Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


DATA PROCESSING PROTECTION USING CRYPTOGRAPHY

Subclass of:

713 - Electrical computers and digital processing systems: support

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
713193000 By stored data protection 438
713190000 Computer instruction/address encryption 157
713194000 Tamper resistant 43
713192000 Having separate add-on board 13
713191000 Upgrade/install encryption 7
Entries
DocumentTitleDate
20110179287SECURE DATA PARSER METHOD AND SYSTEM - The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.07-21-2011
20130031374FIRMWARE-BASED TRUSTED PLATFORM MODULE FOR ARM PROCESSOR ARCHITECTURES AND TRUSTZONE SECURITY EXTENSIONS - A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.01-31-2013
20130031373Product authentication based upon a hyperelliptic curve equation and a curve pairing function - Disclosed is a method, system, and device to authenticate a product. A plurality of public parameters and a secret master key are selected. The public parameters include a hyperelliptic curve equation and a curve pairing function. A public product activation code and a private product activation code are generated based upon the public parameters and the secret master key. The public parameters and the public product activation code are stored with the product. Further, the private product activation code is associated with the product. The product is authenticated if the private product activation code entered to a client device satisfies a mathematical formula implemented with the public parameters and the public product activation code.01-31-2013
20130031372SECURE DATA STORAGE - Methods and systems for obscuring the location of critical system files are provided. In particular, the locations of files stored within a file system are selected by applying various inputs to a hash algorithm. For system files, the inputs applied to the hash algorithm can include a user name and password. For data files, the information provided to the hash algorithm can include the file name. In addition to providing random file locations, a file system in accordance with embodiments of the present invention can homogenize other information, including file names, sizes and creation dates.01-31-2013
20090070597Method and Apparatus for Store and Replay Functions in a Digital Radio Broadcasting Receiver - A method includes: receiving a plurality of audio frames, assembling groups of the audio frames into logical recording units, storing a plurality of the logical recording units, retrieving the stored logical recording units, and decoding the retrieved logical recording units. An apparatus that performs the method is also provided.03-12-2009
20120173882SYSTEM AND METHOD FOR IN-PLACE ENCRYPTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for performing in-place encryption. A system configured to practice the method receives a request from a user to encrypt an unencrypted volume of a computing device and identifies, generates, and/or randomly selects a volume key. Then the system converts the unencrypted volume to an encryptable format divided into portions. The system then encrypts, based on the volume key, the encryptable volume, portion by portion, to enable the user to use the computing device while encrypting. The system can maintain an encryption progress status and display the encryption progress status. The system can monitor disk accesses to the encryptable volume, and, when the disk accesses exceed a first threshold, apply a back-off algorithm to stop encrypting until the disk accesses fall below a second threshold. Thus, the computing device can be used while the encryption occurs in the background.07-05-2012
20120173880System And Method For Decrypting Content Samples Including Distinct Encryption Chains - Embodiments may be configured to receive a protected version of content that includes multiple encrypted content samples. In various embodiments, each encrypted content sample includes multiple encrypted blocks. For a given encrypted content sample, different sets of encrypted blocks in that sample may form different encryption chains. The protected version of the content may further include decryption information for decrypting the encrypted content samples. The decryption information may include at least some initialization vectors generated dependent upon non-content information that is not included in the protected version of the content. The non-content information may be from a different protected version of the content. Embodiments may be configured to use the decryption information to decrypt one or more of the encrypted content samples.07-05-2012
20100088523TRUSTED PLATFORM MODULE SECURITY - The described implementations relate to trusted platform module (TPM) security. One configuration that is implemented on a computing device includes a TPM configured to generate a key pair utilizing a factor stored on the TPM and an external cofactor that is not stored on the TPM. The computing device also includes a communication device configured to receive the external cofactor and convey the external cofactor to the TPM.04-08-2010
20110197076Total computer security - A total security system for a computer which permits a user to render the entire computer's contents beyond access by any third party. A security program grants a user access to the directory of files stored on the computer. The security program is capable of selectively corrupting the directory of files with the capability also to selectively restore the directory of files to its original condition.08-11-2011
20130086392INCREASING DATA SECURITY IN ENTERPRISE APPLICATIONS BY USING FORMATTING, CHECKSUMS, AND ENCRYPTION TO DETECT TAMPERING OF A DATA BUFFER - A method, system, and computer program product for using hidden buffer formatting and passing obfuscated encryption key values to detect tampering with and/or prevent unauthorized inspection of a data buffer. The method comprises receiving an unencrypted sequence to be encrypted, selecting a layout version to associate to an encryption method and a checksum method, then encrypting the unencrypted sequence using the encryption method to form an encrypted sequence, and calculating, using the checksum calculation method, an unencrypted sequence checksum. Further, storing the encrypted sequence to form a hidden buffer payload, which hidden buffer has its own hidden buffer payload checksum. Encryption keys are not stored in program data, nor sent in the hidden buffers. Instead obfuscated encryption key values are used to generate keys on the fly. The receiver of a hidden buffer and obfuscated encryption key values can detect tampering or data corruption of the payload for further processing.04-04-2013
20110202774System for Collection and Longitudinal Analysis of Anonymous Student Data - A method and system for aggregating and anonymizing student data is disclosed. A method includes receiving from an educational institution a set of student data records, each student data record associated with a student and including a unique identifier, and lacking information rendering the record personally identifying of a student. The method further includes, for each student data record, extracting the unique identifier associated with the student data record, and encrypting the unique identifier. The method also includes associating the encrypted unique identifier with the student data record to form an anonymized student data record and storing the anonymized student data record in a database containing aggregated student data.08-18-2011
20100077227CRYPTOGRAPHIC PROCESSING DEVICE AND METHOD FOR ADAPTING TO SHARED-CACHE ATTACKS - Embodiments of a cryptograph processing device and method for adapting to shared-cache attacks are generally described herein. Other embodiments may be described and claimed. In some embodiments, the cryptographic processing device comprises first and second processing units, and a cache that is shared by the first and second processing units. The first processing unit may monitor a number of cache misses that occur during the performance of a first cryptographic process and may switch to performing a second cryptographic process after the number of cache misses exceeds a threshold.03-25-2010
20100077225Protection Against Side Channel Attacks with an Integrity Check - The invention relates to a method for protecting a sensitive operation by checking the integrity of at least a subset of the data manipulated by the sensitive operation. Data to be checked are divided into blocks, an intermediate integrity check value being computed for each block, the intermediate integrity check values being computed in random order. The invention also relates to a cryptographic device wherein at least one sensitive operation of the cryptographic device is protected by a method according to the invention.03-25-2010
20100115289Method and apparatus for encrypting user data - A mobile terminal is capable of performing message encryption. The mobile terminal includes a display unit that can display contents of a message and an input unit that can receive a selection input for a portion of the displayed content. A portion of the displayed content can be selected for encryption. The selected portion of the displayed content is encrypted. The mobile terminal can store the message containing the encrypted content and information regarding the password.05-06-2010
20130086393INCREASING DATA SECURITY IN ENTERPRISE APPLICATIONS BY OBFUSCATING ENCRYPTION KEYS - A method, system, and computer program product for using hidden buffer formatting and passing obfuscated encryption key values to detect tampering with and/or prevent unauthorized inspection of a data buffer. The method comprises receiving an unencrypted sequence to be encrypted, selecting a layout version to associate to an encryption method and a checksum method, then encrypting the unencrypted sequence using the encryption method to form an encrypted sequence, and calculating, using the checksum calculation method, an unencrypted sequence checksum. Further, storing the encrypted sequence to form a hidden buffer payload, which hidden buffer has its own hidden buffer payload checksum. Encryption keys are not stored in program data, nor sent in the hidden buffers. Instead obfuscated encryption key values are used to generate keys on the fly. The receiver of a hidden buffer and obfuscated encryption key values can detect tampering or data corruption of the payload for further processing.04-04-2013
20130086391SYSTEM, ARCHITECTURE AND METHOD FOR SECURE ENCRYPTION AND DECRYPTION - There is disclosed a system, architecture and method for encryption and decryption of a record. In an embodiment, a method comprises identifying a target record to be encrypted; analyzing one or more clear text linguistic attributes of the target record; generating a linguistic encryption key based on the analysis of one or more clear text linguistic attributes; and encrypting the target record with the linguistic encryption key, the linguistic encryption key operable to decrypt the encrypted target record in a reverse operation.04-04-2013
20130086390System and Method of Securing Private Health Information - A system and method for the secure processing of private health information. Fully homomorphically encrypted private health information, along with a request to process that information, is transmitted to a third party who performs operations on the encrypted private health information in accordance with the request, yielding an encrypted result. The encrypted result may be decrypted only by the party in possession of the corresponding private key. The invention enables encrypted private health information to be processed by third parties while preventing them from decrypting it.04-04-2013
20130080790Encrypted Memory Access - Various systems and methods for encrypting data are disclosed. In one aspect, the method includes receiving a memory address and a value to be written in the memory address. The method also includes encrypting the value using the memory address as an initial value for an encryption process. The method also includes storing the encrypted value in the memory address.03-28-2013
20100037067Operating System - A new and improved operating system comprising a series of self-contained interconnected modules and service layers for connecting proprietary systems together and extracting and translating data therefrom enables existing software systems to operate and cooperate in an existing software ecosystem while allowing flexible connections with both existing and new applications.02-11-2010
20090119514CONTENT DATA STRUCTURE AND MEMORY CARD - Content data of the present invention is used by a playback apparatus having a display. The content data has a data structure in which a plurality of pieces of audio data to be played back are associated with pieces of encrypted code information which are created by encrypting with a predetermined algorithm pieces of code information. Each piece of the code information indicates text to be shown on the display at the time of playback of a corresponding piece of the audio data.05-07-2009
20130036312Method and Device for Protecting Memory Content - A method of protecting digital data stored in a storage medium. The method comprises providing a first and a second addressable storage region in the storage medium, and selector means for selectively indicating one of the first and the second addressable storage regions as active; storing the digital data in the first addressable storage region of the storage medium, wherein the digital data stored in the first addressable storage region is stored encrypted with a first encryption key; and causing the selector means to indicate the first addressable storage region as being active; and, responsive to a trigger event, copying the digital data from the first to the second addressable storage region, wherein the digital data stored in the second addressable storage region is stored encrypted with a second encryption key; and causing the selector means to indicate the second addressable storage region as being active.02-07-2013
20130036311INTELLIGENT SENSOR AND CONTROLLER FRAMEWORK FOR THE POWER GRID - Disclosed below are representative embodiments of methods, apparatus, and systems for monitoring and using data in an electric power grid. For example, one disclosed embodiment comprises a sensor for measuring an electrical characteristic of a power line, electrical generator, or electrical device; a network interface; a processor; and one or more computer-readable storage media storing computer-executable instructions. In this embodiment, the computer-executable instructions include instructions for implementing an authorization and authentication module for validating a software agent received at the network interface; instructions for implementing one or more agent execution environments for executing agent code that is included with the software agent and that causes data from the sensor to be collected; and instructions for implementing an agent packaging and instantiation module for storing the collected data in a data container of the software agent and for transmitting the software agent, along with the stored data, to a next destination.02-07-2013
20090144559ELECTRONIC DEVICE BOOTED UP WITH SECURITY, A HASH COMPUTING METHOD, AND A BOOT-UP METHOD THEREOF - A method for authenticating a public key to execute a process with security, including: invoking a process; reading a public key from a first source; calculating a hash value of the public key with a block encryption algorithm, wherein part of the public key is an initial input value of the block encryption algorithm; reading a hash value from a second source; comparing the calculated hash value to the read hash value to determine if the public key is authentic; and executing the process if the public key is authentic.06-04-2009
20090132831CIRCUIT ARRANGEMENT WITH NON-VOLATILE MEMORY MODULE AND METHOD FOR EN-/DECRYPTING DATA IN THE NON-VOLATILE MEMORY MODULE - An apparatus and method is provided for protecting data in a non-volatile memory by using an encryption and decryption that encrypts and decrypts the address and the data stored in the non-volatile memory using a code read only memory that stores encryption and decryption keys that are addressed by a related central processing unit at the same time data is being written or read from the non-volatile memory by the central processing unit.05-21-2009
20090158054PRIVATE DATA PROCESSING - A method for processing one or more terms includes, at a first computation facility, computing an obfuscated numerical representation for each of the terms. The computed obfuscated representations are provided from the first facility to a second computation facility. A result of an arithmetic computation based on the provided obfuscated values is received at the first facility. This received result represents an obfuscation of a result of application of a first function to the terms. The received result is processed to determine the result of application of the first function to the terms.06-18-2009
20090158051METHOD AND SYSTEM FOR OBFUSCATING A CRYPTOGRAPHIC FUNCTION - A method of protecting an integrity of a data processing system. The method comprises determining (06-18-2009
20090158050Trusted Labeler - A cryptographic device and method are disclosed for processing different levels of classified information. Input and output ports are physically isolated on the cryptographic device. Within the cryptographic device, each port has its packets labeled in such a way that it can be processed differently from other packets by a cryptographic module. High-assurance techniques are used to assure labeling and proper processing of the packets. These labeled packets are intermixed on common pathways regardless of level of classification. Despite intermixing, separation of the packets is assured through the process.06-18-2009
20100332849INFORMATION PROCESSING APPARATUS, INFORMATION RECORDING MEDIUM MANUFACTURING APPARATUS, INFORMATION RECORDING MEDIUM, INFORMATION PROCESSING METHOD, INFORMATION RECORDING MEDIUM MANUFACTURING METHOD, AND COMPUTER PROGRAM - An information processing apparatus includes: a data processing unit that acquires content codes including a data processing program recorded in an information recording medium and executes data processing according to the content codes; and a memory that stores an apparatus certificate including an apparatus identifier of the information processing apparatus. The data processing unit is configured to execute an apparatus checking process applying the apparatus certificate stored in the memory on the basis of a code for apparatus checking process included in the content codes, acquire the apparatus identifier recorded in the apparatus certificate after the apparatus checking process, and execute data processing applying content codes corresponding to the acquired apparatus identifier.12-30-2010
20100106979Method, Apparatus, and Device for Providing Security Among a Calling Function and a Target Function - The device and accompanying apparatus and method provides security among a calling function, such as an any executable code, and at least one target function, such as any executable code that the calling function wishes to have execute. In one example, the device includes an engine operative to perform run-time verification of the signatures of secure interrupt handler code and at least one target function before allowing execution of the at least one target function. If both the secure interrupt handler code's signature and the at least one target function's signature are successfully verified, the at least one target function is allowed to execute.04-29-2010
20100106978DISPLAY DEVICE AND DISPLAY CONTENT SHARING METHOD - This present disclosure provides a display device and a display content sharing method by employing the display device, the display device includes a storage unit and a display unit, the display content sharing method includes: obtaining an identity code of a wireless communication device; obtaining encrypted digital content of the identity code in the storage unit; decrypting the encrypted digital content of the identity code; displaying the decrypted content on the display unit.04-29-2010
20100106977Method and Apparatus for Secure Software Platform Access - In an advantageous approach to securing type safety in software platform accesses made by software applications, this disclosure teaches the inclusion of cryptographically signed type information in software applications, for authentication and registration by a software platform. With this approach, a given software application is permitted to make platform accesses (e.g., data type instantiations, memory accesses, method invocations, etc.) only in conformance with the registered type information.04-29-2010
20100106976REPRESENTATION AND VERIFICATION OF DATA FOR SAFE COMPUTING ENVIRONMENTS AND SYSTEMS - Techniques for representation and verification of data are disclosed. The techniques are especially useful for representation and verification of the integrity of data (integrity verification) in safe computing environments and/or systems (e.g., Trusted Computing (TC) systems and/or environments). Multiple independent representative values can be determined independently and possibly in parallel for respective portions of the data. The independent representative values can, for example, be hash values determined at the same time for respective distinct portions of the data. The integrity of the data can be determined based on the multiple hash values by, for example, processing them to determine a single hash value that can serve as an integrity value. By effectively dividing the data into multiple portions in multiple processing streams and processing them in parallel to determine multiple hash values simultaneously, the time required for hashing the data can be reduced in comparison to conventional techniques that operate to determine a hash value for the data as a whole and in a single processing stream. As a result, the time required for integrity verification can be reduced, thereby allowing safe features to be extended to devices that may operate with relatively limited resources (e.g., mobile and/or embedded devices) as well as improving the general efficiency of device that are or will be using safety features (e.g., Trusted Computing (TC) device).04-29-2010
20090150680Data Security in Mobile Devices - Systems, methods for computer program products for securely storing data in a data store or in an external data store associated with a mobile device are described herein. Data that is being sent from an application module to a data store, on the mobile device or an external data store used by the mobile device is first encrypted by a security manager. The security manager encrypts data based on an encryption algorithm that may be selected by a user. Data received from an application module is thus stored in an encrypted form on a data store. When an application requests data from the data store, the security manager decrypts the data and provides the data to the application module in its decrypted form. All data that is transmitted to or received from a data store or an external data store is intercepted by the security manager for encryption and decryption respectively.06-11-2009
20120216049SECURE OBJECT HAVING PROTECTED REGION, INTEGRITY TREE, AND UNPROTECTED REGION - A method and structure for a secure object, as tangibly embodied in a computer-readable storage medium. The secure object includes a cryptographically protected region containing at least one of code and data, an initial integrity tree that protects an integrity of contents of the cryptographically protected region; and an unprotected region that includes a loader, an esm (enter secure mode) instruction, and one or more communication buffers.08-23-2012
20090125726Method and Apparatus of Providing the Security and Error Correction Capability for Memory Storage Devices - A method and apparatus of configuring the byte structure of a memory storage device, including a flash memory device, to enhance the security and error correction capability is described. In one embodiment, the method includes increasing the security of data stored in the storage device by encrypting data with a unique initialization vector and storing the initialization vector in the storage device. The method also includes using a unique initialization vector for encrypting data, to be stored in each datablock, each time data are encrypted. In one embodiment, the apparatus includes an AES controller that includes encryption and decryption modules to encrypt and decrypt data prior to writing data to or reading from the storage device. The apparatus also includes an encoder module and decoder circuits to encode and decode data prior to writing or reading from memory storage devices. The apparatus optionally includes a state machine that generates and provides the initialization vector and also activates different components of AES controller and ECC module depending on the operation of the device.05-14-2009
20100095130SMARTCARDS FOR SECURE TRANSACTION SYSTEMS - Systems and methods for programming a secured smartcard are described. An encrypted mapping is stored on the smartcard and is accessible using encryption keys, each encryption key providing an access level to the content of the mapping, providing a reference mapping and a development key to a developer. The developer may provide data files and an edited version of the reference mapping. The encrypted mapping can then be updated and the files stored on the smartcard according to the updated encrypted mapping. The developer need not know the structure and content of the encrypted mapping file. The data file may include a biometric template corresponding to an authorized user of the smartcard. The data file may additionally or alternatively comprise an application that can access encrypted files on the smartcard even if the developer of the application cannot access those same files.04-15-2010
20130046995METHOD AND COMPUTER PROGRAM PRODUCT FOR ORDER PRESERVING SYMBOL BASED ENCRYPTION - A method for generating an encryption dictionary, the method includes generating a random value for each plaintext symbol of multiple plaintext symbols; and calculating a random token for each plaintext symbol based on a random value of the plaintext symbol and on random values of other plaintext symbols that have a lower lexicographic value than the plaintext symbol; wherein the calculating comprises applying a monotonic function; wherein the encryption dictionary comprises a mapping between the multiple plaintext symbols and random token of the multiple plaintext symbols.02-21-2013
20130046994INTEGRATED GENOMIC AND PROTEOMIC SECURITY PROTOCOL - Apparatuses, systems, computer programs and methods for implementing a genomics-based security solution are discussed herein. In an encryption process, plaintext may be converted to DNAtext and DNAtext may be converted to a ciphergene. The ciphergene may then be converted into a pre-transcriptional complex. The pre-transcriptional complex, in turn, may then be converted into a cipherprotein. The decryption process operates in the reverse of the encryption process to obtain plaintext.02-21-2013
20120191986CRYPTOGRAPHIC PROCESSING APPARATUS AND CRYPTOGRAPHIC PROCESSING METHOD, AND COMPUTER PROGRAM - In extended Feistel type common key block cipher processing, a configuration is realized in which an encryption function and a decryption function are commonly used. In a cryptographic processing configuration to which an extended Feistel structure in which the number of data lines d is set to an integer satisfying d≧3 is applied, involution properties, that is, the application of a common function to encryption processing and decryption processing, can be achieved. With a configuration in which round keys are permuted or F-functions are permuted in the decryption processing, processing using a common function can be performed by setting swap functions for the encryption processing and the decryption processing to have the same processing style.07-26-2012
20120191985Managing Keys used for Encrypting Data - A method, a data processing system, and a computer program product for managing cryptographic information. A determination is made as to whether a first time stamp of when cryptographic information was created is more recent than a second time stamp of a backup of the cryptographic information in response to receiving a request for the cryptographic information from a requester. The cryptographic information is used to encrypt data. The cryptographic information is prevented from being provided to the requester in response to a determination that the first time stamp of cryptographic information creation is more recent than the second time stamp of the backup of the cryptographic information.07-26-2012
20120191984DATA ENCRYPTION DEVICE AND MEMORY CARD - The invention provides a data encryption device that can perform high-speed access to an arbitrary page when encrypting data and writing it to a storage device that can be accessed in a page unit or reading data therefrom and decrypting it. The device: encrypts data and writes it to the storage device or reads data from the storage device and decrypts it by a stream cipher; uses a counter mode of a block cipher to generate pseudorandom number series; specifies a data position in the storage device based on a page number and a page block number, by dividing one page into plural page blocks having a block length of the block cipher; and uses a value determined by a function of the page number, the page block number, and an arbitrary offset value, as an initial value of a pseudorandom number to be used in the counter mode.07-26-2012
20120191983MANAGING INFORMATION IN A DOCUMENT SERIALIZATION - In a method for managing information comprising a reference name of an atomic unit listed in a document serialization, a new name for the atomic unit reference name is generated and occurrences of the atomic unit reference name in the document serialization are replaced with the new name for the atomic unit to conceal the atomic unit reference name. In addition, a map file containing a map file entry for each of a plurality of workflow participants is generated, in which each of the map file entries includes the new name and an access key to access the atomic unit.07-26-2012
20120191982NON-VOLATILE STORAGE OF ENCRYPTED DATA - Embodiments in accordance with the invention utilize the cryptographic transformation function of an SP processor to encrypt data at rest. The use of the primary processor-based cryptographic transformation function is preferable to use of an auxiliary cryptographic processor because the transformation occurs directly, and thus can be faster and more cost effective.07-26-2012
20130073868SELECTIVE ENCRYPTION WITHIN DOCUMENTS - A method and system for selective encryption within a document. A portion of the document selected and marked for encryption is detected, the selected portion of the document including plaintext. The detected portion of the document selected for encryption is encrypted as ciphertext. The encrypted portion of the document is decrypted with a proper decryption key, wherein the decrypting includes decrypting the encrypted portion of the document in response to presentation of required data by the accessor. The required data includes the proper decryption key, a name of the accessor, and an employee number of the accessor. The portion of the document is displayed as decrypted.03-21-2013
20130073867METHOD FOR STRENGTHENING THE IMPLEMENTATION OF ECDSA AGAINST POWER ANALYSIS - A method of inhibiting the disclosure of confidential information through power analysis attacks on processors in cryptographic systems. The method masks a cryptographic operation using a generator G. A secret value, which may be combined with the generator G to form a secret generator is generated. The secret value is divided into a plurality of parts. A random value is generated for association with the plurality of parts. Each of the plurality of parts is combined with the random value to derive a plurality of new values such that the new values when combined are equivalent to the secret value. Each of the new values is used in the cryptographic operation, thereby using the secret generator in place of the generator G in the cryptographic operation. The introduction of randomness facilitates the introduction of noise into algorithms used by cryptographic systems so as to mask the secret value and provide protection against power analysis attacks.03-21-2013
20130073864SYSTEM AND METHOD OF AUTHENTICATING MULTIPLE FILES USING A DETACHED DIGITAL SIGNATURE - A system and method of authenticating data files is provided. The method includes providing a plurality of software part files and a manifest file associated with the software part files. The manifest file identifies each of the plurality of software part files. The method includes associating the manifest file with a manifest detached digital signature. The method also includes digitally signing the manifest file with the manifest detached digital signature. The manifest detached digital signature authenticates the manifest file. The method includes associating each of the plurality of software part files with one a plurality of unique detached digital signatures. The method includes digitally signing each of the plurality of software part files with one of the plurality of unique detached digital signatures. Each of the plurality of unique detached digital signatures authenticates one of the software part files.03-21-2013
20130073866INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND PROGRAM - An information processing apparatus includes a data processing section for reproducing contents stored in a medium having a general purpose area in which encrypted contents and corresponding utilization controlling information are stored and a protected area including a plurality of blocks having access limitation set thereto and including a block having an encryption key for decrypting the encrypted contents stored therein. The data processing section acquires utilization controlling information corresponding to a content from the general purpose area, decides, based on the utilization controlling information, whether validity period information indicative of a content utilization permission period is to be acquired from the utilization controlling information or the encryption key storage block, acquires the validity period information based on a result of the decision and then compares the acquired validity period information and current date information to decide permission or inhibition of content reproduction.03-21-2013
20130073865Identifying peers by their interpersonal relationships - According to this disclosure, a user is identified (and selectively granted access to protected resources) by using information that describes the user's interpersonal relationships. This information typically is stored in a datastore, such as a digital address book, an online profile page, or the like. The user's digital address book carries an “acquaintance pattern” that changes dynamically in time. This pattern comprises the information in the user's contact list entries. In this approach, the entropy inherent in this information is distilled into a unique acquaintance digest (or “fingerprint”) by normalizing the contact list data, and then applying a cryptographic function to the result.03-21-2013
20130061060Systems and Methods for Controlling the Use of Processing Algorithms, and Applications Thereof - Embodiments provide systems and methods for controlling the use of processing algorithms, and applications thereof. In an embodiment, authorization to use an algorithm is validated in a system having a processor capable of executing user defined instructions, by executing a user defined instruction that writes a first value to a first storage of a user defined instruction block, uses the first value to transform a second value located in a second storage of the user defined instruction block, and compares the transformed second value to a third value located in a third storage. Use of the algorithm is permitted only if the comparison of the transformed second value to the third value indicates that use of the algorithm is authorized. In another embodiment, authorization to use an at least partially decrypted algorithm is validated via a key for enablement.03-07-2013
20130061059INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - An information processing apparatus including a virtual computer includes a key pair generating unit that generates a key pair of a virtual computer secret key and a virtual computer public key, a public key output unit that outputs the virtual-computer public key, a process target data retrieving unit that retrieves process target data encrypted with the virtual computer public key, a decryption unit that decrypts the retrieved process target data, a process program retrieving unit that retrieves a process program, an executing unit that executes the retrieved process program on the decrypted process target data, a public key retrieving unit that retrieves a process requester public key, an encryption unit that encrypts, with the retrieved process requester public key, process result data as a process result of the process program, and a process result data output unit that outputs the encrypted process result data.03-07-2013
20130061058PROTECTING APPLICATION PROGRAMS FROM MALICIOUS SOFTWARE OR MALWARE - An apparatus includes a memory to store a secure object comprising at least one of code and data that is encrypted when stored in the memory and a central processing unit (CPU) that is capable of executing an EnterSecureMode (esm) instruction that enables the decryption of the secure object's information when the secure object information is retrieved from the memory into the CPU. The CPU further comprises a feature to protect the secure object from code received from other software.03-07-2013
20120311349Method and System for a Programmable Parallel Computation and Data Manipulation Accelerator - Methods and systems are provided for a programmable parallel computation and data manipulation accelerator that may be used, for example, in cryptographic calculations. They allow acceleration of a broad variety of cryptographic algorithms and/or portions of algorithms, and are not algorithm specific. This system comprises a butterfly and inverse butterfly multiplexing permuter network and a lookup table. This system may allow replication of input registers, “expansion,” so that an individual bit may be used in multiple calculations in parallel, accelerating completion of the cryptographic algorithm. The system may allow “diffusion” of the expanded bits through the system's butterfly and inverse butterfly network, and may provide for “confusion” of the resulting bits through the system's lookup table. In some implementations, the system may allow completion of a computation within an algorithm within one clock cycle.12-06-2012
20090271637INFORMATION PROCESSING TERMINAL AND STATUS NOTIFICATION METHOD - The present invention aims at providing an information processing terminal, a status notification system, and a status notification method that can protect both privacy and security when a status of the information processing terminal is notified to a server. An information processing terminal 10-29-2009
20090271636COMPUTER ENABLED SECURE STATUS RETURN - Computer related method and apparatus to transmit a logical value (e.g., 1 or 0) between two entities, such as an operating system and application program, in a secure way in an insecure environment. The logical status is sent by in effect encrypting it using two random numbers, one from each entity, before sending it to the other entity. However the encrypting is much “lighter” (requiring much less computer or circuit resources) than any conventional secure cipher and has a built-in verification feature.10-29-2009
20120226914Checking Data Content - A system for automated checking of data content includes content checkers (09-06-2012
20120226913SYSTEM AND METHOD FOR CLIPBOARD SECURITY - Provided is a clipboard security system and method for improving security of data transmission made through a clipboard which is frequently used in utilization of a computer. An example of the clipboard security system includes a clipboard managing unit for storing data in a clipboard or extracting data from the clipboard in response to a request from one or more objects, in which the clipboard managing unit includes a data encrypting unit for encrypting the data for which storage is requested according to a trust relationship of an object which desires to store the data in the clipboard and a data decrypting unit for decrypting the encrypted data according to a trust relationship of an object which desires to extract the encrypted data stored in the clipboard.09-06-2012
20110047388METHOD AND APPARATUS FOR REMOTELY CONTROLLING ACCESS TO PORNOGRAPHIC CONTENT OF AN IMAGE - A method and apparatus are provided for remotely controlling access to pornographic content of an image in a first device, the method including acquiring content of the image, determining whether the content of the image is pornographic by analyzing at least one image frame constituting the contents of the image, blocking access to the content of the image when the content is determined to be pornographic, extracting at least one representative problematic image frame from the content of the image; transmitting the at least one representative problematic image frame to a second device; receiving control commands from the second device and controlling access to the content of the image blocked in the first device, based on the control commands.02-24-2011
20130067241CONTENTS DATA UTILIZATION SYSTEM AND METHOD, AND MOBILE COMMUNICATION TERMINAL USED FOR THE SAME - The object of the present invention is to provide a contents data utilization system in which the contents data is shared between a plurality of mobile communication terminals while the copyright is protected. When the contents data downloaded via a communication network is stored into an external memory of a mobile communication terminal, an SIM data processing unit generates a cipher key, using an IMSI that is an identifier stored in an SIM card inserted into the terminal 03-14-2013
20130067240CONTENT PROTECTION VIA ONLINE SERVERS AND CODE EXECUTION IN A SECURE OPERATING SYSTEM - A computer system comprising a processor and a memory for storing instructions, that when executed by the processor performs a copy protection method. The copy protection method comprises executing a software loop of a first software application in a first operating system. A first call is executed in the software loop to a code portion. A decrypted code portion of the first software application is executed in a second operating system in response to the first call. The code portion is decrypted in response to a successful validation of the first software application.03-14-2013
20130067239FRAMEWORK AND METHOD FOR SECURE DATA MANAGEMENT IN A DIVERSIFIED PLATFORM - The disclosure provides a method and a framework for secure data management, in which the method comprises: enabling, by an enterprise server, a user to download an enterprise application from the enterprise server using a computing device. User authentication credentials are provided by the enterprise server to a user when the user registers with the enterprise server. A unique client ID is assigned for the enterprise application downloaded by the computing device by the enterprise server. Keys for data encryption or decryption are generated by the enterprise server, for different services provided by the enterprise server based on a combination of the unique client ID, a user ID and/or a computing device ID.03-14-2013
20130067238SECURITY MECHANISM FOR DEVELOPMENTAL OPERATING SYSTEMS - A security technique to reduce the risk of unauthorized release of a software object. The technique allows identification of an individual responsible for the unauthorized release by marking each object with information, which acts as a fingerprint from which a person manipulating the object in a development environment can be identified. The development environment may be configured to quickly and automatically mark the object whenever a manipulation that may precede an unauthorized release occurs. To prevent circumventing the security technique, the object may be configured to enforce a requirement for a valid fingerprint such that the object is disabled if the fingerprint is removed or altered. Despite the marking, personally identifiable information is not revealed because the fingerprint is generated through a one-way cryptographic function performed on identifying information.03-14-2013
20130067236SYSTEMS FOR VALIDATING HARDWARE DEVICES - A computing environment in which devices interoperate with a plurality of hardware components. Inconsistencies in user experience when operating devices that may use different components are avoided by generating a signature for the components. The signature may be computed as a function of a first key and one or more parameter values obtainable from the component. The signature and parameter values may be stored in the component's memory, and may be obtainable while the component is in operation as part of the computing device. The device may validate the component by performing at least one function based on the signature, the one or more parameter values obtainable from the component, and a second key, which may or may not be identical to the first key. The device may change its interaction with the component, depending on whether the component was successfully validated.03-14-2013
20120117388SYSTEM FOR SELECTIVE ENCRYPTION WITHIN DOCUMENTS - A system for selective encryption within a document. A portion of the document selected and marked for encryption is detected, the selected portion of the document including plaintext. The detected portion of the document selected for encryption is encrypted as ciphertext. The document is displayed with the selected portion of the document encrypted. An attempt by an accessor to access the encrypted portion of document is detected. The encrypted portion of the document is decrypted with a proper decryption key, wherein the decrypting includes decrypting the encrypted portion of the document in response to presentation of required data by the accessor. The required data includes the proper decryption key, a name of the accessor, and an employee number of the accessor. The portion of the document is displayed as decrypted.05-10-2012
20110022852CRYPTOGRAPHIC COMPUTATION APPARATUS, CRYPTOGRAPHIC COMPUTATION PROGRAM, AND STORAGE MEDIUM - A flowchart shows a general processing procedure of cryptographic computation executed by a cryptographic computation apparatus 01-27-2011
20110022850ACCESS CONTROL FOR SECURE PORTABLE STORAGE DEVICE - A secure portable storage device includes a control module. When a host sends a first key to the control module with a write command so as to command the control module to write the first key into a redirecting file, the control module stores the first key in a temporary working buffer and verifies whether the first key is valid; when the first key is valid, the control module sends a second key and an encrypted content data to the host for generating a third key by decrypting the second key according to the first key and decrypting the encrypted content data into a content data according to the third key. Moreover, when the host sends multiple read commands to the control module in sequence, the control module verifies whether a sequence of the read commands received is valid and sends the second key and the encrypted content data to the host for an encryption. Related apparatuses, methods and techniques also are provided.01-27-2011
20110022849SYSTEM AND METHOD FOR SECURELY STORING INFORMATION - A system and method for storing information on a storage device is disclosed. An encrypted version of the information is stored on a storage device. The information is inspected in order to determine whether it may be stored on the storage device. If the information may be stored on the storage device then the stored encrypted version is decrypted, otherwise it is deleted. Other embodiments are described and claimed.01-27-2011
20110022848Method and Apparatus for Storing Confidential Information - Techniques for securely storing confidential information associated with a transaction are disclosed. An method for securely storing confidential information may include storing a data set related to a first transaction in a first server, the data set configured to be searchable by an authorized administrator, storing a plurality of encrypted files that include confidential information related to a plurality of transactions in a second server, including a first encrypted file that includes confidential information related to the first transaction, storing an identifier for the first encrypted file, where the identifier is configured to include at least one key required to access the confidential information related to the first transaction, linking the data set to the identifier, and limiting the access to the plurality of encrypted files by the administrator.01-27-2011
20130067237PROVIDING RANDOM ACCESS TO ARCHIVES WITH BLOCK MAPS - Objects of an object set stored in an archive may be randomly accessed using the addresses of the objects stored in the archive. However, archives often fail to enable random access to the data within an object, without accessing other portions of the object, due to the variable compression of respective segments of the object. Random-access capabilities within the objects may be provided by segmenting the object into segments of a segment size, generating a block map specifying the block sizes of respective blocks corresponding to respective segments of the objects, and storing the block map in the archive as an object of the object set. Additionally, hashcodes may be calculated respective blocks and included in the block map in order to expose alterations of respective blocks, and/or to update an archive to an updated version of the archive by comparing the hashcodes and retrieving and substituting the updated blocks.03-14-2013
20090240951SYSTEM SECURITY MANAGER - In another embodiment, a method for securing a field-programmable logic chip or circuit (FPLC) is disclosed. Information is cryptographically processed within the FPLC. An error condition is detected outside of the FPLC and the error condition is communicated to the FPLC to disrupt an image(s) within the FPLC. Optionally, at least a portion of a key can be erased such that cryptographic processing is curtailed or eliminated.09-24-2009
20090013193Circuit Building Device - The present invention provides an apparatus for securely acquiring a circuit configuration information set corresponding to a new cryptosystem without increasing the number of reconfigurable circuits. A content playback apparatus 01-08-2009
20090006862Provisioning a computing system for digital rights management - Various embodiments utilize hardware-enforced boundaries to provide various aspects of digital rights management or DRM in an open computing environment. Against the backdrop of these hardware-enforced boundaries, DRM provisioning techniques are employed to provision such things as keys and DRM software code in a secure and robust way. Further, at least some embodiments utilize secure time provisioning techniques to provision time to the computing environment, as well as techniques that provide for tamper-resistant storage.01-01-2009
20090006861Method and Apparatus for Preventing Internet Phishing Attacks - The invention provides secure access to a web page using a personal pass-phrase to prevent phishing attacks. Upon requesting a web page from a user device, a determination is made as to whether or not an encrypted cookie exists for the requested web page. An encrypted cookie includes the personal pass-phrase and at least one of an identifier of the user device, an identifier of a web browser from which the web page request is initiated, and information about the network path used to establish the personal pass-phrase. If an encrypted cookie does not exist, the user is provided a capability to create the encrypted cookie including a personal pass-phrase. If the encrypted cookie exists, the user device provides the encrypted cookie with the web page request for use by the web server to validate the web page request using information included in the encrypted cookie. If the web page request is valid, the web server propagates the web page toward the user device, otherwise the user device receives an indication that the web server is invalid.01-01-2009
20110035600METHOD AND DEVICE FOR TRANSCODING DURING AN ENCRYPTION-BASED ACCESS CHECK ON A DATABASE - A device for transcoding during an encryption-based access check of a client device to a databank, which provides a data set in an encrypted area, has: a unit for assigning a specific access level of the client device and for providing a corresponding first group key of the client device as a function of a registration parameter, wherein the client device is allowed access to a first area, which is encrypted using the first group key, and all areas of the database subordinate to the first area as a function of the assigned access level; a unit for providing a classification result depending on a classification of the data set of the particular area by one of the client devices allowed to access the particular area; and a unit for transcoding the data set and/or a data set key for the data set as a function of the classification result.02-10-2011
20110035599APPARATUS AND METHOD FOR GENERATING UNPREDICTABLE PROCESSOR-UNIQUE SERIAL NUMBER FOR USE AS AN ENCRYPTION KEY - A microprocessor includes a manufacturing ID that is stored in the microprocessor during manufacture thereof in a non-volatile manner. The manufacturing ID is unique to the microprocessor. The microprocessor also includes a secret encryption key that is stored internally within the microprocessor and unreadable externally from the microprocessor. The microprocessor also includes an AES encryption engine, coupled to receive the manufacturing ID and the secret encryption key, configured to encrypt the manufacturing ID using the secret encryption key to generate an unpredictable key that is unique to the microprocessor.02-10-2011
20100205455DIFFUSION AND CRYPTOGRAPHIC-RELATED OPERATIONS - An embodiment includes at least one processing unit to perform at least first and second sets of diffusion-related operations to produce a resulting block from a data block, and that includes at least one stage and at least one other stage. The at least one stage is to select one of first operands and second operands input to the at least one other stage. The first and second operands are respectively associated with the first and second sets of operations, respectively. The at least one other stage involves arithmetic and logical operations common to both the first and second sets of operations. At least one other processing unit is to perform at least one set of cryptographic-related operations (different, at least in part, from the first and second sets of operations) on at least one of (1) another block to produce the data block and (2) the resulting block.08-12-2010
20110283114TECHNIQUES FOR SECURE NETWORK SEARCHING - Techniques for network searching are provided. A search is defined and the search is encrypted in a format known to a search service. Return instructions are defined for delivering search results of the search to a principal that defined the search and the return instructions. The return instructions are encrypted in a different format know to a return search process. The encrypted search is delivered to the search service for processing the search and the encrypted return instructions are delivered to the return search process for handling search results provided by the search service and for conforming delivery of the search results to the return instructions.11-17-2011
20110283113METHOD AND SYSTEM FOR ENCRYPTING DATA - A processing device may generate a data encryption key configured to encrypt unique data within a clone of an encrypted data set and associated with a set of transaction identifiers of a transaction based file system. The processing device may further wrap the data encryption key with a wrapping key, create a cloned encrypted data set with the data encryption key, and store the wrapped data encryption key with the cloned encrypted data set indexed by at least one of the set of transaction identifiers.11-17-2011
20110283112EXTRACTING PORTIONS OF AN ABSTRACT DATABASE FOR PROBLEM DETERMINATION - Systems, methods and articles of manufacture are disclosed for extracting portions of an abstract database for problem determination. An error may be detected when an application executes an abstract query against the abstract database. A portion of the abstract database may be extracted for problem determination. A defect entry may be created in a defect tracking tool, to store the extracted portion. One or more administrative users may be notified of the defect entry.11-17-2011
20120131353PERIPHERAL AUTHENTICATION - This document describes techniques (05-24-2012
20100268964METHOD FOR EVALUATING USER'S RIGHTS STORED IN A SECURITY MODULE - The aim of the present invention consists of reducing the switching time from one reception channel to another. In fact, this reduction will be particularly discernable since the number of different rights stored in a security module of a multimedia unit or decoder is high. When a user selects a service among those proposed by an electronic programs guide, an access control module explores a stored service information table in order to extract an access condition associated to the service. This access condition allows determining an index in a rights table stored in the access control module of a right that fulfils the access condition. The access control module transmits to the security module the index thus determined alone or accompanied by a control message. This index allows the security module to find quickly the right that it compares afterwards with the access condition included in the control message after decryption of the latter.10-21-2010
20080294909Method for Private Keyword Search on Streaming Data - A method for private keyword searching on streaming data such that the searching does not reveal what keywords are being searched for and does not reveal whether any such keywords have been located nor which documents in the data stream are saved.11-27-2008
20120290849MANAGING SEQUENTIAL ACCESS TO SECURE CONTENT USING AN ENCRYPTED WRAP - In a method for managing sequential access to secure content by a plurality of workflow participants, a key-map file for each of the participants is created. Each of the key-map files contains a subset of encryption and signature keys for the content. The key-map files are sorted in an order that is the reverse of a workflow order in which the workflow participants for which the key-map files were created are to access the secure content. An encrypted later wrap including a later key-map file for a later workflow participant along the workflow order and an encrypted first wrap including a prior key-map file for a prior workflow participant and the encrypted later wrap are created. In addition, the first wrap is incorporated into a document serialization for the content.11-15-2012
20110302426Method for generating a bit vector - A method and a circuit configuration for generating a bit vector are described. At least two configurations, each having state machines of the same design, are used, to whose inputs an input signal is sent and which generate an output signal as a function of their state, each state machine always having a different state than the other state machine of one configuration, so that the bit vector is generated by a linear gating of the output signals of the state machines of different configurations.12-08-2011
20110302425SYSTEMS, METHODS, AND APPARATUS TO VIRTUALIZE TPM ACCESSES - Embodiments of system, method, and apparatus for virtualizing TPM accesses is described. In some embodiments, an apparatus including a CPU core to execute a software program, a manageability engine coupled to the CPU core, the manageability engine to receive a trusted platform module (TPM) command requested by the software program and to process the TPM command utilizing a manageability firmware by at least creating a TPM network packet, and a network interface coupled to the manageability engine to transmit the TPM network packet to a remote TPM that is external to the apparatus for processing is utilized as a part of this virtualization process.12-08-2011
20110302427METHOD FOR ACTIVATING AT LEAST A FUNCTION ON A CHIPSET AND CHIPSET FOR THE IMPLEMENTATION OF THE METHOD - A method for activating a function of a chipset comprising at least a memory and a calculation module in charge of cryptographic operations, the memory containing at least a seed and the calculation module containing at least one cryptographic algorithm, the method comprising the steps of: receiving at least one of a segmentation key, a global key and a global cryptographic algorithm selector; transmitting at least two items selected from the group consisting of the seed, the received segmentation key, the global key and the global cryptographic algorithm selector, to the calculation module, each of the items being provided by different entities; generating in the calculation module, a temporary key by using one of said at least one cryptographic algorithm of the calculation module and at least the two items; and verifying an authenticity of a received activation message using the temporary key and controlling activation based on the verification.12-08-2011
20110289326ELECTRONIC FILE ACCESS CONTROL SYSTEM AND METHOD - A digital file is associated with a security attribute in which identification data for a physical key is stored. The digital file content is encrypted, and may not be decrypted by a receiving computer unless a removable physical key that can be associated with the receiving computer includes identification data which matches the identification data stored in the file's security attribute. The digital content encrypted in the file may be compressed, and a portion of the security attribute may also be encrypted. When a portion of the security attribute is encrypted, the receiving computer may decrypt only the encrypted portion of the security attribute unless the identification data of the security attribute matches the identification data of a physical key physically or wirelessly coupled to the receiving computer. Improved security and reduction of pirating of the digital content are therefore provided.11-24-2011
20110289325Data encryption device for storage medium - A data encryption device for storage medium has an encryption key input interface for acquiring a user encryption key; a block code encoder for encoding and decoding data; a scrambler connected with the encryption key input interface and the block code encoder to scramble and descramble data according to the user encryption keys respectively inputted; and a controller connected with the block code encoder and the scrambler, performing an encryption process transmit original data to the block code encoder for encoding, the encoded data to the scrambler for scrambling, and the scrambled data to a storage medium for storage, and performing a decryption process to transmit the scrambled data to the scrambler for descrambling, the encoded data to the block code encoder for decoding to acquire the original data when the user encryption keys respectively inputted in the encryption process and the decryption process are identical.11-24-2011
20110289324Optimizing Use of Hardware Security Modules - Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device.11-24-2011
20110296195STORAGE DEVICE AND ITS CONTROL METHOD - Provided is a storage device which partitions data from a host into multiple partitioned data and distributes, encrypts and stores them together with a parity to and in multiple memory mediums. This storage device executes processing of restoring the partitioned data or the parity stored in a memory medium to be subject to encryption re-key based on decrypted data of the partitioned data or the parity stored in each memory medium other than the memory medium to be subject to encryption re-key among the multiple memory mediums, storing the restored partitioned data or the parity in a backup memory medium while encrypting the restored partitioned data or the parity with a new encryption key, and thereafter interchanging the backup memory medium and the memory medium to be subject to encryption re-key so that the backup memory medium will be a memory medium configuring the parity group and the memory medium to be subject to encryption re-key will be the backup memory medium.12-01-2011
20110296199METHOD AND SYSTEM FOR PROTECTING ELECTRONIC DATA IN ENTERPRISE ENVIRONMENT - Even with proper access privilege, when a secured file is classified, at least security clearance (e.g. a clearance key) is needed to ensure those who have the right security clearance can ultimately access the contents in the classified secured file. According to one embodiment, referred to as a two-Opronged access scheme, a security clearance key is generated and assigned in accordance with a user's security access level. A security clearance key may range from most classified to non-classified. Depending on implementation, a security clearance key with a security level may be so configured that the key can be used to access secured files classified at or lower than the security level or multiple auxiliary keys are provided when a corresponding security clearance key is being requested. The auxiliary keys are those keys generated to facilitate access to secured files classified respectively less than the corresponding security or confidentiality level.12-01-2011
20110296197System and Method for Supporting Full Volume Encryption Devices in a Client Hosted Virtualization System - A client hosted virtualization system includes a full volume encryption (FVE) storage device, a processor, and non-volatile memory with BIOS code and virtualization manager code. The virtualization manager initializes the client hosted virtualization system, authenticates a virtual machine image, launches the virtual machine based on the image, receives a transaction from the virtual machine targeted to the FVE storage device, sends the transaction to the FVE storage device, receives a response from the FVE storage device, and sends the first response to the first virtual machine. The client hosted virtualization system is configurable to execute the BIOS or the virtualization manager.12-01-2011
20110296198CRYPTOGRAPHIC PROCESSING APPARATUS AND IC CARD - A cryptographic processing apparatus according to embodiments includes a cryptographic operation processing section that can execute cryptographic processor of encryption operation and decryption operation, and a control section. The control section controls the execution of the cryptographic operation processing section such that a first operation for converting a first value, which is input data to be subjected to cryptographic processor, or intermediate data during cryptographic processor, into a second value, and a second operation for converting the second value into the first value are performed successively at least one time.12-01-2011
20110296196System and Method for Supporting Task Oriented Devices in a Client Hosted Virtualization System - A client hosted virtualization system includes a task oriented device, a processor, and non-volatile memory with BIOS code and virtualization manager code. The virtualization manager initializes the client hosted virtualization system, authenticates a virtual machine image, launches the virtual machine based on the image, receives a transaction targeted to the task oriented device, prioritizes the transaction, sends the transaction to the task oriented device, receives a response from the task oriented device, and sends the response to the virtual machine. The client hosted virtualization system is configurable to execute the BIOS or the virtualization manager.12-01-2011
20080250253System and method for accessing information resources using cryptographic authorization permits - A system and method for securing information associates a party with a node that communicates messages over one or more channels based on a channel access privilege. One or more authorities sign a cryptographic authorization permit (CAP) to authorize the channel access privilege, which can be a write privilege or a read privilege. In one embodiment, the authorization for the channel access privilege is based on a public key issued by an authority and the CAP comprises a cryptographic certificate digitally signed by the authority.10-09-2008
20100281272INFORMATION UPDATING DEVICE AND INTEGRATED CIRCUIT THEREOF, INFORMATION UPDATING METHOD, AND RECORDING DEVICE AND INTEGRATED CIRCUIT THEREOF - Provided is an information updating apparatus that suppresses performance deterioration due to switching between writable recording areas in which information elements are to be written and readable recording areas from which the information elements are to be read. Also, the information updating apparatus updates a plurality of information elements recorded in a non-volatile recording medium with robustness against power discontinuity ensured. In order to achieve such effects, two groups of recording areas that are identical in number are allocated in the recording medium. The information elements are written in either group of the recording areas indicated by judgment information as the writable recording areas. Each time all the information elements have been written, the judgment information is updated. Thus, the writable recording areas are switched between the two groups of the recording areas.11-04-2010
20090282262Information Processing Apparatus, Information Processing System, and Encryption Information Management Method - According to one embodiment, the user virtual machine includes, a cryptographic key generating module configured to generate a cryptographic key for encrypting data an encryption module configured to encrypt data using the cryptographic key, an information generation module configured to generate information required for decrypting the encrypted data, a monitoring module configured to monitor generation of the cryptographic key, an instructing module configured to instruct the information generation module to generate the information when the monitoring module detects generation of the cryptographic key, and a transmitting module configured to transmit information generated according to instruction from the instructing module to the management virtual machine, and the management virtual machine includes a receiving module configured to receive information transmitted from the transmitting module, and a storing module configured to store the received information the storage apparatus allocated to the management virtual machine.11-12-2009
20100023779CRYPTOGRAPHIC PROCESSING METHOD AND CRYPTOGRAPHIC PROCESSING APPARATUS - In a cryptographic processing method, middle data which is the result of operation at a predetermined stage during encryption and decryption processing is saved and the subsequent encryption and decryption processes are divided into a first encryption and decryption processing which uses the initial data as input for the initial operation and second encryption and decryption processing which uses the saved middle data as input for the first stage operation.01-28-2010
20100161996System and Method for Developing Computer Chips Containing Sensitive Information - A system and method for developing a software program containing sensitive information requires the use of a developer key (a unique public/private key pair) to download the software onto a uniquely identified developer chip. The software program can then be developed and debugged on the developer chip. After being developed and debugged, the software program is transferred to a uniquely identified release chip for subsequent use. Specifically, transfer of the software program requires use of a release key (also a public/private key pair) that is different from the developer key. The private key part of the developer key, as well as all developer chips (albeit a limited number) are protected by strict security procedures.06-24-2010
20100169665METHOD FOR INDEXING ENCRYPTED COLUMN - The present invention relates to a method of creating indexes so that an index scan can be worked for columns in a database encrypted by means of secrete key cipher algorithm. The method of creating indexes according to the present invention comprises the steps of: re-encrypting to be able to maintain the sort ordering based on a plain text; creating new indexes based on the re-encrypted data; and configuring domain index architecture of encrypted columns so that the created index is used for the index scan in a query07-01-2010
20100169664SECURITY PROCESSOR AND RECORDING METHOD AND MEDIUM FOR CONFIGURING THE BEHAVIOUR OF THIS PROCESSOR - Security processor (07-01-2010
20100169662SIMULTANEOUS STATE-BASED CRYPTOGRAPHIC SPLITTING IN A SECURE STORAGE APPLIANCE - Methods and systems for managing data blocks and I/O requests are provided. One method is a method of managing data blocks in a secure storage appliance. The method includes receiving a block of data associated with a volume, the volume associated with a plurality of shares stored on a plurality of physical storage devices, and storing the block of data in a buffer. The method also includes associating the block of data with a state from among a plurality of states, each of the states corresponding to a status of the block of data. The method further includes processing the block of data by performing at least one cryptographic operation on the block of data, and upon completion of processing the block of data, updating the state of the block of data.07-01-2010
20100169661SIMULTANEOUS STATE-BASED CRYPTOGRAPHIC SPLITTING IN A SECURE STORAGE APPLIANCE - Methods and systems for managing I/O requests in a secure storage appliance are disclosed. One method includes receiving a plurality of I/O requests at the secure storage appliance, each I/O request associated with a block of data and a volume, each volume associated with a plurality of shares stored on a plurality of physical storage devices. The method further includes storing a plurality of blocks of data in buffers of the secure storage appliance, each of the blocks of data associated with one or more of the plurality of I/O requests. The method also includes associating a state with each of the blocks of data, the state selected from a plurality of states associated with processing of an I/O request. The method includes determining the availability of a resource in the secure storage appliance, the resource used to process an I/O request of a buffer, and, upon determining that the resource is available, applying the resource to a block of data in the buffer and updating the state associated with the block of data.07-01-2010
20090228715MEDIA SECURITY SYSTEM AND METHOD - The present specification provides, amongst other things, a system for offering the capability to asynchronously upload secure media packages to client machines and providing for recovery of the media packages in playable (or other usable form) only at a predefined time, so that the client machines can all access the media packages only at or after the predefined time.09-10-2009
20090125727METHOD FOR CRYPTOGRAPHIC PROCESSING OF A MESSAGE - A method for cryptographic processing of a message by a secret key includes the following steps: 05-14-2009
20100115287SYSTEM AND METHOD FOR OBFUSCATING CONSTANTS IN A COMPUTER PROGRAM - Disclosed herein are systems, computer-implemented methods, and tangible computer-readable media for obfuscating constants in a binary. The method includes generating a table of constants, allocating an array in source code, compiling the source code to a binary, transforming the table of constants to match Pcode entries in an indirection table so that each constant in the table of constants can be fetched by an entry in the indirection table. A Pcode is a data representation of a set of instructions populating the indirection table with offsets toward the table of constants storing the indirection table in the allocated array in the compiled binary. The method further includes populating the indirection table with offsets equivalent to the table of constants, and storing the indirection table in the allocated array in the compiled binary. Constants can be of any data type. Constants can be one byte each or more than one byte each. In one aspect, the method further includes splitting constants into two or more segments, treating each segment as a separate constant when transforming the table of constants, and generating a function to retrieve and reconstruct the split constants.05-06-2010
20100017622High performance arithmetic logic unit (ALU) for cryptographic applications with built-in countermeasures against side channel attacks - The present invention is a cryptoengine configured for providing countermeasures against attacks, including: an input/output (I/O) control unit, a memory, a controller, and an Arithmetic Logic Unit (ALU). The memory is communicatively coupled with the I/O control unit, receives inputs from the I/O control unit, and provides outputs to the I/O control unit based upon the received inputs. The controller is communicatively coupled with the I/O control unit for transmitting and receiving control signals. The ALU includes a plurality of storage components and computational components. The ALU is communicatively coupled with the controller and receives commands from/transmits status bits and flags to the controller. The ALU is further communicatively coupled with the memory and is configured for providing output signals to/receiving input signals from the memory. Further, the cryptoengine is configured for being communicatively coupled with a host computing device.01-21-2010
20100268965AUTO-NEGOTIATION OF CONTENT FORMATS USING A SECURE COMPONENT MODEL - In accordance with one embodiment of the present invention, secure content objects are transcoded from an input format to an output format based upon identified capabilities of a receiving device. In one embodiment, a plurality of trusted processing components are identified to collectively transcode the secure content object from the identified input format to the determined output format. In one embodiment, each of the trusted processing components are authenticated prior to operating on the secure content object.10-21-2010
20100268963INTER-BUS COMMUNICATION INTERFACE DEVICE AND DATA SECURITY DEVICE - There is provided an inter-bus communication interface device capable of efficiently performing transfer of data between a plurality of devices connected to different buses, respectively. When communication data is transmitted, a first device writes the communication data into a buffer, whereas when communication control information is transmitted, the first device writes the communication control information into a register. A control circuit passes the communication data stored in the buffer to a second device, and passes the communication control information stored in the register to a second device.10-21-2010
20100268962WIRELESS RECEIVER AND METHODS FOR STORING CONTENT FROM RF SIGNALS RECEIVED BY WIRELESS RECEIVER - A wireless receiver and methods for storing content from RF signals received by the wireless receiver are provided. The wireless receiver includes a microprocessor and an RF receiver configured to operably communicate with the microprocessor. The RF receiver is configured to receive an RF signal having digital content therein. The wireless receiver further includes a detachable memory device configured to operably communicate with the microprocessor. The detachable memory device has a unique serial number stored therein. The microprocessor is configured to retrieve the unique serial number from the detachable memory device. The microprocessor is further configured to receive the digital content from the RF receiver and to encrypt the digital content utilizing the unique serial number to obtain encrypted digital content. The microprocessor is further configured to store the encrypted digital content on the detachable memory device.10-21-2010
20080215894Method, System and Devices For Digital Content Protection - This invention relates to a system (and a corresponding method and devices) of digital content protection the system comprising a first digital content protection system (09-04-2008
20080215893Multiple levels of guided scrambling - Multiple levels of guided scrambling. Selective scrambling is performed on user data (or any information) that is to be output. The selection of which scrambling is to be employed can be based on whether or not a baseline error constraint and/or randomness constraint is met. The writing of the scrambled user data can be performed in parallel with, during the same time period, and/or simultaneously with the determination of whether or not a baseline error constraint and/or randomness constraint is met. If the constraint is not met, the outputting and/or writing of the scrambled user data can be aborted mid-process.09-04-2008
20090158053Battery Pack and Electronic Apparatus - A battery pack includes at least one rechargeable battery configured to output power; a remaining battery capacity detection unit configured to detect a remaining battery capacity of the at least one rechargeable battery; and a cryptographic unit configured to output a response word in response to an external request word by encrypting the external request word based on a cryptographic algorithm with a common code key.06-18-2009
20090049309Method and Apparatus for Verifying Integrity of Computer System Vital Data Components - Vital data components of a computer system are protected by a mechanism for detecting unauthorized alteration, preferably in the form of digital signatures to detect unauthorized alteration. A vital data validation mechanism is provided to verify that vital data modules have not been tampered with. The vital data validation mechanism verifies the current state of each vital data module, preferably by decrypting the digital signature. The validation mechanism also checks an alteration log to verify that no alterations have been made to the corresponding memory locations. The second verification is intended to detect whether a vital data module has been altered temporarily, and then restored to its initial state.02-19-2009
20100037066INFORMATION PROCESSING APPARATUS, METHOD, PROGRAM, AND INFORMATION PROCESSING SYSTEM - An information processing apparatus, comprising: a decryption request unit that issues a decryption request for decrypting a encrypted target program at the time of the start of execution of the target program; a decryption unit that receives said decryption request from said decryption request unit, decrypts said encrypted target program and writes the so-decrypted target program into a first memory; an erasure request unit that issues an erasure request for erasing said decrypted target program at the time of the completion of execution of the target program; and 02-11-2010
20120110347METHOD OF RANDOMLY AND DYNAMICALLY CHECKING CONFIGURATION INTEGRITY OF A GAMING SYSTEM - In a gaming environment, a method of periodically downloading dynamically generated executable modules at random intervals that perform system configuration integrity checks in a secure and verifiable manner is disclosed. The dynamically generated executable module returns the signature to a server from which it was downloaded and deletes itself from the system being checked. The next time such an executable module is downloaded, it will contain a different randomly chosen subset of hashing and encryption algorithms. The server that is performing the system configuration integrity check maintains a database of expected system configurations and performs subset of hashing and encryption algorithms as contained in the dynamically generated executable module. The result returned by the downloaded executable module is compared to that computed locally, and an error condition is raised if they do not match.05-03-2012
20120110346STORING DATA INTEGRITY INFORMATION UTILIZING DISPERSED STORAGE - A method begins by a processing module generating an integrity check value for each encoded data slice of a set of encoded data slices to produce a set of integrity check values. The method continues with the processing module encoding the set of integrity check values to produce encoded integrity check values. The method continues with the processing module sending the encoded integrity check values for storage in a memory system.05-03-2012
20120110345METHOD AND SYSTEM FOR SECURING DATA OF A MOBILE COMMUNICATIONS DEVICE - A method and system for securing data of a mobile communications device. The method includes: determining that first application data is data associated with a first server; encrypting the first application data with an encryption key stored in the mobile communications device; storing the encrypted first application data on a memory; receiving a request to access the first application data from an application or a service implemented from the mobile communications device; determining that the application or service is authorized to access the first application data; and in response to said determining, decrypting the first application data with the encryption key.05-03-2012
20120110344Reporting of Intra-Device Failure Data - Methods and a computing device are disclosed. A computing device may include a managed device having embedded firmware. When a failure occurs with respect to the managed device, drivers within the computing device may collect failure data from a driver stack of the computing device and from the managed device. The computing device may send the collected failure data to one or more second computing devices to be stored and analyzed. The computing device may include a health monitor for periodically collecting telemetry data from the computing device and the managed device. When the health monitor becomes aware of conditions indicative of a possible impending failure, the health monitor may trigger collection of sickness telemetry data from the computing device and the managed device. Collected data from the managed device may be made available to a vendor of the managed device.05-03-2012
20120110343Trustworthy timestamps on data storage devices - Secure timestamps created by a data storage device are described. Metadata timestamp is created for each recorded unit of data (such as a sector) The HDD performs the time-stamping in a secure manner. The timestamp is made secure by performing a secure operation (i.e. one that can only be performed by the HDD) using the data and timestamp. The secure operation uses a secure key that is built-in to the storage device and is not readable outside of the device. In some embodiments the secure operation is encryption using the secure key. In other embodiments the secure operation is a hash code function (such as a Hash-based Message Authentication Code (HMAC) function) that uses the secure key to generate a hash code using at least the recorded data and the timestamp as input. The hash code is then included in the metadata that is recorded for the data unit.05-03-2012
20120110342Methods and Systems for Migrating Content Licenses - A system can comprise a processor and a memory embodying an application. The application can comprise code that causes the processor to identify a client key embedded or hard-coded in the application (i.e., included as part of the code comprising the application). Additional code causes the processor to identify data to be accessed according to an encrypted license accessible through use of a machine key. The application can maintain the machine key in an encrypted state using the client key. The application can include code that causes the processor to determine if an encrypted version of the machine key accessible by the processor can actually be decrypted using the client key. If so, the client key can be used to access the machine key. If not, the processor can request a differently-encrypted version of the machine key from a migration service.05-03-2012
20130219191PLATFORM FIRMWARE ARMORING TECHNOLOGY - A method, apparatus, machine-readable medium, and system are disclosed. In one embodiment the method includes a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.08-22-2013
20080288783METHOD AND SYSTEM TO AUTHENTICATE AN APPLICATION IN A COMPUTING PLATFORM OPERATING IN TRUSTED COMPUTING GROUP (TCG) DOMAIN - A method and system for verifying authenticity of an application in a computing-platform operating in a Trusted Computing Group (TCG) domain is provided. The method includes computing one or more integrity measurements corresponding to one or more of the application, a plurality of precedent-applications, and an output file. The output file includes an output of the application, the application is executing on the computing-platform. Each precedent-application is executed before the application. The method further includes comparing one or more integrity measurements with re-computed integrity measurements. The re-computed integrity measurements are determined corresponding to one or more of the application, the plurality of precedent-applications, and the computing-platform.11-20-2008
20130219190Determine Authorization of a Software Product Based on a First and Second Authorization Item - Embodiments disclosed herein relate to determining authorization of a software product based on a first authorization item and a second authorization item. Each authorization item may be a file or a registry key. A processor 08-22-2013
20120036369MEMORY IDENTIFICATION CODE GENERATION METHOD, MANAGEMENT METHOD, CONTROLLER, AND STORAGE SYSTEM - An identification code generation method and a management method for a non-volatile memory, and a controller and a storage system using the same are provided, and the non-volatile memory has a plurality of physical blocks. The identification code generation method includes testing the physical blocks to obtain an availability state of the physical blocks and identifying a plurality of good physical blocks or bad physical blocks among the physical blocks according to the availability state. The identification code generation method also includes generating a memory identification code corresponding to the non-volatile memory according to the good physical blocks or the bad physical blocks. Thereby, in the present invention, a unique memory identification code is generated and is prevented from being stolen.02-09-2012
20100011226DATA MANAGEMENT METHOD, DATA MANAGEMENT SYSTEM, AND DATA STORAGE SYSTEM - Encrypted data and an encryption key used for the encrypted data are separately stored and managed. A first storage device stores an encrypted data block, predetermined information and first management information. The predetermined information includes key data for decrypting the encrypted data block and includes a requirement for using the encrypted data block. The first management information is used to manage the encrypted data block and includes a first storage address at which the predetermined information is stored. A host device transfers the predetermined information from the first storage device to a second storage device, causes second management information including a second storage address, at which the transferred predetermined information is stored and which is included in the second storage device to be stored in the second storage device.01-14-2010
20120066509MULTI-LEVEL SECURITY SOFTWARE ARCHITECTURE - A multi-level security software architecture includes various components configured to provide full data separation across multiple processors while limiting the number and size of high assurance components. The architecture includes a domain separator for ensuring that messages exchanged between domains that are distributed on different microprocessors are securely routed between domain members. The domain separator verifies a message label including a domain identifier provided by a domain gateway and cryptographically binds the message label to each message via cryptographic keys. This prevents misrouting messages caused by accidental or malicious corruption of message labels. Additionally, the domain separator can encrypt messages as necessary to enforce data separation on shared network buses. The domain separator is also responsible for managing the cryptographic keys used to label or encrypt messages.03-15-2012
20090094464SIGNATURE GENERATING DEVICE, SIGNATURE GENERATING METHOD AND SIGNATURE GENERATING PROGRAM - A signature generation apparatus is capable of making a value used in signature generation processing difficult to analyze. In the signature generation apparatus, a random number generation module generates a len-bit random number u, a selection module converts the generated random number u into a bit expression, and acquires element pairs corresponding to the bit values from a table memory unit. A random element generation module applies a basic operation of a first group G and a second group to all acquired element pairs, and calculates an element Pk on the first group G and an element Pak on the second group Ga. The signature generation apparatus generates a digital signature S for a message m with use of a transformation module, a main operation module, an inverse transformation module, a multiplication module, a division module, and a signature data generation module.04-09-2009
20110173455DATABASE SYSTEM, COMPUTER SYSTEM, AND COMPUTER-READABLE STORAGE MEDIUM FOR DECRYPTING A DATA RECORD - A database system comprising: a memory containing multiple data records, wherein each of the data records has a data record asymmetric key pair for cryptographic encryption and decryption, wherein each data record asymmetric key pair comprises a data record public key and a data record private key, wherein the data contained in each of the multiple data records is encrypted by the data record public key, wherein the data record private key of each data record asymmetric key pair is encrypted with the public key of another asymmetric key pair; a set of user accounts, wherein each of the user accounts has a user asymmetric key pair for encryption and decryption, wherein each user asymmetric key pair has a user public key and a user private key; wherein data is added to a data record by encrypting it with the data record public key; wherein access to the data record is granted to a user account by encrypting the data record private key with the public key of an asymmetric cryptographic key pair whose encrypted private key is accessible from the user account via a sequence of successive decryptions of encrypted private keys; and wherein the data record private key allows decryption of the data record.07-14-2011
20090158052IMAGE PROCESSING APPARATUS FOR CHECKING UNAUTHORIZED ACCESS TO INFORMATION AND METHOD OF PERFORMING THE SAME - Information is prevented from being retrieved by an unauthorized person when an information processing apparatus is stolen or lost. There is provided an information processing apparatus including: a storage; dividing logic/utility that divides data stored on the storage into a predetermined first number of pieces of partial data; transmitting logic/utility that transmits one or more of the first number of pieces of divided partial data to one or more different information processing apparatuses, and deletes the one or more of the first number of pieces of partial data from the storage; retrieving logic/utility that retrieves the one or more pieces of partial data from the one or more different information processing apparatuses, and stores the retrieved pieces of partial data onto the storage; and restoring logic/utility that restores the data from the minimum number of pieces of partial data.06-18-2009
20110191594KEY ROTATION FOR ENCRYPTED STORAGE MEDIA - An I/O module is provided to service I/O requests from a host to access storage media. Data blocks of the storage media are encrypted with an old key, and the I/O module performs key rotation to cause data blocks to be re-encrypted with a new key.08-04-2011
20100083002Method and System for Secure Booting Unified Extensible Firmware Interface Executables - A method and computing device for secure booting of unified extensible firmware interface executables includes generating a platform private key, signing a third party credential, storing the signed third party credential in a database located in a trusted platform module, and executing a unified extensible firmware interface executable only if an associated signed third party credential is stored in the trusted platform module.04-01-2010
20100100748ARRANGEMENT FOR AND METHOD OF PROTECTING A DATA PROCESSING DEVICE AGAINST AN ATTACK OR ANALYSIS - In order to further develop an arrangement for as well as a method of protecting at least one data processing device, in particular at least one embedded system, for example at least one chip card or smart card, against at least one attack, in particular against at least one side-channel attack, for example against at least one current trace analysis, the data processing device, in particular at least one integrated circuit of the data processing device, carrying out calculations, in particular cryptographic operations wherein an attack, for example an E[lectro]M[agnetic] radiation attack, or an analysis, for example a D[ifferential]P[ower]A[nalysis], such attack or such analysis in particular targeted on finding out a private key, is to be securely averted, it is proposed to blind all intermediate results of the calculations by at least one random variable, without inverting any operand of the calculations.04-22-2010
20090055659Method and apparatus for processing arbitrary key bit length encryption operations with similar efficiencies - A calculating apparatus, or system, having a plurality of stages, such as in a pipeline arrangement, has the clocking rail or conductor positioned alongside the stages. With a large number, i.e., hundreds, of stages arranged in parallel sub-arrays, the clocking conductor is snaked alongside the sub-arrays. In individual stages it is arranged that the shortest of the two calculations taking place in a stage, takes place in the return path. An array can be divided into separate sections for independent processing.02-26-2009
20120290850DATA MANAGEMENT - In one implementation, encrypted data and a virtual machine are stored together as a virtual machine-data image, wherein the virtual machine is configured to EXERT management control over the data based on policies set by an owner of the data. In another implementation, metadata defining or tagging policies for usage of data is associated with the data. Control capabilities of service providers are mapped to the policies, wherein those service provider environments that best satisfy the controls mapped to the policies are identified.11-15-2012
20090164802MEMORY MANAGEMENT METHOD - A mobile communicator including a CPU, communications software and application software for at least one application which can be launched only by using at least one application key, the at least one application key being scrambled using a scrambling function which is based on a seed, which seed is not stored in any computer memory used by the mobile communicator.06-25-2009
20090287939SECURE DEVICE, INFORMATION PROCESSING TERMINAL, SERVER, AND AUTHENTICATION METHOD - A secure device can make contents of terminal application authentication information calculation a different complicated calculation process at each time while suppressing the processing load in the secure device and a card application code size to low values. When issuing of a terminal application (11-19-2009
20110197078RIGHTS ENFORCEMENT AND USAGE REPORTING ON A CLIENT DEVICE - An integrity hash is obtained of rights information stored at a client device. The rights information is associated with content stored at the client device. The integrity hash is encrypted using a client device key to generate an encrypted hash. The client device key is externally inaccessible from the client device. The encrypted hash is stored on the client device.08-11-2011
20110197077SOFTWARE FEATURE AUTHORIZATION THROUGH DELEGATED AGENTS - A method enables selected features of a software product residing on an end user electronic device with a license delivered from a licensing provider to a service provider of the end user electronic device. The method includes requesting at least one license to authorize a first service provider. An encrypted installation key uniquely associated with the first service provider is received as well as an authorization agent module for installation on one or more authorization agent devices associated with the first service provider. The encrypted installation key and the authorization agent module are installed on the authorization agent devices. A device-unique identifier (DUID) is generated for each authorization agent device based on hardware characteristics of the respective authorization agent devices. The DUID and the encrypted installation key are sent from the authorization agent device to a licensing provider to obtain the requested license. The requested license is received by the authorization agent devices if the DUID and the encrypted installation key are validated by the licensing provider. The license on authorization agent device authorizes and enables the selected features of the software product on an end user electronic device.08-11-2011
20100088524Data processing on a non-volatile mass storage device - A non-volatile mass storage device is provided comprising memory circuitry accessible to a host data processing device via a communication link. The non-volatile mass storage device comprises processing circuitry for locally accessing the memory circuitry of the file system and is capable of triggering generation of a file for storage on the memory circuitry by connection of the non-volatile mass storage device to the host data processing device. The generated file comprises information dependent upon a state of the non-volatile mass storage device. A corresponding method of operating a non-volatile mass storage device is provided and a computer program is provided for obtaining the information dependent upon the state of the non-volatile mass storage device, for locally accessing the memory circuitry and for generating the file for storage on the memory circuitry.04-08-2010
20090276636FEDERATED DIGITAL RIGHTS MANAGEMENT SCHEME INCLUDING TRUSTED SYSTEMS - Federated systems for issuing playback certifications granting access to technically protected content are described. One embodiment of the system includes a registration server connected to a network, a content server connected to the network and to a trusted system, a first device including a non-volatile memory that is connected to the network and a second device including a non-volatile memory that is connected to the network. In addition, the registration server is configured to provide the first device with a first set of activation information in a first format, the first device is configured to store the first set of activation information in non-volatile memory, the registration server is configured to provide the second device with a second set of activation information in a second format, and the second device is configured to store the second set of activation information in non-volatile memory.11-05-2009
20090282263METHOD AND APPARATUS FOR A TRUST PROCESSOR - In an embodiment, an apparatus includes a cryptographic processor within a wireless device. The cryptographic processor includes at least one cryptographic unit. The cryptographic processor also includes a nonvolatile memory to store one or more microcode instructions, wherein at least one of the one or more microcode instructions is related to a sensitive operation. The cryptographic processor also includes a controller to control execution of the one or more microcode instructions by the at least one cryptographic unit, wherein the controller is to preclude execution of the sensitive operation if the apparatus is within an untrusted state.11-12-2009
20090282261MANAGEMENT OF A TRUSTED CRYPTOGRAPHIC PROCESSOR - In an embodiment, an apparatus includes a trusted cryptographic processor that includes at least one functional unit. The trusted cryptographic processor also includes a controller to receive a primitive instruction that identifies which of the at least one functional unit is to perform an operation, wherein the controller is to reduce power to the at least one functional unit that is not identified by the primitive instruction. The apparatus includes a trusted power management unit to supply the power based on control from the controller, wherein the control is independent of a processor that is not in a trusted state.11-12-2009
20090287940SYSTEM AND METHOD FOR PROCESSING AND PROTECTING CONTENT - Systems and methods that process and protect content are provided. In one example, a system may include, for example, a first device coupled to a second device. The first device may include, for example, an integrated circuit that may include a content processing system and a security system. The security system may include, for example, a digital rights manager. The first device and the second device may be part of a network. The network receives content and control information via the first device. The content processing system processes incoming content based upon at least the control information. The integrated circuit protects the content before placing the content on the network.11-19-2009
20110271119Secure Data Storage and Transfer for Portable Data Storage Devices - Embodiments of system and method for protection of data in a portable data storage device are provided. In one aspect, a portable data storage device includes a first portable storage identification (PSID) parameter unique to the portable data storage device, one or more data storage media in which the first PSID parameter is stored, and control logic coupled to the one or more data storage media. The one or more data storage media include a data file section to store therein a data file, which includes data and a rights object. The rights object contains a second PSID parameter. The control logic controls access to the one or more data storage media by a user of the portable data storage device. The control logic determines whether or not the first PSID parameter and the second PSID parameter are equal and, if the first PSID parameter and the second PSID parameter are equal, causes the data in the data file to be provided to the user in response to a request for the data from the user.11-03-2011
20100299535METHOD AND APPARATUS FOR EXTRACTING RASTER IMAGES FROM PORTABLE ELECTRONIC DOCUMENT - A disclosed method for extracting a raster image of a page from a portable electronic document that includes (a) acquiring commands and resources of the raster image of the page by analyzing a format of the portable electronic document, (b) extracting first and second candidate raster images by processing the commands and the resources of the raster image of the page, (c) integrating the first and second candidate raster images as an integrated candidate raster image provided that the first and second candidate raster images are linked together, and (d) removing a pseudo-raster image from the integrated candidate raster image.11-25-2010
20090070594TRANSIENT ON-DEMAND DATA SECURITY CONTROL - The present invention addresses the deficiencies of the art in respect to data security control and provides a method, system and computer program product for securing confidential data through transient on-demand data security control. In one embodiment of the invention, a method of securing confidential data can be provided. The method can include decrypting confidential data in a document, determining a subset of the confidential data specified by an author of the document, rendering a view of the confidential data including the subset, and, in response to detecting when an authorized viewer of the document no longer views the document, concealing the subset of the confidential data while maintaining a view of the confidential data not included in the subset.03-12-2009
20100138670STORAGE APPARATUS AND DATA WRITING METHOD - According to one embodiment, a storage apparatus includes: a controller encrypting user data with a key, and writing the encrypted user data in a storage medium; and a key changing module changing the key. The storage medium includes a user data region and a key changing region. When the key is changed, the controller divides the user data written in the storage medium into a plurality of pieces, encrypts a piece of the user data adjacent to the key changing region with the changed key, writes the encrypted piece into the key changing region, sequentially shifts each of the pieces other than the piece of the user data adjacent to the key changing region by one logical block size in a direction toward the key changing region, and writes the shifted pieces.06-03-2010
20090063870Method, Apparatus, and Product for Prohibiting Unauthorized Access of Data Stored on Storage Drives - A method, apparatus, and computer program product are disclosed in a data processing system for prohibiting unauthorized access of data that is stored on storage drives. Multiple logical partitions are generated. A different unique randomizer seed is associated with each one of the logical partitions. In response to one of the logical partitions needing to access a storage drive, the logical partition transmits a seed to the storage drive. The transmitted seed is associated with the one of the logical partitions. A transmitting one of the logical partitions is unable to transmit a seed that is other than a seed that is associated with the transmitting one of the logical partitions. The storage drive utilizes the transmitted seed to randomize and de-randomize data for the one of the logical partitions. Data randomized for one of the logical partitions cannot be de-randomized for a different one of the logical partitions.03-05-2009
20110173456EFFICIENT STORAGE OF CRYPTOGRAPHIC PARAMETERS - Cryptographic products for mass applications, such as RFIDs or special ICs for the protection from plagiarism, always require that the price per unit costs are reduced as low as possible. This is achieved, for example, in that in such methods the required storage space is further reduced for system parameters to be permanently stored. Accordingly, in a method for coding and decoding the cryptographic system parameters of an elliptical curve, when storing the system parameters, storage cells are each completely occupied, and therefore no storage space is wasted.07-14-2011
20110173454ASSOCIATING POLICY WITH UNENCRYPTED DIGITAL CONTENT - A content license associated with unencrypted digital content is generated, the content license including both an identifier of the unencrypted digital content and a content policy. At a user device, a determination is made as to whether the content license corresponds to particular unencrypted digital content. Use of the particular unencrypted digital content by the computing device is permitted in accordance with the content policy if the content license corresponds to the particular unencrypted digital content. However, use of the particular unencrypted digital content by the computing device based on the content license is prohibited if the content license does not correspond to the particular unencrypted digital content.07-14-2011
20100122094SOFTWARE IC CARD SYSTEM, MANAGEMENT SERVER, TERMINAL, SERVICE PROVIDING SERVER, SERVICE PROVIDING METHOD, AND PROGRAM - A management server calculates a hash value of software for providing a service, generates a first software area from software which is provided a second electronic signature, provides a third electronic signature to user information provided with a first electronic signature transmitted from a terminal, to the hash value, and to user management information, encrypts a second software area generated from the third electronic signature, user information, from hash value, and from user management information using a common key of the management server and service providing server, combines the first software area and encrypted second software area to create a software IC card, encrypts the software IC card using a public key of the terminal, and transmits the encrypted software IC card to the terminal.05-13-2010
20110208976Method And Apparatus For Processing Arbitrary Key Bit Length Encryption Operations With Similar Efficiencies - A calculating apparatus, or system, having a plurality of stages, such as in a pipeline arrangement, has the clocking rail or conductor positioned alongside the stages. With a large number, i.e., hundreds, of stages arranged in parallel sub-arrays, the clocking conductor is snaked alongside the sub-arrays. In individual stages it is arranged that the shortest of the two calculations taking place in a stage, takes place in the return path. An array can be divided into separate sections for independent processing.08-25-2011
20110208974Countermeasure Against Keystroke Logger Devices - An anti-key logging protocol executable by a computer platform and a corresponding keystroke input device (e.g., keyboard or keypad) functions as a countermeasure to a key logger device. Following an authentication procedure, the computer platform sends encryption parameters to the keystroke input device, and the keystroke input device uses the encryption parameters to scramble or otherwise encrypt keystrokes entered on the keystroke input device before sending them to the computer platform. In such manner, keystrokes and/or keystroke representations sent from the keystroke input device to the computer platform are unrecognizable to a key logger device yet can be decoded by the computer platform.08-25-2011
20100281270CRYPTOGRAPHIC MODULE SELECTING DEVICE AND PROGRAM - A cryptographic module selecting device includes a cryptographic module evaluation information storage device configured to store identification information of a cryptographic module and cryptographic module evaluation information describing a function and/or performance of the cryptographic module in relation to each other, a condition information acquiring device configured to acquire condition information for specifying the condition of the cryptographic module to be selected, an extracting device configured to extract cryptographic module evaluation information conforming to the acquired condition information, from the stored cryptographic module evaluation information of the cryptographic module, and an output device configured to read out the identification information of the cryptographic module corresponding to the cryptographic module evaluation information selected by the extracting device from the cryptographic module evaluation information storage device and output the read identification information.11-04-2010
20100293389Playback of Information Content using Keys - Media, e.g., video, is played on a player that can store multiple items of video. Some video can be played using a stored key; other video needs to have an external key present. The key can decrypt the video or it can supplement the content of the video. If a request is made to play a video, that video can be automatically downloaded.11-18-2010
20090006860GENERATING MULTIPLE SEALS FOR ELECTRONIC DATA - The description generally provides for systems and methods for a mobile communication network. Archives of seals can be sealed to protect the integrity of the seals and facilitate validation in the event a sealing party's sealed registration document is revoked. A document can be sealed multiple times to nest seals within other seals. Specific evidentiary metadata can be included by the sealing party. A main document including or associated with other documents can be sealed as a collection of documents. The seal of the main document can include external references to the files included in the main document to verify the external files were not changed or altered.01-01-2009
20080250251Systems and Methods for Hardware Driven Program Execution - Systems and methods for storing and accessing encrypted content are described. At least one embodiment includes a system for storing and accessing encrypted content comprising a secure hardware device coupled to a memory comprising a trusted module, wherein the hardware device is configured to receive content from a remote location, and wherein the hardware device is configured to encrypt content and generate a key for decrypting the content. The system further comprises logic stored within the memory configured to access the encrypted content, wherein the logic comprises a plurality of decryption modules and at least one decoder.10-09-2008
20100146298Method and system for processing digital content according to a workflow - A method of processing digital content following a workflow. A processing device receives the digital content and a license for the digital content, the license comprising workflow information about a process chain, which comprises a present node and a following node; decrypts the license; verifies if it may process the content by verifying if it corresponds to the present node. If the processing device may process the digital content, it processes the digital content to obtain processed content and generates a new license comprising updated workflow information, wherein the following node is set as a new present node. Also provided is a processing device.06-10-2010
20100146296APPARATUS AND METHOD FOR HASH CRYPTOGRAPHY - An apparatus for hash cryptography has a hardware structure that is capable of providing both secure hash algorithm (SHA)-1 hash calculation and SHA-256 hash calculation. The apparatus for hash cryptography generates a plurality of first message data corresponding to a plurality of first rounds when the SHA-1 hash calculation is performed and generates a plurality of second message data corresponding to a plurality of second rounds when the SHA-256 hash calculation is performed by using one memory, one first register, one XOR calculator, and one OR calculator, calculates a message digest by the SHA-1 hash calculation by using the plurality of first message data when the SHA-1 hash calculation is performed, and calculates a message digest by the SHA-256 by using the plurality of second message data when the SHA-256 hash calculation is performed.06-10-2010
20100153744CRYPTOGRAPHIC PROCESSING APPARATUS - A cryptographic processing apparatus includes: at least one register configured to store data for operation; a first operation block configured to execute an operation in accordance with data stored in the register; a second operation block configured to execute a logic operation between one of a register-stored value and a key and an operation result of the first operation block; and a decode block configured to decode binary data in units of the predetermined number of bits to convert the binary data into decode data having the number of bits higher than the number of bits of the binary data.06-17-2010
20090265561Separating Keys and Policy for Consuming Content - In accordance with one or more aspects of the separating keys and policy for consuming content, content has a corresponding leaf license, and the leaf license has one or more associated root policy addenda. Each root policy addenda includes policy identifying when it is permissible to decrypt and consume the content, but excludes a content key to decrypt the content. The content can be decrypted and consumed only if the policy identifies that it is permissible to decrypt and consume the content.10-22-2009
20100095133REDUCTION OF SIDE-CHANNEL INFORMATION BY INTERACTING CRYPTO BLOCKS - A cryptography device which reduces side channel information including a first computing block adapted to either encrypt or decrypt received first input data and to output the encrypted or decrypted first input data as first output data at a first data output, a second computing block adapted to either encrypt or decrypt received second input data and to output the encrypted or decrypted second input data as second output data at a second data output, and a control unit connected to the first and second computing blocks and adapted in a first operating condition on the one hand to partially or completely assign the first output data to the first computing block as the first input data and on the other hand to completely or partially assign the first output data to the second computing block as part of the second input data.04-15-2010
20100095132PROTECTING SECRETS IN AN UNTRUSTED RECIPIENT - A technique for protecting secrets may involve enclosing master secret keys in an encapsulation module functioning like an envelope on a host that may run an untrusted operating system. The encapsulation module itself can be obfuscated and protected with various software security techniques, such as anti-debugging techniques, which make reverse-engineering more difficult. Session or file keys could then be derived from the master key stored in the encapsulation module on the host, wherein each of the keys protects a session or a file on the host. Additionally, a code can be provided to prevent the master secret and the keys from being swapped to a non-volatile storage device of the host.04-15-2010
20080201581Method and apparatus for storing data - According to an aspect of an embodiment, a method comprises providing a matrix comprising m rows and n columns, each of the rows and columns comprising elements of zero and one, dividing data into n data blocks, associating each of the data blocks with each of the columns, calculating an exclusive-OR of selected data blocks in reference to one of the rows, the selected data blocks being determined by the element of one in the associated columns in the one of the rows, repeating the calculating in other rows and storing separately the calculated data resulting from the exclusive-OR of data blocks in association with the associated rows, respectively.08-21-2008
20080294908Recording Device, Content Key Processing Device, Recording Medium, and Recording Method - A recording device has a content encryption unit for writing a content encrypted with a content key in a recording medium, and a key encryption unit for encrypting the content key and writing the encrypted content key in the recording medium. A content key processing device has a key decryption unit that decrypts the content key that has been encrypted and recorded in a recording medium, and a key encryption unit that re-encrypts the decrypted content key with predetermined information and writes the re-encrypted content key in the recording medium.11-27-2008
20080270804COPY PROTECTED DIGITAL DATA - The present invention relates to digital data comprising a passive part (10-30-2008
20120297200POLICY BOUND KEY CREATION AND RE-WRAP SERVICE - One or more techniques and/or systems are provided for provisioning encrypted key blobs and client certificates. That is, a trusted execution environment on a first machine may provide a key service provider with a cryptographic encryption key. The key service provider may encrypt a key blob using the cryptographic encryption key and/or wrap the encrypted key blob with one or more policies, such as a platform policy. The key service provider may provision the encrypted key blob to a client on the first machine. The client may submit the encrypted key blob to the trusted execution environment for validation so that the client may perform key actions, such as sign an email or encrypt data. Because the key blob may be specific to a particular trusted execution environment and/or machine, the key service provider may re-wrap the key blob if the client “roams” to a second machine.11-22-2012
20120297202Secure Environment Management during Switches between Different Modes of Multicore Systems - The invention relates to the switching from a first mode of operation to a second mode, of a first and a second cores of a processor of a processing device further comprising a controller. The controller sends a first message to the cores. Upon reception of the first message, sensible data handled by the cores are stored securely. The second core sends, to the first core, a second message indicating the completion of the step of storing its sensible data. Upon reception of the second message, the first core stores securely, in a storage unit, other sensible data, and, when finished, sends to the controller a third message. Upon reception of the third message, the controller sends to the first core a fourth message. Then, the first core sends a fifth message to the second core. Upon reception of the fourth and the fifth messages, the cores enter into the second mode.11-22-2012
20090013192INTEGRITY CHECK METHOD APPLIED TO ELECTRONIC DEVICE, AND RELATED CIRCUIT - An integrity check method applied to an electronic device includes: fetching at least one portion of external data into a specific memory, where the external data is stored within the electronic device; during fetching the portion of the external data into the specific memory, checking whether the size of the fetched data in the specific memory reaches a predetermined value, where the predetermined value is less than the total size of the external data; and when the size of the fetched data in the specific memory reaches the predetermined value, enabling an integrity check of the fetched data.01-08-2009
20110010561METHOD AND APPARATUS FOR CRYPTOGRAPHIC CONVERSION IN A DATA STORAGE SYSTEM - When data is encrypted and stored for a long time, encryption key(s) and/or algorithm(s) should be updated so as not to be compromised due to malicious attack. To that end, stored encrypted data is converted in the storage system with new set of cryptographic criteria. During this process, read and write requests can be serviced.01-13-2011
20110010560Failover Procedure for Server System - A failover procedure for a computer system includes steps for routing traffic from a routing device to a first server, storing in the routing device data representing a fingerprint of the first server, receiving periodically at the routing device a status message from the first server, detecting at the routing device an invalid status message from the first server by absence of the fingerprint in a status message from the first server within a predetermined time period after last receiving a valid status message, and routing the traffic from the routing device to a second server in response to detecting the invalid status message from the first server. A redundant server system implementing the failover procedure may include servers each capable of generating its fingerprint by reading current system configuration data.01-13-2011
20120297201CONFIDENTIAL SEARCH SYSTEM AND CRYPTOGRAPHIC PROCESSING SYSTEM - A confidential search that can flexibly control searchable data depending on a role or authority of a user when the data is shared in a group. When the inner product of an attribute vector and a predicate vector is a predetermined value, the confidential search system conducts pairing computation of decrypted data generated based on the attribute vector and a decryption key generated based on the predicate vector, so as to realize confidential search by utilizing an inner-product predicate encryption process that can decrypt the encrypted data. In particular, the confidential search system enables flexible control of searchable data depending on the role or authority of the user, by devising a method of generating the attribute vector and the predicate vector.11-22-2012
20080209231Contents Encryption Method, System and Method for Providing Contents Through Network Using the Encryption Method - Disclosed are a contents encryption method, and a system and method for providing contents through a network using the contents encryption method. In order to provide contents through the network more securely, at least one piece of contents and corresponding metadata are recursively multi-encrypted at least once, and encrypted data are then provided. In particular, encrypted positions of the contents and corresponding decryption information are expressed as metadata, and the metadata include parameter information on respective encryption tools used for multi-encryption, an order of the applied encryption tools, positions of the encryption tools, and a list of encryption tool substitutes. The metadata are provided when the contents are provided. Therefore, the contents provider and receiver can more safely and systematically manage the metadata including contents decryption information, and multimedia are efficiently protected, managed, and controlled.08-28-2008
20110271120Method and System for Verifying the Identity of an Individual by Employing Biometric Data Features Associated with the Individual - The invention relates to a method for verifying the identity of an individual by employing biometric data features associated with the individual, which method provides privacy of said biometric data features, comprising at least the steps of: a) for enrolment purposes deriving a first biometric template from at least a first set of first biometric data features associated with said individual, and b) for identity verifying purposes deriving a further biometric template from at least a further set of said first biometric data features associated with said individual, and c) comparing said further biometric template with said first biometric template. The invention also relates to a system for verifying the identity of an individual by employing biometric data features associated with the individual, which system at least comprises: an enrolment means and a verifying means, wherein said enrolment means are arranged in deriving a first biometric template data, said first biometric template data being secret and associated with a first set of first biometric data features of said individual, and in receiving a further set of first biometric data features of said individual, and in deriving a further biometric template data associated with said further set of first biometric data, and wherein said verifying means are arranged in comparing the first biometric template data with the further biometric template data to check for correspondence, wherein the identity of the individual is verified if correspondence exists.11-03-2011
20080215892Data Transmission Between Modules - In a method for transferring data (D) between a first module (09-04-2008
20080250252Systems and methods for bios processing - Methods and systems for Basic Input/Output System BIOS processing such as hashing are disclosed. In one embodiment, there is a direct interface between a security module and a non-volatile memory storing the BIOS in a computing system so that the security module may directly access the BIOS without using the central processing unit CPU as an intermediary. In one embodiment, the security module is powered by standby power and therefore can begin BIOS processing even if the computing system has not yet been turned on.10-09-2008
20100138671METHODS AND APPARATUSES FOR PROVIDING DRM INTEROPERABILITY - Methods and apparatuses for providing DRM interoperability are provided. Proxy re-encryption technique using bilinear map is used, and the same content can be used in different devices. According to the method of providing DRM interoperability includes in proxy agent with respect to digital rights management (DRM) service providers and device which supports predetermined DRM, first DRM service provider, second DRM service provider, the proxy agent, and the device identify each other, and proxy re-encrypt an interoperable content (IC) and provide the IC to the device. The IC is second-level encrypted by using a key of the first DRM service provider, and the proxy re-encryption is performed by using a proxy key generated from proxy key information provided from the first DRM service provider and the second DRM service provider. Therefore, a problem in which interoperability cannot be guaranteed since a DRM technique depends on a service provider is resolved.06-03-2010
20100005316BRANCH TRACE METHODOLOGY - Method, system, and computer program product embodiments for performing a branch trace operation on a computer system of an end user are provided. An encrypted mapping macro is provided to the end user to be made operational on the computer system. A trace program is provided to the end user. The end user executes the trace program on the computer system as a diagnostic tool. The trace program is adapted for decrypting the encrypted mapping macro, determining a storage offset location of a branch instruction; checking the storage offset location for an identifying constant, cross referencing the identifying constant with an entry in the decrypted mapping macro to identify a branch triggering bit and diagnostic information associated with the branch instruction, and returning the branch triggering bit and diagnostic information, the branch triggering bit and diagnostic information provided to a coder.01-07-2010
20100146300HEALTH MONITORING SYSTEM - A health monitoring system includes a plurality of remote user sites, each remote user site comprising at least one health monitoring device for collection of user health monitoring data, an interactive video device, and a user interface apparatus; at least one remote computing facility configured for signal communication with, and to receive health monitoring data-related signals from, the plurality of remote user sites; and at least one computer, configured for signal communication with the remote computing facility, wherein the interactive video device is interactively coupled with the remote computing facility. Associated methods are also described.06-10-2010
20100146299SYSTEM AND METHOD FOR CONFIDENTIALITY-PRESERVING RANK-ORDERED SEARCH - A confidentiality preserving system and method for performing a rank-ordered search and retrieval of contents of a data collection. The system includes at least one computer system including a search and retrieval algorithm using term frequency and/or similar features for rank-ordering selective contents of the data collection, and enabling secure retrieval of the selective contents based on the rank-order. The search and retrieval algorithm includes a baseline algorithm, a partially server oriented algorithm, and/or a fully server oriented algorithm. The partially and/or fully server oriented algorithms use homomorphic and/or order preserving encryption for enabling search capability from a user other than an owner of the contents of the data collection. The confidentiality preserving method includes using term frequency for rank-ordering selective contents of the data collection, and retrieving the selective contents based on the rank-order.06-10-2010
20100146291SECURE FRAMEWORK FOR INVOKING SERVER-SIDE APIS USING AJAX - Techniques for securely invoking a server-side API from client-side Web application code using AJAX. In one set of embodiments, a request to invoke a server-side API is received from a client-side component of a Web application, where the request is sent asynchronously using AJAX. One or more security handlers are then invoked to process the request in a manner that mitigates various security attacks. In one embodiment, a security handler is invoked to defend against a plurality of different types of Web application/AJAX security attacks. In another embodiment, authentication and authorization security handlers are invoked to authenticate a user of the Web application that originated the request and determine whether the user is authorized to call the server-side API. In yet another embodiment, configuration is implemented at the data storage tier to enforce user-access and data security on data that is retrieved/stored as a result of invoking the server-side API.06-10-2010
20100146295Trusted Computing Entities - The present invention relates to trust in computing platforms and the like. In particular, embodiments of the invention provide a trusted computing entity (06-10-2010
20120272069Sound definition language method with inline modifiers - A method and apparatus is shown to allow the creation of sound programmers and complementary sound decoders that may be securely downloaded with sound and IPL data and that will operate in power limited environments with resistance to power drop outs and are significant improvements beyond prior art devices.10-25-2012
20120272068CONTENT DISTRIBUTION WITH RENEWABLE CONTENT PROTECTION - A method of renewing encryption applied to a content file in a playback device comprising determining a specified variant of at least one microcode function to be used in playing back the content file, determining if variants are stored in internal memory on the playback device to determine if the specified variant is included in the stored variants, retrieving the specified variant from a variant storage in a memory located in a media device in communication with the playback device, if the specified variant is not included in the stored variants, and using the specified variant to access the content file. A playback device has at least one memory having a variant storage, the variant storage including at least one variant of a microcode function, and a processor configured to execute instructions to determine at least one specified variant, access the variant storage of at least one memory to acquire the specified variant, and use the specified variant to decrypt a content file downloaded to a media device in communication with the playback device.10-25-2012
20100138669ENCRYPTION AND DECRYPTION OF A DATASET IN AT LEAST TWO DIMENSIONS - It is described a method for encrypting and a method for decrypting at least a portion (06-03-2010
20090063869Securing Data in a Networked Environment - Apparatus for securing data, comprising: an isolated processing environment having a boundary across which data cannot cross and a channel for allowing data to cross the boundary. A filter restricts data passage across the channel. Protected data is initially located in a secure area and is only released to such a secure processing environment so that access for authorized users to the secure data is available, but subsequent release of the secure data by the authorized users to the outside world is controlled.03-05-2009
20110208977REMOVABLE DRIVE WITH DATA ENCRYPTION - A removable drive such as a USB drive or key is provided for connecting to computer devices to provide secure and portable data storage. The drive includes a drive manager adapted to be run by an operating system of the computer device. The drive manager receives a password, generates a random key based on the password, encrypts a user-selected data file in memory of the computer device using the key, and stores the encrypted file in the memory of the removable drive. The drive manager performs the encryption of the data file without corresponding encryption applications being previously loaded on the computer system. The drive manager may include an Advanced Encryption Standard (AES) cryptography algorithm. The drive manager generates a user interface that allows a user to enter passwords, select files for encryption and decryption, and create folders for storing the encrypted files on the removable drive.08-25-2011
20090193265FAST DATABASE INTEGRITY PROTECTION APPARATUS AND METHOD - An apparatus and method of protecting the integrity of a database is provided. Protection of the database is implemented by randomly selecting part of the database that is to be authenticated, the part of the database being less than the entire database to be authenticated. Then, only the selected part of the database is processed through a security function to generate a representation of authentication of the database for comparison with another representation of authentication of the database. Based on a comparison of the representation of authentication and the another representation of authentication, it is determined if integrity of the database has been maintained.07-30-2009
20120198241SYSTEMS AND METHODS FOR SECURING DATA - Systems and methods are provided for securing data. A processing device receives a data set and identifies a first subset of data from a first dimension of a multi-dimensional representation of the data set. The processing device encrypts the first subset of data using a first encryption technique to yield a first encrypted subset of data and replaces the first subset of data in the multi-dimensional representation of the data set with the first subset of encrypted data. The processing device then identifies a second subset of data from a second dimension of the multi-dimensional representation of the data set, with the second subset of data including at least a portion of the first subset of encrypted data, and encrypts the second subset of data using a second encryption technique to yield a second encrypted subset of data.08-02-2012
20100275035Cryptographic processing apparatus and method for storage medium - Provided is a cryptographic processing apparatus for a storage medium, including: a location information conversion unit that stores a conversion result in a buffer, the conversion result obtained by performing a conversion process on location information indicating a location of data to be accessed on the storage medium; and a data cryptographic processing unit that performs cryptography processing on the data using the conversion result stored in the buffer, the cryptography processing being one of encryption and decryption.10-28-2010
20110208975ELECTRONIC DEVICE AND METHOD OF SOFTWARE OR FIRMWARE UPDATING OF AN ELECTRONIC DEVICE - An electronic device is provided having a memory driver unit for reading partition headers including encrypted version numbers from a memory and for writing updated encrypted version numbers to the memory. The electronic device has an update agent unit for controlling a software or firmware update, a one-time programmable memory for storing a first value, and an encrypt-decrypt unit for decrypting the partition headers stored in the memory. The update agent is configured to compare the retrieved version numbers with a version number from a software or firmware update. The first value is incremented and stored in the one-time programmable memory if an update is performed. The encrypt-decrypt unit is configured to encrypt the version numbers of the software or firmware update based on the new first value. The memory driver unit is configured to write a new partition header with the updated encrypted version numbers into the memory.08-25-2011
20120072736MEMORY DEVICE, MEMORY SYSTEM, AND AUTHENTICATION METHOD - According to one embodiment, a memory device includes a third partial key write module, an encryption key write module, and a decryption module. The third partial key write module is configured to combine a second partial key received from the current host device with the first partial key in the partial key memory device and to write a generated third partial key into the volatile memory after the device authentication. The encryption key write module is configured to combine the third partial key with the second user authentication information and to write a generated encryption key into the volatile memory after the user authentication. The decryption module is configured to decrypt the encrypted data based on the encryption key in the volatile memory based on a read request received from the current host device and to output obtained data to the current host device when the user authentication has succeeded.03-22-2012
20090138726Authentication-secured access to a data carrier comprising a mass storage device and chip - The invention provides a method for accessing the mass memory of a data carrier with a mass memory and a chip. The data carrier has been or is personalized by an individual date of a use device which is or has already been stored in(to) the chip to a use device for accessing the data carrier, so that the data carrier can only be used with this use device.05-28-2009
20090164800Secure End-of-Life Handling of Electronic Devices - Methods and apparatus for verifying that an electronic device has been disabled are disclosed. An exemplary electronic device includes a communications interface, a secure memory, storing a secret key, and a cryptographic circuit configured to calculate a verification token from the secret key, using a first cryptographic operation. The cryptographic circuit is further configured to calculate an identification token from the verification token, using a second cryptographic operation. The cryptographic circuit is further configured to output the identification token in response to a first command received via the communications interface. The verification token is output to the communications interface only if a predetermined functionality of the electronic device has been disabled. The electronic device may further comprise a disabling circuit configured to disable the predetermined functionality in response to a disable command.06-25-2009
20090164801RECORDING/REPRODUCING DEVICE, COMMUNICATION DEVICE, PROGRAM, SYSTEM LSI - A reading unit 06-25-2009
20090327746KEY ENCRYPTION AND DECRYPTION - Provided is a data storage drive for encrypting data, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a session key, wherein a result is a data key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium. Also provided is a system, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a private key, wherein a result is a secret key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium.12-31-2009
20090177893DIGITAL IDENTITY DEVICE - A digital identity device for uniquely identifying legal entities. The digital identity device is used for secure electronic communications.07-09-2009
20090055657Program Converting Device, Secure Processing Device, Computer Program, and Recording Medium - To provide a program conversion device capable of executing a program that includes a secret operation for decrypting encrypted data using secret information without exposure of the secret information in a memory thereby to improve confidentiality in execution of the program. In an execution program generation device 02-26-2009
20090187769SYSTEM AND METHOD FOR AN AUTONOMOUS SOFTWARE PROTECTION DEVICE - A system and method is introduced for protecting software from being altered, duplicated, inspected or used in an unauthorized manner. An autonomous software protection device is presented, containing encryption and decryption unit along with an independent execution environment such as a Java Virtual Machine to carry out computations in a protected environment. The software protection device carries out protected code and may make use of protected data to carry out protected computations. Unsecured memory may be used securely by software protection device through an internal virtual memory mechanism managed by the independent execution environment. The software protection device may serve an external computing device for making computations that are protected from software and data alteration and inspection while preventing duplication and usage not as intended by the software and data owner.07-23-2009
20090144558Method For Anit-Keylogger - A method for preventing keyloggers from logging text data, that is outputted by a computer user data input device. By encrypting the text data of the user data input device, the keyloggers cannot understand the text data of the user data input device in a computer.06-04-2009
20090259854METHOD AND SYSTEM FOR IMPLEMENTING A SECURE CHAIN OF TRUST - A method, an integrated circuit and a system for implementing a secure chain of trust is disclosed. While executing secure boot code in a secure boot mode, less-secure boot code may be authenticated using a secret key. A secure key may also be calculated or generated during the secure boot mode. After control is turned over to the authenticated less-secure boot code, at least one application may be authenticated using the secure key. Once authenticated in the less-secure boot mode, the application may be executed by the programmable integrated circuit. In this manner, a secure chain of trust may be implemented for the programmable integrated circuit.10-15-2009
20090144557RECOVERABLE SECURE DATA STORE SYSTEM AND METHOD - A data security provision system and method are provided herein.06-04-2009
20090024854DOCUMENT OUTPUTTING APPARATUS, CONTROL METHOD THEREOF, AND DOCUMENT OUTPUT SYSTEM - A document providing computer creates a JDF file and a PDF file, and associates them by embedding a path to the PDF file in the JDF file (S01-22-2009
20110225430Secured database system with built-in antivirus protection - A secured database system with built-in antivirus protection is described. In one embodiment, for example, a method of the present invention is described for securing a database system, the method comprises steps of: provisioning storage from a storage device, for storing database information; generating an encryption key so that the database information is stored on the storage device in an encrypted manner; generating a decryption key for decrypting the database information stored on the storage device, wherein access to the decryption key is controlled by the database system based on user privileges; receiving a request from a user for access to the database information; determining whether the user has been granted sufficient privileges to access the database information; if the user has been granted sufficient privileges, automatically decrypting the database information to provide the access; and otherwise denying the request if the user has not been granted sufficient privileges.09-15-2011
20110225429CRYPTOGRAPHIC ACCUMULATORS FOR AUTHENTICATED HASH TABLES - In one exemplary embodiment, an apparatus includes a memory storing data and a processor performing operations. The apparatus generates or maintains an accumulation tree for the stored data—an ordered tree structure with a root node, leaf nodes and internal nodes. Each leaf node corresponds to a portion of the data. A depth of the tree remains constant. A bound on a degree of each internal node is a function of a number of leaf nodes of a subtree rooted at the internal node. Each node of the tree has an accumulation value. Accumulation values of the root and internal nodes are determined by hierarchically employing an accumulator over the accumulation values of the nodes lying one level below the node in question. The accumulation value of the root node is a digest for the tree.09-15-2011
20110145596Secure Data Handling In A Computer System - An improved computer system comprising a first storage area accessible by an operating system and a second storage area which is accessible by authorized functions only is disclosed. According to the invention at least one protected storage area is implemented into the second storage area, wherein the operating system installs at least one secret key and/or at least one customized processing function into regions of the at least one protected storage area, wherein the operating system transfers data, and/or parameters to process into regions of the at least one protected storage area, wherein the operating system selects one of the customized processing functions to execute, wherein the selected customized processing function is executed and accesses storage regions of the at least one protected storage area to process the data and/or the parameters, and wherein resulting process data is read from the at least one protected storage area.06-16-2011
20110145592Virtual Token for Transparently Self-Installing Security Environment - A virtual token for use in a virtual computer environment to implement the secure cryptographic facilities of a hardware security token within a computer without requiring custom installation or administrator privileges. The hardware security token contains an automatic installer for the virtual environment and the virtual token with the computer's operating system. When plugged into the computer the hardware security token automatically performs dynamic installation as necessary, providing secure cryptographic services to standard application programs already installed in the computer. The installation is transparent to the user, and requires no user attention or special access privileges. After the session is completed and the security token is removed from the computer, the virtual environment is effectively uninstalled from the host computer, also transparently to the user, without any user attention, and without making any modifications to the computer's operating system.06-16-2011
20110145591ADAPTIVE VIRTUAL ENVIRONMENT MANAGEMENT SYSTEM - A user computing system configured to host a virtual user environment is disclosed. The system includes a local memory configured to store a plurality of data blocks and a programmable circuit operatively connected to the local memory. The programmable circuit is configured to execute program instructions to cause the user computing system to manage profile definition data including a manifest of software associated with a user, and host a virtual user environment on the device, the virtual user environment including executable instructions specific to the user computing system and constructed from data blocks stored in the local memory, the virtual user environment including a plurality of application programs and settings defined in the manifest.06-16-2011
20090055658Authenticating and Verifying an Authenticable and Verifiable Module - A module-specific public key and cryptographically protected data related to the module-specific public key are extracted from an authenticable and verifiable module. The cryptographically protected data is compared with the module-specific public key to authenticate the authenticable and verifiable module. A value calculated from an image, including a size and location block, included within the authenticable and verifiable module is compared with a value extracted from a digital signature contained in a verification block within the authenticable and verifiable module to verify the authenticable and verifiable module.02-26-2009
20110225428System and Method for Encryption and Decryption of Data - Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. A method for encryption and decryption of data, may include encrypting or decrypting data associated with an input/output operation based on at least one of an encryption key and a cryptographic function, wherein at least one of the encryption key and the cryptographic function are selected based on one or more characteristics associated with the data to be encrypted or decrypted. Another method may include encrypting an item of data based on at least one of a first-layer encryption key and a first-layer cryptographic function to produce first-layer encrypted data and encrypting the first-layer encrypted data based on at least one of a second-layer encryption key and a second-layer cryptographic function to produce second-layer encrypted data.09-15-2011
20120079284INFORMATION PROCESSING APPARATUS, CONTROL METHOD OF INFORMATION PROCESSING APPARATUS, AND PROGRAM - An information processing apparatus includes a decryption processing unit, a backup unit, and a control unit. The decryption processing unit is configured to decrypt encrypted data read from a first storage unit storing the encrypted data. The backup unit is configured to back up the encrypted data stored in the first storage unit to a second storage unit. When the backup unit backs up the encrypted data stored in the first storage unit to a second storage unit, the control unit is configured to control the decryption processing unit to store the encrypted data read from the first storage unit, in the second storage unit without performing decrypting processing.03-29-2012
20120079283MEMORY MANAGEMENT DEVICE AND MEMORY MANAGEMENT METHOD - According to an embodiment, a memory management device increments a lower value of a first counter, updates the counter by incrementing an upper value and resetting the lower value when the lower value overflows, increments to update the lower counter value when the upper value is incremented as a result of writing a second data piece having the upper value in common to a memory, recalculates a first secret value calculated using the first counter values and a root secret value in response to the first counter update, writes a first data piece and the first secret value to the memory, and at reading of the first data piece and the first secret value, calculates a second secret value using the updated first counter values and the root secret value, and compares the first secret value with the second secret value to verify the first data piece.03-29-2012
20120079282SEAMLESS END-TO-END DATA OBFUSCATION AND ENCRYPTION - A system comprises an input obfuscation module and an input encryption module coupled to the input obfuscation module. The input obfuscation and encryption modules are configured to define a first end of a secure channel for exchanging information with a secure software application module. The system further comprises an output de-obfuscation and decryption module coupled to the input obfuscation and encryption modules and is configured to define a second end of the secure channel, the secure channel having no seams between the first end of the secure channel and the second end of the secure channel. The system further comprises an output de-obfuscation module coupled to the output decryption module.03-29-2012
20120079281SYSTEMS AND METHODS FOR DIVERSIFICATION OF ENCRYPTION ALGORITHMS AND OBFUSCATION SYMBOLS, SYMBOL SPACES AND/OR SCHEMAS - In some embodiments, a method includes generating a round key for each round from one or more rounds for encrypting input data and partitioning the input data into one or more data blocks for each round. A block key is generated for each data block and each data block is encrypted using the round key, the block key and the data block as inputs to a mathematic operation to produce a cipher text. A number of rounds is variable, at least one of a size of the round key or a number of data blocks are variable for each round, or at least one of a size of each data block, a size of the block key for each data block, the mathematic operation for each data block, or a size of the cipher text for each data block are variable for each data block within each round.03-29-2012
20120079280Method, system and secure processor for executing a software application - A host reads host software code and secure processor software code of an software application and passes the secure processor software code to the secure processor that requests an activation sequence for the software application from a remote server. The secure processor receives the activation sequence for the software application and applies it to the secure processor software code to make it executable. The host executes the host software code and calls a procedure of the executable secure processor software code in the secure processor, which executes the procedure of the executable secure processor software code to obtain a response to the call that is then returned. The activation sequence is advantageously software code. The invention can enable protection of a plurality of software titles using a single secure processor that is dynamically adapted for each title.03-29-2012
20090083546System And Method For Providing Private Inference Control - A system and method for providing private inference control is presented. A query count and database including records are maintained. Each record includes attributes, wherein the attributes form inference channels. A data structure is constructed including ciphertext keys, which each relate to one attribute and record. A seed for a pseudorandom function and a secret key for non-malleable encryption are chosen. A query is specified by providing indices identifying one record and attribute by homomorphic encryption. A secure function evaluation is executed upon the inference channels, seed, secret key, query count, and the set of ciphertext keys. An output is generated including the pseudorandom function and an updated set of ciphertext keys subject to sum-consistency of the set of ciphertext keys and a non-inference enabling query. A table of entries is formed by combining each attribute for each record with an output from the pseudorandom function. The entry is provided.03-26-2009
20100153743ELECTRONIC DEVICE AND METHOD TO CONTROL OUTPUT THEREOF - An electronic device and a method to control an output thereof are provided. The electronic device includes a controller to control whether to output non-encrypted multimedia data to an external device based on whether the external device is communicatively connected to the electronic device, and an interface to output the non-encrypted multimedia data to the external device under the control of the controller.06-17-2010
20110231672ADAPTER FOR PORTABLE STORAGE MEDIUM AND METHOD OF DISABLING DATA ACCESS - A portable storage medium adapter, which is connected to a computer to store data received from the computer in a portable storage medium, includes a holding part that detachably holds the portable storage medium, a detecting part that detects an unloading operation of the portable storage medium by a user, and a disablement executing part that executes a disabling process to disable external access to the data stored in the portable storage medium at a time when the unloading operation is detected in the detecting part.09-22-2011
20110231671APPARATUS, SYSTEM, AND METHOD FOR AUDITING ACCESS TO SECURE DATA - An apparatus, system, and method are disclosed for auditing access to secure data. A detection module detects an access to the secure data. A record module records an encrypted log entry describing the access to the secure data. A verification module verifies the secure data is securely stored.09-22-2011
20090204822REDUCING THE BOOT TIME OF A TCPA BASED COMPUTING SYSTEM WHEN THE CORE ROOT OF TRUST MEASUREMENT IS EMBEDDED IN THE BOOT BLOCK CODE - A method, computer program product and system for reducing the boot time of a TCPA based computing system. A flash memory in the TCPA based computing system may include a register comprising bits configured to indicate whether the segments of the flash memory have been updated. The flash memory may further include a table configured to store measurements of the segments of the flash memory. The flash memory may further include a boot block code that includes a Core Root of Trust for Measurement (CRTM). The CRTM may read the bits in the register to determine if any of the segments of the flash memory have been updated. The CRTM may further obtain the measurement values in the table for those segments that store the POST BIOS code that have not been updated thereby saving time from measuring the POST BIOS code and consequently reducing the boot time.08-13-2009
20090083545SEARCH REPORTING APPARATUS, METHOD AND SYSTEM - A method of reporting search results of a collection of data is disclosed. The method includes obtaining a hash function and a pattern of data for which to search within the collection of data and searching the collection of data for one or more strings of data that match the pattern. In response to finding one or more strings of data that match the pattern, the method further includes hashing each string that matches the pattern of data with the hash function and creating one or more rows of a results table. Each row of the results table corresponds to one string of data that matches the pattern of data and includes the corresponding hashed string of data.03-26-2009
20090100271Counterfeit Prevention System based on Random Processes and Cryptography - A first portion of a label is formed using a chaotic process that cannot be controlled and forms a portion of the label using the chaotic information. A prospective counterfeiter cannot control the first portion of the label, and hence can only form a different random portion. A private encryption key is used to encrypt information indicative of the random portion. That encrypted information is placed on the same label. That encrypted information can be decrypted by a user using a public key, and compared with the random portion. If they agree, then the label is genuine, and the product has not been counterfeited. Since the random information cannot be replicated exactly, there is no way to copy this label and its encrypted portion exactly onto another product or label.04-16-2009
20090210723METHOD OF DETECTING SOFTWARE FALSIFICATION, APPARATUS CONFIGURED TO DETECT SOFTWARE FALSIFICATION, AND COMPUTER-READABLE STORAGE MEDIUM - A method of detecting falsification of software installed in an apparatus includes the steps of (a) encrypting software configuration information of the apparatus at the time of installing the software using an encryption and decryption unit specific to the apparatus, and storing the encrypted software configuration information outside the apparatus, (b) decrypting the encrypted software configuration information of the apparatus at the time of installing the software, stored outside the apparatus, using the encryption and decryption unit specific to the apparatus, and (c) determining the presence or absence of the falsification of the software by comparing the software configuration information of the apparatus at the time of installing the software obtained by step (b) and the current software configuration information of the apparatus.08-20-2009
20090210722System for and method of locking and unlocking a secret using a fingerprint - The present invention provides a way to lock a secret in a portable package. The package contains the key needed to unlock it. The key is dispersed throughout the encrypted data so that an attacker has no way to feasibly recover it. The package also contains information that uniquely identifies users who are authorized to unlock the secret. In a preferred embodiment, the information is fingerprint image data, such as fingerprint templates. The locked secret thus has several levels of security, requiring information needed to recover and assemble the key, information about the decryption algorithm that uses the key to unlock the secret, and biometric information needed to grant a user permission to unlock the secret.08-20-2009
20100180128Information Source Agent Systems and Methods For Distributed Data Storage and Management Using Content Signatures - Information source agent systems and methods for distributed content storage and management using content signatures that use file identicality properties are provided. A data management system is provided that includes a content engine for managing the storage of file content, a content signature generator that generates a unique content signature for a file processed by the content engine, a content signature comparator that compares content signatures and a content signature repository that stores content signatures. Information source agents are provided that include content signature generators and content signature comparators. Methods are provided for the efficient management of files using content signatures that take advantage of file identicality properties. Content signature application modules and registries exist within information source clients and centralized servers to support the content signature methods.07-15-2010
20090222673SYSTEM FOR CONTROLLING ACCESS AND DISTRIBUTION OF DIGITAL PROPERTY - Digital data protection is provided by a processor running an operating system programmed to generate one or more interrupts; an access mechanism detects one or more interrupts at or below a BIOS level, a given detected interrupt being associated with an operating system request to access protected portions of the data, and restricts access to the protected portions of the data by the operating system in accordance with at least one rule; a tamper detecting mechanism prevents access to the data in an unprotected form has means for destroying data stored in the access mechanism when tampering is detected.09-03-2009
20090222672Integrated Circuit That Uses A Dynamic Characteristic Of The Circuit - An integrated circuit has a first component that has a dynamic characteristic that varies among like integrated circuits, for example, among integrated circuits fabricated using the same lithography mask. Operating the first component produces an output that is dependent on the dynamic characteristic of the first component. A digital value associated with the integrated circuit is generated using the output of the first component, and then the generated digital value is used in operation of the integrated circuit.09-03-2009
20090254759TAMPER RESISTANCE OF A DIGITAL DATA PROCESSING UNIT - A system for increasing a tamper resistance of a digital data processing unit, comprises a first unit (10-08-2009
20090254758METHOD AND APPARATUS FOR THE SECURE PROCESSING OF SENSITIVE INFORMATION - The subject matter of the invention relates to a system (10-08-2009
20080320316Selective Encryption System and Method for I/O Operations - Upon occurrence of a trigger condition, writes of allocation units of data (including code) to a device, such as writes of blocks to a disk, are first encrypted. Each allocation unit is preferably a predetermined integral multiple number of minimum I/O units. A data structure is marked to indicate which units are encrypted. Upon reads from the device, only those allocation units marked as encrypted are decrypted. The disk protected by selective encryption is preferably the virtual disk of a virtual machine (VM). The trigger condition is preferably either that the virtual disk has been initialized or that the VM has been powered on. Mechanisms are also provided for selectively declassifying (storing in unencrypted form) already-encrypted, stored data, and for determining which data units represent public, general-use data units that do not need to be encrypted. The “encrypt-on-write” feature of the invention may be used in conjunction with a “copy-on-write” technique.12-25-2008
20120131354METHOD AND SYSTEM FOR PROVISION OF CRYPTOGRAPHIC SERVICES - An encryption service system comprises an API for receiving requests from one or more calling applications. Each request comprises information identifying the operations to be performed on data to be processed and information identifying the origin and target of the data. The encryption service system further comprises a cryptographic server for processing the requests and determining, for each request, an encryption policy to be applied.05-24-2012
20100275037Low-Power USB SuperSpeed Device with 8-bit Payload and 9-bit Frame NRZI Encoding for Replacing 8/10-bit Encoding - A Low-power flash-memory device uses a modified Universal-Serial-Bus (USB) 3.0 Protocol to reduce power consumption. The bit clock is slowed to reduce power and the need for pre-emphasis when USB cable lengths are short in applications. Data efficiency is improved by eliminating the 8/10-bit encoder and instead encoding sync and framing bytes as 9-bit symbols. Data bytes are expanded by bit stuffing only when a series of six ones occurs in the data. Header and payload data is transmitted as nearly 8-bits per data byte while framing is 9-bits per symbol, much less than the standard 10 bits per byte. Low-power link layers, physical layers, and scaled-down protocol layers are used. A card reader converter hub allows USB hosts to access low-power USB devices. Only one flash device is accessed, reducing power compared with standard USB broadcasting to multiple devices.10-28-2010
20100275036RECORDING/REPRODUCING SYSTEM, RECORDING MEDIUM DEVICE, AND RECORDING/REPRODUCING DEVICE - A memory card and a recording/playback device are provided that are capable of deterring a memory card manufacturer from illicitly storing a same media ID on a plurality of memory cards. A memory card (10-28-2010
20100275034SOFTWARE PROTECTION METHOD - A method of protecting an executable program from reverse engineering and/or tampering. The method includes receiving a copy of the executable program together with a debug database, the database storing the locations of functional blocks within the executable program. A protection code is inserted into the executable program so as to overwrite at least part of a functional block of the executable program. Subsequent execution of the functional block causes the protection code to be executed. The protection code, when executed, performs an operation and executes a copy of the overwritten part of the functional block.10-28-2010
20090254760DATA SECURITY - In one embodiment, a method is provided that may include encrypting, based least in part upon at least one key, one or more respective portions of input data to generate one or more respective portions of output data to be stored in one or more locations in storage. The method of this embodiment also may include generating, based at least in part upon the one or more respective portions of the output data, check data to be stored in the storage, and/or selecting the one or more locations in the storage so as to permit the one or more respective portions of the output data to be distributed among two or more storage devices comprised in the storage. Many modifications, variations, and alternatives are possible without departing from this embodiment.10-08-2009
20100161999Scalable RFID systems: a privacy preserving protocol with constant-time identification - A protocol with constant-time complexity solves the problem of private identification of tags in low-cost, large-scale radio frequency identification (RFID) systems—assuming that an adversary has complete control over the communication channel. Each RFID tag has an internal counter, c, and is preloaded with a unique pseudonym, ψ, and a secret key, k. A RFID reader attempting to identify and authenticate a tag within its range generates and transmits a random nonce to the RFID tag, which returns a first hash of its current pseudonym and counter, and a second hash that is a function of the secret key. The reader uses the returned data to identify the RFID tag and its secret key by reference to a database and returns other hash values that authenticate the reader to the RFID tag. The most expensive operation that RFID tags are required to perform is a hash function.06-24-2010
20100161997APPARATUS AND METHOD FOR AUTHENTICATING PERSONAL USE OF CONTENTS BY USING PORTABLE STORAGE - A system for authenticating personal use of contents by using a portable storage medium includes: a portable personal use authentication device configured to store domain authentication information; and a contents personal use authentication apparatus configured to extract playback information for playing a provided content based on the domain authentication information and provide the extracted playback information to a player06-24-2010
20090259855Code Image Personalization For A Computing Device - A method and apparatus for personalizing a software component to be executed in particular environment are described herein. According to an aspect of the invention, in response to an executable code image representing a software component to be installed in an electronic device, the executable code image is encrypted using an encryption key. The encryption key is then wrapped with a UID that uniquely identifies the electronic device, where the UID is embedded within a secure ROM of the electronic device. The wrapped encryption key and the encrypted executable code image are then encapsulated into a data object to be stored in a storage of the electronic device, such that when the electronic device is subsequently initialized for operation, the executable code image can only be recovered using the UID of the electronic device to retrieve a decryption key in order to decrypt the executable code image.10-15-2009
20090259856DATA PROCESSING APPARATUS - A data processing apparatus is provided, which detects falsification of software to data and rewriting of the data. The data processing apparatus according to an embodiment of the present invention comprises a security unit which has an encryption circuit for decrypting an encrypted signal including secrecy data. The security unit includes a compression circuit which compresses an access signal used in accessing the security unit and outputs the compression result, and a comparison circuit which compares the compression result outputted from the compression circuit with a previously-calculated expectation value of the compression result of the access signal.10-15-2009
20130219188APPARATUS AND METHOD FOR REPRODUCING CONTENTS IN ELECTRONIC DEVICE - An apparatus and a method for outputting contents where an Output Protection Level (OPL) has been set to an extension device in an electronic device are provided. The apparatus includes a secure processor for decrypting and decoding contents where a right to use the contents has been set using a secure Operating System (OS). When receiving an external output request for contents whose external output is not allowed, the secure processor stops generating of decoded data transmitted to an extension device.08-22-2013
20130219187CIRCUIT ARRANGEMENT, A METHOD FOR FORMING A CIRCUIT ARRANGEMENT, AND METHOD FOR INTEGRITY CHECKING - A circuit arrangement is provided, the circuit arrangement including a processor; a memory circuit connected to the processor, wherein the processor is configured to access the memory circuit; a blocking circuit configured to generate one or more random wait state signals which prevent the processor from accessing the memory circuit; and an integrity checking circuit configured to check the memory circuit during a wait state period of the one or more random wait state signals.08-22-2013
20100153741ENCRYPTING SYSTEM AND METHOD FOR NUMERICAL CONTROL DEVICES - An encrypting system for numerical control devices includes a function module, a code module, a memory, and a controller. The function module includes function programs. Each of the function programs presetting a service life. The code module encrypts and decrypts the service life of each of the function programs. The memory stores the service life encrypted by the code module. The controller reads the encrypted service life from the memory according to an input instruction and controlling the code module to decrypt the encrypted service life, and comparing the decrypted service life with the current date to control the function program to be executed in response to the service life of the function program being valid.06-17-2010
20100153740DATA RECOVERY USING ERROR STRIP IDENTIFIERS - A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary data blocks by performing splitting and encrypting operations on a primary data block received from the client for storage on the virtual disk and reconstitute the primary data block from at least a portion of the plurality of secondary data blocks stored in shares on corresponding physical storage devices in response to a request from the client. Write counters written with the secondary data blocks are used to determine whether the secondary data blocks were stored correctly.06-17-2010
20100153739Securable independent electronic document - In accordance with embodiments within, a secure independent electronic document apparatus, it's system, method, and manufacture is taught. With an authenticable and tamper detectable electronic container supporting platform vendor and authentication independence, character text data sections supporting digital signatures, data automation and nested embedding, as well as graphical image data, or other free format data sections supporting many data processing operations, imaging representation comprised within a container using a secure and independent system, the secure independent electronic document presents a solution for digital electronic information distribution, commerce, trade and exchange.06-17-2010
20100162000DATA SECURITY IN AN INFORMATION PROCESSING DEVICE - A device and method for data protection of inputted and stored publicly encrypted data. Publicly encrypted data can be received by a data receiver module and stored in a storage module and be decrypted by a decryption module using a first encryption key. A deciding device can determine whether or not the data needs protection. If necessary, the data can be re-encrypted by an encryption module based on a second and different internal private encryption key generated from the encryption module and stored in the storage module.06-24-2010
20120246484SECURE EXECUTION OF UNSECURED APPS ON A DEVICE - Given the volume of apps being developed and downloaded, performing operations to enable security for mobile devices, such as locating relevant classes and substituting different classes, can become very inefficient when done to a very high number of apps. In the invention, a device is enabled with an app security enforcement layer. The consumer can download unsecured apps and have the app execute on the phone in a secure manner, where potential data loss to the device, such as a smart phone or tablet, is minimized. To make the security wrapping process more efficient, an app template containing markers is created. This template is merged with data in an active user policy or is used to randomize or obfuscate the code to add more security. The process of security wrapping an app becomes more efficient.09-27-2012
20120246486INFORMATION-PROCESSING DEVICE AND INFORMATION MANAGEMENT PROGRAM - [PROBLEMS] To prevent leak of information because loss or theft judgement is made whether or not read control information stored in a predetermined read control information storage area of an external storage is proper. If the judgment result shows that it is invalid, virtualized data stored in the external storage is decrypted, and genuine read control information virtualized in the virtualized data is extracted. Next judgement is made whether or not the extracted genuine read control information is proper. If the extracted genuine read control information is proper, the virtualized genuine data in the virtualized data along with the genuine read control information is made usable by decrypting and creating the virtualized data, and improper read control information is stored in the read control information storage area.09-27-2012
20100185875BACKGROUND SERVICE PROCESS FOR LOCAL COLLECTION OF DATA IN AN ELECTRONIC DISCOVERY SYSTEM - Embodiments of the invention relate to systems, methods, and computer program products for a local collection tool that is configured to run as an authorized background service process. As such, the local collection tool of the present invention is capable of being executed in the absence of the device user's credentials. As a result, local collection can be accomplished without the user being present or covertly without the user's knowledge of collection process. Moreover, the back-up file generated by the collection tool may include encrypted data, which can automatically be decrypted by the collection entity through application of a master key.07-22-2010
20100185874Method of Mass Storage Memory Management for Large Capacity Universal Integrated Circuit Cards - A method for managing information in a large capacity UICC, comprising: 07-22-2010
20100185872SYSTEM, METHOD AND APPARATUS FOR READING CONTENT OF EXTERNAL STORAGE DEVICE - A system for enabling the reading on a reader of content stored in an external storage device is disclosed. The reader is a read-only device and has a display, a processor for controlling the operation of the reader, and a port for operative connection of the external storage device. The external storage device has a non-volatile storage and a central processor. The central processor is able to download to the reader the content stored in the non-volatile storage upon a pre-condition being established. The pre-condition is at least one of receipt of a correct encryption key from the reader, and arrival at a start date and time as determined by a real-time clock. The reader, external storage device, and a corresponding method are also disclosed.07-22-2010
20100161994METHOD AND APPARATUS FOR AUTHENTICATING STATIC DATA CARRIERS - Method of authenticating optical discs (06-24-2010
20100262836PRIVACY AND CONFIDENTIALITY PRESERVING MAPPING REPOSITORY FOR MAPPING REUSE - Described herein are systems and methods for importing and retrieving schema mappings while preserving privacy and confidentiality so that existing mappings can be reused across different customers without allowing reverse engineering of the original schemas. The disclosed embodiments provide different levels of mapping anonymity and correspondingly, available structural information in the retrieved mappings, in accordance with the security and privacy requirements.10-14-2010
20100174917INFORMATION RECORDING MEDIUM, REPRODUCING APPARATUS AND CUMPUTER PROGRAM - An information recording medium (07-08-2010
20100169663Systems and Methods for Detecting Authorized Players - One embodiment includes method for determining whether a player application is authorized to play protected content. The method comprises reading a digital signature associated with the player application from a predetermined memory location using a protection interface associated with the player application, where the digital signature comprises one or more file designations. The embodiment further comprises mapping, by the protection interface, the one or more file designations to one or more files associated with the player application and transmitting mapping information from the protection interface to a verification application stored on a storage medium. The verification application is configured to determine whether the player application is authorized to play the protected content if the one or more file designations match the one or more files based on the mapping information.07-01-2010
20100185873SYSTEM AND METHOD FOR FILE PROCESSING AND FILE PROCESSING PROGRAM - A cipher processing system is provided for allowing file access while maintaining the integrity without a user being conscious of the difference between files when the user accesses a file in a folder containing both a ciphertext file and a plaintext file. Thus, according to the present invention, if a folder stores both a ciphertext file and a plaintext file, the ciphertext file is attached with identification information (preferably, footer information) indicating that the file is a ciphertext file, so that the plaintext file and the ciphertext file can be differentiated from each other when the files are read. A deciphered file gained by removing identification information from a ciphertext file and deciphering the file is delivered to an upper-level application. If the read file is a plaintext file, decipher processing is not executed on the plaintext file but the plaintext file is passed to the upper-level application program.07-22-2010
20100262838DIGITAL DATA FILE ENCRYPTION APPARATUS AND METHOD - According to an embodiment, the invention provides a method for decrypting content, the comprising: receiving the content without a source encryption key from a source device connected to the electric reproducing device, the content having been encrypted with the source encryption key in the source device; performing a first addition operation by using a first device internal key and an ID, the first device internal key being associated with the electric reproducing device; generating a device encryption key based on an output of the first addition operation and a second device internal key by using a predetermined encryption algorithm, wherein the second device internal key is associated with the electric reproducing device; decrypting the content using the device encryption key; decoding the decrypted content; and outputting the decoded content.10-14-2010
20100262837Systems And Methods For Personal Digital Data Ownership And Vaulting - Systems and methods are provided for aggregating user-generated digital information. As an example, a system and method can be configured to collect, throughout a current day, a plurality of digital data receipts from different classes of information representing the user activities of a single user; encrypt each data receipt using an encryption method under the control of the user; rout each encrypted data receipt to a first storage facility; and aggregate the encrypted data receipts associated with the user at a second storage facility.10-14-2010
20120124391STORAGE DEVICE, MEMORY DEVICE, CONTROL DEVICE, AND METHOD FOR CONTROLLING MEMORY DEVICE - A storage device includes a storage unit and a controller that controls the storage unit in accordance with a request provided from an upstream-side device. The storage unit includes a storage medium that stores data, an authentication processing unit that performs an authentication process, and a storage region managing unit that sets either a first region or a second region in a storage region. The first region is accessible and useable to perform data reading and data writing between the upstream-side device and the storage unit when the access authentication is successfully performed on the basis of a first password. The second region may be released when the access authentication is successfully performed on the basis of a second password. When the storage unit needs to be disconnected, the controller sets the second region in the storage region in which the first region has been previously set.05-17-2012
20100191981STORAGE APPARATUS AND DATA FALSIFICATION PREVENTING METHOD THEREOF - According to one embodiment, a storage apparatus includes: an encryption key generation information generator configured to generate encryption key generation information used to generate an encryption key based on information from a host computer; an encryption key generator configured to generate the encryption key based on the encryption key generation information; an initialization data encryption module configured to encrypt initialization data of a storage medium received from the host computer using the encryption key; a decryption module configured to decrypt data read from the storage medium using a decryption key corresponding to the encryption key; a comparator configured to compare data decrypted by the decryption module and the initialization data; and a write processor configured to permit, when the comparator determines that the data decrypted by the decryption module and the initialization data match with each other, to write user data in the storage medium.07-29-2010
20100191979Apparatus and Method with Controlled Switch Method - An embedded microcontroller system comprises a central processing unit, a system controller for receiving and handling an interrupt, a register having storage locations containing sets of predefined system data for different operating conditions of the system assigned to the interrupts coupled to set a system configuration. The system data in the register is defined and stored before receipt of an interrupt. On receipt of an interrupt the system controller transmits a selection signal to the register. The register selects a predefined storage location assigned to the received interrupt. The corresponding system configuration data is used to control system configuration of the embedded microcontroller system, such as allocation of CPU time to virtual CPUs and selection of clock frequency or power voltage for modules.07-29-2010
20100191978Method For The Parameterization And Operation Of Weighing Scales - The invention relates to a method for the parameterization of scales which have a weighing belt for the weighing of products in a conveying process, wherein a teach procedure and subsequently a verification procedure take place after the input of product-specific data. The invention furthermore relates to a method for the operation of scales parameterized in this manner.07-29-2010
20100161995SYSTEM, METHOD, AND COMPUTER-READABLE MEDIUM FOR CRYPTOGRAPHIC KEY ROTATION IN A DATABASE SYSTEM - A system, method, and computer-readable medium that facilitate key rotation without disrupting database access are provided. Generation identifiers that specify a particular encryption key are stored in association with cipher text of encrypted columns in database tables. When data is to be read from an encrypted column, the cipher text is read along with the associated generation identifier. An encryption key corresponding to the generation identifier is then read to decrypt the cipher text. When data is to be written to the encrypted column, a most recent encryption key is retrieved from the key repository to encrypt the data. The cipher text is then written to the encrypted column in association with the generation identifier of the key used to encrypt the data. Advantageously, the key rotation may be performed without requiring that the table or database to be taken offline or otherwise unavailable during key rotation.06-24-2010
20100228996Systems and Methods for Secure Transaction Management and Electronic Rights Protection - The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.”09-09-2010
20100228994SECURITY METHOD OF KEYBOARD INPUT DIRECTLY CONTROLLING THE KEYBOARD CONTROLLER - Disclosed herein is a method of securing keyboard input information by directly controlling a keyboard controller of a keyboard. The keyboard includes the keyboard controller, an interrupt controller, an input information processing module and a keyboard security module. The method includes a status information checking step of enabling the input information processing module to check status information of the keyboard controller; an interrupt inactivation step of inactivating an interrupt request function of the keyboard controller; an input information encryption step of encrypting the keyboard input information written to the keyboard input/output ports; a transfer step of transferring the encrypted input information to the keyboard security module; and an input information deletion step of deleting the keyboard input information remaining in the keyboard controller.09-09-2010
20100228992CRYPTOGRAPHIC METHOD AND APPARATUS FOR ENHANCING COMPUTATION PERFORMANCE OF A CENTRAL PROCESSING UNIT - A cryptographic method for enhancing computation performance of a central processing unit involves the execution of a conversion function of the cryptographic method by the central processing unit. The conversion function computation requires the use of a plurality of substitution boxes. The method comprises the steps of: (A) detecting a processing bit length of the central processing unit; (B) generating at least one new substitution box from original substitution boxes according to the processing bit length and a bit permutation sequence, each of the at least one new substitution box containing a plurality of new substitution values whose bit length is equal to the processing bit length; and (C) using a bit expansion operation, a bitwise exclusive OR operation, the selection operations that use the at least one new substitution box generated in step (B), a plurality of bitwise AND operations, and at least one bitwise OR operation to conduct the conversion function computation. The at least one new substitution box is designed according to different bit processing capabilities (e.g., 8 bits, 16 bits, 32 bits), such that the processing capability of a central processing unit can be fully utilized.09-09-2010
20110239003Direct Injection of Data To Be Transferred In A Hybrid Computing Environment - Direct injection of a data to be transferred in a hybrid computing environment that includes a host computer and a plurality of accelerators, the host computer and the accelerators adapted to one another for data communications by a system level message passing module. Each accelerator includes a Power Processing Element (‘PPE’) and a plurality of Synergistic Processing Elements (‘SPEs’). Direct injection includes reserving, by each SPE, a slot in a shared memory region accessible by the host computer; loading, by each SPE into local memory of the SPE, a portion of data to be transferred to the host computer; executing, by each SPE in parallel, a data processing operation on the portion of the data loaded in local memory of each SPE; and writing, by each SPE, the processed data to the SPE's reserved slot in the shared memory region accessible by the host computer.09-29-2011
20090077388INFORMATION PROCESSING APPARATUS AND COMPUTER READABLE MEDIUM - An information processing apparatus includes an information acceptance unit, a calculation unit and an encryption unit. The information acceptance unit accepts information relevant to a program. The calculation unit calculates one of a one-way function and a pseudo one-way function using one of the information relevant to the program accepted by the information acceptance unit and a part of the information. The encryption unit performs encryption processing for one of code of the program and the conversion result of the code and a part thereof using one of the calculation result of the calculation unit and a part of the result.03-19-2009
20100146297Method and system digital for processing digital content according to a workflow - A method of processing digital content according to a workflow. The digital content is received and information for the workflow is checked to decide if a processing device is authorised to process the content, the workflow imposing that the digital content be processed in a process chain comprising at least two nodes, wherein the processing device is authorised to process the content if it corresponds to the node that according to the process chain is the next node to process the digital content. If the processing device is authorised to process the content, the digital content is processed and the information for the workflow is updated. Also provided is a system.06-10-2010
20100228999Trusted Storage Systems and Methods - Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited.09-09-2010
20100241871METHOD AND APPARATUS FOR ESTABLISHING USAGE RIGHTS FOR DIGITAL CONTENT TO BE CREATED IN THE FUTURE - Usage rights for a digital work are established prior to creation of the corresponding content. The rights can be associated with the content after the content is created. A content creation, such as a video recorder or a still camera, device can store labels of the rights and can associate usage rights with content in real time as the content is created.09-23-2010
20100228997METHOD AND APPARATUS FOR VERIFYING AUTHENTICITY OF INITIAL BOOT CODE - A programmable processor initializes its state, then computes and verifies a hash of a boot code region of memory before executing any user instructions in the memory. Systems using similar processors, and software to control such a processor's operation, are also described and claimed.09-09-2010
20100228998METHOD AND APPARATUS FOR SECURE DATA MIRRORING A STORAGE SYSTEM - A secure data mirroring capability in a storage system includes encrypting data blocks in a primary volume in preparation for a data mirroring operation. The encrypted data blocks are mirrored to a secure secondary volume. Host systems provide keys from which encryption keys are produced for encrypting the data blocks. Access to data on the secure secondary volume requires decryption using the key that was used to produce the encrypted data blocks.09-09-2010
20100228993USB interface apparatus and USB packet transmitting/receiving method - A USB interface apparatus is provided in electronic equipment on a USB packet transmission side, and includes a conversion unit for converting CRC object data which is data contained in a field subjected to CRC calculation in a USB packet, based on a predetermined rule corresponding to reverse conversion of conversion to be performed on the CRC object data by destination electronic equipment; a CRC calculation unit for calculating a CRC of CRC object data obtained before conversion by the conversion unit; and a packet generation unit for generating a USB packet containing data converted by the conversion unit and the CRC calculated by the CRC calculation unit.09-09-2010
20100218001Method for Managing Keys and/or Rights Objects - One or more rights objects (RO) files may be used for storing RO's preferably in the protected area available only to authenticated users. A RO navigation file is stored preferably in an unprotected public area containing status bits, where each status bit identifies whether a location in a RO file contains a valid RO or not. Preferably, there is a one-to-one correspondence between the location for a RO in a RO file and a location in the RO navigation file for the status bit which identifies whether its corresponding location in the RO file contains a valid RO or not. Whether a particular location in a RO file contains a valid RO or not can be found by checking its corresponding status bit in the RO navigation file. By finding out whether a particular location in a RO file contains a valid RO or not in this manner, it is possible to delete ROs without having to go through an authentication process. The process of finding an empty slot in the RO file for storing a new RO is also simplified. This greatly increases the efficiency of RO management. A similar system may be used for management of content encryption/encryption keys for protecting content files.08-26-2010
20120036370Protecting Documents Using Policies and Encryption - A system protects documents at rest and in motion using declarative policies and encryption. A document at rest includes documents on a device such as the hard drive of a computer. A document in motion is a document that is passing through a policy enforcement point. The policy enforcement point can be a server (e.g., mail server, instant messenger server, file server, or network connection server).02-09-2012
20100235648Methods and systems for binding a removable trusted platform module to an information handling system - Methods and systems for binding a removable trusted platform module (TPM) subsystem module to an information handling system to provide a core root of trust for the information handling system without requiring soldering down or other hard and permanent (non-removable) attachment of a TPM device to the information handling system planar (e.g., motherboard). The removable TPM subsystem module may be a plug-in module that may be removed from the information handling system planar (e.g., motherboard), while at the same time maintaining the transitive chain of trust, and being capable of remotely attesting its trusted state. An information handling system platform may be provided that has the capability and flexibility of supporting multiple TPMs on the same system planar.09-16-2010
20100235650Methods and Systems for Encoding and Protecting Data Using Digital Signature and Watermarking Techniques - Systems and methods are provided for protecting and managing electronic data signals that are registered in accordance with a predefined encoding scheme, while allowing access to unregistered data signals. In one embodiment a relatively hard-to-remove, easy-to-detect, strong watermark is inserted in a data signal. The data signal is divided into a sequence of blocks, and a digital signature for each block is embedded in the signal via a watermark. The data signal is then stored and distributed on, e.g., a compact disc, a DVD, or the like. When a user attempts to access or use a portion of the data signal, the signal is checked for the presence of a watermark containing the digital signature for the desired portion of the signal. If the watermark is found, the digital signature is extracted and used to verify the authenticity of the desired portion of the signal. If the signature-containing watermark is not found, the signal is checked for the presence of the strong watermark. If the strong watermark is found, further use of the signal is inhibited, as the presence of the strong watermark, in combination with the absence or corruption of the signature-containing watermark, provides evidence that the signal has been improperly modified. If, on the other hand, the strong mark is not found, further use of the data signal can be allowed, as the absence of the strong mark indicates that the data signal was never registered with the signature-containing watermark.09-16-2010
20100241869Encryption By Pixel Property Separation - A method of encrypting a digital file composed of a sequence of bytes, each byte defined by a relative position within the digital file and a value, the method comprising: using an encryption key to encode the relative position separately from the value of each byte; and producing an encrypted digital file in which the correlation between relative position and value of each byte in the original digital file is concealed in the encrypted digital file.09-23-2010
20100146293APPARATUS, SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR EXECUTING A PROGRAM UTILIZING A PROCESSOR TO GENERATE KEYS FOR DECRYPTING CONTENT - An apparatus, system, method, and computer program product are provided for executing a program provided a second party utilizing a processor to generate keys for decrypting content of a third party. In operation, content and a program to confidentially generate keys for decrypting the content of the third party are received at a processor. Additionally, the second party's program is executed utilizing the processor-derived keys to decrypts the third party's content.06-10-2010
20100223477CONTENT REPRODUCING DEVICE, CONTENT REPRODUCING METHOD, RECORDING MEDIUM, AND INTEGRATED CIRCUIT - A content playback apparatus (digital watermark detection apparatus) comprises: a detection unit operable to detect a digital watermark from audio data having a plurality of blocks, the audio data being contained in a content which is to be played back along a playback time-line; a detected block storage unit for storing therein information indicating a block in which the digital watermark has been detected by the detection unit; and a playback control unit operable to play back all data contained in the content other than audio data corresponding to the block indicated by the information stored in the detected block storage unit. This makes it possible, even when audio data containing copyright information is inadvertently recorded on a camcorder, to prevent the audio data containing the copyright information from being played back, thereby enabling users to view the content without the influence of playback control.09-02-2010
20100211798Systems and Methods for Signaling Content Rights Through Release Windows Life Cycle - Systems and methods for controlling the use of audio, video and audiovisual content are provided. A data structure includes content usage rights for multiple release windows. The usage rights may be encoded in the content or otherwise bound to the content. Playback devices are configured to access the appropriate usage rights and control usage in accordance with the usage rights.08-19-2010
20100211800SYSTEMS AND METHODS FOR PARTIAL MATCHING SEARCHES OF ENCRYPTED RETAINED DATA - Systems and methods are provided for encryption allowing partial matching searches to retrieve data that is retained in a database. A user identification number or other characteristic is stored in unencrypted form such that a wildcard search may be performed to retrieve one or more encrypted indexes associated with the unencrypted user identification. These encrypted indexes are then unencrypted by use of a key to determined their associated unencrypted index and corresponding targeted retained data. The targeted retained data may then be accessed by an authorized entity such as a law enforcement agency.08-19-2010
20100211799Protecting Digital Data such as Images on a Device with Image Acquisition Capabilities - Digital data, such as images on a digital camera, is typically protected (e.g., encrypted and/or authenticated) based on a master key stored off the device. The original master key can be acquired in a number of different ways, including being generated by the device or by another device. A one-way, progressive series of keys are derived from the master key such that only images or data of a same session can be authenticated or decrypted for viewing, export or manipulation of the decrypted image/data. In order to decrypt images or data of a previous session on the device, the master key must be imported to the device, such as by, but not limited to, taking a picture of a representation of the key and interpreting the image to reacquire the master key.08-19-2010
20100241870CONTROL DEVICE, STORAGE DEVICE, DATA LEAKAGE PREVENTING METHOD - According to one embodiment, a control device controls a storage device configured to encrypt data based on an encryption key, store the data in a storage region, and decrypt the data stored in the storage region based on the encryption key. The control device includes an information generator and an encryption key generator. The information generator generates information as change information when the storage device is turned on. The change information is different from information used when the storage device is last turned on. The encryption key generator generates an encryption key based on the change information generated by the information generator.09-23-2010
20100250960APPARATUS, NETWORK SYSTEM, METHOD, AND COMPUTER PROGRAM FOR ENABLING FUNCTIONS OF A PLURALITY OF DEVICES - An apparatus includes a plurality of devices and is configured to enable a specified function of a first device among the plurality of devices in response to a first license key distributed by a licenser. The apparatus includes a key input unit and a key generation unit. The key input unit allows the first license key to be input. A second license key is generated based on the first license key and specific information relating to a second device among the plurality of devices. The apparatus further enables a specified function of the second device that is the same as the specified function of the first device in response to the second license key.09-30-2010
20100235649PORTABLE SECURE DATA FILES - A portable secure data file includes an encrypted data portion and a metadata portion. When a request associated with a current user of a device to access a portable secure data file is received, one or more records in the metadata portion are accessed to determine whether the current user is permitted to access the file data in the encrypted data portion. If a record indicates the user is permitted to access the file data, a content encryption key in that record is used to decrypt the encrypted data portion.09-16-2010
20100211801DATA STORAGE DEVICE AND DATA MANAGEMENT METHOD THEREOF - Provided is a data storage device including: a storage medium that stores a first type of cipher text; and a storage controller that forms the first type of cipher text by scattering a second type of cipher text in a plurality of random numbers and that transfers the first type of cipher text to the storage medium through an internal bus or an external bus.08-19-2010
20100250961CONTROL DEVICE - A control device performs reading of data from a recording medium or writing of data into the recording medium. The control device includes a plurality of processing sections for performing at least any one of encrypting and decrypting processes, a plurality of interface sections serving as an interface to the recording medium respectively, and a controlling section for allocating one of the plurality of processing sections and one of the plurality of interface sections to each type of contents read from the recording medium or each type of contents written into the recording medium respectively. The control device encrypts or decrypts a plurality of contents in parallel.09-30-2010
20100250959SECURITY FOR STORAGE DEVICES - The invention broadly contemplates a security solution for storage devices that is inexpensive and robust. The invention allows a store of system specific data to be used to release the hard disk key of full-disk encryption (FDE) drives. This system specific data is passed to the FDE drives and used to calculate the actual encryption key. This allows for safe disposal of an FDE drive containing confidential data, as the lack of available system specific decryption data makes decryption virtually impossible.09-30-2010
20100250958Encrypted data management in database management systems - The subject matter herein relates to database management systems and, more particularly, encrypted data management in database management systems. Various embodiments provide systems, methods, and software to maintain database tables, some of which are encrypted. Some embodiments include holding clear text in cache and servicing queries from the cache. When a query is received, a file system of the database management system determines if a table holding data to service the query is encrypted. If the table is encrypted, the file system decrypts the data and writes the data to the cache as clear text. Some embodiments, when writing clear text to a table from the cache, determine if the table to which the data is to be written is an encrypted table. If the table is encrypted, the file system encrypts the clear text and stores the cipher text to the encrypted table.09-30-2010
20120144207SYSTEMS AND METHODS FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.06-07-2012
20120131355RANGE SEARCH SYSTEM, RANGE SEARCH METHOD, AND RANGE SEARCH PROGRAM - In case of a range search to the encryption DB (database), conventionally, because there is a correlation between a value of the data and the number of search keys for the range search, the contents of the encrypted data can be inferred and are not safe. Also, it is not efficient sufficiently in case of insertion of the data, and search. In the present invention, the search keys related by the data are generated for a predetermined number without depending on the value of the data. Also, when the search keys showing a range are generated, the search keys are provided from the search key having a narrow width to the search key having a wide range, and the widths have a relation of a power series length, to suppress the number of necessary search keys.05-24-2012
20120131351MANAGING ACCESS TO A SECURE DIGITAL DOCUMENT - In a method for managing access to a secure digital document by workflow participants, in which a respective public key is associated with each of the workflow participants, an entry table is populated with a participant entry for each of the workflow participants. Each of the participant entries includes a map entry identifier that corresponds to a map entry tag in a map file, and a first label associated with the map entry identifier. In addition, symmetric keys for the workflow participants are accessed and each of the first labels is encrypted using a respective symmetric key to generate a plurality of second labels, the entry table is populated with the plurality of second labels, each of the plurality of symmetric keys is encrypted with the public key of a respective workflow participant, and the entry table is incorporated into the digital document.05-24-2012
20100146294BEST2000C: platform-independent, acrostic database encryption of biometrically-inert transgression-ciphers for up to 90% reduction of the $50 billion annual fictitious-identity transgressions - The invention (“INVENTION”) herein relates to government or private-use ciphers for assignable fictitious-identity information accessed through a data system or other form of data repository for maintenance or retention of financial, credit, medical or related asset management records. To help protect or restore integrity to such government or private-use ciphers occasionally compromised through private, public or commercial transactions, the art applies a prime/number-keyed acrostic-encryption throughout a data system or other form of information repository, encoding biometrically-inert transgression ciphers (“BIT-ciphers” or “TRANSGRESSION-CIPHERS”) therein. Such BIT-ciphers and their financial, credit or related asset management records form fictitious-identities, unassigned to any real person or real institution. These are populated throughout an extant data system or other form of information repository, including archival storage, containing preexisting fictitious-identity ciphers (“FID-ciphers”) assigned by a government or agencies, thereof, to online records for various parties, whether they be public or private institutions, corporations or individuals. FID-ciphers are processed through extant government and commercial systems for tax collections, credit monitoring, financial transactions and other forms of fictitious-identity processing. However, every BIT-cipher accessed through encoded government or commercial systems, or access of any BIT-cipher's related record components, in any way, triggers a 100% positive detection of a fictitious-identity transgression at the moment of access. A Fast-Access Network of Transgression Alert Servers for Transparently Implanted Ciphers version 7 (herein “FANTASTIC-7™”) allows instant capture and/or monitoring, for extended periods, of a party or parties engaged in fictitious-identity transgression.06-10-2010
20130219189Cryptographic Transmission System - A microcontroller includes on-chip key storage slots stored in a non-volatile memory, wherein selecting which key is to be used is restricted to software, wherein a predetermined key storage slot stores a Key Encrypt Key (KEK), and a register flag is provided for determining whether the predetermined key storage slot stores a key for encrypting/decrypting data or the KEK for encrypting/decrypting a key08-22-2013
20100205457Portable Mass Storage Device with Virtual Machine Activation - A portable mass storage device is used to store large files such as digital pictures, movies and music. The mass storage device has firmware with security mechanisms that limit access to read write operations to ensure reliable operation of the device to prevent unwanted copying or storing of secure content such a copyrighted material. Although the security mechanisms generally limit access, the firmware is operable to work with a virtual machine and allows the virtual machine to access the secure content and work in conjunction with the firmware to read and write data to the mass storage memory, if the virtual machine is present. The virtual machine is either loaded but not activated at the time of manufacture, or is downloaded and activated post manufacture. Any royalty for the virtual machine is paid for only if and when the virtual machine is both present and activated in the device.08-12-2010
20090282264ENCRYPTION/DECRYPTION ENGINE WITH SECURE MODES FOR KEY DECRYPTION AND KEY DERIVATION - In at least some embodiments, an electronic device comprises a processor and an encryption/decryption (E/D) engine coupled to the processor via a bus. The E/D engine selectively operates in a first mode and a second mode. For the first mode, an E/D engine output is provided to the bus. For the second mode, the E/D engine output is not provided to the bus and is accessible only to the E/D engine.11-12-2009
20090327752Method and apparatus for selectively enabling a microprocessor-based system - A system for selectively enabling a microprocessor-based system is disclosed. State information that describes the operating conditions or circumstances under which a user intends to operate the system is obtained. In the preferred embodiment of the invention, a valid hash value is determined, preferably based on the state information and preferably by locating the valid hash value within a table of valid hash values indexed by the state information. Candidate authorization information is obtained from the user, and a candidate hash value is generated by applying a hashing algorithm to the candidate authorization information, the state information, or a combination of the candidate authorization information and state information. The candidate hash value and the valid hash value are then compared, and the microprocessor-based system is enabled if the candidate hash value matches the valid hash value. In this manner, the designer or distributor of the system can determine, at the time of manufacture or distribution, the conditions and circumstances under which the system may be operated.12-31-2009
20090327751METHOD AND SYSTEM FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - A method and system for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.12-31-2009
20090327750SECURITY SYSTEM FOR CODE DUMP PROTECTION AND METHOD THEREOF - A security system for code dump protection includes a storage device, a processor, and a decryption unit. The storage device has a protected storage area storing at least an encrypted code segment. The processor is utilized for issuing at least one address pattern to the storage device for obtaining at least one information pattern corresponding to the address pattern. The decryption unit checks signal communicated between the processor and the storage device to generate a check result, and determines whether to decrypt the encrypted code segment in the protected storage area to generate a decrypted code segment to the processor according to the check result.12-31-2009
20090327749INDEXING ENCRYPTED FILES BY IMPERSONATING USERS - Methods and computer-readable media for indexing an encrypted file by impersonating a user is provided. A set of keys may be associated with a particular encrypted file. Once these keys are identified, the users who own these keys may then be identified by consulting an association of keys to users, which may be updated immediately upon the addition of new keys. If one of the users is currently logged on, the logon information associated with that user may be used to access the content of the encrypted file. The encrypted file may then be indexed based on the accessed content. To allow more than one user to use the same index, security identifiers may be assigned to index records associated with encrypted files to protect content of encrypted files from unauthorized users.12-31-2009
20090327748SYSTEM AND METHOD FOR FAST QUERYING OF ENCRYPTED DATABASES - A system, method, computer program product, and data management service that allows any comparison operation to be applied on encrypted data, without first decrypting the operands. The encryption scheme of the invention allows equality and range queries as well as the aggregation operations of MAX, MIN, and COUNT. The GROUPBY and ORDERBY operations can also be directly applied. Query results produced using the invention are sound and complete, the invention is robust against cryptanalysis, and its security strictly relies on the choice of a private key. Order-preserving encryption allows standard database indexes to be built over encrypted tables. The invention can easily be integrated with existing systems.12-31-2009
20110066863IDENTITY-BASED ENCRYPTION OF DATA ITEMS FOR SECURE ACCESS THERETO - The invention uses the concept of identity-based encryption in the context of data-centric protection of electronic health records, where each data item is encrypted by using its own identifier as a public key. The corresponding decryption keys are managed by special trusted entities, which distribute the keys to authorized parties and provide logging facilities. This approach has the particular advantage that emergency access mechanisms can 5 be implemented in a secure and extremely efficient way. In contrast to previous approaches, it requires no large-scale distribution of secret decryption keys. Furthermore, the scheme allows limiting the impact of a compromised decryption key, as one key can only be used to decrypt one single document.03-17-2011
20110066862METHOD FOR OUTPUTTING IMAGE DATA, IMAGE PROCESSING APPARATUS, AND COMPUTER-READABLE STORAGE MEDIUM FOR COMPUTER PROGRAM - A method for outputting image data generated by an image processing apparatus to a portable storage medium connected to an interface is provided. The method includes the following steps of: issuing an identifier of the image data; writing the identifier into the storage medium without waiting for the image data to be generated completely; after generating the image data, associating the image data with the identifier and storing the image data in a storage portion; reading out the identifier from the storage medium when the storage medium is connected to the interface again; and writing, into the storage medium, the image data stored in the storage portion in association with the identifier thus read out.03-17-2011
20110066861DIGITAL CONTENT MANAGEMENT AND DELIVERY - Methods, systems, and apparatus for digital content management and distribution are provided. In an example, a plurality of unique keys can be provide, wherein each unique key corresponding to one or more docks for accessing digital content. A selection of at least one item of digital content can be received from a user and an indication of a dock corresponding to the user can also be received. A unique key can be selected from the plurality of unique keys corresponding to the dock of the user, and the at least one item of digital content can be encrypted based on the selected unique key.03-17-2011
20090319803INFORMATION PROCESSING SYSTEM AND INFORMATION PROCESSING METHOD - An information processing system has a power supply section which detects a predetermined potential applied to a USB terminal and supplying the potential as a source potential, an information detection section which detects the predetermined information supplied to the USB terminal, and a processing section which executes, subsequent to the detection of the predetermined potential, the encryption process or the decryption process in accordance with at least the operating information supplied from the operation key arranged on the body and in accordance with the predetermined information supplied to the USB terminal after detection of the predetermined information. The recording and reproducing operation can be performed with the operating key on the body with power supplied only from the USB terminal.12-24-2009
20090319802Key Genaration In An Integrated Circuit - A method of manufacturing a series of integrated circuits having related functionality, the method including the steps of: (a) determining an identifier; (b) permanently storing the identifier on one of the integrated circuits; (c) repeating steps (a) and (b) for each integrated circuit in the series; and wherein the identifiers for the series are determined in such a way that knowing the identifier of one of the integrated circuits does not improve the ability of an attacker to determine the identifier of any of the other integrated circuits.12-24-2009
20090319800CRYPTOGRAPHIC DEVICE HAVING SESSION MEMORY BUS - Provided is a cryptographic device performing encryption or decryption on input data, and more particularly, a cryptographic device having a session memory bus for communicating with a session memory. The cryptographic device includes: an external session memory for storing cryptographic information on each session; a cryptographic processor for encrypting or decrypting input data using the cryptographic information; an external session memory bus connected to the external session memory and the cryptographic processor; and a Central Processing Unit (CPU) for transferring and receiving data to and from the external session memory via the cryptographic processor. The separate session memory buses allow the cryptographic processor to access a session memory without being disturbed by another device, thereby improving the entire performance of the cryptographic device.12-24-2009
20090319799GENERATING UNIQUE DATA FROM ELECTRONIC DEVICES - Providing for analysis of artifacts of electronic devices to generate data that is substantially unique to a particular device or to a class of devices is described herein. In some aspects, analyzed artifacts are chosen based on reliable reproducibility of such data over many analyses. The substantially unique data can be associated with a particular electronic device(s) to distinguish such devices from other devices. In some aspects, the generated data is first transformed into an identifier, such as a number, word, string of data, etc., to distinguish the electronic device in remote communication, to provide a key in an encryption/decryption algorithm, and so on. The data can be reproduced by reanalyzing the artifacts, and thus need not be stored for future consumption, mitigating risks involved in storing sensitive data.12-24-2009
20090113212Multiprocessor electronic circuit including a plurality of processors and electronic data processing system - A multiprocessor electronic circuit and an electronic data processing system comprising such circuit are disclosed for reducing the power consumption and the chip area consumption of a multiprocessor system having cryptographic functionality. In one embodiment, the multiprocessor electronic circuit comprises a plurality of processors, a single cryptographic processing unit that comprises a plurality of input/output buffer pairs and two cryptographic engines, a cipher engine and a hash engine, and associated control logic.04-30-2009
20090144560Image retrieval system and method - An image retrieval system that provides secured image data in response to a query specified by a user. The system includes a data retrieval unit, an encryption unit, and an output unit. The data retrieval unit is configured to retrieve image data relevant to the specified query from a collection of image data. The encryption unit is configured to encrypt at least a portion of the retrieved image data according to the specified query. The output unit is configured to output the at least partially encrypted image data to the user. The image data represents an image formed of one or more regions each having a keyword associated therewith. The encrypted portion is decryptable by the user only when the user is authorized to view the entire image.06-04-2009
20090113215FAST UPDATE FOR HIERARCHICAL INTEGRITY SCHEMES - A method for data integrity protection includes arranging data in a plurality of data blocks. A respective block signature is computed over each of the data blocks, thereby generating multiple block signatures. The data blocks and the block signatures in an integrity hierarchy are stored in a storage medium, the hierarchy comprising multiple levels of signature blocks containing signatures computed over lower levels in the hierarchy, culminating in a top-level block containing a top-level signature computed over all of the hierarchy. A modification is made in the data stored in a given data block within the hierarchy. The respective block signature of the given data block is recomputed in response to the modification, and the recomputed block signature is stored in the top-level block for use in verifying a subsequent requests to read data from the given data block.04-30-2009
20090113214SOFTWARE PROTECTION AGAINST FAULT ATTACKS - A method for protecting information in a device includes providing a device with a non-secure hardware domain, a processor having a software-controlled mode of operation, and a secure hardware domain having a secure memory that is inaccessible by the processor when the processor is operating in the software-controlled mode of operation. Data from the non-secure hardware domain is established in the secure hardware domain. Computing operations are executed on the data in the secure hardware domain to produce a result. The secure hardware domain is purged, while retaining the result therein. The result is thereafter returned from the secure hardware domain into the non-secure hardware domain.04-30-2009
20090113213SYSTEM AND METHOD FOR SEARCHING ENCRYPTED NUMERICAL DATA - A system for searching encrypted numerical data according to an embodiment of the present invention includes: a key generator that generates a key for encryption; an index generator that generates an index for documents from a plurality of documents including numerical data and the generated key, on the basis of individual digits of the numerical data and the positions of the digits; a trapdoor generator that generates a trapdoor including search information on the individual digits of the numerical data and the positions of the digits, using the generated key; and a document searching unit that receives numerical data for search, searches the index using the trapdoor, and outputs document information including the numerical data for search.04-30-2009
20090113211PROCESSING UNIT INCLUDING A WIRELESS MODULE AND METHOD THEREOF - A processing unit includes a processing core and a wireless module directly connected to the processing core, wherein the wireless module is for providing wireless communications to the processing core. A multi-processor system includes a first processing unit having a first processing core and a first wireless module directly connected to the first processing core, the first wireless module for providing wireless communications to the first processing core; a second processing unit having a second processing core and a second wireless module directly connected to the second processing core, the second wireless module for providing wireless communications to the second processing core; and a wireless link between the first and second wireless modules; wherein the first processing unit is for communicating with the second processing unit via the wireless link.04-30-2009
20100223476SINGLE PIN COMMUNICATION MECHANISM - A method and device include a power pin, a ground pin, and a communications pin. A communications module receives power from the power pin and utilizes an edge counting communication protocol over the communication pin.09-02-2010
20100223475LOW-LEVEL CODE SIGNING MECHANISM - Before an application is allowed to execute a secure function, code signing keys associated with the application are analyzed for correspondence with the class that contains the secure function as well as correspondence with the secure function. Optionally, code signing keys associated with the application are analyzed for correspondence with the input parameters to the function.09-02-2010
20090106560ENTITY-IDENTITY BASED SECURITY PROCUREMENT OF COMPUTER FILES THAT ARE DOWNLOADABLE TO AN AIRCRAFT, METHOD OF AUTHENTICATION, AND ASSOCIATED SYSTEM AND AIRCRAFT - The present invention relates in general to the security of computer files installed on board an aircraft and in particular to the mechanisms with which the authenticity thereof, or in other words the origin and integrity, can be guaranteed.04-23-2009
20110060917CRYPTOGRAPHIC SYSTEM FOR PERFORMING SECURE COMPUTATIONS AND SIGNAL PROCESSING DIRECTLY ON ENCRYPTED DATA IN UNTRUSTED ENVIRONMENTS. - Disclosed embodiments include a cryptographic system implemented in at least one digital computer with one or more processors or hardware such as FPGAs for performing secure computations, analysis, and signal processing directly on encrypted data in untrusted environments. According to a basic embodiment, the proposed cryptographic system comprises: (a) at least one secure protocol for performing matrix multiplications in the encrypted domain, and (b) at least one secure protocol for solving systems of linear equations in the encrypted domain. According to a particular embodiment, the system comprises a plurality of privacy-preserving protocols for solving systems of linear equations (SLE) directly based on homomorphic computation and secret sharing. More specifically, according to a particular embodiment, the system uses a protocol whereby systems of linear equations are solved securely by direct Gaussian elimination using a secure protocol without imposing any restrictions on the matrix coefficients.03-10-2011
20120144206INFORMATION PROCESSING APPARATUS, REMOVABLE STORAGE DEVICE, INFORMATION PROCESSING METHOD, AND INFORMATION PROCESSING SYSTEM - An information processing apparatus includes an encrypted authentication unit that obtains, as encrypted information, the estimated total capacity of a storage medium included in a removable storage device, which is the target of encrypted authentication, a storage use unit that obtains the total capacity of a storage medium to which data is written, and a determination unit that restricts the use by the storage use unit of the storage medium to which the data is written depending on whether the difference between the estimated total capacity and the total capacity is equal to or more than a predetermined threshold.06-07-2012
20120144205Cryptographic Architecture with Instruction Masking and other Techniques for Thwarting Differential Power Analysis - An apparatus and method for preventing information leakage attacks that utilize timeline alignment. The apparatus and method inserts a random number of instructions into an encryption algorithm such that the leaked information can not be aligned in time to allow an attacker to break the encryption.06-07-2012
20100299532INFORMATION RECORDING DEVICE, INFORMATION REPRODUCING DEVICE, PROGRAM, AND RECORDING MEDIUM - In an information recording device (11-25-2010
20110239001Secure data scanning method and system - A method of scanning secure data in a data store is performed in a manner that does not expose the scan data, the files being searched, or information about when matches occur between the scan data and the files. During the scan process, encrypted versions of searched files are compared to encrypted versions of match strings, and any resulting match data is encrypted before being written into a results file. In addition, to disguise when match entries are written, during the scan one or more encrypted dummy items are written into the results file.09-29-2011
20100306551PHYSICALLY MODIFYING A DATA STORAGE DEVICE TO DISABLE ACCESS TO SECURE DATA AND REPURPOSE THE DATA STORAGE DEVICE - A data storage device is disclosed comprising a non-volatile memory and control circuitry operable to evaluate a physical feature of the data storage device, wherein the physical feature is physically alterable by a user. When the physical feature is in a first state, host access to first secure data stored in the non-volatile memory is enabled, and when the physical feature is in a second state, the host access to the first secure data is disabled and host access to second data stored in the non-volatile memory is enabled.12-02-2010
20100306552SYSTEMS AND METHODS FOR PREVENTING UNAUTHORIZED USE OF DIGITAL CONTENT - Theft, distribution, and piracy of digital content (software, video, audio, e-books, any content of any kind that is digitally stored and distributed) is generally accomplished by copying it, if possible, or, if it is protected from being copied in any fashion, such piracy is based upon a number of reverse engineering techniques. Aside from the straightforward copying of unprotected content, all of these other methods require first an understanding of the protective mechanism(s) guarding the content, and finally an unauthorized modification of that protection in order to disable or subvert it. Methods that prevent a skilled individual from using reverse engineering tools and techniques to attain that level of understanding and/or prevent anyone from performing such modifications can offer significant advantages to content creators who wish to protect their products.12-02-2010
20090070596Secure Read-Write Storage Device - A method is described for securing a read write storage (RWS) device, the method comprising, providing the RWS device, the RWS device comprising a controller comprising a processor and a bit bucket and employing, in response to a decision making process, a sanction in the RWS device. Related apparatus and methods are also described.03-12-2009
20090070595SYSTEM FOR IMPLEMENTING DYNAMIC PSEUDORANDOM KEYBOARD REMAPPING - A system for implementing dynamic pseudorandom keyboard remapping includes a keyboard in communication with an operating system of a computing device; the keyboard configured to encrypt an original keyboard scan code corresponding to each of a plurality of keyboard keys, using a mapping algorithm, wherein the mapping algorithm encrypts the original keyboard scan code by using both the original keyboard scan code and a current one of a sequence of pseudorandom numbers generated using a pseudorandom number generator (PRNG) algorithm and an initial seed value; and the operating system configured to decrypt the original keyboard scan code based on an encrypted scan code generated and transmitted from the keyboard thereto, responsive to a keystroke of the keyboard, wherein the operating system also uses the mapping algorithm, the PRNG algorithm, and the initial seed value.03-12-2009
20130132733System And Method For Digital Rights Management With System Individualization - Various embodiments of a system and method for digital rights management with system individualization are described. In various embodiments, a DRM component may generate a request for machine-specific credentials specific to the system on which the DRM component is implemented. This request may include device information of component(s) of such system. The DRM component may also receive an encrypted response that includes the machine-specific credentials. This encrypted response may be encrypted with a machine-specific encryption key generated from the device information. In various embodiments the response may be generated by an individualization server that verified the request for machine-specific credentials. The DRM component may also, based on the device information of the system on which the DRM component is implemented, generate an encryption key equivalent to the machine-specific encryption key with which the received response is encrypted. The DRM component may decrypt the encrypted response with the generated encryption key.05-23-2013
20130132734Computing device integrity protection - A method of operating a computer system includes: obtaining, at the computer system, verification-input information associated with each of multiple hardware components of the computer system; cryptographically processing, at the computer system, the verification-input information to obtain a cryptographic result; and determining, at the computer system, whether to allow or inhibit, depending upon a comparison of the cryptographic result with a verification value, further operation of at least one of the hardware components.05-23-2013
20130132735APPARATUS AND METHOD FOR HARDWARE-BASED SECURE DATA PROCESSING USING BUFFER MEMORY ADDRESS RANGE RULES - Disclosed is a processor for processing data from a buffer memory. The processor, implemented in hardware, may allow writing of output data, processed based on input data from at least one secure location associated with a secure address range of the buffer memory, to one or more secure locations associated with the secure address range. Further, the processor may block writing of output data, processed based on input data from at least one secure location associated with the secure address range, to one or more insecure locations associated with an insecure address range of the buffer memory.05-23-2013
20100318808 METHOD AND A SYSTEM FOR THE CUSTOMISATION OF SMART OBJECTS - This present invention concerns a customization method that represents a saving in time and an increase in yield, in the electronic customization of smart objects in particular, by virtue of:—a stage for establishing communication links between a multiplicity of smart objects held on a portable support, and communication interfaces,—a stage for simultaneous unlocking of the smart objects by means of a first key,—a stage for the parallel transfer into the memory of the smart objects of customization data proper to each of the smart objects, with these data being transferred into at least one memory zone of each smart object,—a stage for the locking of each smart object by means of second keys, each proper to one of the smart objects and each associated with the customization data proper to this object.12-16-2010
20100306553High-throughput cryptographic processing using parallel processing - This invention uses parallel processing to bring greater efficiencies to cryptographic processing of large amounts of data. This technique is scalable, can be applicable for protection of internet data, data moving between data processing centers, data in motion, data going into storage, data coming out of storage and similar large processing operations.12-02-2010
20100313038INTEROPERABLE SYSTEMS AND METHODS FOR PEER-TO-PEER SERVICE ORCHESTRATION - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs.12-09-2010
20130138970Deleting Encoded Data Slices in a Dispersed Storage Network - A method begins by a dispersed storage (DS) processing module receiving a request regarding at least a portion of corresponding encoded data slices, wherein a collection of encrypted and encoded data slices of a plurality of collections of encrypted and encoded data slices includes a common data aspect, wherein encrypted and encoded data slices of the collection of encrypted and encoded data slices are produced by individually encrypting corresponding encoded data slices using a common encrypting character string and representations of the corresponding encoded data slices. The method continues with the DS processing module identifying the common encrypting character string of the corresponding encoded data slices. When the request is to delete the corresponding encoded data slices, the method continues with the DS processing module obfuscating the common encrypting character string in a local memory such that the collection of encrypted and encoded data slices are effectively incomprehensible.05-30-2013
20130138971INTELLIGENT SECURITY CONTROL SYSTEM FOR VIRTUALIZED ECOSYSTEMS - Resources of a virtualized ecosystem are intelligently secured by defining and analyzing object handling security control information for one or more logical resources in the virtualized ecosystem and deriving therefrom object properties for each of the logical resources involved in the execution of a virtual machine in any given context within the virtualized ecosystem.05-30-2013
20100325444DOCUMENT ENCRYPTING SYSTEM AND METHOD THEREOF - A document encrypting system encrypts data by comparing an ongoing operation with a number of predetermined restricted operations and generating a protection password according to a predetermined operation number and a predetermined computing rule.12-23-2010
20100325445MECHANISM TO HANDLE EVENTS IN A MACHINE WITH ISOLATED EXECUTION - A platform and method for secure handling of events in an isolated environment. A processor executing in isolated execution “IsoX” mode may leak data when an event occurs as a result of the event being handled in a traditional manner based on the exception vector. By defining a class of events to be handled in IsoX mode, and switching between a normal memory map and an IsoX memory map dynamically in response to receipt of an event of the class, data security may be maintained in the face of such events.12-23-2010
20100325443Differential encryption utilizing trust modes - Systems and methods are provided for data protection across connected, disconnected, attended, and unattended environments. Embodiments of the inventions may include differential encryption based on network connectivity, attended/unattended status, or a combination thereof. Additional embodiments of the invention incorporate “trust windows” that provide granular and flexible data access as function of the parameters under which sensitive data is accessed. Further embodiments refine the trust windows concept by incorporating dynamic intrusion detection techniques.12-23-2010
20110145597DATA EXCHANGE PROCESSING APPARATUS AND DATA EXCHANGE PROCESSING METHOD - The data exchange processing apparatus pertaining to the present invention includes a cryptographic engine unit performing cryptographic processing and verification processing, a stream control unit outputting content while performing cryptographic processing of the content using the cryptographic engine unit, an unauthorized device list update unit verifying an unauthorized device list using the cryptographic engine unit, and a state management unit outputting a permission notification to the unauthorized device list update unit when detecting a low load section of the content according to metadata of the content and processing position of the stream control unit, the low load section being a section in which processing load on the cryptographic engine unit is lower than in other sections. The unauthorized device list update unit, when receiving the permission notification from the state management unit, causes the cryptographic engine unit to execute verification processing of the unauthorized device list.06-16-2011
20110145594METHOD FOR PERFORMING SEARCHABLE SYMMETRIC ENCRYPTION - Disclosed is a method for searchable symmetric encryption. The method for performing searchable encryption and searching for encrypted data includes: setting all necessary variables and preparing a secret key necessary for encryption; encrypting a data using the secret key and a given data and generating an index to be used for later search, to store the encrypted data and the index; generating a trapdoor to be used to search the encrypted data by using the secret key and a keyword to be used for the searching; and searching a desired data using the generated trapdoor and the stored index.06-16-2011
20110145595SECURE DEVICE AND METHOD FOR PREVENTING SIDE CHANNEL ATTACK - Provided are a secure device and method for preventing a side channel attack. The secure device includes a secure module converting plaintext data received from the outside into ciphertext data to thereby store the converted ciphertext data, or converting stored ciphertext data into plaintext data to thereby output the converted plaintext data, and a side channel attack sensing module sensing a side channel attack upon the secure module, and, according to the sensing result, allowing the secure module to stop operating, inducing malfunctions of the secure module, delaying operations of the secure module, or making the secure module a device having the secure module disabled. The secure device can safely protect an internal security algorithm and data from the side channel attack.06-16-2011
20130145176CIRCUIT PERSONALIZATION - A method distributes personalized circuits to one or more parties. The method distributes a generic circuit to each party, encrypts a unique personalization value using a secret encryption key, and transmits each encrypted personalization value to the corresponding party. Each party then stores the encrypted personalization value in their circuit. The stored encrypted personalization value allows a piece of software to be properly executed by the circuit. A semiconductor integrated circuit is arranged to execute a piece of software that inputs a personalization value as an input parameter. The circuit comprises a personalization memory arranged to store an encrypted personalization value; a key memory for storing a decryption key; a control unit comprising a cryptographic circuit arranged to decrypt the encrypted personalization value using the decryption key; and a processor arranged to receive the decrypted personalization value and execute the software using the decrypted personalization value.06-06-2013
20110145593VERIFIABLE TRUST FOR DATA THROUGH WRAPPER COMPOSITION - A digital escrow pattern for data services can include selective access for obscured data at a remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Based on the pattern, a “trustworthy envelope” for any kind of payload enables curtained access through a variety of decorations or seals placed on the envelope that allow for a gamut of trust ranging with guarantees such as, but not limited to, confidentiality, privacy, anonymity, tamper detection, integrity, etc. Verifiable trust is provided through families of techniques that are referred to as wrapper composition. Multiple concentric and/or lateral transform wrappers or layers can wholly or partially transform data, metadata or both to mathematical transform (e.g., encrypt, distribute across storage, obscure) or otherwise introduce lack of visibility to some or all of the data, metadata or both.06-16-2011
20100332851METHOD FOR PROTECTING A CRYPTOGRAPHIC MODULE AND A DEVICE HAVING CRYPTOGRAPHIC MODULE PROTECTION CAPABILITIES - A device and a method for protecting a cryptographic module of which the method includes: estimating a functionality of a circuit that is adapted to malfunction when a physical parameter has a first value different from a nominal parameter value at which the cryptographic module functions correctly. The cryptographic module malfunctions when the physical parameter has a second value different from the nominal parameter value and a difference between the first value and the nominal parameter value being smaller than a difference between the second value and the nominal parameter value. A cryptographic module protective measure is applied if estimating that the circuit malfunctions.12-30-2010
20100332845INFORMATION PROCESSING SERVER, INFORMATION PROCESSING APPARATUS, AND INFORMATION PROCESSING METHOD - Methods and apparatuses for selectively performing at least one of encryption or decryption of data and for requesting a process. An information processing server includes a communication unit configured to receive from an information processing apparatus a processing request and a cryptographic key, and includes first and second storage units configured to temporarily store the received cryptographic key and to store data. The information processing server also includes a process determining unit configured to determine a type of process requested based on the processing request, and an encryption processing unit configured to selectively perform, based on the determined type of process requested, at least one of encryption or decryption on the stored data using the cryptographic key. The cryptographic key temporarily stored in the first storage unit is deleted after the at least one of encryption or decryption on the stored data has been selectively performed.12-30-2010
20120303971Dual Environment Computing System and Method and System for Providing a Dual Environment Computing System - A dual environment computing system and method is disclosed. The dual computing system includes a first computing environment and a second computing environment. A data repository encodes, at any one time, at least one of the first and second computing environments in a hibernated state. The dual environment computing system is arranged, on demand, to operate one of the first and second computing environments in an active state, the dual environment computing system being further arranged, on demand, to transition the one of the first and second computing environments being operated in the active state into a hibernated state in the data repository and to transition the other of the first and second computing environments from the hibernated state into an active state.11-29-2012
20100332850CACHE STRUCTURE FOR A COMPUTER SYSTEM PROVIDING SUPPORT FOR SECURE OBJECTS - A method (and structure) of enhancing efficiency in processing using a secure environment on a computer, includes, for each line of a cache, providing an associated object identification label field associated with the line of cache, the object identification label field storing a value that identifies an owner of data currently stored in the line of cache.12-30-2010
20100332848SYSTEM AND METHOD FOR CODE SIGNING - A system and method for code signing. The entities may be software application developers or other individuals or entities that wish to have applications digitally signed. Signing of the applications may be required in order to enable the applications to access sensitive APIs and associated resources of a computing device when the applications are executed on the computing device.12-30-2010
20100332847ENCRYPTING PORTABLE MEDIA SYSTEM AND METHOD OF OPERATION THEREOF - A portable media system for a host computer system, and method of operation thereof, that includes: a controller in the portable media system for communicating clear information between the portable media system and the host computer system; and an encryption system in the portable media system for providing an encryption algorithm for the controller to decrypt cipher information for the host computer system.12-30-2010
20100332844MAGNETIC DISK DEVICE AND COMMAND EXECUTION METHOD FOR MAGNETIC DISK DEVICE - According to one embodiment, a magnetic disk device includes a receiver, an encrypting-and-decrypting module, a read-and-write controller, a setting module, an order controller, an executing module. The receiver receives a command to write data to or read data from a recording medium segmented into a plurality of storage areas each corresponding to an encryption key. The command causes an access to at least one of the storage areas. The encrypting-and-decrypting module encrypts the data or decrypts the data using the encryption key. The read-and-write controller controls writing the data to the recording medium and reading data therefrom. The setting module sets the encryption key corresponding to the storage area accessed by the command to the encrypting-and-decrypting module. The order controller controls the execution order in which commands are executed and brings up the execution order of the command causing an access to the storage area. The executing module executes the commands in the execution order.12-30-2010
20100332843SUPPORT FOR SECURE OBJECTS IN A COMPUTER SYSTEM - A method and structure in a computer system, including a mechanism supporting a Secure Object that includes code and data that is cryptographically protected from other software on the computer system.12-30-2010
20120246485ENCRYPTING METHOD, RECORDING MEDIUM OF ENCRYPTING PROGRAM, DECRYPTING METHOD, AND RECORDING MEDIUM OF DECRYPTING PROGRAM - An encrypting method including encrypting a first data segment of encryption target data on the basis of first key information, generating second key information on the basis of the first data segment by using a predetermined algorithm, and encrypting a second data segment of the encryption target data, which is different from the first data segment, on the basis of the second key information.09-27-2012
20110010559METHOD FOR ENCRYPTING DIGITAL FILE, METHOD FOR DECRYPTING DIGITAL FILE, APPARATUS FOR PROCESSING DIGITAL FILE AND APPARATUS FOR CONVERTING ENCRYPTION FORMAT - Disclosed herein are a digital file encryption method, a digital file decryption method, a digital file processing apparatus, and an encryption format conversion apparatus. The digital file encryption method includes encrypting a file using specific encryption information, storing the encrypted file in a file system, and storing the encryption information in a stream provided by the file system. Accordingly, since file lengths before and after encryption are identical to each other, an application needs not to consider a header length or perform offset correction when using an encrypted file.01-13-2011
20080320317Electronic device and information processing method - An electronic device is connectable to an information processing apparatus and includes a reading unit to read biologic information; an authentication unit to authenticate a user based on the biologic information; a storage unit including (i) a first storage area that is accessible from the information processing apparatus after authentication has been successfully performed and that stores data supplied from the information processing apparatus with the data being encrypted and (ii) a second storage area storing software that is executed by the information processing apparatus and that has a function of restricting an output destination of data read from the first storage area; a decrypting unit to decrypt the data stored in the first storage area and output the data to the information processing apparatus; and a control unit to control whether the decrypting unit is allowed to decrypt the data in response to instructions from the information processing apparatus.12-25-2008
20110029785DISK DRIVE DATA ENCRYPTION - Embodiments include methods, apparatus, and systems for storage device data encryption. One method includes encrypting data on a storage device with a key and then transmitting the key to a cryptographic module that encrypts the key to form a Binary Large Object (BLOB). The BLOB is transmitted to an array controller that is coupled to the storage device which stores the BLOB.02-03-2011
20110010563METHOD AND APPARATUS FOR ANONYMOUS DATA PROCESSING - A system, a method and a computer readable medium for anonymizing collected data associated with one or more data owners is provided. An identifier is received and a hash process is performed using the identifier and a cryptographic salt to produce a hash output. The hash output is associated with an anonymous identifier. The anonymous identifier is then associated with the data. The anonymized data may then be provided to one or more third party processors for processing an analysis.01-13-2011
20110010562PROCESSING RECORDABLE CONTENT IN A STREAM - Methods and a systems are described for processing recordable content in a broadcast stream sent to a receiver, wherein said broadcast stream is protected in accordance with a conditional access system and wherein said receiver is configured for storing and consuming content in said broadcast stream in accordance with a digital rights management system. In this methods and systems recording information is sent in one or more entitlement control messages over a broadcast network to a receiver. Using the recording information in the entitlement control messages the receiver is able to store recordable events in a broadcast stream on a storage medium and to consume said recorded events in accordance with a digital rights management system.01-13-2011
20110029784METHOD OF PROCESSING DATA PROTECTED AGAINST FAULT INJECTION ATTACKS AND ASSOCIATED DEVICE - A method of cryptographic processing of data (X), in particular a method protected against fault injection attacks, and an associated device. The processing includes at least one transformation (02-03-2011
20110029783METHOD AND SYSTEM FOR SECURE HARDWARE PROVISIONING - Provisioning a computer related product, comprising manufacturing a product at a product manufacturing entity; maintaining a product control database at product authenticity responsible entity; assigning a first identifier to the product for the purpose of establishing a boot integrity identity of the product, said first identifier being an asymmetric private-public encryption key pair stored in the product control database; storing a copy of the public part of said first identifier (public boot integrity key) in a memory of the product; assigning a second identifier to the product for the purpose of establishing a logistics identity of the product, said second identifier comprising manufacturing information such as a serial number for the product; storing said second identifier indicating the logistics identity in the product control database; assigning a third identifier for the product for the purpose of establishing a production identity of the product, said third identifier being an asymmetric private-public encryption key pair generated by activating an encryption key generator chip provided in the product; extracting and storing a copy of the public part of said third identifier indicating a production identity in the product control database; maintaining the private part of said third identifier indicating a production identity in a storage means of the product.02-03-2011
20110119502SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, bound key operations on ciphertext and/or data are implemented. A bound key operation can receive both data to be signed and a bound key blob that is bound to one or more processors, recover a private key from the bound key blob, and generate a digital signature over the data using the private key. A bound key operation can alternatively receive both ciphertext and a bound key or bound key structure bound to one or more processors, recover or reconstruct a private key based on the bound key or bound key structure, and use the private key to generate plaintext corresponding to the ciphertext.05-19-2011
20110119501SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied.05-19-2011
20110119500SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied.05-19-2011
20110119499INFORMATION PROCESSING APPARATUS, CONTROL METHOD FOR THE SAME, PROGRAM AND STORAGE MEDIUM - An information processing apparatus that generates private information used as one of an encryption key for encrypting data or a generation key for generating falsification detection information used in detecting falsification of data, comprises a storage unit adapted to prestore key information, an input unit adapted to input calculation target information, a calculating unit adapted to perform a calculation on targeted information based on the key information held in the storage unit, a detecting unit adapted to detect a predetermined event, and a control unit adapted, when triggered by detection of the event by the detecting unit, to perform controls to generate the private information by making the calculating unit perform the calculation with the input calculation target information as the targeted information, and to place the key information stored in the storage unit in an unusable state.05-19-2011
20110113258INFORMATION PROCESSING DEVICE, INFORMATION RECORDING MEDIUM MANUFACTURING DEVICE, INFORMATION RECORDING MEDIUM, METHODS THEREOF, AND COMPUTER PROGRAM - An information processing device for executing reproduction processing of content recorded in an information recording medium that includes: a data processing unit for acquiring content codes including a program or application information to be applied to the recording content of the information recording medium, and executing data processing in accordance with the acquired content codes. The data processing unit executes the verification processing of a digital signature which allows tampering verification of the entire content codes included in a content code file storing the content codes, and as the verification result, executes data processing in accordance with the content codes on the condition that validity of the content code file has been confirmed.05-12-2011
20110113257SYSTEMS AND METHODS FOR MANIPULATING AND MANAGING COMPUTER ARCHIVE FILES - A computer program for managing and manipulating archive zip files of a computer. The program includes a system and method for opening, creating, and modifying, and extracting zip archive files. The program is fully integrated into Microsoft Windows Explorer and is accessed via Explorer menus, toolbars, and/or drag and drop operations. An important feature of the program is the archive manager which may be used to open a zip file, create a new zip file, extract zip files, modify zip files, etc. The program is integrated into Microsoft Windows Explorer using the shell name space extension application program interface developed by Microsoft.05-12-2011
20110040983SYSTEM AND METHOD FOR PROVIDING IDENTITY THEFT SECURITY - A system and method of providing identity theft security is provided. The system and method utilizes a computer program that identifies, locates, secures, and/or removes from computers, computer systems and/or computer networks personally identifying and/or other sensitive information in different data formats. The computer program utilizes a multi-tiered escalation model of searching/identifying sensitive information. The computer program of the instant invention utilizes a self-learning process for fine-tuning a level of scrutiny for identifying potentially sensitive information.02-17-2011
20110040984METHOD FOR STARTING A KEYBOARD OF A SELF-SERVICE TERMINAL - A method for commencing operation of a keypad (EPP) of a self-service terminal, 02-17-2011
20110040982FILE ENCRYPTION METHOD - A file encryption method is provided. A first constant and a second constant are set. First one character of the first file is converted in a predetermined order to a first binary ASC code consisting of a high level and a low level. A logical exclusive OR is performed between the high level and the first constant to obtain a first result, and a logical exclusive OR is performed between the high level and the second constant to obtain a second result. A second binary ASC code is obtained. The second binary ASC code is converted to a second character. A second file is obtained.02-17-2011
20110040981Synchronization of Buffered Audio Data With Live Broadcast - Various techniques relating to the buffering of a live audio broadcast on an electronic device and the subsequently playback the buffered data are provided. In one embodiment, the playback speed of the buffered data may be increased relative to the actual speed at which the data was originally broadcasted. If the buffered playback (using the increased playback speed) synchronizes or catches up to the live broadcast, the electronic device may disable buffering and output the live stream instead. This decreases processing demands by lowering processing cycles required for buffering (encoding, etc.) and playback of the buffered data (decoding, etc.), thereby reducing power consumption.02-17-2011
20110040980File Management Safe Deposit Box - Safe deposit box functionality is disclosed. In one aspect, first input dragging-and-dropping a first file representation onto a safe deposit box icon is received, and a file corresponding to the first file representation is encrypted. Second input selecting the safe deposit box icon is received from a user. The user's identity is verified in response to the second input. A safe deposit box window, including a second file representation of the file, is displayed. A user is allowed access to the file in response to third input selecting the second file representation.02-17-2011
20100153742METHOD AND APPARATUS FOR ENCRYPTING/DECRYPTING PACKET DATA OF PRECISE TIME SYNCHRONIZATION PROTOCOL AND TIME SYNCHRONIZATION SYSTEM - A method and an apparatus for encrypting/decrypting packet data of a precise time synchronization protocol and a time synchronization system are illustrated. The method is suitable for the time synchronization system using a precise time protocol. The time synchronization system includes a master node and a slave node, wherein the slave node synchronizes its time with the master node. In the method for encrypting/decrypting packet data of the precise time synchronization protocol, an encryption/decryption hardware device is disposed on the hardware protocol layer of each of the master node and the slave node. The hardware protocol layer is under the data link layer, and includes the data link layer. A synchronization message is encrypted by using the encryption/decryption hardware devices of the master node to generate a frame data, and the frame data is decrypted by using the encryption/decryption hardware devices of the slave node to obtain the synchronization message.06-17-2010
20110246785HARDWARE SUPPORTED VIRTUALIZED CRYPTOGRAPHIC SERVICE - A Trusted Platform Module (TPM) can be utilized to provide hardware-based protection of cryptographic information utilized within a virtual computing environment. A virtualized cryptographic service can interface with the virtual environment and enumerate a set of keys that encryption mechanisms within the virtual environment can utilize to protect their keys. The keys provided by the virtualized cryptographic service can be further protected by the TPM-specific keys of the TPM on the computing device hosting the virtual environment. Access to the protected data within the virtual environment can, thereby, only be granted if the virtualized cryptographic service's keys have been protected by the TPM-specific keys of the TPM on the computing device that is currently hosting the virtual environment. The virtualized cryptographic service's keys can be protected by TPM-specific keys of TPMs on selected computing devices to enable the virtual environment to be hosted by other computing devices.10-06-2011
20100146292APPARATUS, SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR GENERATING AND SECURING A PROGRAM CAPABLE OF BEING EXECUTED UTILIZING A PROCESSOR TO DECRYPT CONTENT - A system, method, and computer program product are provided for generating and securing a program, and secrets including confidential keys, capable of being executed utilizing a processor to decrypt content. In operation, a second party's program for decrypting content from a third party is generated by a second party, and then secured in a process involving the second party in such a manner that it can be subsequently executed on the processor, without revealing the contents of the second party's program, nor any secrets provided by third party, or used by the second party, in securing the program, nor any portion of the third party's content while being handled by the program.06-10-2010
20110078457Method of Encrypted Communication with Restricted Rate of Stored Encryption Key Retrievals - A method of encrypted communication between entities in a manner that frustrates side channel attacks attempting to determine an encryption key. The method involves providing a device with an encryption key stored in memory, providing an external entity with identity data for transmission to the device, applying a one way function to the encryption key and the identity data to generate a variant key, authenticating communications between the device and the external entity with the variant key and limiting the number of times the encryption key is retrieved from the first memory in a given period of time.03-31-2011
20110087894METHOD OF MANAGING MULTIMEDIA DATA AND MOBILE COMMUNICATION TERMINAL EQUIPPED WITH FUNCTION OF MANAGING MULTIMEDIA DATA - A mobile communication terminal having a function of managing multimedia data is provided, including: a main memory including a multimedia database storing the multimedia data; a signal processor converting the multimedia data stored in the main memory into data of a format suitable to be output to a display of the mobile communication terminal; a back_end chip which processes the multimedia data outputted from the signal processor, stores digest information of multimedia data upon occurrence of an update event of the multimedia data, and provides the stored digest information upon receiving a signal of requesting the digest information to be synchronized; and a front_end chip including a controller which requests the digest information stored in the back_end chip, compares and synchronizes the digest information offered from the back_end chip and digest information stored in advance in the front_end chip.04-14-2011
20100161998Associating a Signing key with a Software Component of a Computing Platform - A method and system is provided for operatively associating a signing key with a software component of a computing platform. The computing platform includes a trusted device and on start-up first loads a set of software components with each component being measured prior to loading and a corresponding integrity metric recorded in registers of the trusted device. The system stores a key-related item in secure persistent storage, the key-related item being either the signing key or authorisation data for its use. The trusted device is arranged to enable a component of the software-component set to obtain the key-related item, this enabling only occurring when the current register values correspond to values only present prior to loading of components additional to those of the software-component set. Certificate evidence is provided indicating that the signing key is operatively associated with a component of the software-component set.06-24-2010
20090313482Apparatus, Method and System for Generating a Unique Hardware Adaptation Inseparable from Correspondingly Unique Content - The present invention includes an apparatus, method and system for generating a configuration of an adaptive circuit which is inseparable from selected content. Either the adaptive circuit or encrypted, selected content has a unique identifier. In one of the preferred method and system embodiments in which the adaptive circuit has the unique identifier, a request for the selected content is received, along with the unique identifier, such as by a network server. The selected content is then encrypted, based upon the unique identifier, to form encrypted content. Configuration information for the adaptive circuit, corresponding to the unique identifier and the encrypted content, is generated to form corresponding configuration information. A service provider, such as through a network server, transfers the encrypted content and the corresponding configuration information to the adaptive circuit having the unique identifier, which may then be configured for use of the selected content. As a consequence, the present invention creates adaptive hardware configurations which are uniquely coupled to the selected content.12-17-2009
20110087893APPARATUS AND METHOD FOR PREVENTING FALSIFICATION OF BLACK BOX DATA - Provided are an apparatus and method for preventing falsification of black box data. The apparatus for preventing falsification of black box data includes a driving information storage module and a falsification prevention module. The driving information storage module stores a driving information data which is collected by a black box. The falsification prevention module encrypts the driving information data to generate a falsification determination data through a predetermined encryption mechanism, and stores the falsification determination data.04-14-2011
20100131771METHOD TO RESTORE A FAILED HDD OF A PVR - The invention relates to recovering files stored on a HDD of a Personal Video Recorder (PVR) in the case of a crash of the HDD. Every time a file is stored on an external medium special information of the file system of the HDD is stored —optionally in encrypted form—on the medium as far as enough storage capacities available there. According to the invention the stored information is overwritten if a rewritable medium is used. By that the medium can be optimally used. If the HDD fails the stored information can be used to copy the files to external media.05-27-2010
20100017621RADIO TRANSCEIVER OR OTHER ENCRYPTION DEVICE HAVING SECURE TAMPER-DETECTION MODULE - An encryption device includes a system processor having a first key for encrypting information. The system processor periodically generates random data strings that are also encrypted using the first key. The encryption device also includes a first output for communicating the encrypted information to an external location and a tamper detection module for receiving on a periodic basis the random data strings generated by the system processor. The tamper detection module includes a second key that is the same as the first key, an encryption engine for encrypting the random data strings using the second key, and a second output for communicating the encrypted data strings to the system processor. The tamper detection module is configured to alter the second key upon detection of a tampering event so that the second key is different from the first key.01-21-2010
20090327755INFORMATION-PROCESSING DEVICE AND INFORMATION MANAGEMENT PROGRAM - [Problems] To more infallibly prevent leak of information because loss or theft.12-31-2009
20090327747TEMPLATE RENEWAL IN HELPER DATA SYSTEMS - The invention provides a method for authenticating a physical object (OBJ) using a first helper data (W12-31-2009
20090313481METHOD AND SYSTEM FOR CHANGING SAFETY-RELEVANT DATA FOR A CONTROL DEVICE - A system and method for changing safety-relevant data for a control device is provided wherein an authorized user inputs new or altered safety-relevant data, which is received on a data processing installation. A first checksum for the safety-relevant data is established and stored along with the safety-relevant data in at least one data record on the data processing installation. An enable code may also be stored in the at least one data record. This enable code may be produced by a code generator and encrypted by a key module. The data processing installation then reads back the safety-relevant data from a memory in the data processing installation, thereby allowing a comparison of the received safety-relevant data and the read back safety-relevant data. A second checksum is generated in a case where the comparison resulted in no differences. The second checksum may also be stored in the at least one data record. At least one new data record containing the safety-relevant data, the encrypted enable code and the first and second checksums is created and transmitted to the control device. The new data record is checked against prior data records and prior checksums stored on a storage medium to determine that the at least one new data record is known to the control device.12-17-2009
20110252242MULTI-PHASE STORAGE VOLUME TRANSFORMATION - In accordance with one or more aspects, a storage volume is transformed into an encrypted storage volume or an unencrypted storage volume using a multi-phase process. One or more parts of the storage volume that have not yet been transformed are identified, and one or more parts of the storage volume that are allocated for use are identified. In a first phase of the multi-phase process, one or more parts of the storage volume that have not yet been transformed and that are allocated for use are transformed. In a second phase of the multi-phase process, after the first phase is finished, one or more parts of the storage volume that have not yet been transformed and are not allocated for use are transformed.10-13-2011
20090217054SECURE SOFTWARE AND HARDWARE ASSOCIATION TECHNIQUE - In an embodiment, authenticated hardware and authenticated software are cryptographically binded using symmetric and asymmetric cryptography. Cryptographically binding the hardware and software ensures that original equipment manufacturer (OEM) hardware will only run OEM software. Cryptographically binding the hardware and software protects the OEM binary code so it will only run on the OEM hardware and cannot be replicated or altered to operate on unauthorized hardware. This cryptographic binding technique is referred to herein as secure software and hardware association (SSHA).08-27-2009
20090217055Apparatus and Method for Preventing Unauthorized Copying - The present invention relates to an apparatus for preventing unauthorized copying that comprises a casing, an optical storage device, a control center installed in the casing and coupled to the optical storage device, and an input/output port installed in the casing and exposed from the casing and coupled to an electronic device, such that if a user places a medium into the optical storage device, the control center will determine whether or not the medium is a read-once medium; if yes, then the content of the medium will be copied to the control center. In the meantime, the electronic device is examined to check whether or not the electronic device is a copy permit user; if yes, then the control center will copy the content of the medium to the electronic device. The present invention also provides a method for preventing unauthorized copying.08-27-2009
20100070778SECURE FILE ENCRYPTION - A technique for secure file encryption first choose a file encryption key randomly among a set of file encryption keys and encrypts a file using the chosen file encryption key based on a set of encryption rules. The file encryption key can then be encrypted via a directory master secret (DMS) key for an extra layer of security so that an intruder cannot decrypt the encrypted file even if the intruder gains access to the DMS-encrypted file encryption key. Finally, the DMS-encrypted file encryption key can be stored in a metadata associated with the file.03-18-2010
20100070776Logging system events - Provided is computer implemented method for logging system events, comprising: 03-18-2010
20100064143SYSTEM LSI - A system LSI comprising: a processor which processes confidential data; a first on-chip bus which is connected to the processor; a working memory which saves the confidential data processed by the processor; and a memory interface circuit which is connected between the first on-chip bus and the working memory, and through which data is transferred between the working memory and the first on-chip bus under control of the processor.03-11-2010
20100250962ELECTRONIC TOKEN COMPRISING SEVERAL MICROPROCESSORS AND METHOD OF MANAGING COMMAND EXECUTION ON SEVERAL MICROPROCESSORS - The invention is a method of managing application (AP) execution in an electronic token (ET) comprising at least a first and a second microprocessors (MP09-30-2010
20110154053Distributed Database - The invention relates to a module to be included onboard the equipment of a telecommunication network and comprising: a database storing at least search field values including URL addresses, at least some of said URL addresses being stored in an encrypted form, encryption means capable of encrypting a piece of information received by the module in order to allow an information search in the database by comparison with the encrypted search field values.06-23-2011
20110154058METHOD AND APPARATUS FOR STORING AND VERIFYING DATA - Embodiments of the present invention provide a method of storing data, comprising: updating a counter, and storing data and a value of the updated counter together in encrypted form; and a method of verifying data, comprising decrypting stored data to recover a data element value, and comparing the data element value against a counter to verify the stored data.06-23-2011
20110154057SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied.06-23-2011
20110154051SECURING EXECUTION OF COMPUTATIONAL RESOURCES - Controlling access to computational features includes: preparing a computational resource for execution by an execution system that has been provided a primary descriptor containing an identity value and that has associated a feature indicator with the primary descriptor; accessing a secondary descriptor containing the identity value and cryptographically assigned to the computational resource; and granting the computational resource access to a computational feature of the execution system based on the feature indicator.06-23-2011
20110154055COMPUTER READABLE STORAGE MEDIUM FOR GENERATING A PSEUDONYM, COMPUTER IMPLEMENTED METHOD AND COMPUTING DEVICE - The invention relates to a method of generating a pseudonym, the method including accessing an input value and calculating a pseudonym by applying a cryptographic one-way function to the input value, where the cryptographic one-way function is an injective function. In alternative embodiments, the cryptographic one-way function is an embedding and/or randomizing function06-23-2011
20110154054COMPUTER IMPLEMENTED METHOD FOR GENERATING A PSEUDONYM, COMPUTER READABLE STORAGE MEDIUM AND COMPUTER SYSTEM - The invention relates to a computer implemented method for generating a pseudonym for a user comprising entering a user-selected secret, storing the user-selected secret in memory, computing a private key by applying an embedding and randomizing function onto the secret, storing the private key in the memory, computing a public key using the private key, the public key and the private key forming an asymmetric cryptographic key, erasing the secret and the private key from the memory, and outputting the public key for providing the pseudonym06-23-2011
20110154052MEDIA-FOLLOWING ENCRYPTION POLICY CONTROL - Example articles of manufacture, methods, and systems facilitate having encryption policy follow an article of manufacture like a tape cartridge. One example article of manufacture includes a media portion (e.g., tape) and a non-media portion (e.g., housing). The media portion is configured to store machine readable information. The article of manufacture could be a tape, a disk, a memory, and other computer readable media. The article of manufacture also includes an encryption policy information indicator. The encryption policy information indicator can be configured to store information that controls an encryption policy associated with the article of manufacture. Therefore, encryption policy can, for example, follow a tape cartridge rather than be resident solely in a controlling application (e.g., tape library).06-23-2011
20110154050SYSTEM AND METHOD FOR SELECTIVELY PROVIDING CRYPTOGRAPHIC CAPABILITIES BASED ON LOCATION - A system and method of providing cryptographic functionality includes receiving a request to perform a cryptographic operation in a mobile electronic device, determining whether the cryptographic operation is permitted to be performed by the mobile electronic device based on the current location of the mobile electronic device, and performing the cryptographic operation in the mobile electronic device only if it is determined that the cryptographic operation is permitted.06-23-2011
20110078456Encrypted Communication Device with Limited Number of Encryption Key Retrievals from Memory - A device for encrypted communication with external entities is configured to frustrate side channel attacks attempting to determine an encryption key. The device has a first memory, an encryption key stored in the first memory and a one-way function for application to the encryption key. During use, the encryption key is retrieved from the first memory prior to application to the one-way function and the device is configured to limit the number of times the encryption key is allowed to be retrieved from the non-volatile memory to a pre-determined threshold.03-31-2011
20100125739SECURE CONFIGURATION OF PROGRAMMABLE LOGIC DEVICE - A cryptographic system (05-20-2010
20110083020SECURING A SMART CARD - The invention provides a method for securing a smart card (04-07-2011
20110083019PROTECTING DE-DUPLICATION REPOSITORIES AGAINST A MALICIOUS ATTACK - Methods and systems for protecting de-duplication repositories against a malicious attack are disclosed. One method receives at least one block of data to store in a data storage system. A de-duplication engine comprising a secret key is utilized to generate a secret key hash of the at least one block of data. A comparison of the secret key hash of the at least one block of data with a secret key hash table of previously stored data on the data storage system to identify duplicated data, the secret key hash comparing protecting the data storage system against a malicious attack.04-07-2011
20110107109STORAGE SYSTEM AND METHOD FOR MANAGING DATA SECURITY THEREOF - A method for managing data security of a storage system includes dividing a storage unit of the storage system into a data access block and a key block. An encryption key input is used to set the encryption key, the data access block is encrypted using the set encryption key, and the set encryption key is stored in the key block. The data access block may be decrypted using the decryption key under the condition that the decryption key corresponds to the set encryption key.05-05-2011
20120303973METHOD FOR PROTECTING SENSOR DATA FROM MANIPULATION AND SENSOR TO THAT END - In a method for protecting sensor data from manipulation, in the context of an authentication of the sensor, a number used once is sent from a control unit to the sensor, the sensor generating with the use of the number used once a cryptographic authentication message and sending at least a first part of the cryptographic authentication message to the control unit. In addition, the sensor data are provided with a cryptographic integrity protection, time-variant parameters being added to the sensor data and the sensor data being sent with the cryptographic integrity protection and the added time-variant parameters from the sensor to the control unit. For calculation of the initial parameters, at least a second part of the cryptographic authentication message is utilized.11-29-2012
20120303972INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing apparatus includes a data processor and a storage. The storage is divided into a protected area to which access is limited and a general purpose area which is freely accessible, and configured to store in the general purpose area encrypted content, and an encrypted title key obtained by encrypting a title key to be applied to decrypt the encrypted content, and store in the protected area a binding key applied to encrypt the title key, and a hash value of the encrypted title key. The data processor is configured to determine, in response to a request for access to the protected area from an external apparatus, whether or not to permit the access, and permit, only when access permission determination is made, the access to the protected area.11-29-2012
20120303970DATA STORAGE APPARATUS, STORAGE CONTROL APPARATUS AND DATA RECOVERY METHOD - According to one embodiment, a data storage apparatus includes a read module, a data transfer module, and a table generator. The read module reads encrypted data, in specific units, from a storage medium. The data transfer module transfers the data read by the read module, to a first buffer area. The table generator acquires key generation ID data identifying a new encryption key being used and an old encryption key used before, while the data transfer module is transferring the data, and generates table data including the key generation ID data associated with the units of data, respectively. The key generation ID data identifies the new encryption key being used and the old encryption key used before.11-29-2012
20120303969Methods and Apparatus for Efficient Computation of One-Way Chains in Cryptographic Applications - Techniques are disclosed for efficient computation of consecutive values of one-way chains and other one-way graphs in cryptographic applications. The one-way chain or graph may be a chain of length s having positions i=1, 2, . . . s each having a corresponding value v11-29-2012
20120303968METHOD AND SYSTEM FOR BUSINESS WORKFLOW CYCLE OF A COMPOSITE DOCUMENT - A method and system for a business workflow of a composite document are described. An integrity and authenticity of an entry table are identified and verified using a verification key, a map file corresponding to entries in the table are identified using a private user decryption key, signature verification keys and access keys are read from the map file, and authenticity of the map file and the document parts are verified. Following verification, content is delivered to a user for review, update and/or modification of the content, and then is encrypted, signed, and moved along the workflow, normally to the next workflow participant. A secure distribution version of a composite document is created from a master copy by creating a serialization including at least one part of a composite document and at least one user, creating a table listing document parts and associated users, generating encryption and decryption keys, encrypting document parts, applying signatures to encrypted document parts, updating the tables with the signed parts and updating the composite document with the updated tables. A master copy is updated from a secure distribution copy after the distribution copy has completed a workflow and a workflow wrap.11-29-2012
20120303967DIGITAL RIGHTS MANAGEMENT SYSTEM AND METHOD FOR PROTECTING DIGITAL CONTENT - A digital content management system operative in a distributed network includes a SDP server and a client. The SDP server includes a content issuer and a right issuer. The content issuer is configured to randomly generate a first key, convert the first key to a second key by a conversion function, and encrypt a portion of a digital content item with the second key to form an encrypted portion, wherein the encrypted portion has its corresponding character code. The right issuer is configured to generate a right object, which includes the first key, and encrypt the right object.11-29-2012
20110078461SYSTEM AND METHOD FOR COMMUNICATION IN A WIRELESS MOBILE AD-HOC NETWORK - A system and method for improving digital communication in a wireless mobile ad-hoc network. More specifically, the system includes one or more portable network devices operable to support the seamless operation of a self-initializing, self-healing, adaptive portable network. The portable network devices implement protocols that provide bandwidth management capabilities for use with radios, routers and other wireless network devices. Each portable network device includes at least one wireless transceiver, a processor and control software. The processor and control software are logically coupled to the wireless transceiver to facilitate digital communication via a plurality of communication channels with other network devices.03-31-2011
20110078458CONTENTS PROCESSING DEVICE AND CONTENTS PARTIAL INTEGRITY ASSURANCE METHOD - A contents processing device includes a management data storage unit to store an updater identifier and a private key, an accepting unit to accept a content which is divided into a plurality of blocks, an updating type indicating a type of an updating as to the content, an updated block to be updated of the content, and an updated position, an inserting unit to generate an updated content by inserting the updating block into the updated position of the content, a first hash value calculating unit to calculate a hash value as to the updated block, a signature unit to read out the updater identifier and the private key from the management data storage unit to generate a digital signature using the private key as to updating record information including the updater identifier, the updated position, the hash value as to the updated block, and the updating type.03-31-2011
20110060918CRYPTOGRAPHIC SYSTEM FOR PERFORMING SECURE ITERATIVE COMPUTATIONS AND SIGNAL PROCESSING DIRECTLY ON ENCRYPTED DATA IN UNTRUSTED ENVIRONMENTS - Disclosed embodiments include a cryptographic system implemented in at least one digital computer with one or more processors or hardware such as FPGAs for performing iterative secure computations, analysis, and signal processing directly on encrypted data in untrusted environments. According to a basic embodiment, the proposed cryptographic system comprises: (a) at least one secure protocol for performing matrix multiplications in the encrypted domain, and (b) at least one secure iterative protocol for solving systems of linear equations in the encrypted domain. According to a particular embodiment the system comprises a plurality of privacy-preserving protocols for solving systems of linear equations (SLE) directly based on homomorphic computation and secret sharing. More specifically, according to a particular embodiment the system uses a protocol whereby systems of linear equations are solved securely and iteratively without imposing any restrictions on the matrix coefficients.03-10-2011
20110072277INTEGRATED CIRCUIT AND ELECTRONIC APPARATUS - An integrated circuit includes a semiconductor-circuit layer; metal layers formed on the semiconductor-circuit layer, one of the metal layers being a metal layer in which an active shield is formed; and an antenna formed by patterning in at least one of the metal layers that are below the metal layer in which the active shield is formed. The semiconductor-circuit layer includes an encryption circuit configured to receive a drive voltage and to perform encryption arithmetic; a power-supply circuit configured to provide the drive voltage to the encryption circuit; and a circuit system configured to receive a power-supply voltage from an external power supply.03-24-2011
20110072276DATA STORAGE APPARATUS HAVING CRYPTION AND METHOD THEREOF - A storage apparatus including a storage unit to store data, a processor unit to process the data according to a command received from an external device, a key unit to store a plurality of crypto keys, and a decoder unit to select one of the crypto keys according to address information of the command received from the external device. Hardware encryption is more secure and less complex to manage.03-24-2011
20110072275Detecting counterfeit products - In some embodiments an indication of an intended use of a logic device is stored in a register of the logic device, and any further programming of the register is prevented. Other embodiments are described and claimed.03-24-2011
20110252243SYSTEM AND METHOD FOR CONTENT PROTECTION BASED ON A COMBINATION OF A USER PIN AND A DEVICE SPECIFIC IDENTIFIER - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Additionally, a method of generating a cryptographic key based on a user-entered password and a device-specific identifier secret utilizing an encryption algorithm is disclosed.10-13-2011
20110060920DISTRIBUTED DATA STORAGE DEVICE - The invention relates to a distributed data memory unit comprising a plurality of memory units, each having memory means and an access controller, an authentication unit comprising memory means and a validation unit, an execution controller comprising an execution controller module and an access verification unit, the execution controller communicating with the memory units and the authentication unit. At least one unambiguous electronic cipher is stored in the memory means of the authentication unit, the access verification unit has an access controller module and a memory unit. A first unambiguous cipher, which corresponds to a stored cipher of the authentication unit is stored in the memory unit and an assignment table is stored in the memory means of the memory unit. The invention also relates to a method for operating a distributed data memory unit.03-10-2011
20110060919ENCRYPTION KEYS - A system is provided which includes a key memory storing a group of keys for use in decryption and a programmable memory configured to store a set of rules governing access to the key memory and a first engine for deriving a first key using a second key from the key group. The engine is configured to transmit a request for access to the second key from the key memory. The system further includes logic connected between the engine and the key memory and further connected to the programmable memory. The logic is configured to receive the request from the engine and to use the set of rules to control the access to the second key in the key memory. The programmable memory is writeable in situ to replace the set of rules with an alternative set of rules.03-10-2011
20110060916DATA MANAGEMENT UTILIZING ACCESS AND CONTENT INFORMATION - A system for operating an enterprise computer network including multiple disparate clients, data elements and computer resources, the system including monitoring and collection functionality for providing continuously updated metadata relating to at least one of actual access, access permissions and content of the data elements and operating functionality utilizing the continuously updated metadata provided by the monitoring and collection functionality for functions other than reporting the at least one of actual access, access permissions and content or recommending changes in the access permissions.03-10-2011
20120066513METHOD AND APPARATUS FOR AUTHENTICATING A NON-VOLATILE MEMORY DEVICE - A method and an apparatus for authenticating a non-volatile memory device are provided. The method includes sending, to the memory device, a request for an Enhanced Media Identification (EMID) for identifying the memory device, by an EMID decoder for authenticating the memory device; receiving the requested EMID changed by a preset calculation of the EMID with an optional value from the memory device; and restoring the EMID by decoding the received changed EMID.03-15-2012
20110016329INTEGRATED CIRCUIT CARD HAVING A MODIFIABLE OPERATING PROGRAM AND CORRESPONDING METHOD OF MODIFICATION - A smart card including a processor unit associated with a ROM and with a programmable ROM. The ROM contains an operating program that can be executed by the processor unit and that includes functional portions, each defining a function of the processor unit. The program includes an entry/exit point for each functional portion and an identifier is associated with each functional portion. The programmable ROM contains at least one substitutable functional portion suitable for substituting one of the functional portions of the ROM and associated with an identifier corresponding to the identifier of the corresponding functional portion of the ROM, and the processor unit is arranged to execute the substitutable functional portion instead of the corresponding substitutable functional portion of the ROM.01-20-2011
20120124389Protecting images, and viewing environments for viewing protected images - A method, apparatus, and system are provided to facilitate protecting media such as images, documents, video streams, and the like, from unauthorized copying or distribution. The method is based on requiring certain conditions to be filled prior to, and during, display of the media on a user display. The conditions for display may require pointing device cursor placement, operating certain keys, and the like. Permissions are granted to users by the media owners and the permissions are checked prior to display. Thus the user is prevented from copying the media and using it illicitly, and the media owner may share media while at the same time maintaining control over the use thereof. The system may also be utilized to provide time-limited access to certain materials.05-17-2012
20120278634METHOD AND APPARATUS FOR SECURE ACCESS TO EXECUTION CONTEXT - An approach is provided for providing secure access to execution context. An execution security platform determines an execution context of a device, the execution context including at least in part one or more computation closures. The execution security platform also processes and/or facilitates a processing of the execution context, the one or more computation closures, or a combination thereof to cause, at least in part, decomposition of the execution context, the one or more computation closures, or a combination thereof into, at least in part, one or more context criteria and content information, The execution security platform further determines to encrypt the execution context, the one or more computation closures, the content information, or a combination thereof using the one or more context criteria as a public key of an identity-based encryption.11-01-2012
20100299533METHOD FOR SECURING AUTHORIZED DATA ENTRY AND THE DEVICE TO PERFORM THIS METHOD - The method for authorized data entry and securing the authenticity of such data when entering cryptographic operations provides that the application in the computer (A), requiring authorized data entry, sends a specific command to the STM module (C) which defines a template of input data intended to be cryptographically processed. This specific command switches the STM module (C) over to the secure typing mode, the STM module (C) autonomously controls the typing of required data items of the data template, by recording characters typed on the connected entry device (D) and the recorded characters are arranged by the STM module (C) in its internal memory in requested data structures defined by the input data template, and such created data are sent by the STM module (C) directly to the token (E) where the requested cryptographic operation is called, the result of which is sent to the computer (A) by the STM module (C), and subsequently the STM module (C) switches back to the transparent mode. For the devices according to the present invention, both the data entry device (D) and the external token (E) are connected to the computer (A) via an additional STM module (C) which is standardly in the transparent mode when transferring data between the computer (A) and connected peripherals, such as the data entry device (D) and the token (E), without affecting the process, with the computer (A) and connected peripherals, such as the data entry device (D) and the token (E), without affecting the process, with the specific command sent from the application in the computer (A) being a transferrable template of data defining the requirements for the input data of cryptographic operations and the STM module (C) which can be switched over to the secure typing mode where the STM module (C) autonomously controls data typing on the data entry device (D) and their cryptographic processing in the token (E).11-25-2010
20130166920MOBILE DATA VAULT - A portable electronic device is provided. The portable electronic device includes a data interface module that processes files associated with a user, the data interface module receives and validates a password from a user of the portable electronic device before the user is allowed access to files processed by the data interface module, an encryption key formed by the data interface module upon validation of the password, the encryption key further comprising the password, a hard coded private string and a serial number of the portable electronic device and a data storage area that stores files received from the data interface module the stored files are encrypted using the encryption key and where neither the encryption key or the password are stored in an unencrypted format anyplace within the portable electronic device.06-27-2013
20110016328INFORMATION INTERCHANGE SYSTEM AND APPARATUS - To overcome the drawback of difficulties when interchanging a patient's health record among different health information management systems and yet keep the patient's privacy, this invention proposes a method comprising the steps of: extracting, from a certificate, a signature of a first service provider and a first identifier; generating a second identifier corresponding to the first identifier; sending a request to any one of a second identifier manager and the first service provider so as to request a record associated with the first identifier; receiving the requested record from any one of the second identifier manager and the first service provider; and associating the requested record with the second identifier. Use of the proposed method provides the advantage that there is no need to unify all health information management systems adopting the same pseudonymization service, and makes it easy to share health information among different health information management systems without disclosing the patient's privacy.01-20-2011
20110016330INFORMATION LEAK PREVENTION DEVICE, AND METHOD AND PROGRAM THEREOF - Provided is an information leak prevention device that prevents information in files from leaking without an access control rule. The information leak prevention device includes a data processing device, a file storage device and a key storage device. The data processing device includes an execution detection unit that detects the execution of the application for each user who starts the application with the use of an access identifier that is a combination of an identifier for identifying the application and an identifier for identifying the user who starts the application; a key confirmation unit that confirms whether a combination of encryption and decryption keys unique to the access identifier is in the key storage device; a key generation unit that generates the encryption and decryption keys unique to the access identifier and stores the access identifier and a combination of the encryption and decryption keys in the key storage device as a key element; an access detection unit that detects access to the file by the application for each of the users; and an encryption/decryption unit that acquires from the key storage device a combination of the encryption and decryption keys unique to the access identifier and encrypts and decrypts data with a combination of the encryption and decryption keys.01-20-2011
20130166919SECURE DATA DELETION IN A DATABASE - A data storage application encrypts one or more data pages using a first initialization vector and one or more encryption keys. In addition, the data storage application encrypts one or more converter pages using a second initialization vector and the encryption key(s). The first initialization vector uses the converter page(s) to encrypt the data page(s). The encrypted data page(s) and the converter page(s) are stored to physical storage. Related apparatus, systems, techniques and articles are also described.06-27-2013
20100115288SYSTEM AND METHOD OF ENCRYPTION FOR DICOM VOLUMES - Digital image storage and management systems capable of producing encrypted DICOM volumes on different types of media (e.g., Blu-ray, CD, DVD, memory stick, USB flash drive, etc.), with or without the automatic generation of labels, systems and mechanisms to generate and manage passwords for the encrypted volumes, and systems and mechanisms to manage access to encrypted data on such volumes are disclosed. Generated encrypted DICOM volumes, which can comprise confidential patient data, can be securely interchanged, archived, and distributed to users. The disclosed systems and methods can permit authorized users to access encrypted data, even if the users do not have access to the original encryption mechanism. Encrypted data stored on the volume can be easily and securely accessed by a variety of authorized users.05-06-2010
20100115286LOW LATENCY BLOCK CIPHER - A block cipher is provided that secures data by encrypting it based on the memory address where it is to be stored. When encrypting data for storage in the memory address, the memory address is encrypted in a first plurality of block cipher rounds. Data round keys are generated using information from the first plurality of block cipher rounds. Data to be stored is combined with the encrypted memory address and encrypted in a second plurality of block cipher rounds using the data round keys. The encrypted data is then stored in the memory location. When decrypting data, the memory address is again encrypted as before while the encrypted stored data is decrypted in a second plurality of the block cipher rounds using the data round keys to obtain a partially decrypted data. The partially decrypted data is combined with the encrypted memory address to obtain fully decrypted data.05-06-2010
20120151220PERSONALIZED DIGITAL MEDIA ACCESS SYSTEM (PDMAS) - The invention is an apparatus that facilitates access to encrypted digital media to accept verification and authentication from an excelsior enabler using at least one token and at least one electronic identification. The at least one electronic identification could be a device serial number, a networking MAC address, or a membership ID reference from a web service. Access to the product is also managed with a plurality of secondary enablers using the at least one electronic identification reference.06-14-2012
20110258459METHOD FOR PROTECTING THE DECRYPTING OF THE CONFIGURATION FILES FOR PROGRAMMABLE LOGIC CIRCUITS AND CIRCUIT IMPLEMENTING THE METHOD - A method for protecting a programmable logic circuit includes storing data file(s) used for the configuration of the programmable resources of the circuit in a non-volatile memory after having been encrypted. A decryption module internal to the circuit is responsible for decrypting the file(s) by using a secret key stored in the circuit, the decryption module being protected against attacks aiming to obtain the key during the decryption operation by implementing at least one countermeasure technique.10-20-2011
20110258458METHOD AND APPARATUS FOR MANAGING KEYS USED FOR ENCRYPTING DATA - A method, a data processing system, and a computer program product for managing cryptographic information. A determination is made as to whether a first time stamp of when cryptographic information was created is more recent than a second time stamp of a backup of the cryptographic information in response to receiving a request for the cryptographic information from a requester. The cryptographic information is used to encrypt data. The cryptographic information is prevented from being provided to the requester in response to a determination that the first time stamp of cryptographic information creation is more recent than the second time stamp of the backup of the cryptographic information.10-20-2011
20110258457Method and System for Cryptographic Processing Core - A combination firmware and hardware cryptographic core architecture is provided for encrypting, decrypting and authenticating data. The core provides flexibility to change and add new cryptographic protocols, while providing increased performance by loading new firmware into a microcontroller that programs behavior of various components in the core. The core combines a microcontroller programmable by firmware, and flexible aligner, insertion and removal controllers programmed by the microcontroller that process, manage and manipulate an incoming data stream as it moves through the core. The firmware may be reprogrammed upon an enhancement or change to a protocol while still realizing performance benefits of the hardware. Reprogramming the microcontroller allows it to change the way the aligner, insertion and removal controllers manipulate the data stream as it enters various components. Such systems provide redesign time savings compared to hardware cryptographic core architectures, and improved speed and throughput compared to software cryptographic core architectures.10-20-2011
20110258456EXTENSIBLE MANAGEMENT OF SELF-ENCRYPTING STORAGE DEVICES - Security device objects can be utilized to support a stack of components of computer-executable instructions that are directed to managing the security functionality represented by the security device object. In the case of hardware encrypting storage devices, a security device object can represent the self-encrypting capabilities of those devices and the attendant stack can comprise drivers directed to band and key management. A default band management driver can support a band-centric set of input/output controls that can be redirected to the band management driver. It can cache band authentication keys or provide callback mechanisms for key providers to register themselves to provide keys on-demand. Key provider identifiers can be stored on the storage device and utilized to dynamically load, install or upgrade key providers when the band authentication key is required. The band management driver can also prevent the powering-down of the storage device in an unlocked state.10-20-2011
20100070779INTEGRITY OF CIPHERED DATA - A method for protecting the integrity of data ciphered by a ciphering algorithm providing at least an intermediary state meant to be identical in ciphering and in deciphering, this intermediary state being sampled during the ciphering to generate a signature.03-18-2010
20120204036Encryption Scheme - Cryptographically converting raw data into a structured electronic document can include parsing the raw data to identify at least one raw data object. A target data object is selected from the raw data object(s). For each selected target data object, the target data object is encrypted according to a cryptographic scheme to create an encrypted data object. Each selected target data object is replaced with the respective encrypted data object, and is associated with markup data in a structured format for each respective encrypted data object, resulting in the structured electronic document. The format of the structured electronic document can be compliant with a formatting language, which can be a general-purpose or specific-purpose formatting language.08-09-2012
20100058069METHOD AND DEVICE FOR DETERMINING A UNIQUE CONTENT INSTANCE IDENTIFIER, UNIQUE CONTENT INSTANCE IDENTIFIER AND METHOD AND DEVICE FOR MANAGING CONTENT LICENSES - A method and a device for determining a unique content instance identifier of a content item, wherein the content item is received by a receiving device and provided to a content management system and includes an original content identifier of an original identification scheme. The method: defines a data structure of the unique content item identifier depending on the original identification scheme, the data structure including a first, a second and third part, wherein the size of at least one of the second and third parts depends on the original identification scheme; stores a code in the first part, wherein the code uniquely identifies the original identification scheme; stores the original content identifier, a derivative thereof, and/or a device identifier identifying the receiving device in the second part; and stores a freely allocatable value in the third part, such that no duplicate unique content instance identifiers are generated by the device.03-04-2010
20090327753Method and apparatus for selectively enabling a microprocessor-based system - A system for selectively enabling a microprocessor-based system is disclosed. State information that describes the operating conditions or circumstances under which a user intends to operate the system is obtained. In the preferred embodiment of the invention, a valid hash value is determined, preferably based on the state information and preferably by locating the valid hash value within a table of valid hash values indexed by the state information. Candidate authorization information is obtained from the user, and a candidate hash value is generated by applying a hashing algorithm to the candidate authorization information, the state information, or a combination of the candidate authorization information and state information. The candidate hash value and the valid hash value are then compared, and the microprocessor-based system is enabled if the candidate hash value matches the valid hash value. In this manner, the designer or distributor of the system can determine, at the time of manufacture or distribution, the conditions and circumstances under which the system may be operated.12-31-2009
20120204037Method and apparatus for executing software applications - Consumer electronic devices, such as e.g. high-definition movie players for removable storage media such as optical discs, may provide possibilities for advanced interactivity for the user, implemented as software applications. A question arising generally with such software applications is what the life cycle of such an application is, and who may control it. The invention provides a method for executing software applications within a playback device for audio-video data, wherein data from a first removable storage medium are read for a software application to be executed within said playback device, and the data comprise an indication defining a termination condition for the application. Based on said termination code and depending on how the medium holding the application is ejected, the application is terminated or may survive.08-09-2012
20080320314APPARATUS FOR WRITING DATA TO A MEDIUM - An apparatus for writing data to a medium. The apparatus has a receiver for receiving a write request and encrypted data from a data provider. The apparatus further has a creator for creating a medium ID upon reception of the write request. Furthermore, the apparatus has a provider for providing the medium ID to the data provider for generating the encrypted data and a storage for storing the encrypted data on the medium and for storing the medium ID on the medium upon creation of the medium ID, wherein the encrypted data is encrypted based on the medium ID.12-25-2008
20080320313SYSTEM AND METHOD TO PROTECT COMPUTING SYSTEMS - A system and method for protecting computing systems, and more particularly a system and method which a dedicated hardware component configured to communicate with a protection program. A computer hardware subsystem includes a memory comprising content. The content is at least a list of files which have been modified within a predetermined period of time. The list of files is a subset of files of a hard drive. A dedicated hardware component is configured to track the files which have been modified and provide a location of the files to the memory. A communication link between the dedicated hardware component and a protection program provides the protection program with the subset of files of the hard drive as referenced by the memory content.12-25-2008
20080320312Hardware-Based Computer Theft Deterrence - A hardware-based security module is used to protect an electronic device, especially a portable electronic device. The security module may determine either via timeout of a watchdog timer or via an explicit message to encrypt selected data on the electronic device. In addition, the electronic device may enter a limited function mode that only allows display of simplistic messages and supports network traffic with a recovery service. The recovery service may be able to use the network traffic to locate the electronic device. The security module may include a secure memory, a cryptographic function, a timer, and support for direct display of data on a monitor.12-25-2008
20080229113Trusted Time Stamping Storage System - Data stored in a data storage system is hashed to generate a hash value. The hash value and a request for a time stamp are then sent to a time stamping authority. A time stamp token and/or a time stamp certificate is received from the time stamping authority. The time stamp token includes a time stamp and the hash value, and may be encrypted using a private key of the time stamping authority. The time stamp token and/or time stamp certificate is then stored with, for example, a reference to the data being stored in the data storage system. The time stamp token and/or time stamp certificate may then be used to validate the data being stored and the time stamp.09-18-2008
20110161676ENTERING A SECURED COMPUTING ENVIRONMENT USING MULTIPLE AUTHENTICATED CODE MODULES - Systems, apparatuses, and methods, and for entering a secured system environment using multiple authenticated code modules are disclosed. In one embodiment, a processor includes a decoder and control logic. The decoder is to decode a secured enter instruction. The control logic is to find an entry corresponding to the processor in a match table in a master authenticated code module and to read a master header and an individual authenticated code module from the master authenticated code module in response to decoding the secured enter instruction.06-30-2011
20110161675SYSTEM AND METHOD FOR GPU BASED ENCRYPTED STORAGE ACCESS - A system and method for graphics processing unit (GPU) based encryption of data storage. The method includes receiving a write request, which includes write data, at a graphics processing unit (GPU) encryption driver and storing the write data in a clear data buffer. The method further includes encrypting the write data with a GPU to produce encrypted data and storing the encrypted data in an encrypted data buffer. The encrypted data in the encrypted data buffer is sent to an IO stack layer operable to send the request to a data storage device. GPU implemented encryption and decryption relieves the CPU from these tasks and yield better overall performance.06-30-2011
20100318809METHOD AND SYSTEM FOR CONTROLLING PRESENTATION OF COMPUTER READABLE MEDIA ON A MEDIA STORAGE DEVICE - A method of controlling presentation of content on a media storage device is described. The method is comprised of verifying the presence of a media presentation mechanism and a usage compliance mechanism on a computer system operated by a recipient to whom the media storage device is distributed. The usage compliance mechanism includes a file system filter driver for controlling data reads associated with the computer readable media. The media presentation mechanism is communicatively coupled with the usage compliance mechanism. The present method further includes the file system driver performing a first decryption of the computer readable media. The present method further includes the media presentation mechanism performing a second decrypting of the computer readable media concurrent with presenting the computer readable media to the recipient.12-16-2010
20120311348Method and System for Embedded High Performance Reconfigurable Firmware Cipher - A firmware cipher component is provided which can be configured and programmed to efficiently implement a broad range of cryptographic ciphers while accelerating their processing. This firmware cipher component allows an ASIC to support multiple cipher algorithms while accelerating the operations beyond speeds conventionally achieved by software or firmware only solutions. This system combines cryptographic specific custom instructions with hardware based data manipulation accelerators. The cryptographic specific custom instructions and hardware accelerators may support both block and stream ciphers. Thus, the system may be reconfigured, allowing the cipher algorithm to change without halting the system. Further, embedding the Firmware Programmable Cipher within an ASIC may allow future capabilities to be supported in secure applications.12-06-2012
20120311347APPARATUS AND METHOD FOR PERFORMING ENCRYPTION AND DECRYPTION OF DATA IN PORTABLE TERMINAL - An apparatus and a method for performing encryption or decryption of data in a portable terminal, which performs an encryption or decryption operation from a point where the encryption or decryption operation is not generated when power is turned off and then turned on during the encryption or decryption operation, are provided. The apparatus includes a file system analyzer for extracting information of a data block, in which actual user data is stored, through metadata of a file system, and generating a data block list, and a journaling manager for storing a data block corresponding to the data block list among data blocks stored in a memory in a journaling storage unit, and deleting the data block stored in the journaling storage unit when an encryption or decryption operation for the data block stored in the journaling storage unit is completed.12-06-2012
20120311346SECURING A DATA SEGMENT FOR STORAGE - A method begins by a dispersed storage (DS) processing module encrypting a data segment utilizing an encryption key to produce an encrypted data segment and performing a deterministic function on the encrypted data to produce a transformed representation of the encrypted data. The method continues with the DS processing module masking the encryption key utilizing the transformed representation of the encrypted data to produce a masked key, partitioning the masked key into a plurality masked key partitions, partitioning the encrypted data segment into a plurality of encrypted data segment partitions, and combining the plurality of masked key partitions with the plurality of encrypted data segment partitions to produce a plurality of combined partitions. For a combined partition of the plurality of combined partitions, the method continues with the DS processing module encoding the combined partition using a dispersed storage error coding function to produce a set of encoded data slices.12-06-2012
20120311345SECURELY REBUILDING AN ENCODED DATA SLICE - A method begins by a requesting entity issuing a rebuild request regarding an encoded data slice to at least some of a set of distributed storage (DS) units. In response to the rebuild request, the method continues with each of at least some of the DS units of the set of DS units generating a partial slice corresponding to the encoded data slice to be rebuilt based on one of a set of encoded data slices stored by the respective DS unit to produce an array of partial slices. The method continues with the at least some of the DS units encrypting the array of partial slices using a set of encryption keys to produce an array of encrypted partial slices. The method continues with the requesting entity rebuilding the encoded data slice from the array of encrypted partial slices.12-06-2012
20120311344TECHNIQUES FOR SECURITY AUDITING OF CLOUD RESOURCES - Techniques for security auditing of cloud resources are provided. A virtual machine (VM) is captured and isolated when a session indicates that a session with the VM has terminated. Security checks are executed against the VM in the isolated environment. Results from the security checks are then reported.12-06-2012
20110055591METHOD FOR CRYPTOGRAPHIC DATA PROCESSING, PARTICULARLY USING AN S BOX, AND RELATED DEVICE AND SOFTWARE - A method for data cryptographic processing, that is implemented by an electronic entity and includes the conversion of input data (M′i−1), masked by an input mask (X), into output data, the conversion using a conversion table (S), and the method including the following steps: for at least one plurality of possible values (A) for the input mask (X), transferring the output value of the conversion table (S) corresponding to the masked input data (M′i−1) converted by the application of an unmasking operation using the possible value (A), into a table (T) at a position corresponding to a determined value (0) masked by the input mask (X) and converted by the application of an unmasking operation using the possible value (A); determining the output data using the value located in the table (T) at the position corresponding to the determined value (0).03-03-2011
20110055590APPARATUS AND METHOD FOR COLLECTING EVIDENCE DATA - An apparatus for collecting evidence data includes: an online data collection unit for collecting online data from a location designated by a user; a screen capture unit for capturing shots viewed on a computer screen, as they are; a time stamping unit for calculating a message digest for the collected online data to generate a time stamp including date and time when the message digest has been generated and a signature of the time stamping unit itself; and an image generation unit for generating a forensic image for the collected online data and generating a message digest for the collected online data.03-03-2011
20110055589INFORMATION CERTIFICATION SYSTEM - The invention discloses an information certification system including a data processing device and a portable storage medium. The portable storage medium includes a transmission interface and a memory array. The portable storage medium is removably coupled to the data processing device through the transmission interface. The memory array includes a hidden storage area. When a protected program is executed on the data processing device, the data processing device sends a certification request to the portable storage medium. The portable storage medium checks the certification request and selectively returns certification information stored in the hidden storage area back to the data processing device. Wherein, the certification information corresponds to the protected program.03-03-2011
20110055588METHODS AND SYSTEMS FOR SECURELY TERMINATING PROCESSES IN A CLOUD COMPUTING ENVIRONMENT - When terminating a process instantiated in a cloud, a cloud management system can provide and interact with an eraser agent on the computing systems supporting the process. The process can be any type of process that can exits in the cloud such a virtual machine, software appliance, or software instance. The eraser agent can execute on the computing systems to erase information stored on physical storage devices of the computing systems and associated with the process. In particular, the eraser agent can utilize secure algorithms to alter and obscure the information stored on the physical storage devices of the computing systems and associated with the process.03-03-2011
20080256367Duo Codes for Product Authentication - Systems and methods are provided that employ two or more cryptographically linked codes. The codes, when encrypted, become cipher texts that appear unrelated. The codes described herein are characterized by a series of bits including one or more switch bits. The cipher text of a code having a switch bit in one state will appear to be unrelated to the cipher text of another code differing only in that the switch bit is in the opposite state. The cryptographically linked codes can be used in various combinations, such as on a product and its packaging, on a product and a component of the product, on a certificate packaged with the product and on the packaging, or on outer and inner packagings of the product.10-16-2008
20080256366System and Method for Booting a Multiprocessor Device Based on Selection of Encryption Keys to be Provided to Processors - A system and method for booting a multiprocessor device based on selection of encryption keys to be provided to the processors are provided. With the system and method, a security key and one or more randomly generated key values are provided to a selector mechanism of each processor of the multiprocessor device. A random selection mechanism is provided in pervasive logic that randomly selects one of the processors to be a boot processor and thereby, provides a select signal to the selector of the boot processor such that the boot processor selects the security key. All other processors select one of the one or more randomly generated key values. As a result, only the randomly selected boot processor is able to use the proper security key to decrypt the boot code for execution.10-16-2008
20080256364DYNAMIC NEGOTIATION OF SECURITY ARRANGEMENTS BETWEEN WEB SERVICES - The present invention relates to computer-based devices and methods negotiate and implement security arrangements between two or more web services. More particularly, it relates to devices and methods that specify input and output interfaces, computation and generation of a security contract consistent with inputs, and implementation of security in accordance with negotiated security arrangements. Particular aspects of the present invention are described in the claims, specification and drawings.10-16-2008
20120173881Method & Apparatus for Remote Information Capture, Storage, and Retrieval - The present disclosure relates to methods and systems that restrict access to stored sensitive information. Specifically, the methods and systems of the present disclosure separate the management of access to data from the encryption and storage of the data itself. The present disclosure allows for retrieval of the access without providing such access to the data host. Further, the present disclosure provides for data ownership privileges that can grant or revoke access. The present disclosure further provides for audio-access of stored data.07-05-2012
20080250250Method and Apparatus for Using USB Flash Devices and Other Portable Storage as a Means to Access Prepaid Computing - A form of removable memory, such as a universal serial bus (USB) flash device (UFD), may allow secure storage of and access to a time balance of a pay-per-use or subscription computing system. A computing device may establish a secure connection to a portable secure computing device to access a stored time balance or other device-enabling, exhaustible data. During operation, the device may deplete the balance. Upon reaching a threshold depletion of the balance, the user may add more data to continue device use. The device may include a processor and a secure memory including identification and subscription data. Further, the device may store configuration data that may be used by the computer to bind the device to a particular subscription service or internet service provider.10-09-2008
20110010564SERIALLY CONNECTED PROCESSING ELEMENTS HAVING FORWARD AND REVERSE PROCESSING TIME INTERVALS - Methods and apparatus provide a delayed clock signal to a plurality of serially connected processing elements, such as a bidirectional pipeline processor. The processing elements include forward and reverse processing paths and forward and reverse processing time intervals along the respective paths. The forward and reverse processing time intervals begin when a block of data, such as encryption data, is gated into an individual processing element for processing and terminate when the processed block of data is gated into a subsequent adjacent processing element along the respective forward or reverse processing path. A clock signal distribution circuit provides a clock signal to the plurality of processing elements such that the clock signal arrives at successive processing elements along the clock signal distribution circuit with an increasing amount of delay so that one of the forward or reverse processing time intervals is greater than the other.01-13-2011
20080201580TRUSTWORTHY TIMESTAMPS AND CERTIFIABLE CLOCKS USING LOGS LINKED BY CRYPTOGRAPHIC HASHES - A method and apparatus for creating and/or using trustworthy timestamps and certifiable clocks using logs linked by cryptographic hashes. In one embodiment, the method comprises maintaining a first, chained-hash log; associating a first clock with the chained-hash log, and entangling the first log; with a second by adding a time-stamped synchronization entry to the chained-hash log, where the synchronization entry has a second time indication associated with the second log and a hash of one or more entries in the first log.08-21-2008
20110022851DATA ENCRYPTION DEVICE - A portable data sensor tag (01-27-2011
20110179289METHOD AND DEVICE FOR ELECTRONICALLY CAPTURING A HANDWRITTEN SIGNATURE USING EMBEDDING TECHNIQUE - A method and apparatus for encrypting an electronic document involves a computer having a first monitor and a signature capture apparatus configured to capture a handwritten signature on a second monitor. A hash sum of the electronic document generated in the computer is transmitted to the signature capture apparatus. The electronic document and the first hash sum thereof are displayed on the first monitor. The first hash sum is also displayed on the second monitor. After electronically capturing the handwritten signature, the signature data are encrypted using the first hash sum. A digital signature image is generated in the signature capture apparatus and the first hash sum is embedded therein. The embedded first hash sum is then extracted in the computer. If the extracted hash sum is identical to the first hash sum generated in the computer apparatus, the encrypted signature data and the signed document are stored.07-21-2011
20110179288Technique for Content Management using Group Rights - A technique for content management using group rights is described. The technique facilitates a flexible management for a group of content files mainly by effecting a change of group memberships for subsets of the group and a partial update of the content files. As one aspect, a content file manager (07-21-2011
20120072735STORAGE DEVICE, PROTECTION METHOD, AND ELECTRONIC DEVICE - According to one embodiment, a storage device encrypts/decrypts data with an encryption key to write/read the data to/from the storage area. In the storage device, an elapsed time counter starts counting triggered by turning on of the storage device. A receiver receives a command containing a password and time information from a host device. The time information indicates current date and time. A calculator calculates elapsed time from last command input to current command input based on the time information and a counter value. An adder adds the elapsed time to time information contained in a command received last time. A time information determination module determines the consistency of the time information. A disabling module disables the encryption key if the time information is not consistent. An authentication module authenticates the password if the time information is consistent and allows access to the storage area if the password is successfully authenticated.03-22-2012
20110179286COMPUTER IMPLEMENTED METHOD FOR PERFORMING CLOUD COMPUTING ON DATA BEING STORED PSEUDONYMOUSLY IN A DATABASE - The invention relates to a computer implemented method for performing cloud computing on data of a first user employing cloud components, the cloud components comprising a first database and a data processing component, wherein an asymmetric cryptographic key pair is associated with the first user, said asymmetric cryptographic key pair comprising a public key and a private key, the data being stored pseudonymously non-encrypted in the first database with the data being assigned to an identifier, wherein the identifier comprises the public key, the method comprising retrieving the data from the first database by the data processing component, wherein retrieving the data from the first database comprises receiving the identifier and retrieving the data assigned to the identifier from the first database, wherein the method further comprises processing the retrieved data by the data processing component and providing a result of the analysis.07-21-2011
20110179285Computer system, client device and method - A computer system includes a network. The system includes a first client device in communication with the network having a transaction description for a transaction t. The first client device sends the transaction description to a second client device. The second client device receives the transaction description from the first client device. One of the first or second client devices executes the transaction description and creates a second transaction description for transaction t and then sends the second transaction description to a client device. A client device of a computer system having a network and a second client device. A method of a computer system. A method of a client device of a computer system having a network and a second client device.07-21-2011
20110264924SYSTEMS AND METHODS FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.10-27-2011
20110264922DIGITAL VIDEO GUARD - This invention relates to the veracity of information that is displayed to a user of a computer and can also relate to the veracity of information provided to a computer by human input devices such as pointing devices and keyboards. A digital video guard device is a peripheral that is retrofitted to commodity computer device. The digital video guard device provides trust in specific information presented on a digital display. The digital video guard device resides in-line with a digital display and enables secure end-to-end interactions between a user and a displayed (usually remote) application. In-band signalling within the digital video stream is used to carry encrypted information from a remote source, over untrusted network infrastructure through the digital video guard device to a user for viewing. The creation of encrypted digital video content can be achieved by either local or remote applications, and is effected by manipulating what is to be rendered on a computer's display, i.e. encrypting data that will at some time form part of a digital display stream and be output from an information device to a digital display. The digital video guard device can decrypt and verify the integrity of the digital video content as it is sent to a digital display. The integrity of the displayed information is indicated by a trusted LED on the digital video guard device hardware. Part or the entire video signal may be designated as trusted, depending on what data within the video signal has been encrypted, signed, or otherwise labelled as being trustworthy.10-27-2011
20110264921METHOD OF VERIFYING AN IDENTIFICATION CIRCUIT - The invention relates to a method for verifying an identification circuit (10-27-2011
20100287383TECHNIQUES FOR DETECTING ENCRYPTED DATA - Techniques are described that generally relate to methods for detecting encryption status of a data file or data stream and selectively encrypting the data file or data stream based on the encryption status of the data file or data stream are generally disclosed. Example methods may include one or more of reading the data file or data stream from a data source, calculating a value of a property of the data file or data stream, comparing the calculated value with a threshold value to determine whether the file is encrypted or unencrypted, and encrypting files that are determined to be unencrypted.11-11-2010
20110060915Managing Encryption of Data - In an illustrative embodiment, a method, computer program product, and apparatus for managing encryption of data are provided. The method comprises determining whether the number of data units contains a known pattern responsive to receiving a number of data units to write to a storage device; storing the number of data units on the storage device in an unencrypted form responsive to a determination that the number of data units contains the known pattern; encrypting the number of data units to form encrypted data units responsive to an absence of a determination that the data contains the known pattern; and storing the encrypted data units on the storage device.03-10-2011
20100293390Secure movie download - A movie playing system which utilizes a system for the playing of movies (sound and video). The movie is encrypted and stored on a computer in an ordered sequence of segments. The computer decrypts each segment in series and plays that decrypted segment on the movie playing system. When the segment is nearly, or fully, complete, the computer decrypts the next segment and deletes the prior decrypted segment. The newly decrypted segment is then played and the process continues until the entire movie has been played. Security is provided through the use of a physical identifying key which the computer uses in the decrypting process and the system monitors for recording mechanisms.11-18-2010
20110119498IMPLEMENTING DATA CONFIDENTIALITY AND INTEGRITY OF SHINGLED WRITTEN DATA - A method, apparatus and a data storage device are provided for implementing data confidentiality and integrity of data stored in overlapping, shingled data tracks on a recordable surface of a storage device. A unique write counter is stored for each zone written to the recordable surface of the storage device. An encryption key is used together with the write counter information and a logical block address to encrypt each sector being written, and to decrypt all sectors being read. An individual sector is decrypted, obtaining the write counter information and reading the data sector. A message authentication code is stored for each zone. All sectors of the zone are read to perform integrity check on a sector.05-19-2011
20120151222SYSTEMS AND METHODS FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.06-14-2012
20110126025Active Intelligent Content - Active intelligent content is aware of its own timeline, lifecycle, capabilities, limitations, and related information. The active intelligent content is aware of its surroundings and can convert automatically into a format or file type more conducive to the device or environment it is stored in. If the active intelligent content does not have the required tools to make such a transformation, it is self-aware enough to seek out the tools and/or information to make that transformation. Such active intelligent content can be used for enhanced file portability, target advertising, personalization of media, and selective encryption, enhancement, and restriction. The content can also be used to collaborate with other content and provide users with enhanced information based on user preferences, ratings, costs, genres, file types, and the like.05-26-2011
20110138193PRODUCT SECURITY SYSTEM - The present invention relates to a product information system and a corresponding method in a product information system with products 06-09-2011
20110191597METHOD AND SYSTEM FOR SECURING SOFTWARE - In a method and system for securing a software package that can be broken down into a number of “event-action” type independent tasks, the tasks managing a set of “scripts”, the method includes using a script and message encapsulation module and a transmission of encapsulated scripts to a trust resource suitable for executing them.08-04-2011
20110191596Security Protocols for Processor-Based Systems - A processor-based system such as a wireless communication module may implement security functions in a cost effective fashion by providing a virtual memory space whose addresses may be recognized. The memory is integrated with an application processor. When those addresses are recognized, access to special security protocols may be allowed. In another embodiment, a variety of dedicated hardware cryptographic accelerators may be provided to implement security protocols in accordance with a variety of different standards. By optimizing the hardware for specific standards, greater performance may be achieved.08-04-2011
20110191595ENCRYPTION KEY ROTATION MESSAGES WRITTEN AND OBSERVED BY STORAGE CONTROLLERS VIA STORAGE MEDIA - Storage media is coupled to first and second storage controllers. When the first storage controller performs encryption key rotation, the First storage controller writes a key rotation message to a storage controller metadata section of the storage media indicating that key rotation is underway. The second storage controller observes the key rotation message indicating that key rotation is underway and suspends access by the second storage controller to encrypted portions of the storage media.08-04-2011
20110138192Verifiable, Leak-Resistant Encryption and Decryption - This patent describes techniques usable by devices to encrypt and decrypt sensitive data to in a manner that provides security from external monitoring attacks. The encrypting device has access to a base secret cryptographic value (key) that is also known to the decrypting device. The sensitive data are decomposed into segments, and each segment is encrypted with a separate encryption key derived from the base key and a message identifier to create a set of encrypted segments. The encrypting device uses the base secret cryptographic value to create validators that prove that the encrypted segments for this message identifier were created by a device with access to the base key. The decrypting device, upon receiving an encrypted segments and validator(s), uses the validator to verify the message identifier and that the encrypted segment are unmodified, then uses a cryptographic key derived from the base key and message identifier to decrypt the segments. Derived keys and validators are produced using methods designed to preserve security even if cipher and hashing operations leak information. Embodiments for systems including SoCs, firmware loading, FPGAs and network communications are described.06-09-2011
20110138191SECURE DATA CACHE - This invention is generally concerned with methods, apparatus and computer program code for securely caching\data, in particular for caching data stored on smart card systems such as those used in ICAO-compliant EU electronic passports. A caching system for providing a secure data cache for data stored in an electronic document, the comprising: an input to receive data to be cached; a processor configured to use all or part of said received data to calculate a unique cryptographic key for said data; encrypt all or part of said data with said unique cryptographic key; and discard said unique cryptographic key after encryption and an output to send said encrypted data to a data cache, with decryption of encrypted data requiring said unique cryptographic key to be recalculated from said electronic document whereby said data cache is secure. Use of such a cache dramatically speeds up the inspection process, by bypassing the need to read data entirely, except for during the first inspection.06-09-2011
20110138190GRAPH ENCRYPTION - A storage system stores information about a graph in an encrypted form. A query module can submit a token to the storage system to retrieve specified information about the graph, e.g., to determine the neighbors of an entity in the graph, or to determine whether a first entity is connected to a second entity, etc. The storage system formulates its reply to the token in a lookup result. Through this process, the storage system gives selective access to information about the graph to authorized agents, yet otherwise maintains the general secrecy of the graph from the perspective of unauthorized agents, including the storage system itself. A graph processing module can produce encrypted graph information by encrypting any representation of the graph, such as an adjacency matrix, an index, etc.06-09-2011
20100332846SCALABLE INDEXING - Method and apparatus for constructing an index that scales to a large number of records and provides a high transaction rate. New data structures and methods are provided to ensure that an indexing algorithm performs in a way that is natural (efficient) to the algorithm, while a non-uniform access memory device sees IO (input/output) traffic that is efficient for the memory device. One data structure, a translation table, is created that maps logical buckets as viewed by the indexing algorithm to physical buckets on the memory device. This mapping is such that write performance to non-uniform access SSD and flash devices is enhanced. Another data structure, an associative cache is used to collect buckets and write them out sequentially to the memory device as large sequential writes. Methods are used to populate the cache with buckets (of records) that are required by the indexing algorithm. Additional buckets may be read from the memory device to cache during a demand read, or by a scavenging process, to facilitate the generation of free erase blocks.12-30-2010
20110138189SYSTEMS AND METHODS FOR MANAGING STORAGE DEVICES - Systems and methods for managing storage devices are provided. The functionalities of smart card and micro SD card are integrated into a storage device to expand the effective storage capacity. The system includes a storage device having a storage area, a microcontroller, and a microprocessor. The microcontroller receives an access request, determines whether the access request conforms to a specific protocol or whether the access request is requesting to activate the microprocessor, and transmits the access request to a microprocessor when the access request conforms to the specific protocol or when the access request is requesting to activate the microprocessor. The microprocessor executes a Card Operating System (COS), and manages the storage area by performing the access request based on the COS. Further, the segmentation of expanded storage space and independent management/security mechanism for segmented spaces also make it possible to perform multi-applications for different card organizations/issuers.06-09-2011
20110078459SIGNATURE GENERATING DEVICE AND METHOD, SIGNATURE VERIFYING DEVICE AND METHOD, AND COMPUTER PRODUCT - A signature generating device includes a receiving unit that receives a sequence of data; a summary data generating unit that generates summary data of the data upon reception of each of the data by the receiving unit; an obtaining unit that obtains, when the number of data included in a sequence of the generated summary data reaches a given number, the sequence of the summary data as a block; a setting unit that sets, as a signature subject, a current block constituted by the sequence of the summary data, and the summary data selected from at least one block contiguous to the current block; a digital signature generating unit that generates a digital signature concerning data summarized for the current block; and a sending unit that sends the generated digital signature, the signature subject associated with the digital signature, and the data summarized for the current block.03-31-2011
20100077226ENCRYPTION DEVICE AND ENCRYPTION OPERATION METHOD - Provided is an encryption device which can effectively use a hardware encryption engine and reduce a packet processing delay of a real time application. In this device, an approval unit (03-25-2010
20110093721PARAMETERIZABLE CRYPTOGRAPHY - Some embodiments provide systems and techniques for performing parameterizable cryptography. An encryption key can be determined based at least on a string associated with an authorization policy. The encryption key can then be used to encrypt information. The decryption key can also be determined based at least on the string associated with the authorization policy. Note that the authorization policy must be satisfied to decrypt information. In some embodiments, the systems and techniques for performing parameterizable cryptography are blindable. These blindable embodiments can be used to preserve privacy.04-21-2011
20110093722Apparatuses, Systems, And Methods For Renewability With Digital Content Protection Systems - In one embodiment of the invention, a format for renewability content (e.g., a System Renewability Message (SRM)) corresponding to a content protection protocol (e.g., High-Bandwidth Digital Content Protection (HDCP)) may be interoperable with devices that are compliant with different versions of the standard (e.g., HDCP1.x and 2.x devices) and that include different amounts of storage for the renewability content (e.g., first and second generation devices).04-21-2011
20110093720Storage of KeyID in Customer Data Area - A key identifier for an encryption key repository is stored with customer data on a logical device. When the customer data is compressible, the key identifier is stored in space freed by compressing the customer data. When the customer data is not compressible, a portion of the customer data is copied to a key record in the key repository identified by the key identifier, and the key identifier overwrites the copied customer data.04-21-2011
20120173884METHOD FOR REMOTELY CONTROLLING AND MONITORING THE DATA PRODUCED ON DESKTOP ON DESKTOP SOFTWARE - According to this invention there is provided a method of controlling usage of data and prevent unauthorized usage of data that is generated by software using iso data system where data can be used only on the computer which has created the data or use and/or access the data on other computers only if the owner of such data has given access/permission to such data.07-05-2012
20100228995Universal Serial Bus Data Encryption Device with the Encryption Key Delivered by any Infrared Remote Handheld Controller where the Encryption Key is Unreadable by the Attached Computer System - The user may deliver an encryption key via any infrared remote controller to a computer data encryption controller external to the computing system but connected to the aforementioned computer system via the Universal Serial Bus (USB) port. The infrared delivered key may be combined with the computer system supplied key but this key can not be read directly by the computer system. All encryption functions are done external to the computers processing system, memory system, and disk drive as to erase the possibility of rouge unwanted programs such as spyware, viruses, malware, keystroke loggers, and root-kit programs from gathering encryption-key information.09-09-2010
20100070777SEMICONDUCTOR DEVICE IDENTIFIER GENERATION METHOD AND SEMICONDUCTOR DEVICE03-18-2010
20100064142INFORMATION SECURITY DEVICE, INFORMATION SECURITY METHOD, COMPUTER PROGRAM, COMPUTER-READABLE RECORDING MEDIUM, AND INTEGRATED CIRCUIT - The present invention aims to provide an information security apparatus that counters a simple power analysis attack (SPA) on an information security apparatus such as an RSA cryptosystem. The information security apparatus uses a multiplication with 1 in a Montgomery domain. 1 in the Montgomery domain is determined depending on a modulus and an integer k, which is greater than a number of bits of a modulus p. Therefore, it is hard for attackers who do not know p or k to analyze. Also, even if an analyzer can predict the Hamming weight, it is possible to further improve the safety against the SPA by modifying k or the modulus at random.03-11-2010
20120151221SYSTEMS AND METHODS FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.06-14-2012
20090300367ELECTRONIC CERTIFICATION AND AUTHENTICATION SYSTEM - The invention is an automated system that works in the data center of certification offices connected to the internet which enables a member of the any of the certification offices to certify his document electronically from a distance using a computer connected to the internet, digital pad, an electronic pen and a printer.12-03-2009
20090300366System and Method for Providing a Secure Application Fragmentation Environment - System and method for providing and using expanded memory resources secure application environment is disclosed. An embodiment comprises a system and method for providing secure application functionality comprising receiving a request for a secure operation; determining if required application code for the secure operation is present in an application fragment store; sequentially loading a plurality of fragments of the required application code from an external memory, if the required application code is not present in the application fragment store; sequentially executing the plurality of fragments of the required application code; and sending a reply to the request for the secure operation. The system and method may further comprise decrypting each of the plurality of fragments of the required application code using a secure key prior to execution of the fragment and verifying the integrity of the code fragment.12-03-2009
20090292930SYSTEM, METHOD AND APPARATUS FOR ASSURING AUTHENTICITY AND PERMISSIBLE USE OF ELECTRONIC DOCUMENTS - A system and method for secure document management including tagging and/or remotely tracking documents exchanged between one or more users and a document repository. In some embodiments, the security policies for documents are determined based at least in part on document content, metadata associated with the document, and/or usage history of the document.11-26-2009
20090292929INITIALIZATION OF A MICROPROCESSOR PROVIDING FOR EXECUTION OF SECURE CODE - An apparatus including a microprocessor and a secure non-volatile memory. The microprocessor executes non-secure application programs and a secure application program. The microprocessor has secure execution mode initialization logic and an authorized public key. The secure execution mode initialization logic provides for initialization of a secure execution mode within the microprocessor. The secure execution mode initialization logic employs an asymmetric key algorithm to decrypt an enable parameter directing entry into the secure execution mode. The authorized public key is used to decrypt the enable parameter, the enable parameter having been encrypted according to the asymmetric key algorithm using an authorized private key that corresponds to the authorized public key. The secure non-volatile memory stores the secure application program, where transactions over the private bus between the microprocessor and the secure non-volatile memory are isolated from the system bus and corresponding system bus resources within the microprocessor.11-26-2009
20110264923SELF-PROTECTING DIGITAL CONTENT - Technologies are disclosed to transfer responsibility and control over security from player makers to content authors by enabling integration of security logic and content. An exemplary optical disc carries an encrypted digital video title combined with data processing operations that implement the title's security policies and decryption processes. Player devices include a processing environment (e.g., a real-time virtual machine), which plays content by interpreting its processing operations. Players also provide procedure calls to enable content code to load data from media, perform network communications, determine playback environment configurations, access secure nonvolatile storage, submit data to CODECs for output, and/or perform cryptographic operations. Content can insert forensic watermarks in decoded output for tracing pirate copies. If pirates compromise a player or title, future content can be mastered with security features that, for example, block the attack, revoke pirated media, or use native code to correct player vulnerabilities.10-27-2011
20100031055EMBEDDED DEVICE HAVING COUNTERMEASURE FUNCTION AGAINST FAULT ATTACK - A cryptographic processing device, comprising: a storage unit; initial setting unit for setting a value to be stored in the storage unit; Montgomery modular multiplication operation unit for performing a Montgomery modular multiplication operation plural times for a value set by the initial setting unit; and fault attack detection unit for determining whether or not a fault attack occurred for each of at least some parts of the Montgomery modular multiplication operations performed plural times.02-04-2010
20100031054ENCRYPTION MONIKER IN MEDIUM AUXILIARY MEMORY - A tape cartridge is described including tape storage medium maintaining stored encrypted data that can be unencrypted via an encryption key. The tape cartridge also contains a medium auxiliary memory possessing a moniker wherein the moniker identifies the encryption key. The tape cartridge further includes a threshold parameter stored in the medium auxiliary memory wherein the threshold parameter influences a moniker state control, the moniker state control comprises an on state and an off state wherein the off state disables the moniker from identifying the encryption key.02-04-2010
20100017623Executable software security system - A computer system which is configured to load executable programs. This configuration first accepts an operator defined key; withdraws an encrypted executable program from memory; and, using the operator defined key, decrypts the encrypted executable program into a functional executable program. It is this functional executable program which is used by the processing unit. During shutdown, each executable program is checked to see if it was derived from an encrypted executable program; those that aren't, are verified as being legitimate by the operator prior to their storage into the memory.01-21-2010
20120042173Digital Content and Right Object Management Systems and Methods - Digital content and rights object management systems and methods are provided. The system at least includes a storage device having a hardware UID, a public area and a hidden area. The public area at least includes a security management application. The hidden area at least includes a rights object and a specific ID. The specific ID is read and determined whether or not it matches with the hardware UID. When the specific ID matches with the hardware UID, the rights object is retrieved from the hidden area, and the rights object is delivered to a security management application of a playback device for playback. In some embodiments, the rights object may be encrypted, and the security management application can read the hardware UID of the storage device, and decrypt the rights object according to the hardware UID. In the present invention, the hardware UID of the storage device and the rights object stored in the hidden area which cannot be accessed by general consumers are used to manage the DRM content.02-16-2012
20110154056COMPUTER READABLE STORAGE MEDIUM FOR GENERATING AN ACCESS KEY, COMPUTER IMPLEMENTED METHOD AND COMPUTING DEVICE - A computer readable storage medium having stored therein instructions, which when executed by a computing device cause the computing device to perform a method of generating an access key, the method comprising the steps of: 06-23-2011
20110307714REFERENCE TOKEN SERVICE - A reference token service is herein described. In one embodiment, the reference token service receives raw data strings from trusted source applications associated with merchants or other users. Upon receipt of a given raw data string, the reference token service then identifies one or more reference token pools corresponding to a merchant that sent the raw data string, wherein each reference token pool includes a plurality of reference tokens with comprising formats and data structures compatible with the merchant. The raw data string is then sent to a crypto system for tokenization. The crypto system returns a crypto token to the reference token service, wherein the crypto token may not satisfy the specific formatting or data requirements of the merchant. The crypto token is then associated with a reference token corresponding to the merchant, and the reference token is provided to the merchant. The merchant is then able to use the reference token amongst various applications within the merchant's system to enable easy sharing and retrieval of the raw data string.12-15-2011
20110307712MULTI-OWNER DEPLOYMENT OF FIRMWARE IMAGES - A method, apparatus, system, and computer program product for multi-owner deployment of firmware images. The method includes obtaining a signed firmware image that comprises a first code module signed by a first code owner and a second code module signed by a second code owner. The method further includes obtaining an updated first code module comprising updated code for the first code module, verifying that the updated first code module is signed by the first code owner, and updating the signed firmware image with the updated first code module in response to verifying that the updated first code module is signed by the first code owner. The signed firmware image may further comprise an access control list that authorizes updates to the first code module by the first code owner and updates to the second code module by the second code owner.12-15-2011
20110307713PROCESSOR AND PROCESSOR SYSTEM - In a processor including a CPU core executing instruction codes and a cache memory part having plural ways, encryption counter data encrypting and decrypting data input/output for the core in a common key encryption system are stored at one way among the plural ways, an XOR operation is performed between the encryption counter data and the input/output data, and the common key encryption process generating the encryption counter data is not executed every time when the data is encrypted or decrypted, to thereby enable high-speed memory access without sacrificing security.12-15-2011
20120042174Remote Container - Methods, program products, and systems implementing remote container techniques are disclosed. A relational database can include a container data field, which can be a data field for storing multimedia data. In one aspect, when the multimedia data are inserted into the container field, the multimedia data can be stored in one or more remote database files. The remote database files can be located separately from other data of the relational database and remotely from a client computer accessing the relational database. Corresponding data structures, or remote containers, can be configured to store metadata of the database files. References to the remote containers can be stored as values of the container data field. Using various encryption techniques, the remote database files can be given same access restrictions as access restrictions of the container data field, even when the remote database files are stored as flat files.02-16-2012
20090113216CRYPTOGRAPHIC MULTI-SHADOWING WITH INTEGRITY VERIFICATION - A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.04-30-2009
20090172413High Speed Cryptographic System with Modular Architecture - The present invention concerns a cryptographic system (07-02-2009
20090172412SYSTEM FOR AND METHOD OF AUTO-REGISTRATION WITH CRYPTOGRAPHIC MODULES - A system for and method of registering devices an applications with cryptographic modules is presented. The system and method prevent devices and applications from operating in conjunction with cryptographic modules unless such devices and applications have previously been registered with the module.07-02-2009
20090172411Protecting the security of secure data sent from a central processor for processing by a further processing device - A data processing apparatus comprising: a data processor for processing data in a secure and a non-secure mode, said data processor processing data in said secure mode having access to secure data that is not accessible to said data processor in said non-secure mode, and processing data in said secure mode being performed under control of a secure operating system and processing data in said non-secure mode being performed under control of a non-secure operating system; and a further processing device for performing a task in response to a request from said data processor, said task comprising processing data at least some of which is secure data; wherein said further processing device is responsive to receipt of a signal to suspend said task to initiate: processing of said secure data using a secure key; and storage of said processed secure data to a non-secure data store; and is responsive to receipt of a signal to resume said task to initiate: retrieval of said processed secure data from said non-secure data store; and restoring of said processed secure data using said secure key; wherein said secure key is securely stored such that it is not accessible to other processes operating in said non-secure mode.07-02-2009
20090172410PERSONAL VAULT - In some embodiments data input to an input device is encrypted before it is received by any software, and information is stored securely so that the information is not accessible to any software. Other embodiments are described and claimed.07-02-2009
20090172409CORE DUMP PRIVACY DURING APPLICATION FAILURE - Embodiments of the present invention address deficiencies of the art in respect to core dump generation during application fault handling and provide a method, system and computer program product for privacy preservation of core dump data during application fault handling. In an embodiment of the invention, a method for privacy preservation of core dump data during application fault handling can be provided. The method can include receiving a crash signal for an application and generating a core dump with object data for the application. The method further can include obfuscating the object data in the core dump and writing the core dump with obfuscated object data to a file. In this way, the privacy of the object data in the core dump can be preserved.07-02-2009
20080320315Method for Creating a Secure Counter on an On-Board Computer System Comprising a Chip Card - According to the inventive method, the chip card, a counting function (FC), a counter (Cpt) and a private key (Cf) stored in the write-only part of the memory region are stored in a persistent memory, the counter and the private key (Cf) being accessible only by the counting function (FC). When the chip card receives a counter request emitted by an requesting entity (ER), the counting function (FC) performs a modification of the counter (Cpt) and a calculation of a signature, and sends a response to the applicant entity (ER). When the on-board system receives the response to the counter request, the signature contained in the response is checked.12-25-2008
20120066512REAL-TIME SECURE SELF-AQUIRING ROOT AUTHORITY - When software is delivered to a customer, there are often programs or routines of programs that a software distributor intended to run under the credentials of a specific user other than the user who started the program. A secure method is proposed for software running in a process to acquire rights to issue restricted operations. A trusting entity trusts a process based on verifying ownership of code residing in the process. The trusted process is granted rights by the trusting entity to perform any or specific operations under the credentials of a specific user, not necessarily the current process user.03-15-2012
20120124392SYSTEM AND METHOD FOR STREAM/BLOCK CIPHER WITH INTERNAL RANDOM STATES - Disclosed herein are systems, methods, and computer readable-media for performing data encryption and decryption using a stream or block cipher with internal random states. The method includes splitting the input data into a predetermined number of blocks and processing each block. The processing includes creating sub-blocks, permuting the sub-blocks, replacing bytes using a lookup table, rotating bits, performing expansion and combining sets of bits. The element of randomness employed in this process allows for the same input to yield the same output, with differing internal states.05-17-2012
20120047371SECURE FIELD-PROGRAMMABLE GATE ARRAY (FPGA) ARCHITECTURE - A method and system for configuring a field-programmable gate array (FPGA) includes receiving an encrypted FPGA load-decryption key at an FPGA from a remote key-storage device. The remote key-storage device may be external to and operatively connected with the FPGA. The encrypted FPGA load-decryption key is decrypted using a session key, which may be stored at both the FPGA and the remote key-storage device. Encrypted FPGA-configuration data is received at the FPGA, and decrypted and authenticated using the decrypted FPGA load-decryption key. The decryption of the FPGA-configuration data may indicate a cryptographic state associated with the FPGA-configuration data, which may be used in recurring authentication of the FPGA-configuration data. For recurring authentication, a challenge message may be received at the FPGA from an authentication device, which may be encrypted using the cryptographic state and the session key to generate a response message. The response message may then be sent to the authentication device to determine authenticity of the FPGA-configuration data.02-23-2012
20120047372OPTICAL DISC, OPTICAL DISC RECORDING METHOD, OPTICAL DISC REPRODUCTION METHOD, OPTICAL DISC DEVICE AND STORAGE SYSTEM - A storage system having a plurality of optical disc devices allows other optical disc devices inside the storage system to reproduce the optical disc recorded by a certain optical disc device but inhibits optical disc devices outside the storage system to reproduce the optical disc. A device key as a base for generating an encryption key is common to the plurality of optical disc devices. In the optical disc devices, a guest key other than the device key can be used temporarily to generate the encryption key. An authentication list containing a reproduction condition is recorded with the key information to the optical disc.02-23-2012
20120210140INFORMATION PROCESSING APPARATUS, INFORMATION RECORDING MEDIUM MANUFACTURING APPARATUS, AND INFORMATION RECORDING MEDIUM - A configuration is provided for a process in which appropriate content code corresponding to apparatuses and applications of various model types and versions is selected to be performed. In a configuration in which content code recorded on an information recording medium is obtained, and processing, such as a security check in accordance with the content code, conversion of the content data, and embedding of player information into the content, is performed, at least a portion of the content code is set as encrypted data, and as an encryption key, a node key set so as to correspond to a node of a key tree having a hierarchical structure is used.08-16-2012
20120210138CRYPTOGRAPHIC LOGIC CIRCUIT WITH RESISTANCE TO DIFFERENTIAL POWER ANALYSIS - This disclosure describes techniques that may prevent cryptographic devices, including both encryption devices and decryption devices, from producing a power signature that can be used by attackers to deconstruct a cryptographic algorithm and extract a cryptographic key. The techniques may include an external power supply charging an internal, dedicated power storage element; temporarily gating off the encryption device from the external power supply; configuring a cryptographic logic unit to perform a cryptographic algorithm from power stored in the power storage element while the external power source is gated off; and then recharging the power storage element upon the cryptographic logic unit completing an iteration of the cryptographic algorithm.08-16-2012
20120005484HIGH-ASSURANCE SECURE BOOT CONTENT PROTECTION - A method and apparatus for high assurance boot processing is disclosed. A trusted processor is used to authenticate a trusted boot program and in conjunction with a selector, to provide the authenticated boot program to a boot memory where it can be accessed by a main processor to execute the bootup sequence. The trusted processor also provides a command for the main processor to write a data sequence to a hard drive or similar device, and monitors the data written by the main processor to verify that the data has not been tampered with or otherwise compromised.01-05-2012
20110167276Method and device for detecting if a computer file has been copied and method and device for enabling such detection - A method of detecting whether a computer file has been copied, the computer file comprising a software program and having an inode number. The inode number of the computer file is retrieved by the software program. From the computer file, a stored inode number is read, the stored inode number being the inode number of a file system from which the computer file should not be copied. The retrieved inode number and the read inode number are compared and it is determined that the computer file has been copied if the retrieved inode number does not match the read inode number. Also provided are a method of enabling detection of the copying of a computer file, and devices and software program products corresponding to the methods.07-07-2011
20110167277PROCESSING DEVICE, PROCESSING SYSTEM AND CONTROL METHOD FOR PROCESSING DEVICE - A processing device is provided. A first storage unit stores a correspondence table which is indicative of a correspondence relationship between attributes of data and encryption levels for encrypting data. An obtaining unit obtains data. A first determination unit determines an encryption level according to an attribute of the data obtained by the obtaining unit, using the correspondence table stored in the first storage unit. An encryption unit encrypts the data obtained by the obtaining unit in the encryption level determined by the first determination unit. A second storage unit stores the data encrypted by the encryption unit.07-07-2011
20120017096More Elegant Exastore Apparatus and Method of Operation - An apparatus to scale for multiple petabyte backup in redundant locations. Workload is automatically shared among many servers by a characteristic derived from the content itself. Duplicate storage is eliminated by checking for the existence or absence of simple files and appending client identification to files shared among multiple subscribers. Replication depends on simple atomic file operations rather than use of tables or databases. An efficient storage method for much larger quantities of data than conventional services.01-19-2012
20120017095Software Service for Encrypting and Decrypting Data - A system for making encryption and decryption available to software applications as a service is disclosed. An encryption/decryption server verifies the credentials of human operators, hardware devices, or combinations of operators and hardware devices and determines the cryptographic keys to which they have access, and provides access to said keys. Client software applications send service requests to the encryption/decryption server to encrypt or decrypt data. The server encrypts or decrypts the data as requested if the operator or device has the proper credentials to access the required key. The system may include multiple levels of security access.01-19-2012
20120060039Code Download and Firewall for Embedded Secure Application - A device includes a demodulator for receiving an encrypted content, an interface unit communicatively coupled to an external memory, and a hardware unit coupled to the demodulator and configured to enable the demodulator to decrypt the received content. The hardware unit includes a processing unit, a ROM having a boot code causing the device to fetch data from the external memory, a RAM for storing the fetched data, multiple non-volatile memory registers or fuse banks, and a mechanism configured to write the stored data to an external storage device in response to a backup event. The data may be encrypted using an encryption key prior to being written to the external storage device. The interface unit may include a wired or wireless communication link. The boot code includes executable instructions performing a series of validations. The device disables the executable instructions in the event of a validation failure.03-08-2012
20120060038PROTECTING AGAINST DIFFERENTIAL POWER ANALYSIS ATTACKS ON SENSITIVE DATA - An embodiment of a method is disclosed for protecting sensitive data from discovery during an operation performed on input data with the sensitive data. This embodiment of the method includes performing the operation on a first quantity of random data with the sensitive data using a circuit arrangement before performing the operation with the sensitive data on the input data using the circuit arrangement. After performing the operation with the sensitive data on the first quantity of the random data, the operation is performed with the sensitive data on the input data using the circuit arrangement. After performing the operation with the sensitive data on the input data, the operation is performed with the sensitive data on a second quantity of random data using the circuit arrangement.03-08-2012
20120060037PROTECTING AGAINST DIFFERENTIAL POWER ANALYSIS ATTACKS ON DECRYPTION KEYS - An embodiment of a method is disclosed for protecting a key from discovery during decryption of a data stream. This embodiment of the method includes decrypting the data stream with the key. Before completing decryption of the data stream, the method checks consistency between a decrypted portion of the data stream and expected data using a circuit arrangement. In response to an inconsistency between the decrypted portion and the expected data, a tampering signal is generated to indicate tampering is suspected.03-08-2012
20120159191METHOD AND APPARATUS FOR TRANSITIONING BETWEEN STATES OF SECURITY POLICIES USED TO SECURE ELECTRONIC DOCUMENTS - Techniques for dynamically altering security criteria used in a file security system are disclosed. The security criteria pertains to keys (or ciphers) used by the file security system to encrypt electronic files to be secured or to decrypt electronic files already secured. The security criteria can, among other things, include keys that are required to gain access to electronic files. Here, the keys can be changed automatically as electronic files transition between different states of a process-driven security policy. The dynamic alteration of security criteria enhances the flexibility and robustness of the security system. In other words, access restrictions on electronic files can be dependent on the state of the process-driven security policy and enforced in conjunction with one or more cryptographic methods.06-21-2012
20120159185Secure Digital Download Storage Device - A secure USB flash drive employing digital rights management to implement secure digital media storage such as that provided by encrypted storage utilizing content protection for recordable media (CPRM) or the like. Unlike a secure digital card which provides such protection, it does not need an SD card port which is CPRM enabled, or alternatively a reader adapted for use therewith. The form factor can be that of a standard USB flash drive and a standard USB connector is employed making the device and its use familiar and comfortable to the average consumer.06-21-2012
20120159186SECURING THE IMPLEMENTATION OF A CRYPTOGRAPHIC PROCESS USING KEY EXPANSION - In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of rounds, the cipher is hardened against an attack by protecting the cipher key by means of a key expansion process which obscures the cipher and/or the round keys by increasing their lengths to provide an expanded version of the keys for carrying out encryption or decryption using the cipher. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during its execution. This method and the associated computing apparatus are useful where the key is derived through a process and so is unknown when the software code embodying the cipher is compiled. This is typically the case where there are many users of the cipher and each has his own key, or where each user session has its own key.06-21-2012
20120159187ELECTRONIC DEVICE AND METHOD FOR PROTECTING AGAINST DIFFERENTIAL POWER ANALYSIS ATTACK - An electronic device and a method for protecting against a differential power analysis attack are disclosed herein. The electronic device includes an encryption/decryption unit, a random number generator and a countermeasure circuit. The encryption/decryption unit can provide an enable signal when encrypting or decrypting more bits of data. The random number generator can generate random data. When receiving the enable signal, the countermeasure circuit can operate according to the bits of data and the random data.06-21-2012
20120159192Optimizing Use of Hardware Security Modules - Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device.06-21-2012
20120159190ENCRYPTION DEVICE, DECRYPTION DEVICE, ENCRYPTING METHOD, AND DECRYPTING METHOD - An identification information setting unit of an encryption device on document data determines whether or not an encrypted area has been divided by an editing operation of document data, and sets identification information indicating any position of four corners of an undivided encrypted area at a corresponding position of each divided encrypted area when the encrypted area has been divided.06-21-2012
20120159189MODULAR EXPONENTIATION RESISTANT AGAINST SKIPPING ATTACKS - An exponentiation method resistant against skipping attacks. A main idea of the present invention is to evaluate, in parallel with the exponentiation such as y=g06-21-2012
20120159188Systems and Methods for Identity-Based Encryption and Related Cryptographic Techniques - A method and system for encrypting a first piece of information M to be sent by a sender [100] to a receiver [110] allows both sender and receiver to compute a secret message key using identity-based information and a bilinear map. The sender uses a bilinear map to encrypt a message M, producing ciphertext V to be sent from the sender [100] to the receiver [110]. The receiver [110] uses the bilinear map to decrypt V and recover the original message M. According to one embodiment, the bilinear map is based on a Weil pairing or a Tate pairing defined on a subgroup of an elliptic curve. Also described are several applications of the techniques, including key revocation, credential management, and return receipt notification.06-21-2012
20120159184Technique for Supporting Multiple Secure Enclaves - A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.06-21-2012
20120159183METHOD AND APPARATUS FOR SECURING A COMPUTING DEVICE - A method and apparatus for securing a computing device are provided. A state of the computing device is determined, the state associated with a protection state. The computing device is automatically switching between a plurality of security levels at based on the state.06-21-2012
20120159182DRM PLUGINS - Presented is a system and methods for receiving metadata, a decryption module and encrypted content from a cable headend, decrypting the encrypted content with the decryption module and presenting the decrypted content to a user. The client device can receive, load and execute any decryption module compatible with the system framework allowing flexibility in the choice or changing of client device manufacturer and/or Digital Rights Management system vendor.06-21-2012
20120072734PLATFORM FIRMWARE ARMORING TECHNOLOGY - A method, apparatus, method, machine-readable medium, and system are disclosed. In one embodiment the method includes is a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.03-22-2012
20120072737SYSTEM FOR ESTABLISHING A CRYPTOGRAPHIC KEY DEPENDING ON A PHYSICAL SYSTEM - In systems for establishing a cryptographic key depending on a physical uncloneable function (PUF) it may be a problem that internal information correlated with the cryptographic key is leaked to the outside of the system via a side-channel. To mitigate this problem a cryptographic system for reproducibly establishing a cryptographic key is presented. The system comprises a physical system comprising a physical, at least partially random, configuration of components from which an initial bit-string is derived. An error corrector corrects deviations occurring in the initial bit-string. Through the use of randomization the error corrector operates on a randomized data. Information leaking through a side channel is thereby reduced. After error correction a cryptographic key may be derived from the initial bit-string.03-22-2012
20110078460Apparatus for Logging a Configuration of a Microprocessor System and Method for Logging a Configuration of a Microprocessor System - An apparatus includes a logging apparatus and a configuration apparatus. The logging apparatus has a security module operable to create a manipulation-proof log. The configuration apparatus is operable to configure a configurable microprocessor system. The configuration apparatus is further operable to be coupled to the logging apparatus in order to log a configuration of the microprocessor system using the logging apparatus.03-31-2011
20080270805Method for Protecting Intellectual Property Cores on Field Programmable Gate Array - Techniques are used to protect intellectual property cores on field programmable gate arrays. An approach is to associate each field programmable gate array, or a limited number of field programmable gate arrays, with a secret key. Each field programmable gate array may only be properly configured or programmed by an appropriate encrypted bitstream (which includes one or more intellectual property cores). This encrypted bitstream has been encoded by or for the secret key associated with a particular FPGA. Other techniques are also presented in this application and include network-based, nonnetwork-based, software-based, layered, and other approaches. The techniques allow an intellectual property core vendor to charge a customer per-use or per-configuration of their intellectual property. This is because an encrypted bitstream is useable only in a limited number, possibly just one, of the integrated circuits.10-30-2008
20110107110INFORMATION PROCESSING APPARATUS, CONTROL METHOD AND COMPUTER-READABLE MEDIUM - An information processing apparatus that performs mapping of a data field in a database to a document template holding a variable area according to a mapping rule defined in the variable area, thereby generating print data for each record in the database, the information processing apparatus comprises: an accepting unit configured to accept designation from a user regarding whether or not to perform encryption of the data field referred to by the mapping rule, for each data field; a determination unit configured to determine whether or not to encrypt content that is to be applied to the variable area based on the data field for which encryption designation is accepted by the accepting unit and the mapping rule; and a generation unit configured to encrypt the content that is to be applied to the variable area and that is determined to be encrypted by the determination unit.05-05-2011
20110107108CONTENT RECORDER/PLAYER AND CONTENT WRITING AND READING METHOD - A content recorder/player. The content recorder/player includes a first data-storage medium including a first data-storage area, a second data-storage medium including a second data-storage area, and a control section. The control section is configured: to encrypt information groups having a predetermined relationship for writing into the first data-storage area; to generate and to encrypt an individual information group from which the information having the predetermined relationship is omitted, and to perform writing thereof into the second data-storage area; to read and to decrypt the individual information group, and to read and to decrypt an information group recorded on a first recording-destination location; and to restore, from an information group read from the second data-storage area, and from an information group read from the first data-storage area, an information group correlated with the content data based on the predetermined relationship, and to transmit the restored information group to an external device.05-05-2011
20100095131METHOD AND SYSTEM FOR SEAMLESS INTEGRATION OF PREPROCESSING AND POSTPROCESSING FUNCTIONS WITH AN EXISTING APPLICATION PROGRAM - A method for associating file activity of an application with the graphical display of the file on a screen comprises loading by an operating system an executable code of a message monitoring program adapted to monitoring a message sent by an operating system to a document display window. The message monitoring program establishes a system-wide window hook using available operating system API functions associated with one or more functions in a library of the message monitoring program. The message monitoring program library is loaded into the memory space of a newly started application program, the import table of the application is fixed with addresses of functions from the message monitoring program library, and the application's main window function is substituted with a message monitoring program window function.04-15-2010
20110099386DEVICE AND METHOD FOR DETECTING A MANIPULATION OF AN INFORMATION SIGNAL - The present invention relates to a device for detecting a manipulation of an information signal, having an extractor for extracting an information signal component characteristic for the information signal from the information signal, an encryptor for encrypting the information signal component to obtain an encrypted signal, and a comparator for comparing the encrypted signal to a reference signal, wherein the reference signal is an encrypted representation of a non-manipulated reference signal component of a reference information signal to detect the manipulation.04-28-2011
20090132832ELECTRONIC MUSICAL APPARATUS FOR RECORDING AND REPRODUCING MUSIC CONTENT - In an electronic musical apparatus, a media ID (MD05-21-2009
20090132830SECURE PROCESSING DEVICE, SECURE PROCESSING METHOD, ENCRYPTED CONFIDENTIAL INFORMATION EMBEDDING METHOD, PROGRAM, STORAGE MEDIUM, AND INTEGRATED CIRCUIT - When performing secure processing using confidential information that needs to be confidential, the secure processing device according to the present invention prevents the confidential information from being exposed by an unauthorized analysis such as a memory dump. A signature generation device 05-21-2009
20120124390Virtual Secure Digital Card - A system (and a method) are disclosed for generating a virtual secure digital (SD) card. One embodiment detects an SD card and reads a media key block and media identification for the SD card. The system stores the media key block and the media identification. The system creates a file system for secure data on a storage device for storage of secure data corresponding to a secure data area of the SD card and creates a file system for user data on the storage device for storage of user data corresponding to a user data area of the SD card. In addition, the system uses the virtual secure digital (SD) card. The system determines if the virtual SD card is provisioned and provisions it if not. The system accesses the data stored in the secure area of the provisioned virtual SD card. The system extracts the data from the secured area of the provisioned virtual SD card.05-17-2012
20120124388Electronic-device theft-deterring systems - A method and apparatus to deter theft of electronic-devices is disclosed. Electronic-devices have locked and unlocked states that permit deny and permit use of the electronic-device. Electronic-devices are shipped from manufacturers, thorough suppliers, to retailers in the locked state. Unlocking functions are transmitted through computer networks to the retail locations and held in volatile storage. The unlocking of the electronic-device occurs subsequent to purchase. Other methods and apparatus are disclosed related to multiple distribution methods of unlocking schemes, re-locking and return validation and data structures.05-17-2012
20110113256Secure Method for Processing a Content Stored Within a Component, and Corresponding Component - The component comprises a first memory (MM) comprising a first portion (P05-12-2011
20120317421Fingerprinting Executable Code - Executable code may be fingerprinted by inserting NOP codes into the executable code in a pattern that may reflect a fingerprint. The NOP codes may be single instructions or groups of instructions that perform no operation. A dictionary of NOP codes and their corresponding portion of a fingerprint may be used to create a series of NOP codes which may be embedded into executable code. The fingerprinted executable code may be fully executable and the presence of the NOP codes may not be readily identifiable. The fingerprinting mechanism may be used to authenticate executable code in various scenarios.12-13-2012
20120131352INCREMENTAL AND BULK STORAGE SYSTEM - A method for storing electronic data. A first set of electronic data may be copied from a computing device to a capsule. The capsule then may be transferred or located to a location other than that of the computing device. The capsule and the computing device may be in electronic communication. The first set of electronic data may be updated on the capsule when changes are made to the first set of electronic data on the computing device.05-24-2012
20120166816Auxiliary Functionality for Pixel Data - The various methods and systems described herein are directed to supplying a secure channel for software executing on a host computer. The methods and systems address and provide solutions for an attack model in which rogue software executing on the host computer attempts to inappropriately obtain or otherwise manipulate data. Some embodiments can provide pixel data that can be kept confidential (in that untrusted software applications cannot read the data off of the display screen). In addition, other embodiments can preserve the integrity of the pixel data by detecting whether the pixel data has been inappropriately manipulated. Various embodiments are based on a decryption engine that is located on a video card very late in the video processing chain such that programmatic access to decrypted pixel data is denied.06-28-2012
20120166815SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.06-28-2012
20120166814MEMORY CARD, HOST DEVICE, CERTIFICATION ISSUING DEVICE, MEMORY CONTROLLER, MEMORY CHIP, METHOD OF PRODUCING MEMORY CARD, AND DATA READING AND WRITING METHOD - A memory card includes one or more memory chips that store memory quality data including a storage volume value; and a certification storing unit that stores a storage volume certification including a sum storage volume value of one or more memory chips.06-28-2012
20120166813REPRODUCING DATA FROM OBFUSCATED DATA RETRIEVED FROM A DISPERSED STORAGE NETWORK - A method begins by a processing module processing a data retrieval request that identifies data, wherein the data is stored as a plurality of sets of encoded data slices, wherein one or more encoded data slices of the plurality of sets of encoded data slices has been replaced with one or more encoded secret slices of secret data. The method continues with the processing module receiving at least a threshold number of the plurality of sets of encoded data slices and determining whether a secret data extraction process is initiated. The method continues with the processing module obtaining an inter-dispersing function to extract the one or more encoded secret slices to produce extracted encoded secret slices and decoding the extracted encoded secret slices in accordance with secret dispersed storage error encoding parameters to reproduce the secret data when the secret data extraction process is initiated.06-28-2012
20120166812METHOD, APPARATUS AND SYSTEM FOR SECURE COMMUNICATION OF RADIO FRONT END TEST/CALIBRATION INSTRUCTIONS - Techniques for a programmable engine to provide security mechanisms protecting information which is in support of testing and/or calibration a radio front end. In an embodiment, test/calibration information is to be communicated to, from or within the programmable engine for processing by a particular resource of the programmable engine. In another embodiment, test/calibration is exchanged along a dedicated hardware data path between a security module of the programmable engine and an execution module of the programmable engine, wherein any data exchanged in the dedicated hardware data path is only accessible from the dedicated hardware data path via one or both of the security module and the execution module.06-28-2012
20100218000CONTENT DISTRIBUTION WITH RENEWABLE CONTENT PROTECTION - A method of renewing encryption applied to a content file in a playback device comprising determining a specified variant of at least one microcode function to be used in playing back the content file, determining if variants are stored in internal memory on the playback device to determine if the specified variant is included in the stored variants, retrieving the specified variant from a variant storage in a memory located in a media device in communication with the playback device, if the specified variant is not included in the stored variants, and using the specified variant to access the content file. A playback device has at least one memory having a variant storage, the variant storage including at least one variant of a microcode function, and a processor configured to execute instructions to determine at least one specified variant, access the variant storage of at least one memory to acquire the specified variant, and use the specified variant to decrypt a content file downloaded to a media device in communication with the playback device.08-26-2010
20100205458METHOD AND SYSTEM FOR FILE-SYSTEM BASED CACHING - A method and system for file-system based caching can be used to improve efficiency and security at network sites. In one set of embodiments, the delivery of content and storing content component(s) formed during generation of the content may be performed by different software components. Content that changes at a relatively high frequency or is likely to be regenerated between requests may not have some or all of its corresponding files cached. Additionally, extra white space may be removed before storing to reduce the file size. File mapping may be performed to ensure that a directory within the cache will have an optimal number of files. Security at the network site may be increased by using an internally generated filename that is not used or seen by the client computer. Many variations may be used is achieving any one or more of the advantages described herein.08-12-2010
20100205456FLASH MEMORY DISTRIBUTION OF DIGITAL CONTENT - Methods, apparatuses, and computer-readable media for distributing digital content. One embodiment comprises an apparatus comprising: a device (08-12-2010
20120216050MICROCODE AUTHENTICATION - A microcode authentication unit provides access to a secure hardware unit. A microcode segment is provided to the microcode authentication unit, which generates a signature corresponding to the segment and compares the size and signature of the segment against stored values. If a match is determined, the unit enables access to the secure hardware unit.08-23-2012
20120216048SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR APPLICATION-AGNOSTIC AUDIO ACCELERATION - Methods, systems and computer system products to allow audio decryption and decoding to be performed on a graphics engine instead of on a host processor. This may be accomplished without having to modify media application software. A down codec function driver exposes a down codec to a media application, which may then send encrypted and encoded audio data to the down codec function driver. The down codec function driver may then redirect the audio data to a graphics driver. The graphics driver may then pass the audio data to a graphics engine. The graphics engine may then decrypt and decode the audio data. The decrypted and decoded audio data may be returned to the graphics driver, which may then send the decrypted and decoded audio data to the function driver. The function driver may then pass the decrypted and decoded audio data to the down codec for rendering.08-23-2012
20100205454CIPHER DATA BOX - A cipher data box comprises: a housing; a printed circuit board; a first connector; a second connector; a controller, having a unique first identification code; a key seat; and a key, having a unique second identification code; therefore, when the key is inserted into the key seat and the first identification code is same as the second identification code, the storage device can be normally accessed, and the data therein will be encrypted/decrypted. Furthermore, for further enhancing the security function of the storage device, a plurality of cipher data boxes of the present invention can be cascade each other.08-12-2010
20100205453PRE-CONFIGURING OF ENCRYPTION BANDS ON A DISK FOR USE IN A PLURALITY OF ARRAY CONFIGURATIONS - A computational device receives input information on characteristics of customer data, critical metadata, and non-critical metadata, and characteristics of disk array configurations, wherein customer data is to be stored encrypted, wherein critical metadata is to be stored non-encrypted, and wherein non-critical metadata is to be stored encrypted or non-encrypted. The computational device determines band boundary information based on the received input information. Encrypting disks with pre-established bands are created based on the band boundary information and the encrypting disks are pre-initialized.08-12-2010
20120137140SYSTEM AND METHOD FOR PROTECTING INFORMATION AND RELATED ENCRYPTION KEYS - A system apparatus and method for protecting information are provided. Embodiments of the invention may detect inactivity related to a computing device. Information and encryption key may be removed from a memory. Subsequent activity may be detected. An authentication procedure may be performed, and, contingent on authenticating a relevant entity, a master key may be generated and installed in a memory.05-31-2012
20120137139DATA STORAGE DEVICE, DATA CONTROL DEVICE AND METHOD FOR ENCRYPTING DATA - According to one embodiment, a data storage device includes an encryption module, a write module, and a controller. The encryption module encrypts or decrypts data. The write module writes, on a storage medium, encrypted data of data received from a host, the encrypted data being encrypted by the encrypting module. The controller causes the encryption module to encrypt data received from a host and to transfer the encrypted data to the write module through a buffer memory, during normal encryption process, and to re-encrypt the data recorded on the storage medium, during re-encryption process. During the re-encryption process, the controller causes the encryption module to decrypt the encrypted data read from the storage medium, to store the decrypted data into the buffer memory, and to re-encrypt the decrypted data from the buffer memory by the encryption module and to transfer the re-encrypted data to the write module.05-31-2012
20120137138PACKAGE AUDIT TOOL - A method and system for software package auditing is described.05-31-2012
20110185190SYSTEM AND METHOD FOR PROTECTING CONTENT ON A STORAGE DEVICE - A system apparatus and method for protecting information on a storage device. Embodiments of the invention may create a virtual volume on a storage device. Embodiments of the invention may further transfer information to the virtual volume, remove information stored outside the virtual volume and extend the size of the virtual volume. Other embodiments are described and claimed.07-28-2011
20110185189SDK Use-Restriction Imposing Device, Use-Restriction-Imposed SDK Developing System, and SDK Use-Restriction Imposing Method - An SDK use-restriction imposing device includes a user interface unit, a source file of a use-restriction plug-in, a use-restriction plug-in edit unit, a build unit, and a use-restriction plug-in generation unit. The use-restriction plug-in edit unit sets use restrictions to the source file on the basis of use-restriction information received via the user interface unit. The build unit compiles the source file so as to generate an executable file of the use-restriction plug-in in response to a build instruction received via the user interface unit. The use-restriction plug-in generation unit generates a use-restriction-imposed SDK including an original SDK and the executable file of the use-restriction plug-in in response to an output instruction received via the user interface unit.07-28-2011
20110185188COMPUTER IMPLEMENTED METHOD FOR ANALYZING DATA OF A USER WITH THE DATA BEING STORED PSEUDONYMOUSLY IN A DATABASE - The invention relates to a computer implemented method for analyzing data of a first user, wherein an asymmetric cryptographic key pair is associated with the first user, said asymmetric cryptographic key pair comprising a public key and a private key, the data being stored pseudonymously in a database with the data being assigned to an identifier, wherein the identifier comprises the public key, the method comprising:07-28-2011
20110185187ELECTRONIC DEVICE AND METHOD - According to one aspect of embodiments of the present invention there is provided apparatus comprising a main assembly having a processing element configured to: obtain a first and second sub-assembly identifier stored on a second-assembly in communication with the main assembly; and enable operation of the main assembly and second assembly based on a determination that the first and second sub-assembly identifiers are cryptographically related.07-28-2011
20110185186SYSTEM AND METHOD FOR PROTECTING DATA ON A MOBILE DEVICE - Methods and systems are disclosed for protecting data on a mobile device. A data protection module on the mobile device receives a transmission including a secret key. The secret key is used in encrypting data on the device and is then deleted. Subsequent to an event detectable to the mobile device, the data protection module receives another transmission including said secret key. The secret key is then used to decrypt the encrypted data.07-28-2011
20100174916Universal File - A system for processing a universal media file is provided. The system includes a universal file recognition module that processes a universal media file based on a key. A key protection module provides the key based on a business relationship.07-08-2010
20100174915TURNOVER CONTROLLER - This disclosure solves the problem of data security of transactions and turnovers in all distribution levels, including monitoring by the appropriate government institutions, in order to prevent tax avoidance, VAT fraud, smuggling, bootlegging, diversion of original goods from the distribution system and infiltration into the distribution system of counterfeited and original goods without payment of customs, tax and excise duties.07-08-2010
20100174918Personal Digital Server (PDS) - Personal Digital Server (“PDS”) is a unique computer application for the storage, updating, management and sharing of all types of digital media files, including audio, video, images and documents, irrespective of their format. PDS provides users with a single location to store and access, both locally and remotely, all of their digital media. It also provides the user total control of the overall management of these assets.07-08-2010
20120272070INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM AND INFORMATION PROCESSING METHOD, AND PROGRAM - An apparatus and method configured to identify the type of a content to be copied and perform a copying process in a sequence according to the result of identification is provided. In an information processing apparatus configured to perform the copying process for copying recorded data in an information recording medium to other media or the like, the type of the data recorded in the recording medium of a copy source is identified. More specifically, whether the type of the content to be copied is either a reproduction-pass-specific content which sets a reproduction pass corresponding to the information processing apparatus and causes the information processing apparatus to execute the reproduction according to the reproduction pass, or a content-code-applied content which verifies the reproduction sequence to be executed in the reproducing apparatus and verifies whether the reproduction process is executed according to the correct reproduction sequence is discriminated, and an optimal sequence is applied on the basis of the result of discrimination, whereby the copying process is executed. In this configuration, a reliable copying process on the basis of the optimal process according to various data types is realized.10-25-2012
20120173883SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.07-05-2012
20120317422Method, apparatus and system for acquiring service by portable device - The disclosure provides a method, an apparatus and a system for acquiring a service by a portable device, in order to solve the problem that the security of the user information saved in the portable device is affected as the portable device uses an illegal User Interface (UI) on a Personnel Computer (PC) in the related art. The method includes: the portable device receives the data information of each slice computed by the UI according to the first algorithm in the UI itself and identification information of each slice saved, matches the received data information of each slice with the corresponding data information of each slice saved in the portable device itself, and verifies whether the UI is legal according to the matching result. When using a UI, the portable device sends slice information of a file to the UI to verify the legality of the UI, and does not acquire the service through the UI until the verification is passed, so as to prevent the portable device from using an illegal UI and ensure the security of the user information saved in the portable device.12-13-2012
20110191593Software License Embedded In Shell Code - Software application protection methods and systems for protecting and verifying licensing of an original application. The system reads the original application executable, and generates a shelled application comprising the original application and a shell containing the license information. The shelled application implements license APIs, and establishes secure communications within the shelled application between the original application and the shell. Licensing for the original application can be verified by the shelled application alone.08-04-2011
20110197075ELECTRONIC DEVICE AND POWER ADAPTER THEREOF AND METHOD FOR IDENTIFYING POWER ADAPTER - An electronic device includes a detection module, an identification code generation module, a decryption module, a comparison module, and a control module. The detection module transmits a detection signal after detecting that a power adapter is connected to the electronic device. The identification code generation module randomly generates an encrypted identification code after receiving the detection signal. The decryption module decrypts the identification code to generate a first decryption code. The comparison module compares a second decryption code that has been fed back from the power adapter after the power adapter receiving the detection signal, with the first decryption code. The control module controls the electronic device to receive power from the power adapter when the first decryption code is the same as the second decryption code.08-11-2011
20100299536ELECTRONIC DISCOVERY COMPUTER PROGRAM PRODUCT - A system, apparatus, method, and computer program product for electronically stored file profiling and conversion including converting printable files to images, supported by meta-data, and one or more searchable master text files.11-25-2010
20100299534DATA STORAGE DEVICE AND DATA STORAGE SYSTEM - In a data storage device, unauthorized access to stored data in the data storage device can be effectively prevented by encrypting and storing security data needed for data encryption, setting an encryption key to encrypt/decrypt the security data by a user, and receiving the encryption key from a host, if necessary, not storing the encryption key in the data storage device.11-25-2010
20100299531Methods for Processing Genomic Information and Uses Thereof - Methods for processing and storing genomic information in a secure manner are described. In particular, methods for processing, splitting and storing genomic information or portions thereof are disclosed. An individual's genomic information is digitized and a splitting algorithm applied to fragment and randomise the digitized genomic information into at least two separate datasets. Access to at least one dataset is retained by the individual and the second dataset is stored on a central server as a secure database record. Each dataset in isolation presents uninformative data and it is only when all datasets are combined that the data is capable of being presented into a useable and informative format.11-25-2010
20100049989Digital content management method and apparatus for mobile terminal - A mobile terminal includes an apparatus configured to perform content management method. When a DRM content that is not playable owing to license expiration is found during the content playback mode, the non-playable DRM content can be removed, moved to a pre-specified folder, or license-renewed according to settings. The content management method includes: playing back a content selected from a given content list during a content playback mode; finding, during the content playback mode, an expired DRM content that is not playable owing to license expiration; determining, when an expired DRM content is found, a handling option for the expired DRM content; and performing one of deleting the expired DRM content, moving the expired DRM content, and renewing the license associated with the expired DRM content, according to the determined handling option.02-25-2010
20100049988METHOD FOR ACCESS TO A PORTABLE MEMORY DATA SUPPORT WITH AUXILIARY MODULE AND PORTABLE MEMORY DATA SUPPORT - A method, a memory data carrier (02-25-2010
20120179917CODE SIGNING SYSTEM AND METHOD - A code signing system and method is provided. The code signing system operates in conjunction with a signed software application having a digital signature and includes an application platform, an application programming interface (API), and a virtual machine. The API is configured to link the software application with the application platform. The virtual machine verifies the authenticity of the digital signature in order to control access to the API by the software application.07-12-2012
20120179916SYSTEMS AND METHODS FOR SECURING VIRTUAL MACHINE COMPUTING ENVIRONMENTS - Systems and methods are provided for securing data in virtual machine computing environments. A request is received for a security operation from a first virtual machine operating in a host operating system of a first device. In response to receiving the request, a first security module executes the security operation, the first security module implemented in a kernel of the host operating system. The result of the security operation is provided to the first virtual machine.07-12-2012
20120179918METHOD AND A SYSTEM FOR PROVIDING A DEPLOYMENT LIFECYCLE MANAGEMENT OF CRYPTOGRAPHIC OBJECTS - A system and a method for cryptographic objects (CO) deployment life-cycle management comprising: at least one execution unit (07-12-2012
20120179915SYSTEM AND METHOD FOR FULL DISK ENCRYPTION AUTHENTICATION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for authenticating a user logging in to an operating system stored on an encrypted drive. A system configured to practice the method presents a login prompt and receives credentials from a user. The system accesses the operating system on the encrypted drive based on the credentials and starts the operating system. Then the system authenticates the user on the operating system based on the credentials, such as via login forwarding. The system can set up a unified login by receiving a request to encrypt a storage device, and based on received user credentials, generating user data associated with logging in to an operating system on the computing device and user data for encrypting the storage device. The system stores the user data in a manner to enable a unified login boot prompt.07-12-2012
20100011225INFORMATION TERMINAL, SECURITY DEVICE, DATA PROTECTION METHOD, AND DATA PROTECTION PROGRAM - An information terminal that decrypts sealed data without returning program data after update to the state before update. The information terminal includes update certificate storage unit 01-14-2010
20100011224SYSTEM AND METHOD FOR PRODUCING AND CHECKING VALIDATION CERTIFICATES - A system, method, and computer program product for computing a digest value of a document, one or more schemas, and a validation report. The validation report indicates a validation status of the document based on the schema or schemas. The digest value is encrypted to produce a digital signature of the document, the schema or schemas, and the validation report.01-14-2010
20110107111INFORMATION CARRIER COMPRISING ACCESS INFORMATION AND DUMMY INFORMATION - The invention relates to an information carrier for holding user information, the information carrier comprising access information for accessing the user information, the access information being stored in a pre-determined first region on the information carrier. The information carrier further comprises at least one further region different from the first region, the further region comprising dummy information.05-05-2011
20120254625PROTECTING STATES OF A CRYPTOGRAPHIC PROCESS USING GROUP AUTOMORPHISMS - In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of rounds, the cipher is hardened against an attack by a protection process which obscures the cipher states and/or the round keys using the properties of group field automorphisms and applying multiplicative masks (instead of conventional XOR masks) to the states of the cipher, for encryption or decryption. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during its execution. This method and the associated computing apparatus are useful for protection against known attacks on “White Box” ciphers, by eliminating XOR operations with improved masking techniques and increasing complexity of reverse engineering and of attacks.10-04-2012
20120254624THREE PARTY ATTESTATION OF UNTRUSTED SOFTWARE ON A ROBOT - Various technologies pertaining to three-party attestation of untrusted software on a robot are described herein. A robot includes trusted firmware, which includes read-only instructions. The robot also includes untrusted software. An attestation server is in communication with the robot by way of a network stack in the untrusted software. Messages are selectively transmitted amongst the firmware, the untrusted software, and the attestation server in connection with attesting to the untrusted software.10-04-2012
20120254626STORAGE MEDIA DEVICE AND RECORDING APPARATUS - A storage media device includes a user-data storage section that is capable of storing encrypted user data; a key-information storage section that is capable of storing key information for decrypting the encrypted user data; a key-information deleting section that performs electrical processing for deleting the key information stored by the key-information storage section; a first switch that is manually operated by a user to issue an instruction for operating the key-information deleting section; a battery that supplies power for operating the key-information deleting section; and a display section that displays that the key-information deletion performed by the key-information deleting section is completed.10-04-2012
20120260104METHOD FOR TESTING ELECTRICAL COMPONENTS IN MAINS SUPPLY, IN PARTICULAR IN BUILDING - A test comment is transmitted by a test unit in the form of a data transmission via a mains supply to one or more electric components of a network. Each electric component that receives a transmitted test command transmits a test response that characterizes each electric component, in the form of a data transmission via the mains supply back to the test unit, the transmitted response being then evaluated in the test unit.10-11-2012
20120185700SYSTEM AND METHOD FOR SUPPORTING JIT IN A SECURE SYSTEM WITH RANDOMLY ALLOCATED MEMORY RANGES - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for processing just-in-time code at a device that enforces a code signing requirement. The disclosure includes receiving computer code, where a portion of the code includes executable just-in-time code, at a device that enforces a code signing requirement; identifying the unsigned just-in-time executable portion of code; allocating a randomly selected memory region on the device for at least some of the unsigned just-in-time executable portion; and executing the unsigned just-in-time executable portion of code in the randomly selected memory region as if the unsigned just-in-time executable portion of code was signed computer code.07-19-2012
20120185699SPACE-EFFICIENT ENCRYPTION WITH MULTI-BLOCK BINDING - Exemplary embodiments include an encryption method in a computer system having a processor and a memory operatively coupled to the processor, the method including receiving a cleartext key in the memory, the encryption key having a plurality of segments including segment K07-19-2012
20090327754COMMUNICATIONS TERMINAL, STORAGE MEDIUM STORING COMMUNICATION TERMINAL CONTROLLING PROGRAM, COMMUNICATION TERMINAL CONTROLLING METHOD, STORAGE MEDIUM STORING COMMUNICATION CONTROLLING PROGRAM AND AUTHENTICATION SYSTEM - A communication terminal 12-31-2009
20090319801Security-Enhanced Storage Devices Using Media Location Factor in Encryption of Hidden and Non-Hidden Partitions - Methods and devices for increasing or hardening the security of data stored in a storage device, such as a hard disk drive, are described. A storage device provides for increased or hardened security of data stored in hidden and non-hidden partitions of a storage medium in the device. An algorithm may be utilized for deriving a key that is used to encrypt or decrypt text before it is read from or written to the hard disk. The algorithm accepts as input a specific media location factor, such as an end address or start address of the block where the text is being read from or written to, and a secret key of the storage component. The output of the algorithm is a final key that may be used in the encryption and decryption process. Thus, in this manner, the final key is dependent on the location of the block where the data is being written or read, thereby making it more difficult to tamper with the data, which may be stored in a hidden or non-hidden partition of a hard disk.12-24-2009
20120260101ENCRYPTION OF MEMORY DEVICE WITH WEAR LEVELING - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for encryption of a memory device with wear leveling. In one aspect, a method includes accessing an address map of the memory device, the address map referencing first memory locations and second memory locations of the memory device, wherein the first memory locations store data that are to be encrypted by a full disk encryption operation on the memory device; designating the second memory locations as being encrypted without performing an encryption operation on the second memory locations; and encrypting only the data stored in the first memory locations of the memory device so that the data of the first memory locations and the second memory locations are designated as being disk encrypted.10-11-2012
20120221863AUTHENTICATION SYSTEM - The present invention aims to provide an authentication system that can accurately identify a genuine product. In an authentication system, a host instructs an authentication chip master to start authentication. In conjunction with the authentication start execution instruction, the host instructs a timer counter to start timer counting. In response to the authentication start execution instruction from the host, the authentication chip master outputs a challenge code to an authentication chip slave. The authentication chip slave performs an encryption process with respect to the challenge code. Then, the authentication chip slave outputs a response code obtained as the result of the encryption process, to the authentication chip master. Then, the authentication chip master performs a response code matching process, and outputs the authentication result to the host. In response to the authentication result, the host stops timer counting, and performs a verification process to accurately identify the genuine chip.08-30-2012
20120260102SYSTEM AND METHOD FOR EXECUTING AN ENCRYPTED BINARY FROM A MEMORY POOL - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for executing encrypted computer code. A system configured to practice the method receives a request to execute encrypted computer code. In response to the request, the system identifies a portion of the encrypted computer code for execution and decrypts the portion to yield decrypted computer code. Then the system stores the decrypted computer code in a pool of memory and executes the decrypted computer code from the pool of memory. The system can store the decrypted computer code in the pool of memory based on a randomization algorithm so that identical executions of the encrypted computer code result in selections of different available memory locations within the pool of memory. Related portions can be stored non-consecutively in the pool of memory. The pool of memory can store different portions of decrypted computer code over time.10-11-2012
20090019290METHOD AND CENTRAL PROCESSING UNIT FOR PROCESSING ENCRYPTED SOFTWARE - The present invention provides a central processing unit for processing at least one encrypted software. The encrypted software comprises at least one encrypted software section. The encrypted software section is encrypted with a management key MK, and the MK being encrypted with a device key DK as a encrypted MK. The central processing unit comprises processing and cache unit, and cryptographic unit. The cryptographic unit comprises device key storage unit for storing the DK, a plurality of management key storage units for storing MKs, wherein each management key storage unit corresponding to a management key index MKI, and decryption unit. The decryption unit decrypts a encrypted MK with the DK to obtain a MK, stores the MK to a management key storage unit, and output a MKI corresponding to the management key storage unit, thus the MKI is used to correspond to the encrypted software section. Wherein, the decryption unit invokes corresponding MK according to the MKI and decrypts the encrypted software section, and directly transfers the decrypted software code and/or data to the processing and cache unit.01-15-2009
20120260103SECURITY CIRCUIT USING AT LEAST TWO FINITE STATE MACHINE UNITS AND METHODS USING THE SAME - A security circuit using at least two finite state machine units for storing data to and reading data from a multiport memory in a pipelined manner and an intermediate memory, for facilitating transfer of data between the at least two finite state machines. The security circuit may be used to perform key setup and/or data ciphering faster. The security circuit may operate in any environment where the key is changed every frame, for example, a wireless LAN application and the security circuit may operate in conjunction with, or as part of, a MAC controller.10-11-2012
20120233471SENSITIVE DATA ALIASING - Database management and security is implemented in a variety of embodiments. In one such embodiment, data sets containing sensitive data elements are analyzed using aliases representing sensitive data elements. In another embodiment, the sensitive data elements are stored in an encrypted form for use from a secure access, while the alias is available for standard access.09-13-2012
20080301466METHODS FOR PROGRAM VERIFICATION AND APPARATUSES USING THE SAME - An embodiment of an apparatus for downloading and/or executing programs from a tool resident on a computer host is disclosed. The apparatus comprises an external flash memory storing a program, and a processor for validating the tool when detecting that the computer host connects to the apparatus. The processor permits the computer host to update the program of the external flash memory after determining that the tool has been successfully verified.12-04-2008
20080301465PROTECTION OF SOFTWARE TRANSMITTED OVER AN UNPROTECTED INTERFACE - The same level of protection and ability to associate rights to media content available with a stand alone media player is provided with a software media player. In an example configuration, a peripheral device comprising an optical disc drive capable of reading HD DVD media, and comprising a flash memory microcontroller with cryptographic capabilities, is coupled to a host game console via a universal serial bus (USB) interface. Media content from the peripheral device is rendered on the host game console. Software protection and management are provided utilizing various cryptographic keys and protocols. Software protection and management meets the prescribed rules of the Advanced Access Content System (AACS) license agreement with respect to consumer electronics players while allowing the playback of media content (e.g., movies) to be performed by software.12-04-2008
20120266000TRUSTED STORAGE SYSTEMS AND METHODS - Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited.10-18-2012
20110004771ELECTRONIC TERMINAL, CONTROL METHOD, COMPUTER PROGRAM AND INTEGRATED CIRCUIT - An electronic terminal performs early detection of unauthorized analysis thereon and prevents unauthorized acquisition and falsification of confidential information that is not to be released to a third party. The electronic terminal stores confidential information that is protected by consecutive application of a plurality of protection measures for defense against an attack from a third party. The electronic terminal monitors for attacks to the protection measures from an external source, and upon detecting an attack on one protection measure, updates a protection state of the confidential information to a new protection state in which either a new protection measure has been added to a protection path from the one attacked protection means to the confidential information, or the one protection measure on the path has been updated to a higher defense level.01-06-2011
20110131424ZERO DIVISORS PROTECTING EXPONENTIATION - The invention relates to a method and to an electronic device for securing the computation of a modular exponentiation x=m06-02-2011
20110131423SYSTEM AND METHOD FOR SECURING A USER INTERFACE - The invention relates to a method for securing a user interface that comprises a user interface including one or more peripheral hardware devices of the user interface for interaction with said interface, said peripheral hardware devices being driven by driver software, and one or more applications using the user interface. The invention also relates to a method for securing such an interface. The system of the invention is characterised in that the same further comprises a hypervisor and one or more virtual machines, the drivers of the peripheral hardware devices of the user interface being divided into two portions, i.e. a main portion of said drivers under the control of the hypervisor and a front-end portion of said drivers under the control of the virtual machines, wherein the front-end portion of the securing software component is in charge of managing the front-end portion of the drivers and the main portion of the securing software component is in charge of managing the main portion of the drivers. The invention can particularly be used in onboard systems.06-02-2011
20110131422Systems and Methods Using Cryptography to Protect Secure Computing Environments - Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)—allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment. Several dissimilar digital signature algorithms may be used to reduce vulnerability from algorithm compromise, and subsets of multiple digital signatures may be used to reduce the scope of any specific compromise.06-02-2011
20110131421METHOD FOR INSTALLING AN APPLICATION ON A SIM CARD - A method of installing an application on a SIM card is disclosed. A host agent in a host device installs an application on a Subscriber Identity Module card from a non-volatile storage device. The host agent coordinates mutual authentication between the non-volatile storage device and a Subscriber Identity Module card in the host device. If the mutual authentication is successful, the host agent reads an application from the non-volatile storage device and installs the application on the Subscriber Identity Module card, wherein installing the application enables the Subscriber Identity Module card to execute the application. The application may be protected from tampering or unauthorized copying during the host agent transfer by creation of a secure communication channel or transferring encrypted applications. The Subscriber Identity Module card may verify the signature associated with an application before installation to prevent the installation of unauthorized or tampered applications.06-02-2011
20110131420COMPUTING ENTITIES, PLATFORMS AND METHODS OPERABLE TO PERFORM OPERATIONS SELECTIVELY USING DIFFERENT CRYPTOGRAPHIC ALGORITHMS - Described herein is a computing platform incorporating a trusted entity, which is controllable to perform cryptographic operations using selected ones of a plurality of cryptographic algorithms and associated parameters, the entity being programmed to record mode of operation information, which is characterised by the algorithms and associated parameters that are selected to perform an operation.06-02-2011
20110131419SEARCHING DATA - A device or “dongle” (06-02-2011
20120239942Preservation of User Data Privacy in a Network - An example apparatus is provided that receives a pseudonym and encrypted identifier, where the pseudonym is of a user's personal data. The pseudonym has been generated using a first secret key, and the encrypted identifier has been generated by encrypting the identifier using a second secret key. The first and second secret keys are known to other user(s) authorized to access the data, and are unknown to the apparatus. The operations also include storing the personal data in a database under the pseudonym, and indexed by the encrypted identifier. The keys used for encryption and pseudorandom generation can be provided by a second apparatus (e.g. an offline security manager), which may employ a proxy re-encryption scheme to provide proper keys to the apparatus based on access policies. Only the authorized users can decrypt the keys with their private keys, thus can query the user records stored in the apparatus.09-20-2012
20120239941PROGRAMMABLE CONTROLLER SYSTEM, TOOL DEVICE, TOOL PROGRAM, STORAGE MEDIUM, AND PROGRAMMABLE CONTROLLER - A programmable controller system, a tool device, a tool program, a storage medium, and a programmable controller capable of affording greater convenience in terms of preventing unauthorized use of user program running on the programmable controller. In the programmable controller system, the tool device sets up a first user program execution ID in a second non-volatile memory provided in the PLC and sets up a second user program execution ID in a project provided in the tool device. The PLC performs a matching operation to determine whether or not the first user program execution ID matches the second user program execution ID and blocks the execution of the user program if there is a mismatch.09-20-2012
20120265999PROCESSING DATA STORED IN EXTERNAL STORAGE DEVICE - An external storage device connectable to an information processing apparatus is provided. The storage device includes: an input/output interface via which data is exchanged with an information processing apparatus; a first storage region where data associated with first and second validity periods is stored; and a second storage region where a control program is stored. While the first validity period is used when the external storage device is connected to one information processing apparatus, the second validity period is used when the external storage device is connected to another information processing apparatus. The control program causes a processor to execute the steps of: establishing connection of the external storage device to an information processing apparatus; identifying any one of the validity periods as a validity period to be used for the data; and executing predetermined security protection processing on the data in accordance with the identified validity period.10-18-2012
20110239004MEMORY DEVICE, HOST DEVICE, AND MEMORY SYSTEM - A memory device includes: a storage unit that stores public key information of a certificate authority for verifying a certificate and includes a secret area storing data of which secrecy is assured; and a control unit that controls access to the storage unit depending on reception information, wherein the reception information includes information where access control information is added to certificate information authenticated by the certificate authority, and the control unit verifies the certificate using the public key, identifies the access control information, and limits the accessible secret area in the storage unit.09-29-2011
20120324236Trusted Snapshot Generation - A hypervisor provides a snapshot protocol that generates a verifiable snapshot of a target machine. The verifiable snapshot includes a snapshot and a signed quote. In one implementation, a challenger requests a snapshot of the target machine. In response to the snapshot request, the hypervisor initiates Copy-on-Write (CoW) protection for the target machine. The hypervisor snapshots and hashes each of the memory pages and the virtual central processing unit (CPU) of the target machine. The hypervisor generates a composite hash by merging all individual memory page hashes and the CPU state hash. The hypervisor requests a quote including integrity indicators of all trusted components and the composite hash. The quote uses a cryptographic signature from a trusted platform module, which ensures that any compromise of the integrity of the snapshot is detectable. The snapshot and signed quote are returned to the challenger for verification.12-20-2012
20120272071Gaming Security System - Verification of software to be run in a secure environment is performed by comparing a critical portion of the executable boot program code in an EPROM with code stored in a logic circuit. The comparison may be performed before the code to be verified is run or while it is running. in the event that the validation fails certain critical functions of the platform are inhibited to prevent fraudulent operation of the platform. The system is particularly applicable to gaming machines to avoid cheating.10-25-2012
20120324242METHOD AND SYSTEM FOR FULLY ENCRYPTED REPOSITORY - According to an embodiment of the present invention, a method for using information in conjunction with a data repository includes encrypting data associated with the information with an encryption key, sending at least the encrypted data to the data repository, and possibly deleting the information. The method also includes receiving a request for the information from a remote device, and sending a request for the encrypted data to the data repository. The method further includes receiving the encrypted data from the data repository, decrypting the encrypted data using the encryption key, and sending the information to the remote device.12-20-2012
20120324243CRYPTOGRAPHIC PROCESSING APPARATUS, CRYPTOGRAPHIC PROCESSING METHOD, AND COMPUTER PROGRAM THEREFOR - A processing unit transforms first input information into first nonlinear transformed information that is transformed into first linear transformed information, and transforms second input information into second nonlinear transformed information that is transformed into second linear transformed information. An exclusive- or section performs an exclusive- or operation based on the first and second linear transformed information. When the first nonlinear and linear transformed information are expressed as a first and second sequence vector, respectively, and the second nonlinear and linear transformed information are expressed as a third and fourth sequence vector, respectively, then a first row vector chosen from a first inverse matrix of a first matrix that transforms the first sequence vector to the second sequence vector, and a second row vector chosen from a second inverse matrix of a second matrix that transforms the third sequence vector to the fourth sequence vector, are linearly independent.12-20-2012
20120324237CLOUD KEY DIRECTORY FOR FEDERATING DATA EXCHANGES - Embodiments are directed to facilitating data transfer using an anonymous directory and to providing attribute-based data access to identified users. In an embodiment, a computer system instantiates an anonymous directory that stores data in various client-specific directories for different clients. The anonymous directory is configured to provide data access according to access controls defined and managed by the client. The computer system receives a data request from a user that identifies the user and specifies a portion of data that is to be returned to the user. The computer system determines which of the client's data is to be returned to the user based on the client's specified access controls. The access controls grant access to specified data in some of the client-specific directories, based on the user's identity. The computer system then provides the determined data to the user.12-20-2012
20120324239METHOD AND DEVICE FOR OPERATING A VIRTUAL MACHINE IN ACCORDANCE WITH AN ASSOCIATED INFORMATION ON ASSIGNMENT OF RIGHTS - Virtual machines are used in the utilization of distributed computer infrastructures to be able to distribute the workload to individual computers in as flexible a manner as possible. For this purpose, it is necessary to restrict the use of the virtual machine in a robust manner by regulatory or administrative defaults. A method protects a virtual machine during the migration, storage or operation thereof by way of digital rights management and encryption. For this purpose, the hypervisor or the virtual machine monitor as well as the virtual machine are expanded by corresponding functionalities.12-20-2012
20120324238INFORMATION PROCESSING APPARATUS, VERIFICATION METHOD, AND STORAGE MEDIUM STORING VERIFICATION PROGRAM - A novel information processing apparatus prevents unauthorized software from running with a hash value whose bit length is longer than each register in a transfer platform module 12-20-2012
20110213987CONTROLLER FOR DATA STORAGE DEVICE, DATA STORAGE DEVICE, AND CONTROL METHOD THEREOF - According to one embodiment, a controller that controls a data storage device provided with a storage module that stores data encrypted with a first key includes an input/output module, encryption/decryption modules, and a connector. The input/output module manages data input and output between the storage module and a host. The encryption/decryption modules are switched to function as an encryptor or a decryptor. The connector changes connection between the encryption/decryption modules and the host. When encrypted data is backed up, one of the encryption/decryption modules is switched to function as a decryptor, while the other is switched to function as an encryptor. The decryptor, the encryptor, and the host are connected in series. The encrypted data is decrypted by the decryptor with the first key and is then encrypted by the encryptor with a second key to be output to the host.09-01-2011
20120324241SEMICONDUCTOR DEVICE - A semiconductor device in related art has a problem that security on confidential information stored is insufficient. A semiconductor device of the present invention has a unique code which is unique to a device and generates unique code corresponding information from the unique code. The semiconductor device has a memory region in which specific information obtained by encrypting confidential information is stored in a region associated with the unique code corresponding information. The specific information read from the memory region is encrypted with the unique code corresponding information to generate the confidential information.12-20-2012
20120324240SECURE SEARCH SYSTEM, PUBLIC PARAMETER GENERATION DEVICE, ENCRYPTION DEVICE, USER SECRET KEY GENERATION DEVICE, QUERY ISSUING DEVICE, SEARCH DEVICE, COMPUTER PROGRAM, SECURE SEARCH METHOD, PUBLIC PARAMETER GENERATION METHOD, ENCRYPTION METHOD, USER SECRET KEY GENERATION METHOD, QUERY ISSUING METHOD, AND SEARCH METHOD - In a secure search system to be used by a plurality of users, the size of a ciphertext is reduced and the need to generate a new ciphertext when a new user is added is eliminated. A public parameter generation device 12-20-2012
20110239002DIFFERENTIAL UNCLONEABLE VARIABILITY-BASED CRYPTOGRAPHY - Differential uncloneable variability-based cryptography techniques are provided. The differential cryptography includes a hardware based public physically uncloneable function (PPUF) to perform the cryptography. The PPUF includes a first physically uncloneable function (PUF) and a second physically uncloneable function. An arbiter determines the output of the circuit using the outputs of the first and second PUFs. Cryptography can be performed by simulating the PPUF with selected input. The output of the simulation, along with timing information about a set of inputs from where the corresponding input is randomly selected for simulation, is used by the communicating party that has the integrated circuit with the PPUF to search for an input that produces the output. The input can be configured to be the secret key or a part of the secret key.09-29-2011
20100250963EXTERNAL STORAGE DEVICE, AS WELL AS METHOD, PROGRAM AND INFORMATION PROCESSING APPARATUS FOR PROCESSING DATA STORED IN EXTERNAL STORAGE DEVICE - An external storage device connectable to an information processing apparatus is provided. The storage device includes: an input/output interface via which data is exchanged with an information processing apparatus; a first storage region where data associated with first and second validity periods is stored; and a second storage region where a control program is stored. While the first validity period is used when the external storage device is connected to one information processing apparatus, the second validity period is used when the external storage device is connected to another information processing apparatus. The control program causes a processor to execute the steps of: establishing connection of the external storage device to an information processing apparatus; identifying any one of the validity periods as a validity period to be used for the data; and executing predetermined security protection processing on the data in accordance with the identified validity period.09-30-2010
20090100272ANTI-ROLL-BACK MECHANISM FOR COUNTER - A method of maintaining a version counter indicative of a version of memory content stored in a processing device. The method comprises selectively operating the device in a first or second mode. Access to the first mode is limited to authorised users and controlled separately from access to the second mode. In the first mode at least an initial integrity protection value is generated for cryptographically protecting an initial counter value of said version counter during operation of the processing device in the second mode; wherein the initial counter value is selected from a sequence of counter values, and the initial integrity protection value is stored as a current integrity protection value in a storage medium. In the second mode, a current counter value is incremented to a subsequent counter value; wherein incrementing includes removing the current integrity protection value from said storage medium.04-16-2009
20120278632METHOD AND APPARATUS FOR SECURING PROGRAMMING DATA OF A PROGRAMMABLE DEVICE - Configuration data for a programmable integrated circuit device is at least partially encrypted according to at least one encryption scheme. A plurality of key stores store a plurality of decryption keys for the at least one encryption scheme. Control circuitry identifies a required key from the at least partially encrypted configuration data and generates a key selection signal. Key selection circuitry responsive to the key selection signal reads the plurality of key stores and provides the required key to the control circuitry. The control circuitry may include decryption circuitry that decrypts the at least partially encrypted configuration data using the required key. In some embodiments, different portions of the configuration data, which may represent separate partial reconfigurations of the device, require different decryption keys. Keys may be generated from combinations of the contents of the key stores.11-01-2012
20120278633METHOD AND SYSTEM FOR MANAGING INFORMATION ON MOBILE DEVICES - A system and method for protecting information on a mobile device. The method and apparatus obtain a predetermined portion of asymmetric information upon an input of the asymmetric information in the mobile device; generate an identifier by using a first generating algorithm that uses the predetermined portion of the asymmetric information as an algorithm input; generate an encryption key by using a second generating algorithm that uses the predetermined portion of the asymmetric information as an algorithm input; generate ciphered information by using an encryption algorithm that uses the encryption key and the information as algorithm inputs; associate the identifier with the ciphered information; and store the ciphered information as associated with the identifier.11-01-2012
20110264920SYSTEMS AND METHODS FOR COMMUNICATION, STORAGE, RETRIEVAL, AND COMPUTATION OF SIMPLE STATISTICS AND LOGICAL OPERATIONS ON ENCRYPTED DATA - Systems and methods provide for a symmetric homomorphic encryption based protocol supporting communication, storage, retrieval, and computation on encrypted data stored off-site. The system may include a private, trusted network which uses aggregators to encrypt raw data that is sent to a third party for storage and processing, including computations that can be performed on the encrypted data. A client on a private or public network may request computations on the encrypted data, and the results may then be sent to the client for decryption or further computations. The third party aids in computation of statistical information and logical queries on the encrypted data, but is not able to decrypt the data on its own. The protocol provides a means for a third party to aid in computations on sensitive data without learning anything about those data values.10-27-2011
20120089849COOKIE MANAGEMENT SYSTEM AND METHOD - A system for managing cookies in a client device on a network includes a communication module, a cookie parser, an encryption module, and a storing module. The communication module sends an HTTP request to a web server on the network, and the cookie parser extracts any cookie data from the HTTP response by the web server. The encryption module encrypts the cookie data and the storing module stores the encrypted data in a memory area of the client device.04-12-2012
20120331305ENCRYPTION PROCESSING APPARATUS - In order to reduce the number of data transfers and to increase parallel processing of decryption processing and authentication processing, an encryption processing apparatus is provided that includes an input/output data that processes input/output data to an encryption/decryption processing unit and an authentication processing unit, where the input/output data processing unit calculates a parameter used by the authentication processing unit from input data to the input/output data processing unit and forms input data to the authentication processing unit from the calculated parameter or a parameter calculated from data processed by the encryption/decryption processing unit and the input data to the input/output data processing unit.12-27-2012
20110276807REMOTE UPDATE METHOD FOR FIRMWARE - The present invention relates to a remote update method for a firmware, in which the encoded firmware is decoded and updated using the XOR table, checksum, and signature stored in the header of the remotely updated new firmware in the update of an automated teller machine, thereby updating the firmware in a convenient manner without moving the automated teller machine to the outside, thus improving the efficiency of managing the machine and preventing illegal operations of the automated teller machine performed by external hacking using a network.11-10-2011
20110276806Creation and Delivery of Encrypted Virtual Disks - The present application is directed to methods and systems for receiving a request for a virtual disk and creating a virtual disk that includes the virtual disk attributes identified in the request or determined by an organization's security policies. The created virtual disk can then be encrypted and in some aspects, an encryption key for the encrypted virtual disk can be stored in an encryption key database. Upon creating and encrypting the virtual disk, the virtual disk can be transmitted to a client. The client, upon receiving the encrypted virtual disk, can mount the virtual disk into the client system. The encrypted virtual disk may be stored as a file within an unencrypted virtual disk, and the unencrypted virtual disk backed up to a local or remote storage location.11-10-2011
20110276805System and Method for Third Party Creation of Applications for Mobile Appliances - The creation of an application for any mobile appliance, for example Apple's iPhone, requires several elements to be present at compile time. In the Apple example of an enterprise application where an entity wishes to develop applications internally for its staff, two of these elements are the source code and a digital certificate. These must be combined in the compiler so that the application may be properly authorized to run in the appliance. Where the owner of the source code and the owner of the digital certificate are not the same, serious concerns arise because each element must be secured. An intermediating system and method are described that allows each party to cooperate securely through a third party escrow service to produce the complied application whilst leaving no unwanted residue of the independent parts.11-10-2011
20120331306Adjustable resolution media format - A play limit is set for a media file. The play limit can be, for example a date, or a number of times that the file has been played. When the file exceeds the play limit, the quality of the file playing is degraded.12-27-2012
20120331304KEY BASED SECURE OPERATING SYSTEM WITH SECURE DONGLE AND METHOD, AND CRYPTOGRAPHIC METHOD - A security interface system creates plausible deniability, and consists of a security interface device having a port for a releasable connection to a PC and to a memory key containing an encrypted operating system, the interface device containing logic to decrypt the memory key and a plaintext bootloader, and a further port for a memory card containing a key. The key is entirely encrypted and appears as random data when inspected. The interface device may have a port(s) for a keyboard and mouse. An encryption and decryption method is described, for decrypting a ciphertext into one of two plaintexts by choice of a key, the choice of which plaintext depending on whether the secret is to be revealed or remain confidential.12-27-2012
20120331303METHOD AND SYSTEM FOR PREVENTING EXECUTION OF MALWARE - A method and system for preventing execution of malware in a computing device. The method includes loading code into a non-executable memory of the computing device and validating an authentication signature associated with the code. Subsequently, the code is decrypted and finally, the decrypted code is executed in an executable memory upon a determination that the authentication signature is valid.12-27-2012
20110320824INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - An information processing method has a request determining part determining a request type for streaming contents from a communicating apparatus, a copy number managing part managing the number of copies permissible for the communicating apparatus when permission of one or more of copies of streaming contents is requested, a stream number managing part managing the number of streams now in communication when the request determining part determines that the communicating apparatus has requested transfer of streaming contents without asking permission of one or more of copies, and to make stop transfer of streaming contents if the number of streams now in communication exceeds a predetermined threshold value, a key-selection processing part selecting a first key corresponding to transfer of streaming contents permissible for one or more of copies or a second key corresponding to transfer of streaming contents for copies with generation management restriction or not permissible for copies, an encryption processing part generating encrypted streaming contents using the first or the second key, and a packet processing part generating a packet that includes the encrypted streaming contents and key information selected by the key-selection processing part and to include information on the number of copies to the packet when the first key is selected.12-29-2011
20110320823TRUSTED SENSORS - Architecture that provides trusted sensors and trusted sensor readings on computing devices such as mobile devices. The architecture utilizes a trustworthy computing technology (e.g., trusted platform module (TPM). In the context of TPM, one implementation requires no additional hardware beyond the TPM and a virtualized environment to provide trusted sensor readings. A second implementation incorporates trusted computing primitives directly into sensors and enhances security using signed sensor readings. Privacy issues arising from the deployment of trusted sensors are also addressed by utilizing protocols.12-29-2011
20120102335REKEYING ENCRYPTION KEYS FOR REMOVABLE STORAGE MEDIA - Provided are a method, system, and article of manufacture for rekeying encryption keys for removable storage media. A rekey request is received for a coupled removable storage media, wherein encryption on the coupled removable storage media uses a first key and wherein the rekey request indicates a second key. The first key and the second key are accessed in response to the rekey request. The first key is used to perform decryption for the coupled removable storage media and the second key is used to perform encryption for the coupled removable storage media.04-26-2012
20120102334System and Method for Hardware Based Security - An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.04-26-2012
20120102333METHOD AND APPARATUS FOR INCLUDING ARCHITECTURE FOR PROTECTING MULTI-USER SENSITIVE CODE AND DATA - A secure execution environment for execution of sensitive code and data including a secure asset management unit (SAMU) is described. The SAMU provides a secure execution environment to run multiple instances of separate program code or data code associated with copy protection schemes established for content consumption. The SAMU architecture allows for hardware-based secure boot and memory protection and provides on-demand code execution for multiple instances of separate program code or data provided by a host processor. The SAMU may boot from an encrypted and signed kernel code, and execute encrypted, signed code. The hardware-based security configuration facilitates the prevention of vertical or horizontal privilege violations.04-26-2012
20100199106MAGNETIC DISK APPARATUS AND CIPHER KEY UPDATING METHOD - According to one embodiment, a magnetic disk apparatus comprises a magnetic disk configured to store encrypted data, a magnetic head configured to read data from and to write data to the magnetic disk, and a recording and reproducing circuit connected to the magnetic head, wherein the recording and reproducing circuit configured to read data from an area of the magnetic disk, to decrypt read data, to re-encrypt decrypted data with changing a cipher key, and to rewrite re-encrypted data in the area of the magnetic disk.08-05-2010
20100199105METHOD FOR PLAYING DIGITAL CONTENTS AND MANAGING LICENSE AND APPARATUS THEREFOR - A method and apparatus for playing digital contents and managing a license, which encrypts a license for digital contents using an IMSI of a SIM card in a portable device, stores the encrypted license, and enables digital contents to be played using a license decrypted by a normal IMSI when the digital contents are requested to be played. In a method for playing digital contents in a portable device, which includes a subscriber identity module (SIM) card, the method includes: calling a license corresponding to the digital contents when the digital contents are requested to be played; when the license is an encrypted license, decrypting the encrypted license; and playing the digital contents as permitted by the decrypted license.08-05-2010
20100199107SECURE EXCHANGE OF INFORMATION IN ELECTRONIC DESIGN AUTOMATION - Described herein are methods and systems for secure exchange of information related to electronic design automation. Information deemed sensitive and otherwise worthy of protection may be secured by methods such as encryption, obfuscation and other security measures. The secured information may be provided to an electronic design automation tool for processing without revealing at least some of the secured information. For instance, rule files related to integrated circuit manufacturability may be selectively annotated to indicate portions thereof deserving of protection. An encryption tool may be used to secure the information so indicated and generate a file comprising secured information related to electronic design automation. An electronic design automation tool may then unlock and use the secured information without revealing the same. For instance, the tool may be a physical verification tool capable of verifying whether any of the one or more integrated circuit layouts may violate one or more of the secured rules. An error report may be generated without revealing the secured rules.08-05-2010
20100199104DEVICE WITH A SECURE VIRTUAL MACHINE - A secure computing device (08-05-2010
20100199103SECURE STORAGE08-05-2010
20100199102Device Having Coded Output of Operational Data - A device for confirming compliance with usage of a breathing gas delivery system that includes at least one sensor for monitoring operating data disposed within the breathing gas delivery system and a device for encoding the monitored operating data and displaying the encoded operating data for reporting to another location.08-05-2010
20100199101Adjustable resolution media format - A play limit is set for a media file. The play limit can be, for example a date, or a number of times that the file has been played. When the file exceeds the play limit, the quality of the file playing is degraded.08-05-2010
20100191980MICROPROCESSOR IN A SECURITY-SENSITIVE SYSTEM - A Microprocessor (07-29-2010
20130013932SECURITY MANAGEMENT SYSTEM AND METHOD FOR LOCATION-BASED MOBILE DEVICE - A method and a system of managing information security for a mobile device in a restricted area based on location information regarding the mobile device are provided. The method includes receiving, by the mobile device, a request for the execution of an application program in a restricted area from a server managing the restricted area, executing, by the mobile device, the application program requested for execution when the program was set to be executable according to a security policy set to the restricted area, encrypting, by the mobile device, a file, created according to the execution of the application program, based on location information regarding the mobile device, and storing the encrypted file.01-10-2013
20130013931SECURE FILE SHARING METHOD AND SYSTEM - Systems and methods are provided for securely sharing data. A processor forms two or more shares of a data set encrypted with a symmetric key, the data set associated with a first user device, and causes the encrypted data set shares to be stored separately from each other in at least one remote storage location. The processor generates first and second encrypted keys by encrypting data indicative of the symmetric key with a first asymmetric key of first and second asymmetric key pairs associated with the first user device and a second user device, respectively, and causes the encrypted key to be stored in the at least one storage location. To restore the data set, a predetermined number of the two or more encrypted data set shares and at least one of the second asymmetric keys of the first and second asymmetric key pairs are needed.01-10-2013
20130013930Data Encryption Management - A method, computer program product, and apparatus for managing encrypted data are provided. A respective set of sectors in each page of the volume is selected for storing data based on a respective key in a number of keys responsive to receiving a request to store the data in the volume and an identification of the number of keys with which users are allowed to store the data in the volume. Selection of the respective set of sectors is a function of a value of the respective key and a number of available sectors within a page and the volume is much larger than the data. The data is encrypted using the respective key to form the encrypted data. The encrypted data is stored in the respective set of sectors in the page in the volume.01-10-2013
20130013933System and Method for Protecting Data on a Mobile Device - Methods and systems are disclosed for protecting data on a mobile device. A data protection module on the mobile device receives a transmission including a secret key. The secret key is used in encrypting data on the device and is then deleted. Subsequent to an event detectable to the mobile device, the data protection module receives another transmission including said secret key. The secret key is then used to decrypt the encrypted data.01-10-2013
20100131772MODULE VALIDATION - A module validation system and methods are disclosed for use with graphical user interfaces provided by a workstation that, among other things, remotely monitor and/or control game and/or gaming devices and/or systems. Validation of modules used in shells that provide graphical user interfaces enables the module validation system to provide users with varying levels of access to a gaming system.05-27-2010
20130019106METHODS AND APPARATUS FOR DIGITAL STEGANOGRAPHY - A computer-implemented digital steganography method includes providing a target dataset comprising a plurality of target data elements, providing a source dataset comprising a plurality of source data elements, and creating a grille dataset configured to map each of the target data elements in the target dataset with a corresponding source data element within the source dataset in accordance with a predefined extraction method.01-17-2013
20130019107FEDERATED DIGITAL RIGHTS MANAGEMENT SCHEME INCLUDING TRUSTED SYSTEMS - Federated systems for issuing playback certifications granting access to technically protected content are described. One embodiment of the system includes a registration server connected to a network, a content server connected to the network and to a trusted system, a first device including a non-volatile memory that is connected to the network and a second device including a non-volatile memory that is connected to the network. In addition, the registration server is configured to provide the first device with a first set of activation information in a first format, the first device is configured to store the first set of activation information in non-volatile memory, the registration server is configured to provide the second device with a second set of activation information in a second format, and the second device is configured to store the second set of activation information in non-volatile memory.01-17-2013
20130019104CELL LEVEL DATA ENCRYPTIONAANM Halas; MiroslavAACI CharlottesvilleAAST VAAACO USAAGP Halas; Miroslav Charlottesville VA USAANM Umamaheswaran; RangarajanAACI Simi ValleyAAST CAAACO USAAGP Umamaheswaran; Rangarajan Simi Valley CA US - Embodiments of the invention provide for cell level data encryption. The methods, apparatus and computer program products herein described provide for the encryption of individual data values without requiring adjacent data valued to also be encrypted. For example, in situations where individual data values are arranged in a database that is visualized as a two-dimensional representation, individual data values may be encrypted without requiring horizontally or vertically adjacent data values to also be encrypted. In situations where data values is transmitted and visualized as a sequential stream of data values, one data value may be encrypted without requiring previous or subsequent data values to be encrypted. In some such examples, an individual data value may be encrypted without requiring the entire transmission channel to be encrypted.01-17-2013
20130019105SECURE SOFTWARE AND HARDWARE ASSOCIATION TECHNIQUEAANM Hussain; Muhammad RaghibAACI SaratogaAAST CAAACO USAAGP Hussain; Muhammad Raghib Saratoga CA US - Authenticated hardware and authenticated software are cryptographically associated using symmetric and asymmetric cryptography. Cryptographically binding the hardware and software ensures that original equipment manufacturer (OEM) hardware will only run OEM software. Cryptographically binding the hardware and software protects the OEM binary code so it will only run on the OEM hardware and cannot be replicated or altered to operate on unauthorized hardware. In one embodiment, critical security information associated with the equipment is loaded from a memory at startup time. The critical security information is stored in the memory, in encrypted form, using a unique secret value. The secret value is used to retrieve a chip encryption key and one or more image authentication keys that can be used to associate program code with an original equipment manufacturer. These keys are used to authenticate the program code.01-17-2013
20110161677SEAMLESSLY ENCRYPTING MEMORY REGIONS TO PROTECT AGAINST HARDWARE-BASED ATTACKS - Systems, apparatuses, and methods, and for seamlessly protecting memory regions to protect against hardware-based attacks are disclosed. In one embodiment, an apparatus includes a decoder, control logic, and cryptographic logic. The decoder is to decode a transaction between a processor and memory-mapped input/output space. The control logic is to redirect the transaction from the memory-mapped input/output space to a system memory. The cryptographic logic is to operate on data for the transaction.06-30-2011
20130024701METHOD AND SYSTEM FOR MANAGING AN ENCRYPTION KEY FOR A BROADCASTING SERVICE - A system and method for managing an encryption key are provided, which include receiving, from a DRM agent, an RO request message for receiving content; generating a KSP including a first key and a second key; applying hash chains with different directions to the first key and to the second key to generate an encryption key for the content; and transmitting, to the DRM agent, a response message including a context element having an identifier of the content and a key information element. The key information element includes a first encryption key element; a rights encryption key information element; and an encryption data element.01-24-2013
20130024700SYSTEM AND METHOD FOR MANIPULATING AND MANAGING COMPUTER ARCHIVE FILES - Certain embodiments of the present invention provide an archive management application that operates within a host application to provide access to an archive and/or allow access to and/or modification of files in an archive using the host application's interface, instead of operating as a separate standalone archive management application. In an embodiment of the present invention, a file archiving system may include a user interface component, a file management component and a compression/extraction engine component. The user interface component may include an enhanced user interface of a host application that provides an interface for a user. The file management component may include a central directory that provides a representation of the contents of an archive. The compression/extraction engine component may include a file size module and/or a security module. The security module may be used to encrypt, decrypt, digitally sign and/or authenticate a file in an archive.01-24-2013
20080256365APPARATUS FOR WRITING INFORMATION ON A DATA CONTENT ON A STORAGE MEDIUM - An apparatus for writing checksum information on a data content on a storage medium. The apparatus has a provider for providing checksum information based on the data content and a writer for writing the data content and the checksum information on the storage medium such that a baseline reader and an enhanced reader can read the data content, the enhanced reader can read and process the checksum information, and the baseline reader ignores, skips or does not read the checksum information.10-16-2008
20080244274Methods and Systems for Processing of n-State Symbols with XOR and EQUALITY Binary Functions - Multi-valued or n-state with n=210-02-2008
20080244273CRYPTOGRAPHIC METHOD USING REDUNDANT BITS AND ADAPTIVE CLOCK FREQUENCY - The present invention discloses a cryptographic method using redundant bits and an adaptive clock frequency, which adds redundant bits and modifies clock frequency to change the contents and transmission rate of the bit sequence to encrypt data. The present invention can combine with the existing security mechanism or cryptographic algorithm, such as AES (Advanced Encryption Standard) or DES (Data Encryption Standard), to achieve a multi-fold security function. Thereby, the present invention can apply to various communication devices to increase the immunity against attacks, promote information security and protect personal privacy.10-02-2008
20080235520Transportable, Configurable Data Carrier For Exchanging Data Between Electrical Devices, and Method Therefor - Adequately designed transportable data carriers are used for different applications. In order to allow for individual, particularly automatically adjustable, interactive configuration and allow also inexperienced users to rapidly transfer data, the invention relates to a data carrier comprising a single interface circuit to be connected to the respective device, a data memory for temporarily storing the data fed by the respective device, input and display means for user-controlled operation and user guidance, and a control unit that is connected to the same and is provided with a program memory for executing application programs and communication functions such that an authentication process is carried out, the transfer mode (master/slave) and the direction of the data transfer are automatically detected, and the adequate transmission type/speed/protocol for downloading the data are selected according to said authentication and identification processes with the aid of the control units for configuration purposes when the data carrier is connected to the respective device, and memory areas of the data memory can be read in and out and deleted only once the authentication process has been successful.09-25-2008
20080235519Data processing method and data processing device - An object is to achieve improvement in efficiency in a case where encoding processing of data and encryption processing are executed in parallel with each other. A program of a first accelerator core out of multiple accelerator cores is reconfigured for encryption processing in order to perform encryption processing on encoded data. At this time, control is extended so that the time required for encoding processing of data for one frame and the total time of the program rewrite time for the first accelerator core and the time which the first accelerator core requires for implementing encryption processing of accumulated encoded data will be nearly equal to each other. The control is performed by a first general-purpose processor out of multiple general-purpose processors. By minimizing a wasted time during which hardware does not execute any arithmetic and logic operation, improvement in efficiency in a case where encoding processing of data and encryption processing are executed in parallel with each other is achieved.09-25-2008
20080235518APPLICATION PROTECTION SYSTEMS AND METHODS - Application protection systems and methods. The system comprises a security platform device comprising a storage unit and a processing unit. The storage unit comprises a root security key and an application security key. The security platform device receives a unique key from an application. The processing unit encrypts the unique key using the root security key, and determines whether the encrypted unique key conforms to the application security key. If so, the application is allowed to execute.09-25-2008
20080229114INFORMATION PROCESSING APPARATUS, SOFTWARE UPDATE METHOD, AND IMAGE PROCESSING APPARATUS - An information processing apparatus, a software update method, and an image processing apparatus capable of encrypting and decrypting information using values uniquely calculated from booted primary modules or booted backup modules with less effort are disclosed. The information processing apparatus includes primary modules and the same kinds of backup modules, and includes a value storage unit storing values calculated from the modules, an encryption information storage unit storing information unique to the modules, an information decryption unit decrypting the information unique to the modules using the values in the value storage unit, and an encryption information update unit, when the module is updated, encrypting the information unique to the modules based on a value calculated from the each kind of the primary modules or the backup modules after the update.09-18-2008
20130173928CRYPTOGRAPHIC DEVICE WITH RESISTANCE TO DIFFERENTIAL POWER ANALYSIS AND OTHER EXTERNAL MONITORING ATTACKS - Techniques usable by devices to encrypt and decrypt sensitive data to in a manner that provides security from external monitoring attacks. The encrypting device has access to a base secret cryptographic value (key) that is also known to the decrypting device. The sensitive data are decomposed into segments, and each segment is encrypted with a separate encryption key derived from the base key and a message identifier to create a set of encrypted segments. The encrypting device uses the base secret cryptographic value to create validators that prove that the encrypted segments for this message identifier were created by a device with access to the base key. The decrypting device, upon receiving an encrypted segments and validator(s), uses the validator to verify the message identifier and that the encrypted segment are unmodified, then uses a cryptographic key derived from the base key and message identifier to decrypt the segments.07-04-2013
20130173929CRYPTOGRAPHIC PROCESSING SYSTEM, KEY GENERATION DEVICE, ENCRYPTION DEVICE, DECRYPTION DEVICE, CRYPTOGRAPHIC PROCESSING METHOD, AND CRYPTOGRAPHIC PROCESSING PROGRAM - The object is to provide a secure functional encryption scheme having many cryptographic functions. An access structure is constituted by applying the inner-product of attribute vectors to a span program. The access structure has a degree of freedom in design of the span program and design of the attribute vectors, thus having a large degree of freedom in design of access control. A functional encryption process is implemented by imparting the access structure to each of a ciphertext and a decryption key.07-04-2013
20130185569DATA PROTECTION SYSTEM AND METHOD BASED ON CLOUD STORAGE - A data protection system implemented by a data protection device divides original data of a user into a plurality of data packets, and allots a sequential number to each second data. The system encrypts each of the data packets in sequence according to the allotted number of each of the data packets. After each of the data packets has been encrypted, the system moves each encrypted data packet from the data protection device to a cloud storage device in communication with the data protection device through a network.07-18-2013
20110246788DATA SECURITY SYSTEM FOR A DATABASE - A method and an apparatus for processing data provides protection for the data. The data is stored as encrypted data element values (DV) in records (P) in a first database (0-DB), each data element value being linked to a corresponding data element type (DT). In a second database (IAM-DB), a data element protection catalogue (DC) is stored, which for each individual data element type (DT) contains one or more protection attributes stating processing rules for data element values (DV), which in the first database (0-DB) are linked to the individual data element type (DT). In each user-initiated measure which aims at processing a given data element value (DV) in the first database (0-DB), a calling is initially sent to the data element protection catalogue for collecting the protection attribute/attributes associated with the corresponding data element types. The user's processing of the given data element value is controlled in conformity with the collected protection attribute/attributes.10-06-2011
20110246787OBFUSCATING TRANSFORMATIONS ON DATA ARRAY CONTENT AND ADDRESSES - In a first computer (digital) data obfuscation process, data which is conventionally arranged in a data structure called an array (e.g., a table) and conventionally stored in computer or computer device memory is obfuscated (masked) by logically or mathematically combining the data, entry-by-entry, with a masking value which is computed as a logical or mathematical function of the entry itself or its index in the array, modulo a security value. The complementary unmasking value is a pointer to the entry's address in the table modulo the security value. In a second computer (digital) data obfuscation process, the addresses (location designations) in memory of a data array are themselves obfuscated (masked) by partitioning the array into blocks of entries and shuffling the order of the data entries in each block by a predetermined algorithm, resulting in a shuffled array also differing from the original array in terms of its size (the total number of entries).10-06-2011
20110246786Mechanism for Automatically Encrypting and Decrypting Virtual Disk Content Using a Single User Sign-On - A mechanism for automatically encrypting and decrypting virtual disk content using a single user sign-on is disclosed. A method of embodiments of the invention includes receiving credentials of a user of a virtual machine (VM) provided as part of a single sign-on process to access the VM, referencing a configuration database with the received credentials of the user, determining encryption and decryption policy settings for the VM from the configuration database, and at least one of encrypting or decrypting, by the VM, files of the VM based on the determined encryption and decryption policy settings.10-06-2011
20110246784SYSTEMS AND METHODS FOR DISK ENCRYPTION WITH TWO KEYS - Embodiments provide for using two encryption keys to encrypt data instead of only one as is customarily used in the industry. According to various embodiments, a default encryption key is generated and is initially used to encrypt data, while a second encryption key is available for generation by an end user. Embodiments provide that data is encrypted with the default key until the user generates their own key, after this event, all data is encrypted with key generated by the user.10-06-2011
20080222427DEVICE AND METHOD WITH REDUCED INFORMATION LEAKAGE - The invention is directed to a data-processing system comprising a processor and first encrypted information in a first persistent memory whose level of information leakage is higher than that of a second persistent memory. In the second persistent memory is stored a first cryptographic key for decrypting the first encrypted information, thereby generating therefrom first unencrypted information that is usable by the processor for executing an operation. The same cryptographic key may also be used for encrypting the first unencrypted information, thereby generating the first encrypted information. It is also directed to a method of processing such a data-processing system with an operating system, comprising a writing step for writing first unencrypted information into the first persistent memory, an encryption step for encrypting the first unencrypted information under use of the first cryptographic key, creating therefrom first encrypted information in the first persistent memory, and an access-limitation step for setting the data-processing system to a state in which writing into the first persistent memory is controlled by the operating system. It also relates to a method of executing an operation on such a data-processing system comprising a decryption step for decrypting the first encrypted information under use of the first cryptographic key, thereby generating therefrom first unencrypted information and an execution step for executing an operation by the processor, using the first unencrypted information.09-11-2008
20120254627Method and System for Protecting Data - Methods and systems for protecting data may include controlling encryption and/or decryption and identifying a destination of corresponding encrypted and/or decrypted data, utilizing rules based on a source location of the data prior to the encryption or decryption and an algorithm that may have been previously utilized for encrypting and/or decrypting the data prior to the data being stored in the source location. The source location and/or destination of the data may comprise protected or unprotected memory. One or more of a plurality of algorithms may be utilized for the encryption and/or decryption. The rules may be stored in a key table, which may be stored on-chip, and may be reprogrammable. One or more keys for the encryption and/or decryption may be generated within the chip.10-04-2012
20130179696Secure Removable Drive System - A data storage system comprises a removable drive with memory for storing data, and an identifier for identifying the removable data cartridge. A host computer can be coupled in data communication with the removable data cartridge, with a driver for performing data operations thereon. The driver is configured to perform the data operations with encryption, in the presence of the identifier, and to perform the data operations without the encryption, in the absence of the identifier.07-11-2013
20130097430ENCRYPTING DATA AND CHARACTERIZATION DATA THAT DESCRIBES VALID CONTENTS OF A COLUMN - A method, computer-readable storage medium, and computer system are provided. In an embodiment, in response to receiving a first command that specifies first data, a first cryptographic key, and a column identifier that identifies a column of rows in a database, the first data is encrypted into encrypted data using the first cryptographic key. The encrypted data is stored to a first row in the column in the database. In response to the receiving the first command, characterization data is created that specifies valid contents of the column of the rows. In response to receiving a query command that specifies a second cryptographic key and the column, the column is decrypted using the second key to create decrypted data. If the decrypted data does not satisfy the valid contents specified by the characterization data, an invalid cryptographic key action is performed.04-18-2013
20110314298SYSTEM AND METHOD FOR N-ARY LOCALITY IN A SECURITY CO-PROCESSOR - Enhancing locality in a security co-processor module of a computing system may be achieved by including one or more additional attributes such as geographic location, trusted time, a hardware vendor string, and one or more environmental factors into an access control space for machine mode measurement of a computing system.12-22-2011
20110314297EVENT LOG AUTHENTICATION USING SECURE COMPONENTS - Some embodiments provide a system that facilitates use of a computing device. During operation, the system obtains an event description of an event on the computing device. Next, the system computes a message authentication code (MAC) for the event description using a secure component associated with the computing device. Finally, the system uses the MAC to maintain the integrity of an event log containing the event description.12-22-2011
20130103954KEY USAGE POLICIES FOR CRYPTOGRAPHIC KEYS - A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method. The method includes creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to usage of the key material populating one or more key usage fields that define attributes that limit actions that may be performed with the key material.04-25-2013
20130103953APPARATUS AND METHOD FOR ENCRYPTING HARD DISK - An apparatus and method for encrypting a hard disk are provided. The apparatus includes a program management unit, an Internet Protocol (IP) management unit, and an encryption processing unit. The program management unit causes an allowed program or process to be executed based on a result of determination as to whether the program or process to be executed in a host terminal is allowed to gain access. The IP management unit causes data to be transmitted to an allowed destination IP address based on a result of determination as to whether the destination IP address to which the host terminal attempts to transmit the data is allowed to be accessed. The encryption processing unit encrypts and decrypts all data, exchanged between the host terminal and the hard disk by applying an algorithm, selected by a user, to the data.04-25-2013
20130124873STORAGE DEVICE AND ITS CONTROL METHOD - A storage device partitions data from a host into multiple partitioned data and distributes, encrypts and stores them together with a parity in multiple memory mediums. This storage device executes processing of restoring the partitioned data or the parity stored in a memory medium subjectable to encryption re-key based on decrypted data of the partitioned data or the parity stored in each memory medium other than the memory medium subjectable to encryption re-key among the multiple memory mediums, storing the restored partitioned data or the parity in a backup memory medium while encrypting the restored partitioned data or the parity with a new encryption key, and thereafter interchanging the backup memory medium and the memory medium subjectable to encryption re-key so that the backup memory medium will be a memory medium configuring the parity group and the memory medium subjectable to encryption re-key will be the backup memory medium.05-16-2013
20130124874SECURE SYSTEM-ON-CHIP - A secure system-on-chip for processing data, the system-on-chip comprising at least a central processing unit (CPU), an input and an output channel, an encryption/decryption engine and a memory, wherein, said input channel comprises an input encryption module to encrypt all incoming data, said output channel comprising an output decryption module to decrypt all outgoing data, said CPU receiving the encrypted data from the input encryption module and storing them in the memory, and while processing the stored data, said CPU reading the stored data from the memory, requesting decryption of same in the encryption/decryption engine, processing the data and requesting encryption of the result by the encryption/decryption engine and storing the encrypted result, outputting the result to the output decryption module for decryption purpose and exiting the decrypted result via the output channel.05-16-2013
20130124872Method of accessing a computer hardware device in a Metro user interface mode application - A method of accessing a hardware device in a computer includes executing a Metro user interface mode application in an operating system and executing a Desktop mode application in the operating system, the Desktop mode application corresponding to the Metro user interface mode application, and the Desktop mode application having permission to access a hardware device of the computer that the Metro user interface mode application does not have permission to access. The method also includes the Metro user interface mode application sending commands to the Desktop mode application through a network application programming interface, and the Desktop mode application sending the commands to the hardware device for controlling the hardware device with the commands, and the Desktop mode application receiving data from the hardware device and transferring the received data to the Metro user interface mode application.05-16-2013
20130124875DISTRIBUTED STORAGE NETWORK AND METHOD FOR ENCRYPTING AND DECRYPTING DATA USING HASH FUNCTIONS - A DS processing unit includes a grid module and a DSN interface. The grid module is operable to encrypt a data segment and to decrypt an encrypted data segment. To encrypt the data segment, the grid module partitions the data segment into portions and encrypts the portions using encryption keys generated from other portions to produce encrypted portions. The grid module then dispersed storage error encodes the encrypted portions to produce a set of encoded data slices, which the DSN interface outputs to a DSN. The DSN interface also receives a set of encoded data slices, which the grid module disperse storage error decodes to produce the encrypted data segment. The grid module then partitions the encrypted data segment into encrypted data portions and decrypts the encrypted data portions using decryption keys generated from other encrypted data portions to produce decrypted portions of a recovered data segment.05-16-2013
20130179695VERIFYING AUTHENTICITY OF PLAYBACK DEVICE - One embodiment of the invention sets forth a mechanism for verifying the authenticity of a device before transmitting digital content to the device. In operation, the device stores a device key that is generated at manufacture-time using a pre-determined cryptographic key and the device identifier. In operation, the device generates a proof of possession from the application data and the stored device key. When verifying the device authenticity, a device key is derived from the master key and the device identifier then a proof of possession is derived from the derived device key and the application data obtained from the device. If the derived proof of possession matches the received proof of possession, then the authenticity of the device can be verified.07-11-2013
20130179694SYSTEM AND METHOD FOR ELECTRONIC CERTIFICATION AND AUTHENTICATION OF DATA - A system and method for authenticating data. Data may be received that is individually encrypted in a first encryption layer by each of a plurality of users using user-specific private keys. The received data may be encrypted together in a second encryption layer to create multi-layered encrypted data. The multi-layered encrypted data may be transferred to a beneficiary device to determine if the encrypted data is authentic. At the beneficiary device, the second encryption layer may be decrypted to expose the first encryption layer. Then, the first encryption layer may be decrypted using public keys that only decrypt data encrypted by private keys assigned to a plurality of authorizers pre-designated to authenticate the data. If the first encryption layer is properly decrypted using the authorizers' decryption keys, it may be determined that the users are the pre-designated authorizers.07-11-2013
20130145174INFRASTRUCTURE INDEPENDENT RECOVERY KEY RELEASE - Aspects of the subject matter described herein relate to recovering locked data. In aspects, stakeholders of locked volume(s) are identified. Security data of the volume(s) that can be used to unlock the volume(s) is collected from one or more computing devices hosting the volume(s). The security data and stakeholder data is stored on a recovery store. If a stakeholder needs to unlock a volume, the stakeholder may communicate with a recovery manager, provide certain data, and receive data that may be used to unlock the volume. Auditing may be performed for attempts to obtain the unlocking data from the recovery store.06-06-2013
20130145175METHOD AND APPARATUS FOR ENCIPHERING/DECIPHERING DIGITAL RIGHTS MANAGEMENT OBJECT - A method and an apparatus for enciphering/deciphering digital rights management object are provided. The DRM enciphering method includes the following steps: A plurality of content objects which are divided from a digital content are received. A plurality of DRM vectors are generated according to tacit information between the DRM enciphering apparatus and the DRM deciphering apparatus. The content objects are respectively enciphered according to the DRM vectors to generate a plurality of DRM objects.06-06-2013
20100281271MUSICAL CONTENT DATA PROCESSING APPARATUS - A storage portion stores musical contents in which a plurality of musical content material data sets each of which is given a piece of identification information and is encrypted are recorded, and location information for identifying respective locations at which the respective musical content material data sets are situated in the musical contents. The respective locations of the musical content material data sets are correlated with the respective identification information pieces of the musical content material data sets. For use of a desired musical content material data set, the location at which the musical content material data set having designated identification information is stored in the musical contents is identified on the basis of the location information. On the basis of the identified location, the desired musical content material data set is extracted and decrypted.11-04-2010
20110219240SEMICONDUCTOR MEMORY DEVICE AND METHOD FOR REALIZING SECURE DATA STORAGE - A semiconductor memory device includes a controller module as well as a universal interface module and a semiconductor memory medium module, which are connected electrically with the controller module respectively. The device also includes a one-time programmable memory, which stores a unique serial number. This one-time programmable memory is provided within the controller module or the semiconductor memory medium module. The number sequence of the unique serial number contained in each of the semiconductor memory device is different from that of another semiconductor memory device. While providing a mobile data storage function, this invention adopts a security technology to prevent from illegal data reading/writing. This increases significantly the difficulty in decrypting the data of a legal user, subsequently improving the security of the stored data of the user greatly. This invention also provides a method for realizing secure data storage with this semiconductor memory device. With the help of the unique serial number in this semiconductor memory device, the user can protect the stored data. This invention can be extensively used in information security fields, including ID authentication, copyright protection, etc.09-08-2011
20110219239PC Secure Video Path - A system and method are disclosed for creating a secure video content path, or a protected media content bus, within an unsecure personal computer. A portable security module, or electronic key safe, may be inserted into a personal computer that has different internal components for processing secure and unsecured content. The security module may establish a secure encrypted link with a secure video processor of the personal computer, and may use the personal computer's network interface to request authority to receive secured content. The security module may provide content keys to the secure video processor to access secured content received over an external network.09-08-2011
20110231670SECURE ACCESS DEVICE FOR CLOUD COMPUTING - A secure access device for providing secure access of a computing resources (CR) user, such as a cloud user, to remote computing resources offered by multiple CR providers, such as cloud providers. The device has a network interface circuit for providing interface to a data network configured for accessing the remote computing resources offered by the multiple CR providers. A network access controller is configured to interact with the network interface for controlling access of the CR user to the remote computing resources. Multiple data storage sections may be provided. Each of them keeps computing environment data (CED) associated with a particular CR provider. The CED define a secure local computing environment prescribed by the CR provider for accessing the remote computing resources offered by this CR provider. The network access controller enables the CR provider to manage the CED and prevents the CED from being modified even by the CR user.09-22-2011
20080288784METHOD OF INSTALLING SOFTWARE FOR USING DIGITAL CONTENT AND APPARATUS FOR PLAYING DIGITAL CONTENT - A method of and apparatus for installing software for using digital content and are provided. The method of installing software for using digital content includes: transmitting a request for the software; transmitting security information indicating a security status of a device in which the software is to be installed; and receiving the software from an external apparatus that received the request and security information. According to the method and apparatus, the software can be dynamically securely installed, thereby allowing a variety of digital contents to be used and enhancing the utilization of the device.11-20-2008
20120278631DOCUMENT MANAGEMENT SYSTEM AND METHOD - A document management system and method are disclosed herein. An example of the document management system includes a composite document generation module that generates a composite document and a secret seed that is associated with an owner or initiator of the composite document, and a key derivation module that derives, from the secret seed and using a key derivation function, at least one of a key for encryption, a key for decryption, a key for signature, or a key for verification for a participant of a workflow associated with the composite document.11-01-2012
20110258460SYSTEM AND METHOD FOR BIOMETRICALLY SECURED, TRANSPARENT ENCRYPTION AND DECRYPTION - A computer program for enabling biometrically secured, transparent encryption and decryption provides a user interface that allows a user to drag and drop files into and out of a secure repository, wherein the program automatically encrypts files transferred into the repository and automatically decrypts files transferred out of the repository. The user can transfer file folders into the repository, wherein the program encrypts all of the files within the folder and retains the original file/folder structure, such that individual files can be moved within the repository, moved out of the repository, and opened or executed directly from the repository. The program requires the user to submit biometric data and grants access to the secure repository only if the biometric data is authenticated. The program generates an encryption key based at least in part on biometric data received from the user.10-20-2011
20130151861SYSTEM AND METHOD TO PROTECT COMPUTER SOFTWARE FROM UNAUTHORIZED USE - A system and method encrypt a license file associated with computer software using a private key. The license file includes one or more license keys, and each license key is associated with a feature of the computer software. The license file associated with the computer software is decrypted at runtime using a public key. A module determines whether a user is permitted to execute the computer software. The module is authenticated by one or more of a determination of whether a hash code included within the module matches a hash code generated by a user of the computer software at run time of the computer software, and an encryption of the module prior to run time of the computer software using the private key and a decryption of the module at run time of the computer software using the public key.06-13-2013
20130151863INTERFACES FOR COMBINING CALLS IN AN EMULATED ENVIRONMENT - Calls from an application in an emulated environment to a module in the operating system hosting the emulated environment may be combined to reduce the overhead of accessing the module. An application handling secure shell (SSH) communications may execute multiple calls to a cryptographic module in the host operating system. Because many calls to the cryptographic module during SSH communications follow patterns, two or more related calls may be combined into a single combined call to the cryptographic module. For example, a call to generate a server-to-client key and a call to generate a client-to-server key may be combined into a single call.06-13-2013
20130151862SYSTEMS AND METHODS FOR DIGITAL EVIDENCE PRESERVATION, PRIVACY, AND RECOVERY - Systems and methods for preserving digital evidence using a self-protecting storage device are provided, by copying digital evidence from a source drive to a self-protecting storage device, writing and storing metadata relating to the copying such as date, time, and those present, and engaging the self-protecting features of the storage device such that the copied digital evidence cannot be altered.06-13-2013
20130151864CLIPBOARD PROTECTION SYSTEM IN DRM ENVIRONMENT AND RECORDING MEDIUM IN WHICH PROGRAM FOR EXECUTING METHOD IN COMPUTER IS RECORDED - Disclosed are a clipboard protection system in a DRM environment and a recording medium in which a program for executing the method in a computer is recorded. An identification information management unit changes first identification information of data, which is to be stored in a clipboard, into second identification information when data stored in the clipboard is requested by a reliable object, and outputs the second identification information corresponding to identification information of the reading target data if the reliable object requests extraction of the data stored in the clipboard. A data protection unit encodes the data, which is to be stored in the clipboard, and decodes the encoded data which is read from the clipboard. If the extraction request for the data stored in the clipboard is inputted from the reliable object, a control unit delivers to a clipboard management system the second identification information corresponding to the identification information of the reading target data, and requests the encoded security data to be read and provided from the clipboard. According to the present invention, the access to the security data by a non-reliable object can be blocked.06-13-2013
20130138972PROTECTION OF SECURITY PARAMETERS IN STORAGE DEVICES - Security parameters used to encrypt data stored on a storage device may be protected using embodiments of systems and methods described herein. During a resize operation, data stored on a memory unit in the storage device may be altered prior to communicating an updated partition size to a host computer. In some examples, data is altered prior to storing the updated partition sizes in the storage device. In this manner, a host system may not receive the updated partition sizes until after the data is altered. Altering data may avoid exposure encrypted data, information about one or more security parameters used to encrypt data on the memory unit or decrypt data retrieved from the memory unit, or combinations thereof.05-30-2013
20100313039SYSTEM AND METHOD FOR PROVIDING ENCRYPTION IN STORAGE OPERATIONS IN A STORAGE NETWORK, SUCH AS FOR USE BY APPLICATION SERVICE PROVIDERS THAT PROVIDE DATA STORAGE SERVICES - In accordance with embodiments of the invention, a method is provided for performing a storage operation in a pipeline storage system in which one or more data streams containing data to be stored are written into data chunks. The method includes generating an encryption key associated with a first archive file to be stored when encryption is requested for the storage operation, encrypting the archive data from the data stream using the encryption key to create an encrypted data chunk when a data stream containing the archive file is processed in the pipeline storage system, storing the encrypted data chunk on a storage medium, and storing the encryption key in a manner accessible during a restore operation of the encrypted data chunk.12-09-2010
20100313037COLLECTIBLE CASE AUTHENTICATION SYSTEM, DEVICE AND METHOD - There is a collectible case authentication device and method configured to facilitate authentication of a collectible. The collectible case authentication device includes a secured housing and a data interface module. The collectible case authentication device also includes a data storage device including an authentication module. The authentication module includes an encryption module including a public key associated with a private key. The authentication module also includes a communication module configured to communicate over a computerized network with a computerized registry to authenticate the collectible. The authentication module further includes a digital signature derived from the private key. Furthermore, the authentication module includes a user interface module configured to provide a user interface. The collectible case authentication device also includes a global positioning module in communication with the data storage device and a secured receptacle securely coupled to the data storage device and configured to store a collectible.12-09-2010
20120284531METHOD AND APPARATUS FOR CRYPTOGRAPHIC CONVERSION IN A DATA STORAGE SYSTEM - When data is encrypted and stored for a long time, encryption key(s) and/or algorithm(s) should be updated so as not to be compromised due to malicious attack. To that end, stored encrypted data is converted in the storage system with new set of cryptographic criteria. During this process, read and write requests can be serviced.11-08-2012
20120284530CRYPTOGRAPHIC PROCESSING SYSTEM, KEY GENERATION DEVICE, KEY DELEGATION DEVICE, ENCRYPTION DEVICE, DECRYPTION DEVICE, CRYPTOGRAPHIC PROCESSING METHOD, AND CRYPTOGRAPHIC PROCESSING PROGRAM - It is an object of this invention to implement a predicate encryption scheme with delegation capability. A cryptographic process is performed using dual vector spaces (dual distortion vector spaces) of a space V and a space V* paired through a pairing operation. An encryption device generates as a cipher vector a vector in which transmission information is embedded, the cipher vector being the vector of the space V. Using a predetermined vector of the space V* as a key vector, a decryption device performs the pairing operation on the cipher vector generated by the encryption device and the key vector to decrypt the cipher vector and to extract information concerning the transmission information.11-08-2012
20120284529SYSTEM AND METHOD FOR MANAGEMENT OF ENCRYPTED DATA - A method of using synchronized search and order data structures to access a collection of data comprising organizing the search data structure by encrypted key value, wherein the search data structure contains only references to elements in the collection and their associated encrypted keys, organizing the order data structure by unencrypted key value, wherein the order data structure contains only references to elements in the collection and their associated encrypted keys, exposing a maximum of two pieces of clear text data during operations on the collection, engaging in insert or delete operations, engaging in update operations; engaging in search operations, engaging in sort operations, engaging in merge operations, and reporting the results of those operations to the user.11-08-2012
20120284528MULTI-PURPOSE MULTI-DIMENSIONAL, VARIABLE AND MULTI-KEY E-MAIL AND DATA ENCRYPTION METHOD - A multi-purpose multi-dimensional, variable, and multi-key e-mail and data encryption method is disclosed. The method dynamically encrypts data strings and data files with a set of “n” of keys and dimensions. Keys manipulated and encrypted, prepared keys such as manipulated environmental variables, manipulated date stamps, manipulated user data from a database, using multiple dimensions.11-08-2012
20120284527METHODS AND SYSTEMS FOR SELECTIVE ENCRYPTION AND SECURED EXTENT QUOTA MANAGEMENT FOR STORAGE SERVERS IN CLOUD COMPUTING - Methods and systems for selective encryption and secured extent quota management for storage servers in cloud computing are provided. A method includes associating at least one secure storage disk and at least one non-secure storage disk to a virtual disk, and associating the virtual disk to an application to allow access of the at least one secure storage disk and the at least one non-secure storage disk. The method further includes accessing the at least one secure storage disk and the at least one non-secure storage disk based on the associating of the virtual disk to the application, to write or read confidential and non-confidential data associated with the application into a respective one of the at least one secure storage disk and the at least one non-secure storage disk.11-08-2012
20130159728SYSTEM AND METHOD THAT USES CRYPTOGRAPHIC CERTIFICATES TO DEFINE GROUPS OF ENTITIES - A system and method for issuing a cryptographic certificate comprises describing one or more prerequisite condition on the cryptographic certificate. The one or more prerequisite conditions comprise membership in one or more prerequisite group of entities. An entity may be a participant, a resource or a privilege, etc. One or more target groups of entities may be named on the cryptographic certificate. One or more prerequisite group stakeholder that authorizes an entity in the one or more prerequisite group of entities to be added as members in another group of entities sign the cryptographic certificate. The cryptographic certificate may also be signed by one or more target group stakeholders that authorizes an entity to be added as a member of the one or more target groups. Exemplary prerequisite conditions relate to one or more of a membership in another group of entities, a physical characteristic, a temporal characteristic, a location characteristic or a position characteristic, among others.06-20-2013
20130159729SOFTWARE-BASED TRUSTED PLATFORM MODULE - A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.06-20-2013
20130159731ENCRYPTED DATABASE SYSTEM, CLIENT TERMINAL, ENCRYPTED DATABASE SERVER, NATURAL JOINING METHOD, AND PROGRAM - A client terminal is provided with: a column encryption unit that, from an encryption key, a table identifier, and a column identifier, generates a column private key, a column public key, and a comparison value, from which the unit generates a concealed comparison value and a ciphertext, thus encryption a particular column; and an encrypted table natural joining request unit that issues a natural joining request text that requests natural joining related to the column encrypted from the encryption key, table identifier, and column identifier. The natural joining request text contains as a table joining key the column public key and column private key that were generated by the encryption key from the table identifier of a first and second tables and the column identifier of the a-th column and b-th column. Then, an encrypted database server executes natural joining using the table joining key, and returns the result.06-20-2013
20130159730ATTRIBUTE-BASED DIGITAL SIGNATURES - An attribute-based digital signature system is disclosed. A first signature generating unit (06-20-2013
20130159727SECURE REPLAY PROTECTED STORAGE - Embodiments of the invention create an underlying infrastructure in a flash memory device (e.g., a serial peripheral interface (SPI) flash memory device) such that it may be protected against user attacks—e.g., replacing the SPI flash memory device or a man-in-the-middle (MITM) attack to modify the SPI flash memory contents on the fly. In the prior art, monotonic counters cannot be stored in SPI flash memory devices because said devices do not provide replay protection for the counters. A user may also remove the flash memory device and reprogram it. Host platforms alone cannot protect against such hardware attacks.06-20-2013
20130159726METHOD AND APPARATUS TO PROVIDE SECURE APPLICATION EXECUTION - A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.06-20-2013
20130159725FPGA APPARATUS AND METHOD FOR PROTECTING BITSTREAM - An FPGA apparatus and a method for protecting bitstreams are provided. The FPGA apparatus includes: a key storage unit, which is configured to be accessed only from within the FPGA, and having stored therein the encryption/decryption key and the initial key generated by the random number generator; a setting bitstream storage unit, which is an internal non-volatile memory stored with bitstreams for setting authentication and encryption/decryption; and an authentication and encryption/decryption setting unit, which is configured to call the encryption and decryption key and the initial value stored in the key storage unit to store encrypted bitstreams and authentication codes generated as a result of performing encryption on the bitstreams stored in the setting bitstream storage unit in external non-volatile memory, and verity the integrity of the encrypted bitstreams stored in the external non-volatile memory at the time of designing of the FPGA using the encrypted bitstreams.06-20-2013
20110296200Method and Device for Encrypting and Decrypting Digital Data - Method for encrypting an initial digital data set, which comprises a compression of the initial digital data set delivering a compressed set comprising at least one compressed digital data stream and at least one dictionary making it possible to describe the content of the compressed digital data stream or streams, and an encryption of each dictionary only delivering an encrypted digital data set.12-01-2011
20110314302VERIFYING SIGNATURES FOR MULTIPLE ENCODINGS - Digitally signing data for multiple encodings is disclosed. A first signature of the data is generated. A second signature of a second encoding of the data is generated. The first signature and the second signature are associated with the signed data.12-22-2011
20110314301SYSTEMS AND METHODS FOR HARDWARE KEY ENCRYPTION - Various systems and methods for implementing dynamic logic are disclosed herein. For example, some embodiments of the present invention provide systems for encrypting/decrypting data. Such systems include a hardware key, a memory, a hardware decoder and a message encoder. The memory includes an encoded encoding key that represents an original encoding key. The hardware decoder receives a portion of the encoded encoding key and decodes the portion of the encoded encoding key using the hardware key to recover a portion of the original encoding key. The message encoder receives a data set and the portion of the original encoding key and encodes the data set using the portion of the original encoding key to create an encoded data set.12-22-2011
20110314300Segmented Mapping - Described are methods and apparatus, including computer program products for masking data. The inventions involves receiving a mapping scheme with a number of segments and a different cryptographic algorithm for each segment and then receiving a target value to be masked. The target value is then split into a number of segments based on the number of segments of the mapping scheme and the cryptographic algorithm is applied for each segment in the mapping scheme to each segment of the target value to generate an encrypted segment for each segment in the target value. Then, the encrypted segments are concatenated to create a masked value.12-22-2011
20110314299ELECTRONIC APPARATUS, DISPLAY DRIVING APPARATUS, AND DIGITAL CONTENT DISPLAY METHOD THEREOF - A digital content display method adaptable to an electronic apparatus is provided. The electronic apparatus includes a display interface and a display driving apparatus. The digital content display method includes following steps. An encrypted digital content is received by the display driving apparatus. The encrypted digital content is decrypted by the display driving apparatus according to an algorithm. The display interface of the electronic apparatus is driven by the display driving apparatus according to the decrypted digital content so that the display interface displays the digital content. Additionally, an electronic apparatus and a display driving apparatus thereof are also provided.12-22-2011
20130191648Storage Encryption - Storage associated with a virtual machine or other type of device may be migrated between locations (e.g., physical devices, network locations, etc.). To maintain the security of the storage, a system may manage the encryption of the storage area such that a storage area is encrypted with a first encryption key that may be maintained through the migration. A header of the storage area, on the other hand, may be encrypted using a second encryption key and the first encryption key may be stored therein. Upon transfer, the header may be re-encrypted to affect the transfer of security.07-25-2013
20120030480BATTERY PACK AND ELECTRONIC APPARATUS - A battery pack includes at least one rechargeable battery configured to output power; a remaining battery capacity detection unit configured to detect a remaining battery capacity of the at least one rechargeable battery; and a cryptographic unit configured to output a response word in response to an external request word by encrypting the external request word based on a cryptographic algorithm with a common code key.02-02-2012
20120030479STORAGE APPARATUS, HOST APPARATUS, AND STORAGE SYSTEM - Disclosed herein is a storage apparatus including: a first storage block configured to record and hold encrypted content data and output the encrypted content data on an on-demand basis; a second storage block configured to record and hold a confidential title key; a title stream key generation block configured to generate a title stream key corresponding to a subject of encryption of the content data by use of the held confidential title key; and a communication block configured to transmit the generated title stream key with confidentiality thereof held.02-02-2012
20120030478Dynamic Storage Enabler For Service Delivery HUB On A Mobility Network - A system includes a hub having interfaces to an application service provider and a portal in communication with an end user, a storage enabler connected to the hub, the storage enabler having application programming interfaces configured to receive a request for a storage facility from the application service provider and to allocate the storage facility based on the request for storage, and wherein the hub provides a single interface for the application service provider to request the storage facility when servicing the end user without regard to a location of the end user. The storage enabler is further configured to track data stored by one of the end user and the application service provider and to further provide encryption functionality.02-02-2012
20120030477SCALABLE SEGMENT-BASED DATA DE-DUPLICATION SYSTEM AND METHOD FOR INCREMENTAL BACKUPS - A system in accordance with exemplary embodiments may provide a scalable segment-based data de-duplication for incremental backups. In the system, a master device on a secondary-storage node side may receive at least incremental changes, fingerprints, mapping entities, and distribute de-duplication functionality to at least a slave device, and performs data de-duplication on said plurality of segments via a way to cluster a plurality of fingerprints in a data locality unit called container for the incremental changes, varied sampling rates of a plurality of segments by having a fixed sampling rate for stable segments and by assigning a lower sampling rate for a plurality of unstable target files of de-duplication, and a per-segment summary structure to avoid unnecessary I/Os involved in de-duplication.02-02-2012
20130198526SECURE PROCESSOR - A secure hardware comprises a secure pipe, a secure DMA, a secure assist and a secure bus, which connects between those blocks. The secure pipe stores a common encryption key in an encryption key table so as not to be able to access from software. The secure DMA comprises a data common key system process function and a hashing process function. The secure assist comprises a common key system process function and an authentication process function, receives an issued command from a program executed by the processor core via a public IF, and performs setting/control of the secure pipe and the secure DMA via the secure bus.08-01-2013
20130198524OBJECT WITH IDENTITY BASED ENCRYPTION - A workflow order is created for the object. Public parameters are received from a key generation center at a computer associated with an object master. A public key is generated at the computer system based on a user identifier and the public parameters, wherein the user identifier is comprised of user related information. The object is encrypted using the public key such that the object cannot be opened without the a private key, wherein the object is a composite document comprising multiple elements of documents of different formats, and wherein the private key is generated in response to a request from an authenticated user using the user identifier at the key generation center. Access to the multiple elements of the object is controlled based on workflow order.08-01-2013
20130198527EXECUTION METHOD OF .NET PROGRAM AFTER ENCRYPTION - The present invention provides an execution method of a .NET program after encryption. An operating system allocates a process address space to a .NET program process and maps PE files into the process address space respectively. After the .NET program process runs, it is judged whether a currently running program module is encrypted. The .NET program process continues to run after the encrypted program module is decrypted. If the current program module calls a subroutine module, it is judged whether the subroutine module is encrypted. If the subroutine module is encrypted, a decryption operation is performed, and the .NET program process continues to run. With the method, encryption management can be performed on the .NET program based on modules, thereby providing diversified functions for protecting .NET software.08-01-2013
20130198525SYSTEMS FOR STRUCTURED ENCRYPTION USING EMBEDDED INFORMATION IN DATA STRINGS - A data processing system is provided that includes applications, databases, encryption engines, and decryption engines. Encryption and decryption engines may be used to perform format-preserving encryption on data strings stored in a database. Encryption and decryption engines may include embedded-format-preserving encryption and decryption engines. Embedded-format-preserving encryption engines may be used to encrypt data strings and embed information in data strings. Information corresponding to a format-preserving encryption operation of a data string may be embedded in an associated data string. The associated data string may be encrypted before or after embedding the information in the associated data string. The embedded information may include key management data that corresponds to a managed encryption key that was used to encrypt the data string.08-01-2013
20130198528Modifying a Length of an Element to Form an Encryption Key - A length of an element used as part of an encryption key for encrypting data is modified. Data is encrypted using the encryption key, and the encrypted data is provided for storing in a storage device (08-01-2013
20130198529SAMPLE CARRIER UNIT HAVING SAMPLE DATA ENCRYPTION AND METHOD FOR USE THEREOF - A sample carrier unit (08-01-2013
20120066515ELECTRONIC DEVICE, KEY GENERATION PROGRAM, RECORDING MEDIUM, AND KEY GENERATION METHOD - An electronic device 03-15-2012
20120066514DIGITAL IDENTITY DEVICE - A digital identity device for uniquely identifying legal entities. The digital identity device is used for secure electronic communications.03-15-2012
20120066511Container Security - A container security device includes a housing, electronic circuitry, and cabling. The electronic circuitry is disposed within the housing, and includes first and second microprocessor functions and an interface for accepting and providing data. The cabling is removably coupled to the housing, provides the only communicative coupling between the first microprocessor function and the second microprocessor function, and is adapted to be attached to a container latch so as to break the communicative coupling if the latch is opened. The housing includes a port for the electronic circuitry interface. A method of providing container security includes closing a container using a latch device and removably coupling the cabling to the housing so that the communicative coupling is broken if the latch is opened., providing the only communicative coupling between the first microprocessor function and the second microprocessor function.03-15-2012
20120066510METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR PERFORMING HOMOMORPHIC ENCRYPTION AND DECRYPTION ON INDIVIDUAL OPERATIONS - A method of processing data includes receiving a request for an operand from a second processor at a first processor, encrypting the operand that has been requested using the first processor responsive to receiving the request for the operand, sending the operand that has been encrypted from the first processor to the second processor, receiving a result from the second processor at the first processor, the result generated from a single homomorphic operation being performed using the operand sent to the second processor, decrypting the result received from the second processor at the first processor, and receiving a request for the result that has been decrypted from the second processor at the first processor.03-15-2012
20130097431SYSTEMS AND METHODS OF SOURCE SOFTWARE CODE MODIFICATION - Some embodiments of the present invention provide a method for modifying computer-executable instructions. In various embodiments, the method includes applying, with a processor, a data transformation to one or more value representations in the computer-executable instructions to create one or more transformed code segments; dividing the one or more transformed code segments into portions, the portions including a first portion and a second portion, the first portion including instructions for providing a first set of data for use by the second portion; altering the first portion of instructions so that it includes instructions for encrypting the first set of data; and storing the first portion of instructions with corresponding computer executable instructions on non-transient storage media.04-18-2013
20120096281SELECTIVE STORAGE ENCRYPTION - A storage device includes encryption policies that may be applied to data stored thereon. Different encryption policies may be applied to different data on the storage device. Input/output (I/O) requests may identify the appropriate encryption policy to be applied using a data tag of the I/O request. The data tag may be applied by the file system when the I/O request is issued, or may be added by a filter driver before the I/O request is delivered to the storage device.04-19-2012
20120096280SECURED STORAGE DEVICE WITH TWO-STAGE SYMMETRIC-KEY ALGORITHM - A secured storage device uses a user key set by user to encrypt a primary key that is for encryption or decryption of user data, to produce a first encrypted data. In the secured storage device, neither the primary key nor the user key is stored, but the first encrypted data, and a secondary key and a second encrypted data produced from the secondary key encrypted with the user key for verifying the password inputted by user are stored. Therefore, even though a storage medium in the secured storage device is detached and read, the primary key and the user key cannot be obtained by a third party for reading out any encrypted user data from the secured storage device.04-19-2012
20130212405SECURE DATA PARSER METHOD AND SYSTEM - The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.08-15-2013
20130212403Electronic content rights with and-or expression - Methods and apparatus for creating a license defining permissions to use electronic content. The methods include selecting a plurality of habitat types, each an aspect of a user environment to which a license can be bound; determining one or more habitat values and relations for each selected type; and creating a license to use the electronic content, the license including an and or logic expression of habitat terms, each term containing one of the selected types and its set of corresponding values and relations.08-15-2013
20130212404DOCUMENT MODIFICATION DETECTION AND PREVENTION - Methods and apparatus, including computer program products, implementing and using techniques for document authentication. An electronic document is presented to a user. The electronic document has data representing a signed state and a current state. A disallowed difference between the signed state and the current state is detected, based on one or more rules that are associated with the electronic document. A digital signature associated with the electronic document is invalidated in response to the detecting.08-15-2013
20130212406TECHNIQUE FOR PROVIDING SECURE FIRMWARE - A technique to verify firmware. One embodiment of the invention uses a processor's micro-code to verify a system's firmware, such that the firmware can be included in a trusted chain of code along with the operating system.08-15-2013