INTEGRATION BETWEEN A WIRELESS AND A WIRED NETWORK USING A WIRELESS GATEWAY PROXY - A method, system and computer program product in a wireless gateway to provide secured communications over a wireless network and a wired network is provided herein. The method includes the steps of receiving a first authentication credential from a wireless device and mapping the first authentication credential to a second authentication credential. The method further includes transmitting the second authentication credential to an authentication server and receiving a first authentication response from the authentication server. The method also includes generating a first shared secret and a second shared secret if the first authentication response indicates that authentication is successful and transmitting a second authentication response to the wireless device. The first shared secret is used to setup a first secured channel for communications with a service provider over a wired network and the second shared secret is used to setup a second secured channel for communications with the wireless device.05-12-2011
20100153727ENHANCED SECURITY FOR DIRECT LINK COMMUNICATIONS - A method for secure direct link communications between multiple wireless transmit/receive units (WTRUs). The WTRUs exchange nonces that are used for generating a common nonce. A group identification information element (GIIE) is generated from at least the common nonce and is forwarded to an authentication server. The authentication server generates a group direct link master key (GDLMK) from the GIIE to match WTRUs as part of a key agreement group. Group key encryption key (GKEK) and a group key confirmation key (GKCK) are also generated based on the common nonce and are used to encrypt and sign the GDLMK so that base stations do not have access to the GDLMK. Also disclosed is a method for selecting a key management suite (KMS) to generate temporal keys. A KMS index (KMSI) may be set according to a selected KMS, transmitted to another WTRU and used to establish a direct link.06-17-2010
20110126017Methods, Nodes, System, Computer Programs and Computer Program Products for Secure User Subscription or Registration - The invention relates to secure user subscription or registration to a service at least partly enabled in a network. The network comprises user equipment adapted to perform generic bootstrapping. A network application function provides the service. A bootstrapping server function generates a bootstrapping transaction identifier. A home subscriber system stores a user profile, comprising information relating to the user and at least one service provided by the network application function. Corresponding communication network nodes and methods of their operation are also disclosed.05-26-2011
20110213979QUANTUM KEY DISTRIBUTION - The invention relates to methods and apparatus for Quantum key distribution. Such methods including authenticating a first node in a communications network with a remote node in the communications network. The authentication may include connecting an authentication device to the first node, agreeing a quantum key between the first node and the remote node based on a quantum signal transmitted or received by the first node and performing an authentication step between the authentication device and the remote node on an encrypted channel. Authentication between the authentication device and remote node may be taken as authentication of the first node.09-01-2011
20090210711Methods, systems and devices for packet watermarking and efficient provisioning of bandwidth - Disclosed herein are methods and systems for transmitting streams of data. The present invention also relates to generating packet watermarks and packet watermark keys. The present invention also relates to a computerized system for packaging data for transmission to a user. The system may utilize computer code to generate a bandwidth rights certificate that may include: at least one cryptographic credential; routing information for the transmission; and, optionally, a digital signature of a certificate owner; a unique identification code of a certificate owner; a certificate validity period; and pricing information for use of bandwidth. The present invention also relates to an electronic method and system for purchasing good and services by establishing an account whereby a customer is credited with a predetermined amount of bandwidth usage, and then charges are assessed against the account in an amount of bandwidth usage which corresponds to the agreed upon purchase value for the selected item.08-20-2009
20100138660SECURE COMMUNICATION SESSION SETUP - A device receives an encrypted key generating value from a first device and decrypts the encrypted key generating value. A temporary session key associated with the first device is generated based on the key generating value. A secure session invitation message is received from the first device. A master session key is generated and encrypted using the temporary session key associated with the first device. The encrypted master session key is transmitted to the first device.06-03-2010
20110126016SYSTEM AND METHOD FOR SECURE WIRELESS MULTI-HOP NETWORK FORMATION - The present invention provides methods and devices for a security architecture for use in wireless multi-hop networks. A method for implementing pair-wise encryption key establishment, network node authentication and determining tunnel encryption keys is provided in a following manner. In a multi-hop wireless network including a plurality of network nodes, pair-wise security is established between pairs of neighbouring network nodes of the plurality of network nodes. For example, pair-wise security is established in the form of temporal pair-wise encryption keys. Following establishment of pair-wise security between pairs of neighbouring network nodes, for a pair of network nodes that are not neighbours, tunnel security is established between the pair of network nodes using tunnel encryption keys derived by the pair of network nodes on an ad hoc basis. The tunnel encryption keys are used to form the connection between non-neighbouring network nodes so as to avoid the hop-by-hop encryption/decryption used in conventional multi-hop wireless systems.05-26-2011
20110213980METHOD FOR ACCESSING A PLURALITY OF SERVICES BY A MOBILE TERMINAL USER, AND RELATED SECURE DEVICE - A method for enabling the user of at least one mobile terminal to access a plurality of services, includes: creating (E09-01-2011
20110213977METHODS AND DEVICES FOR COMPUTING A SHARED ENCRYPTION KEY - Embodiments described herein are generally directed to methods and devices in which computing devices, and mobile devices in particular, establish a shared encryption key for a device group comprising at least three mobile devices. In accordance with one example embodiment, a public key of a mobile device is computed using a shared password as performed in accordance with authentication acts of a password-authenticated key exchange protocol, and transmitted to at least one other mobile device of the group. A public value is computed as a function of a mobile device private key and of a public key of at least one other mobile device of the device group, in accordance with a group key establishment protocol. The public values of the mobile devices of the device group are used to compute a shared encryption key.09-01-2011
20100131764SYSTEM AND METHOD FOR SECURED DATA TRANSFER OVER A NETWORK FROM A MOBILE DEVICE - A secured data transfer system (05-27-2010
20100131763MOBILE SYSTEM, SERVICE SYSTEM, AND KEY AUTHENTICATION METHOD TO MANAGE KEY IN LOCAL WIRELESS COMMUNICATION - A mobile system, a service system, and a key authentication method to manage a key in a local wireless communication are provided. The mobile system and the service system may generate a hash value with respect to a public key of the service system using an identical hash function, and output a result corresponding to the hash value.05-27-2010
20100262828SYSTEMS, DEVICES, AND METHODS FOR SECURELY TRANSMITTING A SECURITY PARAMETER TO A COMPUTING DEVICE - Embodiments of the systems, devices, and methods described herein generally facilitate the secure transmittal of security parameters. In accordance with at least one embodiment, a representation of first data comprising a password is generated at the first computing device as an image or audio signal. The image or audio signal is transmitted from the first computing device to the second computing device. The password is determined from the image or audio signal at the second computing device. A key exchange is performed between the first computing device and the second computing device wherein a key is derived at each of the first and second computing devices. In at least one embodiment, one or more security parameters (e.g. one or more public keys) are exchanged between the first and second computing devices, and techniques for securing the exchange of security parameters or authenticating exchanged security parameters are generally disclosed herein.10-14-2010
20090327730APPARATUS AND METHOD FOR ENCRYPTED COMMUNICATION PROCESSING - To provide an apparatus and a method for encrypted communication processing having a high communication speed in inter-node communication on a network capable of performing effective encrypted communication with improved security without losing the high speed. In the inter-node communication on the network, a plurality of shared encryption keys are first set and are switched arbitrarily for each packet to be transmitted, thus there is no need to repeat the handshaking for changing, whenever needed, the encryption keys to be used.12-31-2009
20090327729Secure pre-caching through local superdistribution and key exchange - A distributed peer-to-peer document archival system provides the version-control, security, access control, linking among stored documents and remote access to documents usually associated with centralized storage systems while still providing the simplicity, personalization and robustness to network outages associated with personal and peer-to-peer storage systems.12-31-2009
20100070768KEY EXCHANGE DEVICE, KEY EXCHANGE PROCESSING SYSTEM, KEY EXCHANGE METHOD, AND PROGRAM - A key exchange apparatus according to the present invention includes storage 03-18-2010
20100037057SYSTEM AND METHOD FOR USING NETWORKED MOBILE DEVICES IN VEHICLES - A system and method for using networked mobile devices in a vehicle in a tightly integrated manner is presented. The vehicle has an OBE, a mobile device client, and vehicle components, and the mobile device has a mobile device proxy and applications, such that the mobile device client and the mobile device proxy communicate, enabling dynamic transfer of the applications to the OBE and execution of the applications on the mobile device and the OBE using the plurality of vehicle components at runtime. In one embodiment, the mobile device client and the mobile device proxy authenticate each other. The authentication can be performed using digital certificates. The mobile device client can communicate the vehicle components on the vehicle to the mobile device proxy. The mobile device client and the mobile device proxy can communicate using Bluetooth. The vehicle components can include dashboard displays, speakers, and voice I/O systems.02-11-2010
20100037055Method For Authenticated Communication In Dynamic Federated Environments - According to one embodiment of the present invention, a method for protecting authenticated communication in dynamic federated environments is provided. The method includes distributing shares of a private signature key to a group of users. When switching from an existing to a new group of users, the method includes producing a plurality of sub-shares from each of the distributed shares of existing users, with each sub-share being accompanied by a corresponding validity proof. The sub-shares from multiple existing users are combined to generate a set of shares for new users, with each new share being derived from sub-shares from multiple existing users.02-11-2010
20090217043METHOD AND SYSTEM FOR MUTUAL AUTHENTICATION OF NODES IN A WIRELESS COMMUNICATION NETWORK - A method as provided enables mutual authentication of nodes in a wireless communication network. The method includes processing at a first node a beacon message received from a second node, wherein the beacon message comprises a first nonce value (step 08-27-2009
20100058062FAMILY DWELLING RESTRICTED COMMUNICATION SYSTEM - A network comprising an authentication network limited to a family dwelling; a content source; and a content receiver. Wherein the content source is configured to transmit encrypted content to the content receiver, and the content receiver can decode the encrypted content only when both the content source and the content receiver are physically connect to the authentication network.03-04-2010
20100058059SHARING KEYS BETWEEN COOPERATING PARTIES - An apparatus and a method for generating a secure cipher key over an insecure channel. In one embodiment, a set of polynomials is generated and shared between a first party and a second party over the insecure channel. The first party generates a first random exponent for its private cipher key. The second party generates a second random exponent for its private cipher key. The first party operates on the set of polynomials with the first random exponent and sends the results to the second party. The second party operates on the set of polynomials with the second random exponent and sends the results to the first party. A shared cipher key is computed based on the exchanged operation results.03-04-2010
20110154042METHOD AND PROCESSING UNIT FOR SECURE PROCESSING OF ACCESS CONTROLLED AUDIO/VIDEO DATA - A method based on access conditions verification performed by two conditional access devices consecutively on a control message before releasing a control word to a descrambler. The control message encapsulates a second part including another control message. The processing unit for carrying out the method comprises a first conditional access device connected to a second conditional access device provided with a descrambler and a secured processor or secured hardware logic. The control message and the second part are each encrypted and accompanied by respectively first and second authentication data. The first conditional access device decrypts and verifies integrity of the control message, verifies the first access conditions and transmits the second part to the second access control device. The second conditional access device decrypts and verifies integrity of the second part and further verifies the second access conditions, and releases and loads the control word into the descrambler.06-23-2011
20110154041METHOD TO SECURELY TRANSFER USER ENCRYPTION KEYS AND SERVICES BETWEEN MOBILE DEVICES - A method for securely transferring a service from a first mobile device to a second mobile device, the service being associated with a server configured for facilitating provisioning of services to mobile devices over a wireless communications network. The method includes generating in the first mobile device a shared key, the shared key being generated using a master key unique to the server and to the first mobile device, the master key being accessible by the server and by the first mobile device; and sending said shared key from the first mobile device to the second mobile device using an alternate communication mechanism independent from the server.06-23-2011
20110078446SYSTEM AND METHOD FOR DEPLOYING A MASTER KEY BETWEEN TWO COMMUNICATION DEVICES - A system and method of deploying a master key for a first communication device and second communication device. The first communication device receives a request message from the second communication device through a wireless communication network, and creates a master key algorithm based on configuration parameters of the request message. The first communication device further generates a master key according to the master key algorithm, verifies whether the master key created by the first communication device is correct, and installs the master key in the first and second communication devices when the master key is correct.03-31-2011
20110078445Method For Establishing A Wireless Link Key Between A Remote Device And A Group Device - Disclosed is a method for establishing a wireless link key between a remote device and a group device. In the method, the remote device obtains a group identifier from the group device, and determines whether the group device is associated with a group having a trust association with the remote device. When the group device is determined to be associated with a group having an established trust association with the remote device, the remote device forwards a link setup request to the group device for virtually pairing with the group device using the trust association to establish the wireless link key. When the group device is determined not to be associated with a group having an established trust association with the remote device, the remote device forwards a pairing request to the group device for pairing with the group device to establish the wireless link key.03-31-2011
20110072268SERVER APPARATUS, LICENSE DISTRIBUTION METHOD, AND CONTENT RECEPTION APPARATUS - [Object] To stabilize an operation of a license server by avoiding concentration of license acquisition requests from a large number of clients at a time right after a broadcast start time of a content.03-24-2011
20120303961Systems and Methods for Authenticating Mobile Devices - Embodiments of the invention provide systems and methods for authenticating mobile devices. A registration request and identifying information for a mobile device or a secure element associated with the mobile device may be received. Based upon the received identifying information and a base level key, a rotated key for the mobile device may be determined. The determined rotated key may then be provided to the mobile device, and the rotated key may be utilized for subsequent authentication of the mobile device.11-29-2012
20110016321Automated Security Provisioning Protocol for Wide Area Network Communication Devices in Open Device Environment - An automated security provisioning protocol is provided for wide area network communication devices in an open device environment, such as cellular communication devices in a machine-to-machine (M2M) environment. For example, a method for performing a security provisioning protocol between a first communication device and a second communication device over at least one wide area communication network comprises the following steps from the perspective of the first communication device. The first communication device automatically uses access information not previously provisioned in the wide area communication network to gain access to the wide area communication network for an initial purpose of communicating with the second communication device. The first communication device, upon gaining access to the wide area communication network, automatically performs an authenticated key exchange operation with the second communication device over the wide area communication network and establishes a secure communication key as a result of the authenticated key exchange operation for subsequent use by the first communication device for secure communications. The wide area communication network is operated by a first entity and the second communication device is operated by a second entity.01-20-2011
20110213978SECURE METHODS OF TRANSMITTING AND RECEIVING DATA BETWEEN TERMINALS COMPRISING NEAR-FIELD COMMUNICATION, AND CORRESPONDING TERMINALS - A method is provided for secure transmission of a data file from a sender terminal to at least one recipient terminal, each including a near-field communication device and implementing an encryption of the file, as a function of at least one item of encryption information that is known or determined by the sender terminal. The includes the following steps, in the sender terminal: dividing the file into a first file portion and a second file portion; sending with the near-field communication device a first data set including at least one portion of the encryption information item and the first file portion to the recipient terminal or terminals; sending with a radiofrequency transmitter a second data set including at least the second file portion to the recipient terminal or terminals.09-01-2011
20110016323REMOTE SECURE AUTHORIZATION - The present invention discloses a technique provisioning network cryptographic keys to a client when direct physical transfer is not feasible. In an embodiment of the invention, a client token generates a temporary key encrypted with a first secret key known only in a master token database and passes this on to an enterprise network token of a network to which service is requested. The enterprise network token then further encrypts the encrypted temporary key with a second secret key and passes that on to the master token database. Since the second secret key is also known by the master token database, the originally encrypted temporary key can be securely decoded only by a master token coupled to the master token database. The decrypted temporary key can then be re-encrypted with a key known only by the enterprise network token and the master token, and returned to the enterprise network token. This allows the enterprise network token to gain secure access to the temporary key of the client token, thereby allowing the enterprise network token to securely provision the remote client token with the appropriate enterprise Network Keys.01-20-2011
20100306542Password-authenticated asymmetric key exchange - Communicating keys between network devices on a network using asymmetric cryptographic techniques, for which asymmetric keys may be derived from a single (same) password. Knowledge or partial knowledge of the password may be the only information shared between parties prior to execution of a key exchange, and may be the only criteria by which one party will base trust in the other. A first network device may encrypt a key using a password-based key derived from a password, and authenticate a second device based on the second network device's ability to decrypt the encrypted key using a key derived from the same password. Knowledge of the password may be conveyed by the second device to the first device—a session key may be generated as a function of the decrypted key, and a function of this session key may be communicated from the second device to the first device.12-02-2010
20100115279Method for pairing and authenticating one or more medical devices and one or more remote electronic devices - A method for authenticating a medical device and a remote electronic device may include generating a PIN code by one device, capturing the generated PIN code with the other device, checking authentication of the PIN code, which is based at least in part on the captured PIN code, by the one device, generating a strong key by the one device, sending the strong key encrypted to the other device, checking authentication of the sent strong key by the one device, and upon successful authentication, storing the strong key in a memory of the one device and the other device. The roles of the medical device and the remote electronic device may be reversed in the authenticating method. The authenticating method may be preceded by a pairing process and/or followed by a binding process.05-06-2010
20080320308Method for remote message attestation in a communication system - The invention relates to a method for remote attestation. In the method is created a first asymmetric key pair in a trusted platform module in an electronic device. A first public key and software platform state information are certified with an attestation identity key associated with the trusted platform module to produce a first certificate. A second asymmetric key pair is produced in an application within the electronic device. The second public key is certified with said first secret key to produce a second certificate. A message is signed with the second secret key to provide a message signature in the first electronic device. The message and the message signature, software platform state information, the first certificate and the second certificate are sent to a second electronic device.12-25-2008
20110161670Reducing Leakage of Information from Cryptographic Systems - A system is described for reducing leakage of meaningful information from cryptographic operations. The system uses a pairwise independent hash function to generate a modified secret key SK′ having individual components. The system forms a modified secret key collection that includes SK′ and its individual components. The system then uses the modified secret key collection to decrypt a message. The decryption involves providing multiple partial operation results in separate respective steps. Leakage of meaningful information is reduced due to difficulty in piecing together meaningful information from information leaked by the separate partial operations. In one example, the hash function has the form H06-30-2011
20100325436METHOD, SYSTEM, AND DEVICE FOR OBTAINING KEYS - A communication system that obtains a key includes: a server that confirms support of Identity Based Encryption (IBE) authentication; the server obtains public parameters and a private key for IBE; and the server receives a PreMasterSecret key encrypted through the IBE, and obtains a plain text of the PreMasterSecret key according to the public parameters and the private key. The system includes a client and a server. The client includes an IBE negotiating module, a public parameter obtaining module, a server identifier obtaining module, and a processing module. The server includes an IBE negotiating module, a public parameter obtaining module, a private key obtaining module, and a processing module. Through combination of the IBE technology and the SSL/TLS technology, the modes of encrypting a PreMasterSecret key in the existing SSL/TLS protocol are diversified, and the use scope of the existing SSL/TLS protocol is extended substantially.12-23-2010
20110055572ROUTE OPTIMIZATION IN MOBILE IP NETWORKS - The present invention the present invention concerns a method for optimizing a route between a mobile node and a correspondent node in mobile Internet protocol networks. The mobile node is served by an anchor point being a node, e.g. a mobile IP home agent. According to the method the anchor point generates a Multi-key Cryptographically Generated Address (MCGA) for the mobile node. The MCGA is generated using at least the public keys of the mobile node and the anchor point. The anchor point assigns and registers the generated MCGA as a home address for the mobile node and sends a binding update message to the correspondent node on behalf of the mobile node. The binding update message includes at least a signature of the MCGA signed by the anchor point. Thereby route optimization can be performed such that data packets can be exchanged between the mobile node and the correspondent node without routing the packets via the anchor point.03-03-2011
20110055571METHOD AND SYSTEM FOR PREVENTING LOWER-LAYER LEVEL ATTACKS IN A NETWORK - A method for preventing lower-layer level attacks committed against entities in a network. The method comprises forming a secure peer group (SPG) of member entities in the network, wherein each of the member entities is configured with a media access control (MAC) address locked to its own identity and a Internet protocol (IP) address linked to its MAC address; establishing a secure handshake between at least a source member entity and a target member entity of the SPG by mutually authenticating of the source member entity and the target member entity; and securely transferring data from the source member entity to the target member entity.03-03-2011
20110055570LOCATION UPDATE OF A MOBILE NODE - A method of facilitating location update signalling within a communication network between a mobile node and an end host includes establishing a trust relationship between one or more end hosts (03-03-2011
20080229106Information processing apparatus and data transmission method of information processing apparatus - An apparatus stores first divided trust information which is one portion resulting from division of trust information generated by a transmission target apparatus that is a transmission target for data, receives a transmission request for the data from the target apparatus and receives second divided trust information which is the other portion resulting from division of the trust information of the target apparatus and verification information generated using information indicating a state of the target apparatus that made the request, recovers the trust information using the first divided trust information stored and the received second divided trust information, verifies trustworthiness of the target apparatus using the recovered trust information and the received verification information, transmits the data indicated by the request to the target apparatus when the verification of trustworthiness is successful.09-18-2008
20110179276COMMUNICATION APPARATUS - A communication apparatus performs data communication with a communication device, and includes an authentication processing portion configured to perform authentication processing, including a round trip time (RTT) test on authentication requests received from one or more unauthenticated communication devices and a data communication portion configured to perform data communications with the communication device authenticated by the authentication processing portion. If, in authentication processing of a current authentication request, a prior RTT test is being performed corresponding to a prior authentication request originating from the same communication device, the current RTT test is not performed, and authentication processing waits for the completion of the prior RTT test. If the result of the prior RTT test is successful, authentication processing uses the result of the prior RTT test as the result corresponding to the current authentication request.07-21-2011
20110264915SYSTEM AND METHOD FOR SECURING MESH ACCESS POINTS IN A WIRELESS MESH NETWORK, INCLUDING RAPID ROAMING - Authentication in a mesh network controlled by a central controller, including using standard IEEE 802.11i mechanisms between a potential child mesh access point (AP) as supplicant and the controller as authenticator. Each mesh AP in the mesh network has a secure tunnel to a controller using a protocol for controlling the mesh AP, including AP capabilities, and a fast roaming method for re-establishing a secure layer-2 link with a new parent mesh AP including, while the mesh AP is a child mesh AP to the first parent mesh AP and has a secure layer-2 link to the first parent mesh AP, caching key information and wireless mesh network identity information in the controller.10-27-2011
20100287375System and Method for Operating End-to-End Security Channel Between Server and IC Card - The present invention relates to a system and method for operating an end-to-end security channel between an IC card and a server on a communication network. A method for connecting an end-to-end security channel between an IC card and a server on a communication network includes the steps of: generating, by the server, a random number Rs for transmission to the IC card, generating an E(Rs) by encrypting the random number Rs by a user public key, and transmitting the E(Rs) to the IC card through the communication network; receiving, by the IC card, the E(Rs) through the communication network and extracting the random number Rs by decrypting the E(Rs) by a user private key; generating, by the IC card, a random number Rc to be transmitted to the server, generating a session key K′ by the random number Rs and the random number Rc, and generating a first card verifier MAC by encrypting the random number Rs by the session key K′; transmitting, by the IC card, the random number Rc and the first card verifier MAC to the server through the communication network; receiving, by the server, the random number Rc and the first card verifier MAC through the communication network, generating a session key K by the random number Rs and the random number Rc, and generating a first server verifier MAC by encrypting the random number Rs by the session key K; and comparing, by the server, the first card verifier MAC and the first server verifier MAC to certify the session key K.11-11-2010
20110119492Apparatus and Method for Over-the-Air (OTA) Provisioning of Authentication and Key Agreement (AKA) Credentials Between Two Access Systems - A method and apparatus for over-the-air provisioning of authentication credentials at an access device via a first access system, wherein the authentication credentials are for a second access system lacking an over-the-air provisioning procedure. For example, the second access system may be a 3GPP system using AKA authentication methods. The first access system may be CDMA, using an OTASP or IOTA procedure. Provisioning the authentication credentials may include provisioning any of a 3GPP AKA authentication root key (K), AKA authentication related parameters, an AKA authentication algorithm to be used in the 3GPP authentication, or authentication algorithm customization parameters.05-19-2011
20110126014Event Triggered Pairing of Wireless Communication Devices Based on Time Measurements - An event-triggered pairing mechanism allows pairing wireless devices having short range interfaces (e.g., Bluetooth devices) by bumping the wireless devices together. A wireless device being paired with a connecting device detects a bump event, determines time information about the bump event, and then generates a private session key based on the time information. Once the devices are paired and the private session key is generated, user content can be securely exchanged between the devices.05-26-2011
20110126015SINK AUTHENTICATION SYSTEM AND METHOD USING MOBILE COMMUNICATION NETWORK - A system is provided for authentication between a mobile device (MD) and a sink using a mobile communication network. If a sink authentication request for the sink is received from the MD, a base station (BS) sends a sink authentication response including sink authentication information for the sink, to the MD. The MD forwards the sink authentication request for the sink to the BS, and if a sink authentication response is received from the BS, authenticates the sink using the received sink authentication information. The sink performs authentication with the MD.05-26-2011
20110138184Efficient Techniques for Achieving Security Against Cheating Tamper-Resistant Tokens - An improved secure transaction system for facilitating secure transactions between devices in a network is set forth. The system includes a first device. A secure agent, adapted for encrypting and delivering a message on behalf of the first device, is provided. The secure agent has a secret key drawn at random from a large domain embedded in the agent by the first device. A second device, adapted to obtain the message, based on a session ID, from the secure agent, is provided. The second device can selectively test the truth of a corresponding message from the agent, based on querying of the first device. The testing is unknown and unpredictable to the secure agent during the transaction. In this manner, the first device and agent are kept separate to deter cheating.06-09-2011
20100153728ACCELERATION OF KEY AGREEMENT PROTOCOLS - The generation of a shared secret key K in the implementation of a key agreement protocol, for example MQV, may be optimized for accelerated computation by selecting the ephemeral public key and the long-term public key of a correspondent to be identical. One correspondent determines whether the pair of public keys of the other correspondent are identical. If it is, a simplified representation of the shared key K is used which reduces the number of scalar multiplication operations for an additive group or exponentiation operations for a multiplicative group. Further optimisation may be obtained by performing simultaneous scalar multiplication or simultaneous exponentiation in the computation of K.06-17-2010
20090199001Access to services in a telecommunications network - A method and arrangement is disclosed for providing a user, not previously having an individual subscription with a network operator, with credentials for secure access to network services. The arrangement includes a gateway, associated with a subscription for network services, having means for generating and exporting to a user entity personalized user security data derived from security data related to the subscription. In particular, the derivation of credentials is based on a function that is shared between network and gateway and further conveniently makes use of bootstrapping on keying material from the subscription authentication. Pre-registered user identities are assigned trusted users who, thereafter, can download credentials and authenticate for service access. The invention may be implemented at a public place for providing temporary visitors network access whereby trust may exemplary be established by presenting a credit card.08-06-2009
20110093712COMMUNICATION DEVICE SUPPORTING PAIRING - Provided is a communication device. The communication device may transmit information to an external device using a terminal that makes a physical contact with the external device, and may sense the physical contact. In response to the sensed physical contact, the communication device may generate a link key.04-21-2011
20100070769LOG ACQUISITION SYSTEM, LOG COLLECTION TERMINAL, LOG ACQUISITION TERMINAL, AND LOG ACQUISITION METHOD AND PROGRAM USING THE SAME SYSTEM AND TERMINALS - In a log acquisition system comprising a log collection terminal for collecting log data and a log acquisition terminal for acquiring the log data collected by the log collection terminal from the log collection terminal, the log collection terminal stores a common key between the log collection terminal and the log acquisition terminal in a hardware security module inherently mounted in the log collection terminal, encrypts the collected log data as encrypted log data using the stored common key, and stores the encrypted log data, and the log acquisition terminal stores the common key in a hardware security module inherently mounted in the log acquisition terminal, acquires the encrypted log data from the log collection terminal, and decrypts the acquired encrypted log data with the common key.03-18-2010
20090300361METHOD FOR RECEIVING/SENDING MULTIMEDIA MESSAGES - A method for receiving/sending multimedia message uses a wireless LAN, and communicates with a gateway via the wireless LAN so as to send and receive multimedia messages. Furthermore, the gateway of the invention detects whether the user device is located within the wireless LAN. If yes, then multimedia messages are sent and received via the wireless LAN; and if not, then via conventional telecom network. The invention also discloses a corresponding gateway and a corresponding user device.12-03-2009
20090300358METHOD FOR MANAGING NETWORK KEY AND UPDATING SESSION KEY - A method for managing network key and updating session key is provided. The step of the key management includes: constructing key request group, constructing key negotiation response group, and constructing key negotiation acknowledgement group. The step of multicasting key management method includes multicasting main key negotiation protocol and multicasting session key distribution protocol. The multicasting main key negotiation protocol comprises key updating informs group, constructing encryption key negotiation request group, constructing key negotiation response group and constructing key negotiation acknowledgement group. The multicasting session key distribution protocol comprises multicasting session key request and multicasting session key distribution.12-03-2009
20090300360APPLICATION SETTING TERMINAL, APPLICATION EXECUTING TERMINAL, AND SETTING INFORMATION MANAGING SERVER - An application setting terminal includes a GUI 12-03-2009
20090300359APPARATUS AND METHOD FOR SECURELY SUBMITTING AND PROCESSING A REQUEST - An apparatus and a method for securely submitting a request and an apparatus and a method for securely processing a request. The apparatus for securely submitting a request includes a request pre-submitting component and a request confirmation component. The request pre-submitting component sends a request with a unique identifier to a server and sends an alarm message containing the unique identifier and a request description to the request confirmation component. The request confirmation component contains a key inaccessible to other components in a client. It pops up a request confirmation window, on which the request description is displayed, in response to the alarm message and generates a request confirmation message associated with the request by using the key and the unique identifier.12-03-2009
20090300357METHOD FOR PERSONAL NETWORK MANAGEMENT ACROSS MULTIPLE OPERATORS - A method for accessing a Personal Network (PN) from a Guest device. In this method, the Guest device (12-03-2009
20090292923KEY-IN PROCESSING DEVICE AND METHOD - A key-in processing device for executing a control processing on a basis of information of a key input comprises a determination part for determining what a same key is input continuously, a first storage part for storing information corresponding to an application software that is an object for processing according to the key determined the continuous input, the application software installed on the device, and a notifying part for notifying the application software corresponding to the information stored in the first storage part of information corresponding to the key determined the continuous input.11-26-2009
20100037056METHOD TO SUPPORT PRIVACY PRESERVING SECURE DATA MANAGEMENT IN ARCHIVAL SYSTEMS - An infrastructure for archiving data among a client, a broker, and a plurality of archives, wherein the client comprises: a backup agent configured to fragment and erasure encode the data to create a set of erasure encoded data fragments; a communications agent configured to communicate the erasure encoded data fragments to the broker, issue a challenge for a challenge/response protocol to the broker, and to request data from the archives; and a restore agent configured to combine the data fragments obtained from the broker upon a data restore request.02-11-2010
20100031044 PREFIX REACHABILITY DETECTION IN A COMMUNICATION - There is disclosed a method, and a communication system, and a communication node for implementing the claimed method, for attempting to enhance legitimacy assessment and thwart a man-in-the middle or similar false-location attack by evaluating the topology of a communication-session requesting node relative to the proposed communication path through a network between the requesting node and the requested node. Upon receiving the request, a PRD (Prefix Reachability Detection) protocol is initiated, either after or during a secure key exchange, if any, which if performed preferably includes an ART (address reachability text). The PRD is executed by sending a message to the communication node challenging the location-authenticity of the requesting device. The communication node, which may be for example an access router through which the requesting node accesses the network, determines if the requesting node is positioned behind the communication node topologically, and reports the result to the requested node. The requested node may then make a decision on whether to permit the communication. If so, the PRD may be repeated one or more times while the communication session is in progress.02-04-2010
20100023772METHOD FOR GENERATING A ONE-TIME ACCESS CODE - A method for generating an access code for a device or system. The one-time access code generated by the method for the device or system is valid only once. The method can be used for supplying goods or services by means of automatic or semiautomatic access control devices or systems, for example.01-28-2010
20100023771IMPLICIT CERTIFICATE VERIFICATION - A method of computing a cryptographic key to be shared between a pair of correspondents communicating with one another through a cryptographic system is provided, where one of the correspondents receives a certificate of the other correspondents public key information to be combined with private key information of the one correspondent to generate the key. The method comprises the steps of computing the key by combining the public key information and the private key information and including in the computation a component corresponding to verification of the certificate, such that failure of the certificate to verify results in a key at the one corespondent that is different to the key computed at the other correspondent.01-28-2010
20100023770METHODS AND APPARATUS FOR SECURE DOCUMENT PRINTING - Methods and apparatus are provided for securely printing a print job on a networked printer. An application program running on a networked computer instructs the printer to generate and exchange cryptographic keys. The application program then encrypts the print job using the keys, and then communicates the encrypted print job to the printer. The printer decrypts the received print job and prints the document.01-28-2010
20100023768Method and system for security key agreement - A method and system for security key agreement is disclosed. The method may include broadcasting a first connectivity association discovery message and receiving a message from a second node on the network; if the second node is not a member of a connectivity association and the message from the second node is a second connectivity association discovery message, one of the first or second nodes may be assigned as a master node. The method may further include the master node sending an authentication request message, receiving an authentication response, sending a session key indication message, receiving a session key acknowledgement message, and broadcasting a connectivity association augment message.01-28-2010
20100017612Electronic Apparatus and Communication System - According to one embodiment, an electronic apparatus includes a display process unit and a data transmission process unit. The display process unit is configured to display connection confirmation information, which is known to a user and is transmitted from a device via a network during a connection establishing process for establishing connection between the device and an electronic apparatus, on a display screen of the electronic apparatus. The data transmission process unit is configured to start a process of transmitting the data that is to be kept secret to the device via the network in response to a predetermined user operation which indicates that the user has confirmed that the connection confirmation information displayed on the display screen is correct.01-21-2010
20120042166METHOD AND DEVICE FOR AUTOMATICALLY DISTRIBUTING UPDATED KEY MATERIAL - A method for handling an encrypted message received on an electronic device that has not been encrypted using a current public key. The portable electronic device automatically generates a reply message to the sender in response to determining that the message has not been encrypted with the current public key. The reply message may contain the current public key of the recipient device, and may request the sender to resend the message encrypted with the current public key.02-16-2012
20110307698MASKING THE OUTPUT OF RANDOM NUMBER GENERATORS IN KEY GENERATION PROTOCOLS - To mitigate the effects of a weak random number generator (RNG) in a public key cryptosystem, a public key obtained from the RNG is encrypted using a deterministic cryptographic scheme before being made publicly available. A trusted party receiving the encrypted public key can recover the public key and combine it with other information so it is not subject to direct scrutiny. In one embodiment, the trusted party incorporates the public key in a certificate, such as an implicit certificate, for use by the correspondents in other communications.12-15-2011
20110138185METHOD AND APPARATUS FOR UPDATING DATA - A method and apparatus for updating data, the method including: receiving a forced update command to forcibly update at least one of a first digital rights management (DRM) module and a first device key stored in the device; receiving a DRM package including at least one of a second DRM module and a second device key based on the forced update command; and updating the at least one of the first DRM module and the first device key based on the received DRM package.06-09-2011
20090172403METHOD AND SYSTEM FOR GENERATING AND DISTRIBUTING MOBILE IP SECURITY KEY AFTER REAUTHENTICATION - A method for generating and distributing MIP security key after Re-Authentication, including: an AAA Server generates an EMSK during a Re-Authentication process; the MS generate a new first MIP security key for the MS according to the EMSK, and replaces the corresponding old first MIP security key with the new first MIP security key; and a HA receives new second MIP security key information for the HA which is sent by the AAA Server actively, or requests from the AAA Server the new second MIP security key information for the HA, and replaces the corresponding old second MIP security key that is locally stored with the new second MIP security key that is sent by the AAA Server actively or requested from the AAA Server. The present invention ensures execution of MIP Registration process after Re-Authentication.07-02-2009
20090177889METHOD FOR SHARING A LINK KEY IN A ZIGBEE NETWORK AND A COMMUNICATION SYSTEM THEREFOR - A communication system and method for securely and efficiently sharing a link key for security and authentication in a ZigBee network. Upon receipt of an access request from an end device, a trust center sends a public key to the end device, and upon receipt of the public key, the end device encrypts an arbitrary key using the public key, and sends the encrypted arbitrary key to the trust center. The trust center generates a link key using the arbitrary key, and sends the link key to the end device.07-09-2009
20120072728RETRIEVING AND USING CLOUD BASED STORAGE CREDENTIALS - The present invention extends to methods, systems, and computer program products for retrieving and using cloud based storage credentials. Embodiments of the invention include automatically retrieving cloud based credentials (e.g., storage keys) as needed, such as, for example, on demand. Automatically retrieving credentials reduces administrator workloads and mitigates the potential for human errors. Embodiments of the invention also include using credentials (e.g., storage keys) in the deployment and ongoing operation of services (e.g., computing workers) in a resource cloud. Embodiments of the invention also include propagating credentials (e.g., storage keys) to instances running in the cloud during deployment.03-22-2012
20120233468AUTHENTICATING METHOD OF COMMUNICATING CONNECTION, GATEWAY APPARATUS USING AUTHENTICATING METHOD, AND COMMUNICATION SYSTEM USING AUTHENTICATING METHOD - An authenticating method of communicating connection between a terminal and a gateway apparatus, the method including transmitting authentication information and first intrinsic identification information that is intrinsic identification information of the terminal from the terminal to the gateway apparatus and requesting the authentication; authenticating the communicating connection by using at least one of the first intrinsic identification information and the authentication information; and when the authenticating is successful, generating at least one authentication key by using at least one of the first intrinsic identification information and second intrinsic identification information that is intrinsic identification information of the gateway apparatus, thereby increasing communication security between the terminal and the gateway apparatus.09-13-2012
20120233467IMPARTING CRYPTOGRAPHIC INFORMATION IN NETWORK COMMUNICATIONS - This specification describes technologies relating to imparting cryptographic information in network communications, in general, aspects of the subject matter described in this specification can be embodied in methods that include identifying a location in a pre-defined portion of a network communication to be sent in a client-server environment, wherein the pre-defined portion is reserved for random data, inserting cryptographic information into the pre-defined portion of the network communication at the location, and sending the network communication in the client-server environment to facilitate modifying interactions in the client-server environment based at least in part on a result of processing of the cryptographic information; and on a receiving side, receiving cryptographic information inserted into the pre-defined portion of the network communication in the client-server environment, identifying the location, processing the cryptographic information, and modifying interactions in the client-server environment based at least in part on a result of the processing.09-13-2012
20100100740System and Method for Security Association Between Communication Devices Within a Wireless Home Network - Embodiments of the application describe a method and system for discovering and authenticating communication devices and establishing a secure communication link within a wireless home network without requiring a secure channel. According to an embodiment, communication devices exchange public keys using multiple messages each including at least a portion of the public key of the sending device. The devices authenticate the receipt of the public key and establish a shared master key. The shared master key is used to further derive a session key for securing the application data between the communicating devices for a current session.04-22-2010
20110173450Secure Coupling of Hardware Components - A method and a system for securing communication between at least a first and a second hardware components of a mobile device is described. The method includes establishing a first shared secret between the first and the second hardware components during an initialization of the mobile device and, following the initialization of the mobile device, using the first shared secret or a derivative thereof to secure the communication between the first and the second hardware components.07-14-2011
20130185562HOST DEVICE, SEMICONDUCTOR MEMORY DEVICE, AND AUTHENTICATION METHOD - According to one embodiment, encrypted secret identification information (E-SecretID) and the key management information (FKB) are read from a memory device. Encrypted management key (E-FKey) is obtained using the key management information (FKB) and index information (k). The index information (k) and the encrypted management key (E-FKey) are transmitted to the semiconductor memory device. An index key (INK) is generated using the first key information (NKey) and the received index information (k). The encrypted management key (E-FKey) is decrypted using the index key (INK) to obtain management key (FKey), which is transmitted to the host device.07-18-2013
20120047366SOC WITH SECURITY FUNCTION AND DEVICE AND SCANNING METHOD USING THE SAME - A system-on-chip (SOC) for semiconductor intellectual property (IP), a device including the same, and a method of operating the same are provided. The SOC includes: an interface which receives scanning data from a main module in which the SOC is mounted; and an anti-virus engine which determines whether a virus exists in the received scanning data. Accordingly, the security of a device is tightened.02-23-2012
20110167272Secure Multi-UIM aka key exchange - An apparatus in one example, where the apparatus comprises a communication device component that performs an authentication key agreement protocol by receiving a first random nonce (RAND) and an authentication token, wherein the communication device component is configured with a shared secret key. The communication device component generates a derivation key by applying a pseudo random function to the RAND and the shared secret key. The communication device component generates a first set of session keys based on a second random nonce (RANDC) and the derivation key where the first set of session keys are used in encrypting communications.07-07-2011
20110167273METHOD FOR SECURE COMMUNICATION IN A NETWORK, A COMMUNICATION DEVICE, A NETWORK AND A COMPUTER PROGRAM THEREFOR - The present invention relates to a method for secure communications and communication networks having communication devices, using secure means like encryption system for securing communications. More particularly, the present invention relates to a method for secure communications from a first node (N07-07-2011
20120011368METHOD AND SYSTEM FOR TRANSMITTING DELAY MEDIA INFORMATION IN IP MULTIMEDIA SUBSYSTEM - The present invention provides a method and a system for transmitting delay media information in an IP multimedia subsystem, the system includes: a sending party of media information, a receiving party of the media information, a KMS and a mailbox server of the receiving party of the media information. The method and system of the present invention establishes an end-to-end security association between the sending party and the receiving party of the media information to encrypt the media information between them, without any need for the KMS to store the media key; at the same time, the security association is also established between the sending party and the mailbox server of the receiving party, and between the mailbox server of the receiving party and the receiving party, to perform an integrity protection and a mutual authentication between them, thus the security transmission of the IMS delay media information can be realized.01-12-2012
20080270797SYMBIOTIC STORAGE DEVICES - A system is provided, the system having a first storage device and a second storage device. A symbiotic relationship is established between the first and second storage devices to selectively store backup digital content for each other.10-30-2008
20120017087CONTENT DELIVERY NETWORK ENCRYPTION - A system and method for delivering content to end users encrypted within a content delivery network (CDN) for content originators is disclosed. CDNs transport content for content originators to end user systems in a largely opaque manner. Caches and origin servers in the CDN are used to store content. Some or all of the content is encrypted within the CDN. When universal resource indicators (URIs) are received from an end user system, the CDN can determine the key used to decrypt the content object within the CDN before delivery. Where there is a cache miss, an origin server can be queried for the content object, which is encrypted in the CDN.01-19-2012
20120017088WIRELESS LOCAL AREA NETWORK TERMINAL PRE-AUTHENTICATION METHOD AND WIRELESS LOCAL AREA NETWORK SYSTEM - A method for pre-authenticating a wireless local area network terminal and a wireless local area network system. The pre-authentication method includes after a current access point (AP) which has set up security association with a station (STA) receiving a pre-authentication start packet sent by the STA, the current AP interacting with a destination AP to verify certificates of the current AP and the destination AP for each other. If a certificate of the destination AP is verified to be valid, the current AP sending key information of the security association set up with the STA by the current AP to the destination AP, and the destination AP saving the key information, the key information including a basic key generated by negotiation between the STA and the current AP.01-19-2012
20120017086INFORMATION SECURITY TRANSMISSION SYSTEM - Provided herein is an information security transmission system, comprising a first information equipment and a second information equipment, wherein the first information equipment can obtain at least one certification data, connecting to the second information equipment through a network for processing an information transmission, accordingly, a key pair used for encryption/decryption can be obtained through the certificate authority or that can be obtained without the certificate authority selectively, such that the information transmission security channel can be established and the data transmission security can be ensured. The first information equipment and the second information equipment respectively comprises a first dynamic codec and a second dynamic codec for processing a coding/decoding process depending on a dynamic code book, furthermore, an automatic error detecting mechanism and an error correcting mechanism can be associated for ensuring the data transmission security and the data correction especially at one time transmission.01-19-2012
20120060034DIGITAL INFORMATION STREAM COMMUNICATION SYSTEM AND METHOD - A digital information stream communication (DISC) system within a first conditional access system (CAS) is disclosed. The DISC system communicates information from a digital information stream (DIS) having DIS attributes for accessibility using the first CAS or associated with a digital media (DM) content in the DIS. The DISC system includes a monitoring module configured to receive the DIS and identify one or more of the DIS attributes for accessibility using the first CAS. The DISC system also includes a processing module configured to identify one or more of the DIS attributes associated with the DM content and analyze the DIS attributes. It does this to determine whether to send DIS data from the DIS to a second CAS based upon the DIS data being included in the DIS attributes. The DISC system also includes a processor configured to operate the monitoring module and the processing module.03-08-2012
20120159173SERVICE KEY DELIVERY SYSTEM - A Service Key Delivery (SKD) system for delivering a service keys to client devices in a communications network. The delivered service keys are operable to be used to decrypt an encrypted key operable to be used to decrypt an encrypted digital content. The SKD system includes a data input interface for receiving a distribution time frame for the keys and a listing of client device identifications. The SKD system also includes a scheduling module to partition at least part of the distribution time frame into a number of time slots in which the number may be based on a variety of factors. The scheduling module assigns the time slots in the partitioned part of the distribution time frame to the client devices based on the identifications in the listing. The SKD system also includes a message generator configured to send key delivery messages to the client devices.06-21-2012
20120159172SECURE AND PRIVATE LOCATION - Systems and methods of restricting access to mobile platform location information may involve receiving, via a link, location information for a mobile platform at a processor of the mobile platform, and preventing unauthorized access to the location information by an operating system associated with the mobile platform.06-21-2012
20080301445HIDDEN LINK DYNAMIC KEY MANAGER FOR USE IN COMPUTER SYSTEMS WITH DATABASE STRUCTURE FOR STORAGE OF ENCRYPTED DATA AND METHOD FOR STORAGE AND RETRIEVAL OF ENCRYPTED DATA - A computer system is disclosed that contains cryptographic keys and cryptographic key identifiers. The system has a repository cryptographic engine that communicates securely with a remote cryptographic engine, and the repository cryptographic engine is associated with a user data store. The user data store includes a hidden link including a session key identifier encrypted with a protection key. The hidden link is associated with a remote data entity. A key data store associated with the repository server includes a session key encrypted with a session-key-protection key. The session key is used to encrypt and decrypt the remote data entity. The system also includes a repository key exchange module operable to exchange the session key with a remote key exchange module.12-04-2008
20090138713PROXY USE WITHIN A MESH NETWORK - A method and system facilitate communications between an unassociated device and a server via a mesh network and a wide area network. The method may include receiving transmissions from candidate proxy devices, wherein each candidate proxy device is associated with a mesh network. The method may include selecting a proxy device from the candidate proxy devices. The method may include communicating with a server via the proxy device and the associated mesh network.05-28-2009
20110107104METHOD, SYSTEM, AND DEVICE FOR NEGOTIATING SA ON IPv6 NETWORK - A method, system, and device for negotiating a security association (SA) on an Internet Protocol version 6 (IPv6) network are disclosed. In this method, the initiator and the responder generate an SA through the interaction of two messages. Compared with the conventional procedure for setting up an SA based on the Internet Key Exchange Protocol (IKE), the interaction procedure in the present invention is simplified significantly. Therefore, the negotiation is faster and more convenient. In addition, with the present invention, cryptographically generated address parameters (CGA Params) are carried in the message and the CGA may be verified so that the invader cannot spoof the address.05-05-2011
20110107103SYSTEMS AND METHODS FOR SECURE DISTRIBUTED STORAGE - Embodiments relate to systems and methods for secure distributed storage. In aspects, a set of remote storage hosts, such as personal computers, servers, media devices, cell phones, or others, can subscribe or register to provide storage via a cloud-based or other distributed network. Source data from an originating computer, such as a data file, can be decomposed into data storage subunits, each of which is encrypted via a cloud management system or other logic or control. The data storage subunits can comprise data blocks or even or uneven size. The set of encrypted data storage subunits can be registered to a table or other record, and disseminated to the remote storage hosts. In the event of data loss at the originating computer or at other times, the remotely stored data storage subunits can be extracted, decrypted, and reassembled to reconstruct the original source data.05-05-2011
20100095124METHOD AND SYSTEM FOR ACCESS AUTHENTICATION - A method and a system for access authentication. A shared services resource includes a second factor authentication module. At least one network resource each include a first factor authentication module. A trusted computing base communicates with the shared services and the at least one network resource through a pipe. An assertion may be obtained on a trusted computing base for accessing at least one network resource. At least one of the at least one network resource may be accessed with the trusted computing base when the assertion has been obtained by the trusted computing base and is valid.04-15-2010
20100095123METHOD, SYSTEM AND DEVICE FOR NEGOTIATING SECURITY CAPABILITY WHEN TERMINAL MOVES - A method for negotiating a security capability when a terminal moves is provided. When a user equipment (UE) moves from a second/third generation (2G/3G) network to a long term evolution (LTE) network, the method includes the following steps. A mobility management entity (MME) acquires a non-access signaling (NAS) security algorithm supported by the UE, and an authentication vector-related key or a root key derived according to the authentication vector-related key, selects an NAS security algorithm, derives an NAS protection key according to the authentication vector-related key or the root key, and sends a message carrying the selected NAS security algorithm to the UE. The UE derives an NAS protection key according to an authentication vector-related key thereof. A system for negotiating a security capability when a terminal moves, a UE, and an MME are further provided.04-15-2010
20110099376SYSTEMS AND METHODS FOR AUTHENTICATING AN ELECTRONIC TRANSACTION - Systems and methods for authenticating a request between a client computer and a transaction server are provided. An application request, comprising an identity of a user originating the request, is received at an application server from the client. The application server constructs a signing key based on (i) the identity of the user making the request, (ii) a time based salt value, (iii) a secret shared between the application and transaction servers and, optionally, (iv) an identifier of the distributor or developer of the application. The signing key is embedded in an unbranded version of the application thereby branding the application. The branded application can sign a request with the signing key and submit the signed request to the transaction server with the identity of the user and the identifier of the distributor or developer of the application.04-28-2011
20090132823MULTIMEDIA DATA PROTECTION - The invention provides a method of transmitting a media work such as a movie to a client comprising the steps of (a) encrypting the work using a sequence of different keys corresponding to respective temporally spaced segments of the document, (b) transmitting software code containing an algorithm from a security server to the client, the algorithm having a result that is a function of the state of the client, (c) executing the code at the client and returning the result to the security server, (d) determining whether the result is indicative of an unmodified client, and further comprising the steps of: (e) transmitting a segment from a server to the client, (f) securely streaming a key corresponding to the transmitted segment from a secure remote server to the client, (g) decrypting the segment using the obtained media key, (h) if step (d) indicates a modified client, preventing further keys from being transmitted, otherwise repeating steps (e) to (g) and repeating steps (b) to (d).05-21-2009
20090132822METHOD AND DEVICE FOR SECURELY DISTRIBUTING DATA IN GROUP COMMUNICATION - In a method for securely distributing data in group communication, the group has a plurality of members, and the method includes the following steps: (A) under a data recording mode, assigning one member of the group as a recording member; (B) enabling the recording member to generate and send a security key to other members of the group, to record communication contents of all the members during a group communication session, and to create an entry of recorded data therefor; and (C) enabling the other members of the group to receive and store the security key, the security key enabling the other members of the group to retrieve the recorded data from the recording member under a data retrieval mode.05-21-2009
20120166804VLAN Tunneling - According to one embodiment of the invention, a method is described that is directed to sending, by a network device, information over a first tunnel associated with a first virtual local area network. Also, a second tunnel associated with the second virtual local area network is created by the network device if the information is determined to be received from a network device that is a member of the second virtual local area network differing from the first virtual local area network. Herein, the first tunnel and the second tunnel each encapsulates at least data link traffic.06-28-2012
20120166803VERIFICATION METHOD, APPARATUS, AND SYSTEM FOR RESOURCE ACCESS CONTROL - A verification method includes obtaining a Uniform Resource Locator (URL) link from a user terminal. The URL link is generated by a portal server according to obtained user terminal information and includes the user terminal information. The method further includes obtaining the user terminal information included in the URL link and performing a validity check according to user terminal information stored on a network side and the user terminal information included in the URL link. The validity check can be performed on the URL link according to the user terminal information, which prevents different users from accessing a resource through the same correct URL link and avoids occurrence of link theft.06-28-2012
20120166802METHOD AND APPARATUS FOR ESTABLISHING A SECURITY ASSOCIATION - A method for establishing a security association between a client and a service node for the purpose of pushing information from the service node to the client, where the client and a key server share a base secret. The method comprises sending a request for generation and provision of a service key from the service node to a key server, the request identifying the client and the service node, generating a service key at the key server using the identities of the client and the service node, the base secret, and additional information, and sending the service key to the service node together with said additional information, forwarding said additional information from the service node to the client, and at the client, generating said service key using the received additional information and the base key. A similar approach may be used to provide p2p key management.06-28-2012
20100217986AUTHENTICATED SECRET SHARING - A method and system distributes N shares of a secret among cooperating entities by forming a mathematical construct that has an embedded internal structure to allow authentication of a reconstructed secret. The mathematical construct can be a splitting polynomial constructed using the secret, a key and a message authentication code (MAC) as coefficients. The splitting polynomial is evaluated at N random evaluation points to obtain N result values. N shares of the secret are generated and distributed among the cooperating entities for storage. A reconstructed secret can be authenticated by computing the MAC of the reconstructed secret and verifying a relationship among the coefficients of a reconstructed splitting polynomial using the MAC. If the coefficients do not satisfy the relationship, one or more additional shares of the secret can be used to reconstruct the splitting polynomial and the secret.08-26-2010
20100205443METHOD AND STRUCTURE FOR SELF-SEALED JOINT PROOF-OF-KNOWLEDGE AND DIFFIE-HELLMAN KEY-EXCHANGE PROTOCOLS - A method (and structure) for a party (the prover) to prove its knowledge, jointly and non-malleably, of multiple secret (fixed and/or ephemeral) Diffie-Hellman exponents (DH-exponents), corresponding to its public (fixed and/or ephemeral) DH-components and with respect to the public (fixed and/or ephemeral) challenging DH-components from another party (the verifier). The joint proof-of-knowledge (JPOK) consists of secrets made by multiplying multiple DH-secrets, which can be generated and verified by each party by its own secret DH-exponents and the public DH-components of both parties. To ensure the non-malleability of the JPOK, the method invented herein makes all these multiplied DH-secrets to be independent, and makes the session-tag committed to the multiplied DH-secrets. To preserve players' privacy and/or to improve protocol efficiency, the invented method makes the DH-secrets to be multiplied to further satisfy at least one of the following (besides above independence and commitments properties): (1) Deniability: all the DH-secrets to be multiplied can be computed out merely from the ephemeral secret DH-exponents and the public DH-components of both parties; (2) Pre-computability: a DH-secret involving a fixed DH-component of a party can be offline pre-computed by its peer; (3) Post-ID computability: a DH-secret involving an ephemeral DH-component of a party can be computed by its peer without knowing that party's identity and/or fixed DH-components. The secrets made by multiplying multiple DH-secrets can then be used to derive session-keys and to generate and verify authenticators between the parties. The invented method can also be used in parallel or subsequently by the parties, possibly with reserved player roles in different runs of the method, for mutual identifications, key confirmations, and for achieving more advanced cryptographic protocols in various settings.08-12-2010
20120137132SHARED SECRET ESTABLISHMENT AND DISTRIBUTION - Providing secure communication with a security token includes establishing a shared secret between the security token and a first entity, transferring the shared secret between the first entity and a second entity, and the security token and the second entity establishing a secure communication channel using the shared secret. Transferring the shared secret may include selectively transferring the shared secret to a subset of entities according to access considerations for the security token. The security token may be part of a mobile phone having NFC capability, the first entity may be a Web service and the second entity may be a door controller. The Web service may establish a shared secret with the mobile phone. Providing secure communication with a security token may also include distributing the shared secret to all of the hosts corresponding to doors to which the phone can be used to obtain access.05-31-2012
20100174908METHOD AND SYSTEM FOR SECURELY EXCHANGING ENCRYPTION KEY DETERMINATION INFORMATION - A system and method for securely exchanging plurality of information items used to generate a plurality of encryption keys used in a public key-and-private key system. In accordance with the principles of the invention, elements of exchanged information items, such as public key and synchronizing indictors are encrypted before the exchange. The information item element is encrypted using an encryption key determined from information items that were previously exchanged. The encryption of information items used to determine subsequent encryption keys provides additional security to the encryption key used in the transmission of informational data as the encrypted elements of the information item must be decrypted before the data message encryption key can be decrypted. The process of exchanging encrypted information items can be repeated until an agreed upon number of encrypting keys is determined.07-08-2010
20120216041SERVICE SYSTEM - Provided is a system including a first server which stores a first encryption key and a second server which stores a second encryption key. The first server has a storage unit which stores double encryption information obtained by subjecting the information to double encryption using a first encryption key and a second encryption key. The first server stores encrypted information obtained by encrypting the information by a third encryption key. The first server further stores a double encryption key obtained by encrypting the third encryption key and the second encryption key.08-23-2012
20100275023TRANSMITTER, RECEIVER, AND CONTENT TRANSMITTING AND RECEIVING METHOD - According to one embodiment, a transmitter configured to transmit content to a receiver. Available dubbing count is set in advance for the content such that the content can be dubbed a plurality of times. The transmitter includes a key exchanger, an encryption processor, and a management module. The key exchanger performs key exchange to share a common key with the receiver, and transmits the common key and at least one count label corresponding to the number of times of dubbing to the receiver. The encryption processor encrypts, in response to a content request for the content received from the receiver, the content with the common key to transmit the content to the receiver. The management module reduces the available dubbing count of the content upon each receipt of a right transfer request requesting to transfer right to use the content from the receiver, and transmits permission to the receiver to validate the right to use the content.10-28-2010
20100275022TRANSMITTER, RECEIVER, AND CONTENT TRANSMITTING AND RECEIVING METHOD - According to one embodiment, a transmitter is configured to transmit content to a receiver. Available dubbing count is set in advance for the content such that the content can be dubbed a plurality of times. The transmitter includes a key exchanger, an encryption processor, and a dubbing management module. The key exchanger performs key exchange to share a common key with the receiver. The encryption processor encrypts, in response to a content request received from the receiver, the content with the common key to transmit the content to the receiver. The dubbing management module reduces, upon receipt of a right transfer request related to the use of the content from the receiver, the available dubbing count by dubbing count indicating the number of times of dubbing of the content. The dubbing count is contained in the right transfer request.10-28-2010
20100011213INFORMATION PROCESSING DEVICE, COMPUTER PROGRAM, AND INFORMATION PROCESSING SYSTEM - An information processing device includes: a receiving unit that receives a first random number from another information processing device; a generating unit that generates a second random number; a time-variant-key generating unit that generates a time variant key for encryption according to the second random number; an encrypting unit that encrypts the first random number with the time variant key; and a transmitting unit that transmits the first random number encrypted by the time variant key and the second random number to the other information processing device.01-14-2010
20100011212RADIO FREQUENCY IDENTIFICATION (RFID) BASED AUTHENTICATION METHODOLOGY USING STANDARD AND PRIVATE FREQUENCY RFID TAGS - Disclosed is a self-contained hardware-based authentication system that incorporates different authentication protocols for access to soft and/or hard assets with different security levels. The system embodiments include the use of a RFID device that comprises dual RFID tags operating under different frequencies. Specifically, one RFID tag operates on a public frequency and, when activated, transmits an identifier encrypted using a public key. The other RFID tag operates on a private frequency and, when activated, transmits a private key that can be used to decrypt the encrypted identifier. Upon receipt by a processor (e.g., a local processor or security server) of a request for access to a specific asset, a security level for the specific asset is determined. Then, depending upon the particular security level (e.g. low, medium or high) different authentication protocols are instituted using the RFID device. Also disclosed are embodiments of an associated authentication methodology.01-14-2010
20120254617METHOD AND SYSTEM FOR ESTABLISHING SECURITY CONNECTION BETWEEN SWITCH EQUIPMENTS - A method and a system for establishing a security connection between switch equipments are disclosed in the present invention. The system includes the first switch equipment and the second switch equipment; the first switch equipment sends the switch key negotiation activation packet and the switch key negotiation response packet to the second switch equipment; the second switch equipment sends the switch key negotiation request packet to the first switch equipment. The embodiments of the present invention provide a security policy for data security transmission between switch equipments by establishing shared switch key between each two switch equipments, thus guaranteeing the confidentiality of the data transmission process between switch equipments in the data link layer. The calculation burden of switch equipment and the delay of the data packets transmitted from the transmission end to the reception end can be reduced and the efficiency of network transmission can be improved.10-04-2012
20120254616Identity-Based Decryption - Devices and methods are provided for managing identity-based decryption of digital content. A message sender (“Alice”) uses a random key (Krand) to encrypt message content for a message recipient (“Bob”). Then Alice uses the public key of a message decryption service provider (“Carmen”) to generate a wrapped key ciphertext comprising the Krand and authentication information associated with Bob. Alice then sends a message text containing the encrypted message content and the wrapped key ciphertext to Bob, who in turn sends the wrapped key ciphertext to Carmen along with his authentication information. Carmen then uses her private key to process the wrapped key ciphertext to decrypt the Krand and Bob's authentication information. If the authentication information provided by Bob matches the decrypted authentication information, then Carmen sends the decrypted Krand to Bob, who uses it to decrypt the encrypted message content.10-04-2012
20120254615USING A DYNAMICALLY-GENERATED SYMMETRIC KEY TO ESTABLISH INTERNET PROTOCOL SECURITY FOR COMMUNICATIONS BETWEEN A MOBILE SUBSCRIBER AND A SUPPORTING WIRELESS COMMUNICATIONS NETWORK - Embodiments provide a means for securing wireless network communications. A security association can be established between a mobile subscriber device (10-04-2012
20120317417METHOD OF GENERATION OF A SECRET KEY FOR A WIRELESS COMMUNICATION SYSTEM - The present invention concerns a method of generation of a secret key, shared between a first terminal and a second terminal. The key is generated from the impulse response of the transmission channel separating the two terminals. A first message representative of the impulse response estimated by the first terminal is transmitted to the second terminal. This message is encoded using a channel encoding and punctured at a rate which prevents any decoding if additional information is missing. The second terminal combines this first message with at least a part of a second message representative of the impulse response estimated by the second terminal in order to attempt to decode the first message. If the decoding is successful the secret key is generated by the second terminal from the first message thus decoded.12-13-2012
20120221858Accelerated Key Agreement With Assisted Computations - A method is provided for obtaining a secret value for use as a key in a cryptographic operation, the secret value combining a private key, x, of one computing device with a public key, Y, of another computing device to obtain a secret value xY. The method includes obtaining a pair of scalars x08-30-2012
20100005303UNIVERSAL AUTHENTICATION METHOD - The object of the current invention is to provide the user with an authentication method that is more secure than conventional authentication methods and can be used on personal computers, PDAs, cell phones, personal digital media devices, home and car lock and security systems, television/VCR/DVD remote controls, credit card authentication systems, automatic teller machine authentication systems, among others.01-07-2010
20120260094DIGITAL RIGHTS MANAGMENET USING ATTRIBUTE-BASED ENCRYPTION - A data provider (10-11-2012
20080301446AUTHORIZING CUSTOMER PREMISE EQUIPMENT INTO A NETWORK - Systems and methods for authorizing customer premise equipment into a network. A publicly available network membership key can be provided to enable initial connection to the network. Unique network membership keys associated with various customer premise equipment can be provided to enable service level access to the network and/or authorization into a sub-cell associated with the network.12-04-2008
20110004762SECURITY FOR A NON-3GPP ACCESS TO AN EVOLVED PACKET SYSTEM - A home subscriber server (01-06-2011
20110004760METHOD AND APPARATUS OF DERIVING SECURITY KEY(S) - A method, apparatus and a wireless communication system to derive security key(s) over an air link in a secure manner by sending by a mobile station over the air a single direction permutation of a mobile station ID, establishing keys with the base station and sending the mobile station real ID in a secure manner.01-06-2011
20110131415MULTIFACTOR USERNAME BASED AUTHENTICATION - A hashed value is computed from an encrypted password value and a displayed code value from a hardware token at a client. The encrypted password value is based on a username, a context identifier, and a password. The client provides the username and the hashed value to a server. The encrypted password value associated with the username is retrieved at the server. An expected hashed value is computed at the server. The client is validated based on a comparison of the hashed value and the expected hashed value.06-02-2011
20110047383SECURE PEER-TO-PEER MESSAGING INVITATION ARCHITECTURE - First and second communication devices respectively have first and second personal identification numbers (PINs). The first communication device transmits to the second communication device a first encryption key, and receives from the second communication device the second PIN that has been encrypted by the second communication device using the first encryption key. The first communication device receives from the second communication device a second encryption key, decrypts the encrypted second PIN, and encrypts the first PIN using the second encryption key, and transmits the encrypted first PIN to the second communication device. The first communication device conducts, with the second communication, device a peer-to-peer messaging session by transmitting to the second communication device peer-to-peer messages that contain the second PIN and receiving from the second communication device peer-to-peer messages that contain the first PIN. Each message is routed by a routing server based on the respective first and second PINs.02-24-2011
20110258452REMOTE AUTHENTICATION AND TRANSACTION SIGNATURES - The invention provides a method, apparatus, computer readable medium and signal which allows the usage of devices containing PKI private keys such as PKI-enabled smart cards or USB sticks to authenticate users and to sign transactions. The authenticity of the user and/or the message is verified. Furthermore the operation (authentication and/or signing) occurs without the need for an application to have some kind of a direct or indirect digital connection with the device containing the private key. In addition the operation occurs without the need for the PKI-enabled device containing the private key (e.g. a PKI smart card or USB stick) to either support symmetric cryptographic operations or to have been personalized with some secret or confidential data element that can be read by a suitable reader.10-20-2011
20120089840SYSTEM AND METHOD FOR CONTROLLING DATA COMMUNICATIONS BETWEEN A SERVER AND A CLIENT DEVICE - A system and method for controlling data communications between a server and a client device, such as a mobile device. Embodiments relate generally to a technique where stop data is provided to the client device. This stop data can be transmitted (e.g. by the client device) to the server. When processed by the server, the stop data indicates to the server that at least some of the encrypted data received by the client device from the server was not decrypted using the second key (e.g. as may be the case when the second key has been deleted). Upon receiving the stop data, the server may, for example, withhold the transmission of data encrypted with the first key to the client device until the second key is restored on the client device. In one embodiment, the stop data is provided to the client device in an encoded (e.g. encrypted) form.04-12-2012
20120089839ONLINE SECURE DEVICE PROVISIONING WITH ONLINE DEVICE BINDING USING WHITELISTS - One or more servers are provided including a session manager, authentication module, authorization module, encryption module, database, and protocol handler. The session manager is configured to receive requests for new identity data from network-enabled devices. Each request is authenticated first by the update server via its authentication module by validating the signature of the request message as well as the certificate chain trusted by the update server. The authorization module is configured to determine if the network-enabled devices specified on a whitelist are authorized to be provisioned with new identity data. The database is configured to receive new identity records generated by an identity data generation system. Each of the new identity records includes a new identifier. The new identifier is not associated or linked to any previously assigned/used identifiers and identity data, thus all the new identity records are generated independently and then loaded to the update server.04-12-2012
20120089838METHOD AND DEVICE FOR SECURELY CONFIGURING A TERMINAL - A method of configuring a terminal including initializing the terminal, and which automatically triggers at least: detecting presence of a memory by a basic input/ouput system of the terminal, accessing the memory by the basic input/ouput system, starting up an operating system stored in the memory, and starting up a driver of a telecommunication network access module, the driver of the access module being stored in the memory and configured to drive the access module through a communication link between the terminal and a telecommunication device including the access module.04-12-2012
20110276802METHODS AND APPARATUS FOR PEER-TO-PEER TRANSFER OF SECURE DATA USING NEAR FIELD COMMUNICATIONS - The present invention discloses an apparatus and method of transferring data from a first device to a second device. The method includes transmitting a request to transfer the data from the first device to the second device, receiving, at the first device, a decryption key to allow transfer of the data stored in a memory of the first device, receiving, at the second device, an encryption key, and transmitting the data from the first device to the second device using peer-to-peer communications. The method also includes encrypting the data at the second device using the encryption key, storing the encrypted data in a memory of the second device, receiving, at the first device, an acknowledgement from the second device, the acknowledgement indicating that the data has been encrypted and stored in the memory of the second device, and deleting the data from the memory of the first device.11-10-2011
20120096269DYNAMICALLY SCALABLE VIRTUAL GATEWAY APPLIANCE - A Virtual Elastic Gateway Appliance (VEGA) that implements all the capability of a security gateway in a set of virtual appliances for operation in a virtualized, cloud environment is provided. The virtual appliances are divided into various components to provide key exchange and data protection in separate virtual appliances allowing each to be scaled elastically and independently. Security management of the virtual gateway is under control of the client while the cloud provider can meter use of virtual resources. Shared state operation and tunneled key exchange ensure robust operation in a dynamic environment.04-19-2012
20120331297METHOD FOR RECEIVING/SENDING MULTIMEDIA MESSAGES - A multimedia messaging system for receiving/sending multimedia messages, includes: a wireless LAN; and a MMS gateway. The MMS gateway performs: receiving/sending the multimedia message to/from a MMS user device via the wireless LAN; and encrypting the multimedia message. The encryption is performed by: issuing a certificate to the MMS user device; sending a session ID and a master key encrypted by the MMS gateway's private key to the MMS user device in response to a request of the MMS user device having the certificate; generated a shared secret key using an algorithm combining the master key with the MMS user device's phone number and the session ID; and encrypting the multimedia message using the shared secret key.12-27-2012
20120331298SECURITY AUTHENTICATION METHOD, APPARATUS, AND SYSTEM - Embodiments of the present invention provide a security authentication method, apparatus, and system, where the method includes: verifying a feature identifier for identifying terminal equipment, where the terminal equipment is machine-to-machine equipment; and obtaining a key corresponding to the feature identifier, so as to perform secure communication with the terminal equipment according to the key. In the embodiments of the present invention, after terminal equipment, a mobility management entity, and a home subscriber system successfully perform authentication and key agreement, it is verified whether a feature identifier of the terminal is legal, and when the feature identifier of the terminal is a legal identifier, a key is obtained according to the feature identifier, so that the mobility management entity and the terminal equipment perform secure communication according to the key, thereby implementing secure communication between M2M equipment and a network side.12-27-2012
20110320816SYSTEMS AND METHOD FOR MALWARE DETECTION - A system and method for distinguishing human input events from malware-generated events includes one or more central processing units (CPUs), one or more input devices and memory. The memory includes program code that when executed by the CPU causes the CPU to obtain a first set of input events from a user utilizing the input device. The first input events are used to obtain or derive a feature indicative of the user, such as a multi-dimensional feature vector as provided by a support vector machine. Second input events are then obtained, and the second input events are classified against the feature to determine if either the user or malware initiated the second input events.12-29-2011
20120137133Key Agreement and Transport Protocol - A key establishment protocol includes the generation of a value of cryptographic function, typically a hash, of a session key and public information. This value is transferred between correspondents together with the information necessary to generate the session key. Provided the session key has not been compromised, the value of the cryptographic function will be the same at each of the correspondents. The value of the cryptographic function cannot be compromised or modified without access to the session key.05-31-2012
20100199095Password-Authenticated Association Based on Public Key Scrambling - A system and method for establishing a mutual entity authentication and a shared secret between two devices using a password without giving any useful information for finding the password is disclosed. Unique first private keys and first public keys are assigned to both devices. A shared password is provided to both devices. The public keys are scrambled using the shared password and then exchanged between the two devices. Both devices descramble their respectively received scrambled public keys using the shared password to recover the public keys. Both devices compute a shared secret from their own private keys and the recovered public keys. Both devices compute, exchange, and verify their hashes of the shared secret. If verification is successful, both devices use the shared secret to generate a shared master key, which is used either directly or via a later-generated session key for securing message communications between the two devices.08-05-2010
20100199093KEY EXCHANGE DEVICE - The present invention includes a section (08-05-2010
20130013926Method and Apparatus for Device-to-Device Key Management - Various methods for device-to-device key management are provided. One example method includes receiving a communication mode change command requesting a mode change to device-to-device communications, and generating a local device security key based on a secret key and a base value. The local device security key may be configured for use in device-to-device communications. The example method may also include receiving a security key combination value, and deconstructing the security key combination value using the local device security key to determine a peer device security key. The peer device security key may be configured for use in device-to-device communications. Similar and related example methods and example apparatuses are also provided.01-10-2013
20100153726AUTHENTICATION METHOD, SYSTEM, AND APPARATUS THEREOF FOR INTER-DOMAIN INFORMATION COMMUNICATION - The present invention provides an authentication method for inter-domain information communication applied to first and second domains. The method instructs a first electronic device belonging to the first domain to request, through an intermediary node device simultaneously registered in the first and second domains, to obtain a first key from a second key distribution center in the second domain for transmission to a second electronic device in the second domain, and instructs the second electronic device to request, through the intermediary node device, to obtain a second key from a first key distribution center in the first domain for transmission to the first electronic device. Therefore, the first and second electronic devices are instructed to generate a shared third key using the first and second keys to perform secure information communication authentication.06-17-2010
20130019099Strengthened Public Key Protocol - A method of determining the integrity of a message exchanged between a pair of correspondents. The message is secured by embodying the message in a function of a public key derived from a private key selected by one of the correspondents. The method comprises first obtaining the public key. The public key is then subjected to at least one mathematical test to determine whether the public key satisfies predefined mathematical characteristics. Messages utilizing the public key are accepted if the public key satisfies the predefined mathematical characteristics.01-17-2013
20130019098SYSTEMS AND METHODS FOR AUTHENTICATING AN ELECTRONIC TRANSACTION - Systems and methods for authenticating a request between a client computer and a transaction server are provided. An application request, comprising an identity of a user originating the request, is received at an application server from the client. The application server constructs a signing key based on (i) the identity of the user making the request, (ii) a time based salt value, (iii) a secret shared between the application and transaction servers and, optionally, (iv) an identifier of the distributor or developer of the application. The signing key is embedded in an unbranded version of the application thereby branding the application. The branded application can sign a request with the signing key and submit the signed request to the transaction server with the identity of the user and the identifier of the distributor or developer of the application.01-17-2013
20110145583Smart Card Security Feature Profile in Home Subscriber Server - In accordance with the exemplary embodiments of the invention there is at least a method, an executable computer program, and an apparatus to determine at a network application function a list of desired user equipment security features to be used, the security features of the list ordered by preference of the network application function, send the list to a database of user security settings via a bootstrapping server function, and receive by the network application function, via the bootstrapping server function, a security features response including a security key, derived from information stored in the database, corresponding to a desired security feature contained in the list, thereby informing the network application function of the availability of at least one of the desired security features in the user equipment.06-16-2011
20110161671SYSTEM AND METHOD FOR SECURING DATA - A system and method are provided for securing data. The method includes generating a first public encryption key by a cryptographic processor associated with a first computer subsystem; sending the first public encryption key to a second computer subsystem; and receiving first encrypted data at the first computer subsystem, the first encrypted data having been encrypted by the second computer subsystem using the first public encryption key. The method further includes generating a first private encryption key by the cryptographic processor; decrypting the first encrypted data using the first private encryption key generated by the cryptographic processor to obtain a first decrypted data; and storing the first decrypted data in a memory associated with the cryptographic processor.06-30-2011
20130024693Network Reputation System And Its Controlling Method Thereof - A network reputation system and its controlling method are provided. A credential and exchange component permits a user to generate credentials and exchange matching items with those persons having a social relationship with the user. A reputation evaluation component enables other users to make evaluations about an estimatee via the sharing of social network information. A query and response component receives a query from a person having a social relationship with the user for requesting an evaluation about the estimatee, and responds with an associated evaluation result to the person having a social relationship with the user, via the sharing of social network information and the evaluations made by the other users about the estimatee.01-24-2013
20120066500Method of Time Synchronization Communication - A method for sending a public key from a client to a time server for encrypting a response message to the client as part of a time synchronization communication to providing a safe way of performing time synchronization communication, where the method comprises sharing the public key of the time server with the client prior to the time synchronization communication, sending an encrypted public key of the client to the time server, and decrypting the encrypted public key of the client using the private key of the time server by the time server.03-15-2012
20080244267Local and remote access control of a resource - Embodiments of the invention are generally directed to systems, methods, and apparatuses for local and remote access to a resource. In some embodiments, an integrated circuit includes a configurable hardware resource. In addition, the integrated circuit may also include access control logic to authenticate agents that attempt to configure the resource. In some embodiments, the agents may be in-band or out-of-band agents. Other embodiments are described and claimed.10-02-2008
20080235512PRINT DATA COMMUNICATION WITH DATA ENCRYPTION AND DECRYPTION - A printing job containing printing data is transmitted to a specified image forming apparatus through a communications medium so that the printing data can be printed by the specified image forming apparatus. The printing data is encrypted in an encrypting method specified for printing the printing job, the information about the destination for the image forming apparatus is obtained, and the information about the destination obtained by the obtaining means is decrypted by the disclosed method, apparatus, and medium.09-25-2008
20080235511DEVICE AUTHENTICATION AND SECURE CHANNEL MANAGEMENT FOR PEER-TO-PEER INITIATED COMMUNICATIONS - A method and system for providing secure access to a device initiating communications using a peer-to-peer signaling protocol, such as a SIP or H.323. In a device registration phase, the device contacts a secure access server, and authenticates to the secure access server by providing an identification, such as its factory ID. The secure access server then issues a device ID and private key to the authenticated device. A client can then initiate a further communication session and be authenticated by the secure access server. The secure access server returns the device identification and the device's public key to the client. The client and device can then perform a symmetrical key exchange for their current communication session, and can communicate with appropriate encryption. The device's private key can be set to expire after one or more uses.09-25-2008
20080222416Secure Network Connection - Implementations described and claimed herein provide a secure network connection for remote access, e.g., to building automation systems. A secure network connection may be established according to one implementation between a remote client and a system host for the building automation system. The system host provides its network address to a security host. When the remote client desires access to the system host, the remote client requests the network address from the security host. The security host authenticates the remote client as an authorized user. If the remote client is an authorized user, the security host provides the network address and a security key to the remote client. The remote client then uses the network address to request access to the system host. The system host authenticates the remote client by requesting the security host to verify the security key before granting the remote client access to the system host.09-11-2008
20130179689INFORMATION DISTRIBUTION METHOD, INFORMATION DISTRIBUTION SYSTEM AND IN-VEHICLE TERMINAL - [Objective] When installing software into an in-vehicle terminal from a server, it is required to prevent the software from being installed into an unsuitable terminal, and to reduce time and efforts for data input and download, thereby improving the convenience of the user.07-11-2013
20130097424DISCOVERY OF SECURE NETWORK ENCLAVES - A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.04-18-2013
20130097423PROCESSING DEVICE AND COMPUTER-READABLE RECORDING MEDIUM HAVING STORED THEREIN PROCESSING PROGRAM - A processing device for executing predetermined process associated with information to be processed at preset key time, the processing device includes a processor, wherein the processor determines whether or not key time is included in a check period which is between key time at which previous process was performed and current time, at a check timing set for each predetermined time; and the processor executes the predetermined process which is to be performed at the key time, when it is determined that the key time is included in the check period.04-18-2013
20130103947TEMPORAL PROXIMITY TO VERIFY PHYSICAL PROXIMITY - A security system assesses the response time to requests for information to determine whether the responding system is in physical proximity to the requesting system. Generally, physical proximity corresponds to temporal proximity. If the response time indicates a substantial or abnormal lag between request and response, the system assumes that the lag is caused by the request and response having to travel a substantial or abnormal physical distance, or caused by the request being processed to generate a response, rather than being answered by an existing response in the physical possession of a user. If a substantial or abnormal lag is detected, for example due to the fact that the information was downloaded from the Internet, the system is configured to limit subsequent access to protected material by the current user, and/or to notify security personnel of the abnormal response lag.04-25-2013
20130124867SYSTEM AND METHOD FOR SECURE SOFTWARE LICENSE DISTRIBUTION - In one embodiment, a method includes receiving a request to remove one or more limitations imposed on a full-featured base application executing on a client computer. The method further includes creating a license package. The license package includes a first layer and a second layer separately encrypted therein. The second layer includes a license key operable to be consumed by the full-featured base application to remove the one or more limitations. The first layer comprises information sufficient to identify the license key. In addition, the method includes encapsulating the license package into a file having a file-type association with the full-featured base application. Further, the method includes transmitting the file to the client computer. The method also includes interacting with the full-featured base application to allow decryption of the first layer and the second layer so that the license key can be applied.05-16-2013
20130124866CLIENT-SERVER SYSTEM WITH SECURITY FOR UNTRUSTED SERVER - In the context of a computer client-server architecture, typically used in the Internet for communicating between a server and applications running on user computers (clients), a method is provided for enhancing security in the context of digital rights management (DRM) where the server is an untrusted server that may not be secure, but the client is secure. This method operates to authenticate the server to the client and vice versa to defeat hacking attacks intended to obtain confidential information. Values passed between the server and the client include encrypted random numbers, authentication values and other verification data generated using cryptographic techniques including double encryption.05-16-2013
20130145164SEMICONDUCTOR MEMORY DEVICE - According to one embodiment, a device includes a first memory area to store a first key. A second memory area stores encrypted secret identification (ID) information generated from secret ID information with a family key. A third memory area stores a family key block including data generated from the family key with an ID key. An authentication module performs authentication. A second key is generated from a first number with the first key, a session key is generated from a random number with the second key, and authentication information is generated from the secret ID information with the session key. The encrypted secret ID information, family key block and the authentication information is output.06-06-2013
20110219233QUADRATIC RESIDUE BASED PASSWORD AUTHENTICATED KEY EXCHANGE METHOD AND SYSTEM - A method is provided for use in secure electronic communication. The method may include obtaining a password shared with an intended key exchange entity and sending a key exchange request including a first value to the intended key exchange entity. The method may also include receiving a key exchange reply including a permutation of a first quadratic residue of the first value, and calculating a second quadratic residue of the first value based on the key exchange reply. Further, the method may also include determining a second value shared with the key exchange entity based on the first quadratic residue and the second quadratic residue.09-08-2011
20100287374Protecting Hardware Circuit Design by Secret Sharing - Techniques are able to lock and unlock and integrated circuit (IC) based device by encrypting/decrypting a bus on the device. The bus may be a system bus for the IC, a bus within the IC, or an external input/output bus. A shared secret protocol is used between an IC designer and a fabrication facility building the IC. The IC at the fabrication facility scrambles the bus on the IC using an encryption key generated from unique identification data received from the IC designer. With the IC bus locked by the encryption key, only the IC designer may be able to determine and communicate the appropriate activation key required to unlock (e.g., unscramble) the bus and thus make the integrated circuit usable.11-11-2010
20130151854METHOD FOR AUTHENTICATING A PORTABLE DATA CARRIER - A method for authenticating a portable data carrier (06-13-2013
20130151853SYSTEMS AND METHODS FOR SECURE PEER-TO-PEER COMMUNICATIONS - Systems and methods for secure peer-to-peer communication are disclosed herein. Various embodiments of the present invention advantageously enable authentication of a remote device, but without the use of a PKI certificate, and more generally, without requiring involvement from outside parties. In an exemplary embodiment, a password-protected message may be sent to a remote device, the password-protected message containing a unique identifier of a local device and a locally generated random number. Upon accessing the password-protected message, the remote device may reply to the local device including its own unique identifier and a remotely generated random number, where the reply is encrypted using the locally generated random number. An acknowledgement message may then be sent to the remote device including a mutually unique key, where the acknowledgement message is encrypted using the remotely generated random number. Subsequent communications between these devices may then be encrypted with this mutually unique key.06-13-2013
20100318800KEY MANAGEMENT IN SECURE NETWORK ENCLAVES - A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.12-16-2010
20120284520ESTABLISHING SHARED INFORMATION IN A NETWORK - A method for establishing shared information is described. The method includes estimating characteristics of a communication channel between two nodes based on signals transmitted between the nodes. The method also includes transmitting a signal from the first node to the second node, the signal being modulated with a first data sequence according to a first estimated characteristic, and transmitting a signal from the second node to the first node, the signal being modulated with a second data sequence according to a second estimated characteristic. Shared information is formed at each of the first and second nodes based on at least a portion of the first data sequence and at least a portion of the second data sequence.11-08-2012
20120284519IMPLEMENTING METHOD, SYSTEM OF UNIVERSAL CARD SYSTEM AND SMART CARD - An implementing method, a system of a universal card system and a smart card are disclosed. The smart card receives the creating master control sub-application message from a card-issuing party operation platform, decrypts the message according to a pre-stored encryption key of the card-issuing party sensitive data, obtains the master control sub-application data, and creates a master control sub-application according to the master control sub-application data. An enterprise managing key is included in the master control sub-application data. The smart card receives the creating non-master control sub-application message from an enterprise operation platform, decrypts the creating non-master control sub-application message according to encryption key of the enterprise sensitive data in the enterprise managing key, obtains the non-master control sub-application data, and creates a non-master control sub-application according to the non-master control sub-application data.11-08-2012
20120284518METHOD OF ANONYMOUS ENTITY AUTHENTICATION USING GROUP-BASED ANONYMOUS SIGNATURES - Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a first entity and a second entity. The first entity remains anonymous to the second entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication between the entities, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).11-08-2012
20130159715Secure Peer-to-Peer Messaging Invitation Architecture - First and second communication devices respectively have first and second personal identification numbers (PINs). The first communication device transmits to the second communication device a first encryption key, and receives from the second communication device the second PIN that has been encrypted by the second communication device using the first encryption key. The first communication device receives from the second communication device a second encryption key, decrypts the encrypted second PIN, and encrypts the first PIN using the second encryption key, and transmits the encrypted first PIN to the second communication device. The first communication device conducts, with the second communication, device a peer-to-peer messaging session by transmitting to the second communication device peer-to-peer messages that contain the second PIN and receiving from the second communication device peer-to-peer messages that contain the first PIN. Each message is routed by a routing server based on the respective first and second PINs.06-20-2013
20110314287Method and apparatus for binding subscriber authentication and device authentication in communication systems - An authentication method is provided between a device (e.g., a client device or access terminal) and a network entity. A removable storage device may be coupled to the device and stores a subscriber-specific key that may be used for subscriber authentication. A secure storage device may be coupled to the device and stores a device-specific key used for device authentication. Subscriber authentication may be performed between the device and a network entity. Device authentication may also be performed of the device with the network entity. A security key may then be generated that binds the subscriber authentication and the device authentication. The security key may be used to secure communications between the device and a serving network.12-22-2011
20110314286ACCESS AUTHENTICATION METHOD APPLYING TO IBSS NETWORK - An access authentication method applying to IBSS network involves the following steps of: 1) performing authentication role configuration for network entities; 2) authenticating an authentication entity and a request entity that have been performed the authentication role configuration via an authentication protocol; and 3) after finishing the authentication, the authentication entity and the request entity perform the key negotiation, wherein, the message integrity check field and protocol synchronization lock-in field are added in a key negotiation message. The access authentication method applying to IBSS network provided by the invention has the advantages of the better safeness and the higher execution efficiency.12-22-2011
20120030468SYSTEM AND METHOD FOR OPTIMAL VERIFICATION OF OPERATIONS ON DYNAMIC SETS - A system and method for cryptographically checking the correctness of outsourced set operations performed by an untrusted server over a dynamic collection of sets that are owned (and updated) by a trusted source is disclosed. The system and method provides new authentication mechanisms that allow any entity to publicly verify a proof attesting the correctness of primitive set operations such as intersection, union, subset and set difference. Based on a novel extension of the security properties of bilinear-map accumulators as well as on a primitive called accumulation tree, the system and method achieves optimal verification and proof complexity, as well as optimal update complexity, while incurring no extra asymptotic space overhead. The method provides an efficient proof construction, adding a logarithmic overhead to the computation of the answer of a set-operation query. Applications of interest include efficient verification of keyword search and database queries.02-02-2012
20120042167SIMPLE NONAUTONOMOUS PEERING NETWORK MEDIA - A method of playing content across a network includes receiving, at a media player, an input from a user selecting media located on a network, sending a request across a network comprised of devices employing a common security protocol, the request to identify peer devices on the network, receiving a response across the network from a peer device, and accessing the media from a content memory of the peer device. A method of tracking valid peers on a secure media network, includes receiving, at a media player, an input from a user selecting media located on a peer device on the network, performing an authentication test of the peer player, determining if a latency associated with the peer player meets a criteria, and updating a latency log on the media player to include the peer player. A device has a content memory to store media content for playback, a network port arranged to allow the device to access a network, and a controller programmed to send a request through the network port to a network, the request being for a particular media content file, communicate with a peer device across the network to authenticate a communication session with the peer device, receive a response from the peer device indicating that the session has been authenticated, and access the media content file on a content memory on the peer device.02-16-2012
20120066501MULTI-FACTOR AND MULTI-CHANNEL ID AUTHENTICATION AND TRANSACTION CONTROL - The present disclosure provides a system and method for conducting multi-factor and multi-channel ID authentication and transaction control. The authentication and transaction control may be conducted between a device and servers of the service providers only, without involvement of a third party. A server of the device assists personalizing, binding, unbinding and rebinding of the device with respect to the servers of the service providers.03-15-2012
20130091359Short-range Secure Data Communication Method Based on Sound Wave or Audio, and Apparatus Thereof - The present invention discloses an apparatus, a system and a method for short-range sound wave communication. The system realizes non-contact secure transmission by using the sound wave as the data transmission medium, and also can realize a reliable and secure data link directly through an audio connection. The invention systematically constructs multiple end-to-end transmission verification mechanisms for the process of data transmission: transmission data integrity verification, valid time verification, password verification, service data verification and data encryption; and according to the security level of the data, the sending end specifies the requirements for encryption and data verification in the transmission data so as to notify the reception end which verifications should be performed to the data packets, how to perform the verifications, etc. By using the same verification processing manner, operations can be performed to the data (e.g. the payment and settlement function of an account). With lower cost, the present invention can realize the reliable communication of a small data volume using sound wave, and has certain security.04-11-2013
20120096270END-TO-END NETWORK SECURITY WITH TRAFFIC VISIBILITY - End-to-end security between clients and a server, and traffic visibility to intermediate network devices, achieved through combined mode, single pass encryption and authentication using two keys is disclosed. In various embodiments, a combined encryption-authentication unit includes a cipher unit and an authentication unit coupled in parallel to the cipher unit, and generates an authentication tag using an authentication key in parallel with the generation of the cipher text using an encryption key, where the authentication and encryption key have different key values. In various embodiments, the cipher unit operates in AES counter mode, and the authentication unit operates in parallel, in AES-GMAC mode Using a two key, single pass combined mode algorithm preserves network performance using a limited number of HW gates, while allowing an intermediate device access to the encryption key for deciphering the data, without providing that device the ability to compromise data integrity, which is preserved between the end to end devices.04-19-2012
20130212392KEY MANAGEMENT ON DEVICE FOR PERIMETERS - There is provided a method and apparatus for resetting a password for a device or managing the device, the device having an encryption perimeter. A device shares a public/private key pair with a server, the public key being on the device and the private key being on the server. An intermediate value is encrypted on the mobile device using the public key. If the password is lost or the device needs to be managed, the server can request the encrypted intermediate value, decrypt it, and send the decrypted value to the mobile device which may then resume operations. A new password may be provided by the server or the user may set a new password once the encryption key is recreated from the decrypted intermediate value.08-15-2013
20130212395MONITORING AND CONTROLLING ACCESS TO ELECTRONIC CONTENT - Methods, systems and apparatuses for monitoring and controlling access to an electronic content are disclosed. One method includes creating, by an owner server, a group comprising generating a group public key PK08-15-2013
20130212393SECURING A SECRET OF A USER - Methods, systems and apparatuses for securing a secret are disclosed. One method includes receiving a secret from the user and generating encrypted shares based on the secret, a policy, and a plurality of public keys. The encrypted shares are provided to a custodian, wherein the custodian verifies that the encrypted shares can be used to reconstitute the secret upon receiving the encrypted shares.08-15-2013
20130212394Method for 802.1X Authentication, Access Device and Access Control Device - In a method for 802.1X authentication, used in a network which comprises an access device and an access control device, a WLAN security template and a 802.1X client template is enabled at the access device, a 802.1X client template is enabled at the access device, and a 802.1X device template is enabled at a tunnel port of the access control device. The access control device establishes a 802.1X authentication tunnel with the access device, receive a packet transmitted by a client at the access control device through the 802.1X authentication tunnel, authenticates the client after receiving the packet, and assists the access device through the 802.1X authentication tunnel to obtain a session key.08-15-2013

Patent applications in class Having key exchange