Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


By stored data protection

Subclass of:

713 - Electrical computers and digital processing systems: support

713189000 - DATA PROCESSING PROTECTION USING CRYPTOGRAPHY

Patent class list (only not empty are listed)

Deeper subclasses:

Entries
DocumentTitleDate
20110179290AUTHENTICATING A CHIP CARD INTERFACE DEVICE - A system is configured for authenticating a chip card interface device (CCID) during a transaction with the CCID. The system has a communication device configured for communicating with the CCID over a network and a processing device coupled with the communication device. The processing device is configured for receiving a transaction initiation communication from the CCID and instructing the communication device to communicate a request for authentication information including a random number to the CCID. The CCID encrypts the random number with a unique chip key (UCK) previously created with a master chip key (MCK). Then, the CCID communicates the encrypted random number to the system along with a serial number. The system recalculates the UCK using the serial number, encrypts a copy of the random number using the recalculated UCK and compares the encrypted copy with the encrypted random number received from the CCID to authenticate the CCID.07-21-2011
20120204040AUTHENTICATING FERROELECTRIC RANDOM ACCESS MEMORY (F-RAM) DEVICE AND METHOD - An F-RAM authenticating memory device and method providing secure mutual authentication between a Host system and a memory in order to gain read/write access to the F-RAM user memory contents. The device and technique of the present invention uses an Advanced Encryption Standard AES128 encryption module in conjunction with a true hardware random number generator and basic exclusive OR (XOR) functions in order to achieve a secure algorithm with a relatively small amount of processing. Due to inherently faster write times than that of conventional floating gate non-volatile memory technologies, the use of F-RAM significantly reduces the time available to interfere with a critical security parameter (CSP) update. Moreover, unlike floating gate technologies, F-RAM's read vs. write current signature is balanced making it less prone to side channel attacks while also providing relatively faster erase times.08-09-2012
20100058074RIGHT INFORMATION ENCRYPTION MODULE, NONVOLATILE MEMORY DEVICE, RIGHT INFORMATION RECORDING SYSTEM, RIGHT INFORMATION DECRYPTION MODULE, RIGHT INFORMATION READING SYSTEM, AND RIGHT INFORMATION RECORDING/READING SYSTEM - A right information encryption module 03-04-2010
20090193266Access control for protected and clear AV content on same storage device - A method and apparatus for storing both protected and clear data on a single storage device 07-30-2009
20090193267Secure electronic medical record storage on untrusted portal - Patients' medical records are encrypted using a symmetric encryption algorithm and stored on a server that is accessible via a distributed data network. The keys used for encrypting the records are also encrypted, using a public key of a creator of the record, and the encrypted record keys are stored on the server. Facilities for sharing records with other users and for modifying records are also described.07-30-2009
20130031376REMOVABLE STORAGE DEVICE DATA PROTECTION - Devices, methods and products are described that provide removable storage device data protection. One aspect provides a method comprising: ascertaining a protected removable storage device connected to an information handling device, said protected removable storage device having a first partition for storing data according to a first file system type, and a second partition for storing user data according to a second file system type; and responsive to said information handling device recognizing said second file system type, querying for user credentials to decrypt a data encryption key used to encrypt said user data of said second partition. Other embodiments are described.01-31-2013
20100049990STORAGE DEVICE AND RECORDING AND REPRODUCING SYSTEM - A storage device includes a decryption section, non-volatile memory, and an encryption section. The decryption section decrypts externally input encrypted data. The non-volatile memory records data decrypted by the decryption section. The encryption section encrypts and outputs decrypted data read out from the non-volatile memory.02-25-2010
20110202776Storage Device Content Authentication - Systems and methods that support storage device content authentication are provided. A system that verifies storage device content received from a storage device may comprise, for example, a security processor coupled to the storage device. The security processor may be adapted to receive a partitioned storage device region from the storage device. The partitioned storage device region may comprise, for example, regional content and first hashed regional content. The security processor may generate, for example, second hashed regional content by performing a hashing function on the regional content received by the security processor. The security processor may compare, for example, the first hashed regional content to the second hashed regional content. The security processor may verify the regional content received by the security processor if the first hashed regional content is the same as the second hashed regional content.08-18-2011
20120179919SECURING IMPLEMENTATION OF A CRYPTOGRAPHIC PROCESS HAVING FIXED OR DYNAMIC KEYS - In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of rounds, the cipher is hardened against attack by protecting the round keys by (1) combining several cipher operations using a pair of sub-keys (round keys) into one table look-up, or (2) a key masking process which obscures the round keys by providing a masked version of the key operations for carrying out encryption or decryption using the cipher. This approach is especially advantageous in an insecure “White Box” environment where an attacker has full access to execution of the cipher algorithm, including the algorithm's internal state during its execution.07-12-2012
20120246488BORN ENCRYPTED OPTICAL DATA - A device for generating a born encrypted optical file includes a photovoltaic matrix for converting an optical image into a digital file. The digital file is a collection of digital data that has not been processed by any image processing logic and thus cannot be used to directly generate a reproduced image of the object. An encryption logic converts the digital file into an encrypted digital file that can be exported from the device to an authorized device to create a decrypted digital file. This decrypted digital file is capable of being used by a display logic to display an image of the object.09-27-2012
20100077231METHOD AND SYSTEM FOR MAINTAINING SECURE DATA INPUT AND OUTPUT - Methods and systems for enhancing the security of data during input and output on a client computer system are provided to prevent attempts by unauthorized code to access, intercept, and/or modify data. Example embodiments provide a plurality of obfuscation techniques and security enhanced drivers that use these obfuscation techniques to prohibit unauthorized viewing/receiving of valid data. When the drivers are used together with the various obfuscation techniques, the security enhanced drivers provide mechanisms for “scheduling” the content of the storage areas used to store the data so that valid data is not available to unauthorized recipients. When unauthorized recipients attempt to access the “data,” they perceive or receive obfuscated data. The obfuscation techniques described include “copy-in,” “replace and restore,” and “in-place replacement” de-obfuscation/re-obfuscation techniques. In one embodiment, a security enhanced display driver, a security enhanced mouse driver, a security enhanced keyboard driver, and a security enhanced audio driver are provided. To complement the security enhancements, the methods and systems also provide for a watchdog mechanism to ensure that the driver is functioning as it should be and various user interface techniques for denoting security on a display device.03-25-2010
20100077230PROTECTING A PROGRAMMABLE MEMORY AGAINST UNAUTHORIZED MODIFICATION - This disclosure provides an apparatus including a programmable memory, a data write path for writing data into the memory and a data read path for reading data from the memory. The memory comprises at least one protected memory field. The data write path comprises a decryption unit that is adapted for receiving encrypted data, decrypting the encrypted data, and writing resulting plain data into the at least one protected memory field. The data read path is adapted for reading out the plain data stored in the protected memory field. The at least one protected memory field is only writable by applying the data to be written into the at least one protected memory field in encrypted form to the data write path.03-25-2010
20100077229METHOD FOR EMPLOYING USB RECORD CARRIERS AND A RELATED MODULE - A method of utilizing USB record carriers is disclosed. A USB security drive is serially connected with at least a USB drive to encrypt/decrypt stored data in the USB drive and to integrate a plurality of data regions or even a plurality of encrypted data regions to provide multi-level security protections. In a more specific embodiment, the USB security drive further enables the automatic backup of data stored in the USB drive. A related assembled module by the implementation is also disclosed.03-25-2010
20130086394STORAGE SYSTEM, STORAGE CONTROL APPARATUS, AND STORAGE CONTROL METHOD - A storage system in which a storage control apparatus writes data in each of divided areas defined by division of one or more storage areas in one or more storage devices, after encryption of the data with an encryption key unique to each divided area. When the storage control apparatus receives, from a management apparatus, designation of one or more of the divided areas allocated as one or more physical storage areas for a virtual storage area to be invalidated and an instruction to invalidate data stored in the one or more of the divided areas, the storage control apparatus invalidates one or more encryption keys associated with the designated one or more of the divided areas. In addition, the storage control apparatus may further overwrite at least part of the designated one or more of the divided areas with initialization data for data erasion.04-04-2013
20130080792Safety Management Method For An Electronic Document - A method of encrypting/decrypting the document and a safety management storage device and system method of its safety management, using for the safety management of electronic documents, the said system comprising a PC or mainframe installed with common reading software and a storage device of safety management connected to the said PC/mainframe through hot-plug; when connected to the mainframe, the said storage device is enumerated as a USB CDROM device at least. The user owns the said storage device can encrypt the electronic documents by using the encryption keys to generate an encrypted document with the same file type, also can open the encrypted document by using common reading software, and then use the document according to the predetermined operation authority.03-28-2013
20100037069Integrated Cryptographic Security Module for a Network Node - A system that provides a cryptographic unit that generates secret keys that are not directly accessible to software executed by a controller. The cryptographic unit can include a restrictor device, a finite state machine, a random number generator communicatively and a memory. The memory stores values generated by the random number generator. The restrictor device and the finite state machine include hardware logic that restricts access or changes to the contents of the memory.02-11-2010
20100037068Method to Protect Secrets Against Encrypted Section Attack - A method, system, and computer-usable medium are disclosed for controlling unauthorized access to encrypted application program code. Predetermined program code is encrypted with a first key. The hash value of an application verification certificate associated with a second key is calculated by performing a one-way hash function. Binding operations are then performed with the first key and the calculated hash value to generate a third key, which is a binding key. The binding key is encrypted with a fourth key to generate an encrypted binding key, which is then embedded in the application. The application is digitally signed with a fifth key to generate an encrypted and signed program code image. To decrypt the encrypted program code, the application verification key certificate is verified and in turn is used to verify the authenticity of the encrypted and signed program code image. The encrypted binding key is then decrypted with a sixth key to extract the binding key. The hash value of the application verification certificate associated with the second key is then calculated and used with the extracted binding key to extract the first key. The extracted first key is then used to decrypt the encrypted application code.02-11-2010
20090119517Apparatus and Method for Securing Data on a Portable Storage Device - A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided.05-07-2009
20090031144REVOCATION MESSAGE CYCLING IN A DIGITAL TRANSMISSION CONTENT PROTECTION SYSTEM - In a digital Content Protection System (CPS), System Renewability Messages (SRM's) are managed at an administrative level to prioritize and select SRM's depending on transmission region and/or time. The highest-priority SRM's may be selected to fit in a receiver memory size specified by a CPS. SRM's may be cycled so that different subsets of the total set of SRM's are selected for highest priority use of limited storage capacity at different times, thereby extending the effectiveness of revocation beyond the otherwise limiting factor of SRM storage capacity.01-29-2009
20130036313Persistent Encryption with XML Encryption - A method for storing encrypted data in XML format is provided where parallel access by multiple users is possible02-07-2013
20100100749Single-Chip Computer and Tachograph - A single-chip computer includes at least one first processor core and at least one second processor core constructed on a common chip. The at least one first and the at least one second processor cores are interconnected via a processor interface. Data can be read via a separate or common memory interface from a separate or common data memory respectively and/or stored in said data memory. The single-chip computer includes an encryption and decryption unit which is assigned to the at least one processor core and which is constructed and functionally arranged between the at least one second processor core and the memory interface in such a way that the data which can be exchanged between the at least one second processor core and the data memory can be encrypted and decrypted by the encryption and decryption unit.04-22-2010
20090164804SECURED STORAGE DEVICE - A method of preventing unauthorized access to digital content includes obtaining from a trusted entity a public key of a public-private key pair, encrypting content being received by a storage device using the public key, and storing the encrypted content on the storage device. The public-private key pair includes the public key and a corresponding private key. The content is encrypted on the storage device using the public key so as to be decipherable using a corresponding private key. Access to the corresponding private key is restricted to the trusted entity alone and encrypted content may be decipherable by the trusted entity, only after an indication of authorization for use of the corresponding private key is provided to the trusted entity. Also provided is a method of controlling access to encrypted content that is stored on a storage device operating as a secure storage device.06-25-2009
20100042851Method for Securely Handling Data During the Running of Cryptographic Algorithms on Embedded Systems - The invention relates to a method for handling data between two memory areas of an electronic component having at least one working memory area for carrying out operations on the component, which bring into play at least some of the data. The same memory areas are used for executing an operation, whatever the operation to be executed is, in such a manner that each operation has a hidden signal trace that is identical in terms of location leakage outside the component.02-18-2010
20090158055METHOD FOR CRYPTOGRAPHIC AUTHENTICATION - The invention relates to a method for cryptographic authentication in access security systems. The aim of the invention is to provide a software solution. To this end, the method for secured storage of counter states in a non-volatile memory (EEPROM) (06-18-2009
20100106980SEARCHABLE ENCRYPTION FOR OUTSOURCING DATA ANALYTICS - A method for performing data analytics on outsourced data may include receiving, at a data analyst, cipher text representing data from a data owner such that the data remains hidden from the data analyst, generating a query token using a constant provided by the data analyst such that the constant remains hidden from the data owner, and analyzing the cipher text using the query token.04-29-2010
20100031058Computer System, Storage System and Management Computer for Backing Up and Restore Encryption Key for Storage System Incorporating Therein a Stored Data Encryption Function - To protect data from corruption due to restoration of an encryption key to a wrong storage system, there is provided a computer system including a first storage system and a second storage system, wherein: the first storage system, upon receiving a request to write first data to a first area in the first storage system, encrypts the first data by using a first key and writes the first data in the first area, and, upon receiving a request to write second data to a third area, encrypts the second data by using a second key and transmits a request to write the encrypted second data in a second area in the second storage system; and the computer system holds the first key, an identifier of the first storage system associated with the first key, the second key, and an identifier of the second storage system associated with the second key.02-04-2010
20100095135Method and system for processing forward- locked DRM contents, and portable device adapted thereto - A method and system and a portable device are disclosed that can process forward-locked DRM contents in a portable device. The method includes receiving forward-locked Digital Rights Management (DRM) contents, encrypting the forward-locked DRM contents using a unique number of the portable device, and storing the encrypted forward-locked DRM contents. The encrypting process includes extracting the unique number, setting the unique number as an encrypting key, and encrypting the forward-locked DRM contents using the encrypting key. Therefore, although the portable device lacks the capacity of the internal storage medium thereof, it can store a large amount of contents in mobile storage media connectable thereto.04-15-2010
20100095134PROGRAMMING NON-VOLATILE MEMORY IN A SECURE PROCESSOR - An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.04-15-2010
20130046996INFORMATION PROCESSING APPARATUS AND CONTROL METHOD THEREOF - An information processing apparatus capable of communicating with a document management service and a terminal device, the apparatus comprises: acceptance means for accepting, from the terminal device, an instruction about a document stored in the document management service; and instruction means for, when the document file has not been encrypted according to a public key cryptosystem, transmitting an instruction to the document management service to execute processing corresponding to the instruction accepted by the acceptance means, and when the document file has been encrypted according to the public key cryptosystem, transmitting an instruction to the document management service to directly transmit the encrypted document to the terminal device.02-21-2013
20100064145SEMICONDUCTOR MEMORY CARD, PLAYBACK APPARATUS, RECORDING APPARATUS, PLAYBACK METHOD, RECORDING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM - An audio stream is divided into a plurality of audio object (AOB) files that are recorded having each been encrypted using a different encryption key. At least one piece of track management information (TKI) is provided corresponding to each track. Playlist information (PLI) assigns a playback position in a playback order to each track when a plurality of tracks are to be played back one after the other.03-11-2010
20090044025SMART CARD DATA PROTECTION METHOD AND SYSTEM THEREOF - A data protection method and system thereof used for a smart card, wherein, the user may select a data frame in a smart card through a data access interface, and input data into the data frame. The data protection system includes a data protection module, an encryption-decryption module, and a data storage module. The data protection module is coupled respectively to a data access interface and a smart card. The encryption-decryption module is coupled to the data protection module, and is used to generate an encrypted data frame. The data protection module is used to store the fake data frame into a smart card. When it is desired to access the data frame, the data access interface is used to read out the corresponding fake data frame.02-12-2009
20090307504Method, Apparatus, and System for Managing, Reviewing, Comparing and Detecting Data on a Wide Area Network - Embodiments of the present invention are directed to a data management system, apparatus and process for uniquely identifying and protecting data. In preferred embodiments, the data management system comprises a data management server, a key generator, a source print generator and a source print detector. In some preferred embodiments, the data management system further comprises a data embedding system. Keys are created by the data management system for application to source files to create a fingerprint for the source file. The fingerprint is compared to unknown files to identify uses of the source file.12-10-2009
20090307503DIGITAL CONTENT MANAGEMENT SYSTEMS AND METHODS - Digital content management systems and methods are provided for mass production of one or multiple digital contents. During the digital content management, the digital contents are first composed and encrypted to obtain encrypted digital contents. Then, the encrypted digital contents are copied and stored to at least one storage device. Finally, different identification data corresponding to the digital contents is respectively offered and stored to the at least one storage device. In this application, since the digital contents are first protected by encryption, and then copied to the storage device, the risk of the digital contents to be stolen or manipulated is reduced. Additionally, since the identification data are stored to the storage device in the last stage of the digital content management system, the efficiency of the mass production of the digital contents is improved.12-10-2009
20090307502METHOD AND APPARATUS FOR SECURING DIGITAL INFORMATION ON AN INTEGRATED CIRCUIT READ ONLY MEMORY DURING TEST OPERATING MODES - The embodiments protect an IC against Design-For-Test (DFT) or other test mode attack. Secrets in ROM or PROM are secured. One embodiment for securing information on an IC includes receiving a ROM read command, writing data from a plurality of ROM address locations to an encryption logic in response to receiving the ROM read command, and writing an encryption logic output of the encryption logic to a test control logic, the encryption logic output representing the data from the plurality of ROM address locations. Writing the data from the plurality of ROM address locations to the encryption logic may also include writing the data from the plurality of ROM address locations to a multiple input shift register (MISR) in response to the ROM read command, and writing an MISR output to the test control logic, the MISR output representing the data from the plurality of ROM address locations.12-10-2009
20130073873SIGNATURE GENERATION APPARATUS, SIGNATURE METHOD, NON-TRANSITORY COMPUTER READABLE MEDIUM STORING SIGNATURE GENERATION PROGRAM - A signature generation apparatus (03-21-2013
20130073870SECURE RELOCATION OF ENCRYPTED FILES - Systems and methods are disclosed for secure relocation of encrypted files for a system having non-volatile memory (“NVM”). A system can include an encryption module that is configured to use a temporary encryption seed (e.g., a randomly generated key and a corresponding initialization vector) to decrypt and encrypt data files in an NVM. These data files may have originally been encrypted with different encryption seeds. Using such an approach, data files can be securely relocated even if the system does not have access to the original encryption seeds. In addition, the temporary encryption seed allows the system to bypass a default key scheme.03-21-2013
20130073872INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND PROGRAM - Disclosed herein is an information processing apparatus, including: a data processing section reproducing contents stored in a medium having a general purpose area storing encrypted contents and utilization controlling information corresponding to the contents, and a protected area including blocks to which access limitation is set and which include a title key storage block in which an encryption key for decrypting the contents and validity period information applied to the application contents of the encryption key are stored and a status storage block in which date information upon content first-time reproduction is stored; the data processing section acquires validity period information indicative of the content utilization permission period determined in response to date information upon the content first-time reproduction from the title key storage block and decides whether or not content reproduction is to be permitted based on comparison between the acquired validity period information and current date information.03-21-2013
20130073871INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND PROGRAM - An information processing apparatus, including: a data processing section reproducing contents stored in a medium having a general purpose area in which encrypted contents and utilization controlling information corresponding to the contents are stored, and a protected area configured from a plurality of blocks to which access limitation is set and which include a block in which an encryption key for decrypting the contents and information of a plurality of validity periods indicative of content utilization permission periods applied to the application contents of the encryption key are stored, wherein the data processing section acquires the utilization controlling information of a reproduction object content, extracts selection information of validity period information to be applied to the content, and decides whether or not content reproduction is to be permitted by comparison between the validity period information selected from within the block and current date information in accordance with the selection information.03-21-2013
20130061063Physical Digital Media Delivery - The inventions relate to the delivery, transfer of cement, and return of uniquely customized physical digital media. Digital content is specifically encrypted for use on a target player associated with a specific customer account. After use, the media is returned to a receiving location where use information is read from the media. Attention is given to cost of delivery, security of content, user experience in selecting, choosing, paying for, viewing or utilizing the content, and usage information created as a result of the content being utilized, rented, purchased, loaded or deleted.03-07-2013
20130061062DATA COPYRIGHT MANAGEMENT - A data copyright management apparatus for handling data copyrights, and data of digital cash and video conference system is provided. The data copyright management apparatus comprises a CPU, ROM, EEPROM, and RAM. The ROM, EEPROM, and RAM are connected to the CPU bus, and a system bus of a device which utilizes the data can be connected to the CPU bus. A data copyright management system program, cryptographic algorithm, and user information are stored in the ROM, and a first public-key, a first private-key, a second public-key, a second private-key, a first secret-key, a second secret-key, and copyright information are stored in the EEPROM. The data copyright management apparatus may be configured in the form of a monolithic or hybrid IC, a thin IC card, PC card, insertion board, and further, may be incorporated in a computer, television set, set-top box, digital video tape recorder, digital video disk recorder, digital audio tape apparatus, or personal digital assistants, and the like.03-07-2013
20090271638Storage system with an encryption function - To reduce the performance degradation of storage system, this invention provides a storage system comprising a disk drive and a disk controller. The disk controller provides a storage area of the disk drive to a host computer; executes a processing of switching an encryption key that is used to encrypt data stored in the logical volume from a first encryption key to a second encryption key; encrypts write data requested to be written with the second encryption key when the write request for one of storage areas within the logical volume that stores data for which switching of encryption keys has not been finished is received while the encryption key switching processing is being executed; and writes the encrypted write data in the logical volume to switch encryption keys for data stored in the storage area where the data is requested to be written by the received write request.10-29-2009
20120226917Data Content Checking - A data content checker arrangement for protecting communication between a sensitive computer system (09-06-2012
20090031146OBFUSCATED STATE STORE FOR RIGHTS MANAGEMENT SYSTEM AND THE LIKE - A state store having state information therein is stored on a computing device. Information at least nearly unique to the computing device is obtained, and a number of locations at which at least a portion of the state store is to be stored at is determined. Pseudo-random file names and corresponding paths are generated based at least in part on the obtained information, whereby the generated file names and corresponding paths are likewise at least nearly unique to the computing device, and the generated file names and path are paired to form the locations. Thereafter, the state store is stored according to the generated locations.01-29-2009
20090031145DATA PROCESSING APPARATUS, DATA PROCESSING SYSTEM, AND CONTROL METHOD THEREFOR - A data processing apparatus capable of using, without change, a password used at the time of backup as a password at the time of restoration to thereby realize backup and restoration which are high in security and user-friendliness. Upon being backed up into an external storage medium, data stored in a box in the data processing apparatus and protected by password information is encrypted with an encryption key generated based on the password information and is stored into the external storage medium. Upon restoration of the encrypted data from the external storage medium to a multifunction peripheral, password information input by a user is set as a new password, and the data decrypted with a decryption key generated based on the password information is protected with the new password.01-29-2009
20130067246Dynamic Trampoline and Structured Code Generation in a Signed Code Environment - A method and apparatus for performing a function based on an executable code in response to receiving a request including function parameters are described. The executable code may be validated when loaded in a memory according to a signature statically signed over the executable code. A data location in the memory for storing the function parameters may be determined according location settings included inside the executable code. A target code location for storing a copy of the executable code may be determined based on the location parameters and the determined data location. A function is performed by executing the executable code from the target code location referencing the stored function parameters.03-14-2013
20130067245SOFTWARE CRYPTOPROCESSOR - Security of information—both code and data—stored in a computer's system memory is provided by an agent loaded into and at run time resident in a CPU cache. Memory writes from the CPU are encrypted by the agent before writing and reads into the CPU are decrypted by the agent before they reach the CPU. The cache-resident agent also optionally validates the encrypted information stored in the system memory. Support for I/O devices and cache protection from unsafe DMA of the cache by devices is also provided.03-14-2013
20130067244Use of Media Storage Structure with Multiple Pieces of Content in a Content-Distribution System - A method for distributing content. The method distributes a single media storage structure to a device (e.g., a computer, portable player, etc.). The media storage structure includes first and second pieces of encrypted content. Based on whether the device is allowed to access the first piece of content, the second piece of content, or both, the method provides the device with a set of keys for decrypting the pieces of the content that the device is able to access. The provided set of keys might include one or more keys for decrypting only one of the two encrypted pieces of content. Alternatively, it might include one or more keys for decrypting both encrypted pieces of content. For instance, the selected set of keys might include a first key for decrypting the first encrypted piece and a second key for decrypting the second encrypted piece.03-14-2013
20130067243Secure Data Synchronization - Techniques for secure data synchronization are described. In one or more implementations, techniques may be employed to conserve high cost data storage by storing larger portions of encrypted data in low cost storage, while storing relatively smaller encryption keys in higher cost storage. A device that is granted access to the encryption keys can retrieve the encrypted data from the low cost storage and use the encryption keys to decrypt the encrypted data.03-14-2013
20130067242MANAGING SELF-ENCRYPTING DRIVES IN DECENTRALIZED ENVIRONMENTS - A self-encrypting drive allows finely grained control, i.e., the ability to create, protect, lock and unlock, of different volumes on the same drive. The different volumes enable multiple different operating systems to be booted, depending on the volume that is selected for booting.03-14-2013
20110022856Key Protectors Based On Public Keys - In accordance with one or more aspects, a key protector for a storage volume is created by generating an intermediate key and protecting, based at least in part on a public/private key pair, the intermediate key. A volume master key for encrypting and decrypting one or more volume encryption keys that are used to encrypt the storage volume can be encrypted in different manners, including being encrypted based at least in part on the intermediate key. A key protector for the storage volume is stored that includes both the encrypted volume master key and information indicating how to obtain the intermediate key. Subsequently, the key protector can be accessed and, based at least in part on a private key of the entity associated with the key protector, the intermediate key can be decrypted. The intermediate key can then be used to decrypt the volume master key.01-27-2011
20090240958SYSTEM AND METHOD FOR GENERATING A SECURE STATE INDICATOR ON A DISPLAY - A system and method for generating a security indicator on a display of a computing device (e.g. a mobile device), to indicate when the computing device is in a secure state while locked. A determination is made (e.g. by a data protection system) as to whether at least some of the secure data stored on the computing device can be decrypted by any applications on the computing device, while the computing device is in the locked state. An icon or other identifier can be displayed to indicate that the secure state has been attained. In one embodiment, the secure state is considered to have been attained, if it is determined that all tickets that have been issued to applications on the computing device while the computing device was unlocked have been released, and any decrypted encryption keys that may be used to decrypt the secure data have been deleted.09-24-2009
20090240954METHOD FOR SECURELY STORING A PROGRAMMABLE IDENTIFIER IN A COMMUNICATION STATION - Disclosed is a method for storing an identifier in a first station having a secure non-volatile data store protected by cryptographic data, an identifier flag for indicating that the identifier has been written to the secure data store, and an authenticated trust agent that prohibits writing of an identifier to the secure data store if the identifier flag is set. In the method, the identifier is written to the secure non-volatile data store, wherein the identifier written to the secure data store is encrypted using the cryptographic data. The identifier flag is irreversibly set after writing the identifier to the secure data store so that the trust agent prohibits another write of an identifier to the secure data store.09-24-2009
20090235092Transferring data values via a data bus or storing data values using a selectable representation - Data values being stored and transferred within a data processing system 09-17-2009
20090235091Computer system for indexing and storing sensitive, secured, information on a non-trusted computer storage array - Preservation of sensitive electronic data records in the face of either natural or man-made catastrophes has become important. In some fields, such as the medical and legal fields, current law requires that such data survive these events, and be available to authorized users in a timely fashion. This invention presents a method to protect sensitive data such that the systems used for preservation need be neither private nor secure. Data sets are replicated at multiple servers that can be geographically distant increasing the survivability of these records. Both the name and the contents of these files are private to the client, and are not available even to the operators of the disaster recovery system. By allowing the preserved data to be accessible on the public Internet, yet be undecipherable, the confidentiality and survival of such data is significantly improved. This preservation methodology minimizes the data to be sent by sending only new and changed files, and multiple geographic sites are supported.09-17-2009
20090019291BACKUP AND RESTORATION OF DRM SECURITY DATA - The present invention provides for a method of security data restoration for a user device for back-up purposes in which the said security data can be restored through the interaction of a first and at least a second portion of data, including the steps of storing the first portion of data on a storage medium remote from the device, writing the at least second portion of data to wireless storage means, and, when restoration is required, communicating the at least second portion of data from the wireless storage means to the said storage medium so as to allow for the interaction of the first and the at least second portion of data.01-15-2009
20130166923AUTOMATIC VIRTUALIZATION MEDIUM, AUTOMATIC VIRTUALIZATION METHOD, AND INFORMATION PROCESSING APPARATUS - A computer-readable recording medium having stored therein a program for causing a computer to execute an automatic virtualization process includes creating a copy of information stored in a storage unit in a migration source, storing the created copy in a migration destination apparatus; and encrypting the storage unit in the migration source after storing the copy in the migration destination apparatus.06-27-2013
20090013196Secure Processing Device, Method and Program - A secure processing device having a power saving mode, which is used for built-in apparatuses, calculates a hash value of secure data that needs to be saved when switching to the power saving mode, stores the calculated hash value in a protection storage unit whose data is not lost even in the power saving mode, encrypts the secure data and stores the encrypted data in an external memory when switching to the power saving mode. When switching back to the normal power mode, the secure processing device decrypts the encrypted data, calculates a hash value of the decrypted data and compares the hash value with the hash value stored in the protection storage unit. The decrypted data is restored to the protection storage unit when the hash values are identical, but discarded together with the encrypted data stored in the external memory when the hash values are not identical.01-08-2009
20090013195Data Storing Method, Data Playback Method, Data Recording Device, Data Playback Device, and Recording Medium - Provided is a method for performing high-speed search for a content key associated with encrypted content in the case of a key-separation-type content management method where content keys and their respective pieces of encrypted content are correlated by ID information and stored in different recording media. An external recording medium is used to store a plurality of content files that contain: their respective pieces of encrypted content that are encrypted with different encryption keys; and their respective content IDs, each being associated with a corresponding piece of the encryption content, and a semiconductor recording medium is used to store a list that contains: pieces of encryption key storage location information, each indicating where a corresponding one of the encryption keys is stored; and the content IDs, the list being sorted in accordance with the content IDs. When encrypted content is played back, the list is searched to find encryption key storage location information associated with a content ID that matches the content ID of the encrypted content, and the encryption key is read based on the encryption key storage location information.01-08-2009
20090013194TECHNIQUE FOR PROTECTING A DATABASE FROM AN ONGOING THREAT - A system for stopping an ongoing threat to a database is described. During operation, if an ongoing threat to the database is detected, the system modifies a threat-assessment condition. Then, the system selectively restricts access to one or more cryptographic keys for the database based on the threat-assessment condition. Next, the system selectively activates decryption of requested encrypted information based on the threat-assessment condition. Note that both the selective restriction of access to the one or more cryptographic keys and the selective activation of decryption can be used to stop the ongoing threat from accessing the encrypted information in the database.01-08-2009
20090006870METHOD, SYSTEM, AND APPARATUS FOR DYNAMIC DATA-DRIVEN PRIVACY POLICY PROTECTION AND DATA SHARING - A method of sharing telematics data for a vehicle with service providers can include receiving the telematics data for the vehicle, where the telematics data dynamically changes over time, and comparing the telematics data with a privacy policy associated with the vehicle. The privacy policy can specify rules for selectively releasing items of the telematics data to one or more service providers. Data items of the telematics data can be selectively provided to the service providers according to the comparing step.01-01-2009
20090006868Secure storage for digital rights management - Various embodiments utilize hardware-enforced boundaries to provide various aspects of digital rights management or DRM in an open computing environment. Against the backdrop of these hardware-enforced boundaries, DRM provisioning techniques are employed to provision such things as keys and DRM software code in a secure and robust way. Further, at least some embodiments utilize secure time provisioning techniques to provision time to the computing environment, as well as techniques that provide for robustly secure storage.01-01-2009
20090006867System, device and method for providing data availability for lost/stolen portable communication devices - A system, device and method for providing data availability for a portable communication device, including various combinations of the following steps: notifying an operator that the portable communication device is missing; triggering encryption of data on the portable communication device; sending a data retrieval command to the portable communication device; authenticating the data retrieval command; retrieving data from the portable communication device; identifying a portion of the data retrieved from the portable communication device that is confidential; encrypting the identified confidential data on the portable communication device; and erasing the identified confidential data from the portable communication device or recovering the portable communication device and decrypting the confidential data on the portable communication device.01-01-2009
20090006866STORAGE APPARATUS, MEMORY CARD ACCESSING APPARATUS AND METHOD OF READING/WRITING THE SAME - A storage apparatus having a non-volatile memory and a controller is provided, wherein the non-volatile memory includes a root directory area and a data area, and a password file is stored in the root directory area. The controller identifies a user by using a password in the password file, and the user can access the data area through an encryption/decryption unit of the controller only if the user passes the identification. By using the secured storage apparatus, the risk of the password and encrypted data being cracked is reduced. Accordingly, the protection over the data stored in the storage apparatus is enhanced.01-01-2009
20090006865Efficient Remotely-Keyed Symmetric Cryptography For Digital Rights Management - An efficient symmetrical-cryptographic method for using a fast but insecure host to perform encryption/decryption based on a secret key in a secure, but slow hardware token, such as a smartcard or similar device, without revealing the secret key to the host, and such that the ciphertext and plaintext are exactly the same size. The present method is suitable for use in Digital Rights Management and Software Rights Management applications which require precise interchangeability of ciphertext and plaintext in pre-allocated areas of data storage.01-01-2009
20130166922METHOD AND SYSTEM FOR FRAME BUFFER PROTECTION - When content, such as premium video or audio, is decoded, the content is stored in protected memory segments. Read access to the protected memory segments from a component not in a frame buffer protected (FBP) mode is blocked by a memory controller. The memory controller also blocks components in the FBP mode from writing to unprotected memory segments. The content may be processed by a processing engine operating in the FBP mode and may only be written back to protected memory segments. The memory segment may later be marked as unprotected if the memory segment is no longer needed. If the content is encrypted in protected memory, the encrypting key associated with the memory segment may be removed. If the content is stored in the clear, the protected memory segments are scrubbed before releasing the segments for use as unprotected memory segments.06-27-2013
20080313474SUPER ENCRYPTED STORAGE AND RETRIEVAL OF MEDIA PROGRAMS WITH SMARTCARD GENERATED KEYS - A method and apparatus for storing and retrieving program material for subsequent replay is disclosed. In summary, the present invention describes a system and method for storing and retrieving program material for subsequent replay. The method comprises the steps of accepting encrypted access control information and the program material encrypted according to a first encryption key, the access control information including a first encryption key and control data; decrypting the received access control information to produce the first encryption key; decrypting the program material using the first encryption key; re-encrypting the program material using according to a second encryption key; encrypting the second encryption key according to a third encryption key to produce a fourth encryption key; and providing the re-encrypted program material and a fourth encryption key for storage. The apparatus comprises a conditional access module, for accepting encrypted access control information and the program material encrypted according to a first encryption key, the encrypted access control information including the first encryption key and temporally-variant control data, the control access module comprising a first decryption module, for decrypting the access control information to produce the first encryption key; a first encryption module, for encrypting a second encryption key with a third encryption key to produce a fourth encryption key; and a second decryption module for decrypting the fourth encryption key to produce the second encryption key.12-18-2008
20080294914Trusted storage - In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and decrypting the encrypted content using the FDE key.11-27-2008
20080294913DISK ARRAY CONTROLLER, DISK ARRAY CONTROL METHOD AND STORAGE SYSTEM - Provided is a disk array controller capable of speeding up the processing by simultaneously execution the encryption/decryption of a non parallel block cipher modes of operation. In a disk array controller for controlling a disk array according to a disk access request from a host system, a plurality of non parallel mode encryption/decryption target data are divided into a plurality of messages unrelated to the encryption/decryption processing, partitioning non parallel mode encryption/decryption target data belonging to the respective messages into a plurality of block data, storing each block data belonging to the respective messages by allocating it each line of Rnd[11-27-2008
20080294912SEMICONDUCTOR MEMORY DEVICE - The present invention provides a semiconductor memory device capable of allocating scrambling data different every chip without the need for management and writing of seed data for scramble. If an authentication key inputted from a user to an authentication key register and a decision key set to a decision key register in advance coincide with each other, then read data RD read from a memory chip is outputted as data DT via a selector as it is. If they are found not to coincide with each other, then read data RD (scrambled data SRD) scrambled using, as seed data SD, position information on each defective memory cell, which is outputted from a fuse circuit, is selected by the selector, followed by being outputted as data DT.11-27-2008
20080294911Method and Apparatus for Secure Storing of Private Data on User Devices in Telecommunications Networks - A system for securely storing data is provided. The system includes a transformation component operable to scramble or encrypt the data, a dissection component operable to divide the data into a plurality of segments, and a storage component operable to store the plurality of segments in a plurality of memory locations. These components can operate various schemes identified by encoded identifiers and new schemes can be added to the system at any time. A user device can use a combination of a transformation scheme, a dissection scheme, and a storage scheme to protect stored private data at any point in time. The combination can be changed quickly by the user device autonomously or upon receiving an instruction to do so.11-27-2008
20110035604Dual-Interface Key Management - In one embodiment, a device includes a first interface, a second interface, a memory, and a processor coupled to the first and second interfaces and to the memory. The processor is configured to receive key-management information via the second interface, and to store the key-management information in a protected portion of the memory as stored key-management information. The processor is also configured to perform a challenge-response authentication interaction via the first interface. The challenge-response authentication interaction is based at least in part on the stored key-management information. The device is configured to prevent data in the protected portion of the memory from being modified in response to information received via the first interface.02-10-2011
20110035603Apparatus and Method for Securing Data on a Portable Storage Device - A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided.02-10-2011
20110035602DATA SCRAMBLING, DESCRAMBLING, AND DATA PROCESSING METHOD, AND CONTROLLER AND STORAGE SYSTEM USING THE SAME - A data scrambling method for scrambling raw data from a host system is provided. The data scrambling method includes generating a random number and storing the random number into a storage unit. The data scrambling method also includes receiving a user password from the host system, generating a padded value by using a first function unit based on the random number and the user password, and generating a nonce value by using a second function unit based on the padded value and a key. The data scrambling method further includes generating scrambled data corresponding to the raw data by using a third function unit based on the nonce value and the raw data. Accordingly, the raw data of the host system can be effectively protected.02-10-2011
20100268966Efficient and secure data storage utilizing a dispersed data storage system - A method of securely storing data to a dispersed data storage system is disclosed. A data segment is arranged along the columns or rows of an appropriately sized matrix. Data slices are then created based on either the columns or the rows so that no consecutive data is stored in a data slice. Each data slice is then stored in a separate storage node.10-21-2010
20080276101DIGITAL DATA RECORDING APPARATUS, DIGITAL DATA RECORDING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM - A data communication unit receives encrypted digital data via a network and records the digital data on a primary recording medium. The digital data, having been encrypted in different encryption methods according to the distributors, include attribute information indicating the encryption methods. The encryption method of the digital data is determined and the encrypted data is decrypted by an appropriate decryption unit. Identification information of a secondary recording medium or a playback apparatus is obtained according to whether the secondary recording medium is removable from the playback apparatus. A controller selects an encryption unit among a plurality of encryption units according to the obtained identification information. The selected encryption unit creates an encryption key according to the identification information and re-encrypts the digital data. A recording unit records the digital data on the secondary recording medium. An accounting unit charges according to accounting information in the attribute information.11-06-2008
20110302428METHOD, SYSTEM AND MEDIUM FOR ANALOG ENCRYPTION IN A FLASH MEMORY - A system and method for analog encryption and decryption, in which the encryption and encoding processes are interrelated, such that by failing to decrypt the retrieved data, decryption fails.12-08-2011
20120011375Multimedia Storage Systems and Methods - An article of manufacture includes a machine-readable medium that stores a multimedia content file in a first format and multiple program sets. Each program set is a version of software that, when executed by a respective electronic system, produces the multimedia content file in a second format for use in the respective electronic system. A first program set is compatible with a first operating system executed by a first electronic system and a second program set is compatible with a second operating system executed by a second electronic system. The second operating system is distinct from the first operating system.01-12-2012
20110296207Combinative encryption flash disk - A combinative encryption flash disk with two data disks and an encryption system at least for digital data encrypted and accessed via an operating system is characteristic of (1) Function of keeping digital data secret and safe; (2) Consumer's reduced cost and a specific plug-in sequence for a promoted secrecy function by two cascaded data disks at least plugged into a single port; (3) Plain interface and simple operation in favor of one user configuring and operating.12-01-2011
20100023781DATA PROCESSING APPARATUS, DATA STORAGE DEVICE, AND DATA PROCESSING METHOD THEREFOR - A supported encryption and authentication function is inquired of a memory card having a digital data encryption and authentication function. An encryption and authentication function to be applied to digital data is selected based on the inquiry result. The memory card is notified of the selection result, and digital data is transmitted to the memory card.01-28-2010
20090100273PREVENT DATA STORAGE DEVICE CIRCUITRY SWAP - A device comprises a data storage media storing data content and a digital signature. At least a portion of the digital signature is encrypted on the data storage media. The device also includes a removable control circuitry including a unique key. If the unique key corresponds to the encrypted portion of the digital signature, the removable control circuitry allows access to the data content. If the unique key does not correspond to the encrypted portion of the digital signature, the removable control circuitry prevents access to the data content. Embodiments of the invention may be useful to prevent a user from accessing the data content without the original control circuitry used to write the data content. For example, embodiments of the invention may prevent a user from using a different control circuitry that would readily allow unauthorized copying and distribution of the data content.04-16-2009
20090282265METHOD AND APPARATUS FOR PREVENTING ACCESS TO ENCRYPTED DATA IN A NODE - A method of preventing access of data in a node quickly and securely when the node is lost or stolen. The data is first encrypted using an encryption algorithm with a cryptographic key-material. Heuristic methods of detecting un-authorized access to the node are implemented to generate a theft-trigger. The theft-trigger is received and sent to a central authority. The validity of the trigger is verified and the central authority sends an acknowledgement of the trigger. When approval is given from the central authority, access to the data is prevented by deleting or concealing some cryptographic key-material.11-12-2009
20100023783SYSTEM AND METHOD OF DECRYPTING ENCRYPTED CONTENT - System and method of decrypting content. The content may be decrypted with decryption keys stored on a secured dongle. The dongle may be connect to a computer and used to decrypt the content for the computer, limiting the decryption-based processing demands on the computer. The computer may output the decrypted content to an output device for access by a user. The dongle may be single-use device pre-configured with a number of unchangeable keys and security measures.01-28-2010
20100169671CRYPTOPROCESSOR WITH IMPROVED DATA PROTECTION - The invention relates to an electronic circuit comprising: a first random-access data storage element, a processing module designed to delete the first storage element, and an access terminal which is connected to the processing module and receives a first power signal supplied by a first power source external to the electronic circuit. The circuit also includes a second random-access storage element in which a key is stored, said key being used to encrypt the data and a second power source which is built into the electronic circuit and supplies a second power signal to the processing module. The processing module is designed to detect an unauthorized access attempt by comparing the first and second power signals and to delete the key when the processing module is powered by the second power source.07-01-2010
20100169672ENCRYPTION PROGRAM OPERATION MANAGEMENT SYSTEM AND PROGRAM - According to one embodiment, an encryption program operation management system includes an encryption key table creation module which creates encryption keys and creates an encryption key table including encrypted versions of the encryption keys and items of plaintext index information for recognizing the encryption keys, and an installation package creation module which creates an installation package including an encryption program, the encryption key table, and an installation program for installing the encryption program into a computer. The installation program causes the computer to carry out an operation of selecting one of the encrypted versions of encryption keys and an operation of creating and storing encryption key information including the selected one of the encrypted versions of encryption key and one of the items of plaintext index information associated with the selected one of the encrypted versions of encryption keys.07-01-2010
20100169670SYSTEM AND METHOD FOR ENCRYPTING AND DECRYPTING DATA - A system for encrypting and decrypting data being transmitted between a data processing device and a storage device is provided. The system includes a password storing unit, an input unit, an authentication unit, a read unit, a key generator, an encrypting unit, and a decrypting unit. The password storing unit stores an initial password. The input unit is for receiving a current password. The authentication unit is for determining if the current password matches with the initial password. The read unit is for reading the initial password and an identification number of the system. The key generator is for generating an encrypting key and a decrypting key using the initial password and the identification number. If the current password matches with the initial password, the encrypting unit and the decrypting unit are operable to encrypt and decrypt the data using the encrypting key and the decrypting key correspondingly.07-01-2010
20100169668Obtaining backups using a portable storage device - A backup site and a client are coupled to a network and the backup site obtains backup data for the client using a portable storage device by providing a direct coupling between the portable storage device and the backup site. The portable storage device contains full backup data for the client. The direct coupling is separate from the network. Full backup data is uploaded from the portable storage device to the backup site via the direct coupling. At least one incremental backup, based on the prior full backup, is performed to transfer data from the client to the backup site through the network. The network may be the Internet. The direct coupling may be USB, Firewire, or eSATA. Only a subset of data corresponding to a backup dataset may be provided on the portable storage device. Data on the portable storage device may be encrypted.07-01-2010
20090282267PARTIAL SCRAMBLING TO REDUCE CORRELATION - Decorrelation is provided between data stored in respective pairs of adjacent memory cells in a plurality of bit lines of a flash memory. Each of the pairs of adjacent memory cells is located along a respective one of the bitlines and common to two adjacent wordlines. The decorrelation is achieved by storing scrambled data in at least one memory cell of each of the pairs of adjacent memory cells and storing unscrambled data in at least one memory cell of at least one of the pairs of adjacent memory cells.11-12-2009
20090187770Data Security Including Real-Time Key Generation - Methods for providing data security are described. A security device (07-23-2009
20100268967INFORMATION PROCESSING APPARATUS, AND METHOD AND COMPUTER PROGRAM PRODUCT FOR VERIFICATION - An information processing apparatus includes a main memory unit storing while on-power; an auxiliary storage unit functionable even off-power; a control unit performing hibernation of generating operating-state data indicating a state when the power is lost, storing the data in the auxiliary storage unit, and, when restored, reading the data from the auxiliary storage unit; and a security chip that including a configuration register, encrypts data, and storing the data in the auxiliary storage unit. The control unit includes: a first registration unit performing, when the data is generated, calculation based thereon to obtain a calculated value; a second registration unit performing, when the data is read from the auxiliary storage unit at the hibernation, calculation based on the data to obtain a calculated value to write it into the configuration register; and a verification unit performing verification at boot-up from the hibernation based on the value written.10-21-2010
20090150684ANTI-ATTACKING METHOD FOR PRIVATE KEY, CONTROLLER, STORAGE DEVICE AND COMPUTER READABLE RECORDING MEDIUM HAVING THE SAME - An anti-attacking method for a private key is provided. The method includes using a plurality of storage areas for storing the same security information. The method also includes selecting one of the storage areas as a currently-used storage area for accessing the security information and synchronously updating the security information stored in the other storage areas while updating the security information stored in the currently-used used storage area when generating a digital signature by using a signature rule and the private key. The method further includes selecting one of the other storage areas as the currently-used storage area for correctly accessing the security information when detecting an attack on the security information stored in the currently-used storage area during generation of the digital signature. Therefore, it is possible to prevent the attacker from stealing the private key.06-11-2009
20090150683Method and system for associating database content for security enhancement - A system and method for associating database content for security enhancement is provided, the method being applicable to a system comprising a computer configured to process a data management application and to store data in databases. According to one embodiment of the method according to the invention, the application uses an encryption key to encrypt data. The application stores the encrypted data in two or more databases. The databases may comprise a system database for storing encrypted user access data and one or more results databases for storing patient data. Databases may be stored locally, remotely, or both locally and remotely.06-11-2009
20080215897Security Containers for Document Components - Methods, systems, computer program products, and methods of doing business whereby document components are secured or controlled using “security containers” which encapsulate the components (and other component metadata). A “security container” encapsulates the component (i.e., content) that is to be controlled within a higher-level construct such as a compound document. The security container also contains rules for interacting with the encapsulated component, and one or more encryption keys usable for decrypting the component and rules for authorized requesters.09-04-2008
20080215896Issuing a Publisher Use License Off-Line in a Digital Rights Management (DRM) System - A publishing user publishes digital content and issues to itself a corresponding digital publisher license to allow itself to render the published digital content. The publishing user is supplied with a publishing certificate from a digital rights management (DRM) server, where the publishing certificate allows the publishing user to so publish the digital content and to so issue the publisher license.09-04-2008
20090150682Third Party Secured Storage for Web Services and Web Applications - A system and method for providing third party secure hosting of an application. The system and method includes providing a host system with a main memory and a third party secured memory, the third party secured memory storing third party information; encrypting the third party information stored on the third party secured memory upon access by a user, the encrypting being via a security key, the security key being held at a customer location; and, enabling access to the third party information only to users having the security key.06-11-2009
20090150681Secure Software Download - Software can be downloaded securely using a multi-encryption method, where the decryption is completed when the software is executed. In one aspect, a multi-encrypted data item is received. One or more of the encryptions on the multi-encrypted data item is decrypted, yielding a partially decrypted data item. The partially decrypted data item is stored in a reserved portion of a storage medium. The partially decrypted data item is fetched from the storage medium and decrypted to yield the data item. The decryption can be performed using one or more circuits that implement multiple decryption processes, including multiple algorithm-key combinations.06-11-2009
20110208978METHODS, APPARATUSES, AND PRODUCTS FOR A SECURE CIRCUIT - Methods, systems, apparatuses and products are disclosed for providing security circuits. Exemplary embodiments including semiconductor chips on circuit boards are shown, together with application in a movie stick/movie player pair.08-25-2011
20100088529Data-Mover Controller With Plural Registers For Supporting Ciphering Operations - A data processing system ciphers and transfers data between a first memory unit and a second memory unit, such as, for example, between a share memory architecture (SMA) static random access memory (SRAM) and a double data rate (DDR) synchronous dynamic random access memory (SDRAM). The system includes a ciphering engine and a data-mover controller. The data-mover controller includes at least one register having a field that specifies whether or not the transferred data should be ciphered. If the field specifies that the transferred data should be ciphered, the field also specifies the type of ciphering that is to be performed, such as a third generation partnership project (3GPP) standardized confidentially cipher algorithm “f8” or integrity cipher algorithm “f9”.04-08-2010
20100088528METHOD AND APPARATUS FOR TAMPER-PROOF WIRTE-ONCE-READ-MANY COMPUTER STORAGE - Disclosed is a method for storing digital information for storage in an adversarial setting in which trusted hardware enforces digital information compliance with data storage mandates. Secure storage overhead is minimized by identifying sparsely accessing the trusted hardware based on data retention cycles. Data retention assurances are provided for information stored by a Write-Once Read-Many (WORM) storage system.04-08-2010
20100088525EXTERNAL ENCRYPTION AND RECOVERY MANAGEMENT WITH HARDWARE ENCRYPTED STORAGE DEVICES - Hardware encrypting storage devices can provide for hardware encryption of data being written to the storage media of such storage devices, and hardware decryption of data being read from that storage media. To utilize existing key management resources, which can be more flexible and accommodating, mechanisms for storing keys protected by the existing resources, but not the hardware encryption of the storage device, can be developed. Dedicated partitions that do not have corresponding encryption bands can be utilized to store keys in a non-hardware-encrypted manner. Likewise, partitions can be defined larger than their associated encryption bands, leaving room near the beginning and end for non-hardware encrypted storage. Or a separate bit can be used to individually specify which data should be hardware encrypted. Additionally automated processes can maintain synchronization between a partition table of the computing device and a band table of the hardware encrypting storage device.04-08-2010
20110219242METHOD AND SYSTEM FOR MANAGING SECURE CODE LOADING IN PC-SLAVE DEVICES - A secure processor in a PC-slave device may manage secure loading of execution code and/or data, which may be stored, in encrypted form, in a PC hard-drive. The secure processor may cause decryption of the execution code and/or data by the PC-slave device, and storage of the decrypted execution code and/or data in a restricted portion of a memory that is dedicated for use by the PC-slave device, with the restricted portion of the dedicated memory being only accessible by the PC-slave device. The secure processor may validate decrypted execution code and/or data. The secure processor may block operations of a main processor in the PC-slave device during secure loading of execution code and/or data, and may discontinue that blocking after validating the decrypted execution code and/or data. The secure processor may store encryption keys that are utilized during decryption of the encrypted execution code and/or data.09-08-2011
20110219241ENCRYPTION PROGRAM OPERATION MANAGEMENT SYSTEM AND PROGRAM - According to one embodiment, an encryption program operation management system includes an encryption key table creation module which creates encryption keys and creates an encryption key table including encrypted versions of the encryption keys and items of plaintext index information for recognizing the encryption keys, and an installation package creation module which creates an installation package including an encryption program, the encryption key table, and an installation program for installing the encryption program into a computer. The installation program causes the computer to carry out an operation of selecting one of the encrypted versions of encryption keys and an operation of creating and storing encryption key information including the selected one of the encrypted versions of encryption key and one of the items of plaintext index information associated with the selected one of the encrypted versions of encryption keys.09-08-2011
20100083006MEMORY CONTROLLER, NONVOLATILE MEMORY DEVICE, NONVOLATILE MEMORY SYSTEM, AND ACCESS DEVICE - A memory controller receives an application identifier for identifying an application from an outside, an application, reference data to be referenced by the application, and a signature for the application and writes the application and the reference data. After receiving the application identifier from the outside, the memory controller accesses memory means which manages the application identifier and the application management state and reads out the management state of the target application. According to the management state, necessary data is decided. Since the judgment result is informed to the outside, there is no need of receiving applications more than necessary and it is possible to reduce the load on the signature process and the application reception process.04-01-2010
20100088526System and Method for Modular Exponentiation - To calculate the equation y=x04-08-2010
20100083004Managing Associations Between Keys And Values - Provided are, among other things, systems, methods and techniques for managing associations between keys and values within a computer processing system. In one exemplary implementation, requests to store associations between keys and data values corresponding to the keys are input, and the associations are stored in entry nodes within a data structure represented as a hash-based directed acyclic graph (HDAG). Upon receipt of a data value request and accompanying request key, together with satisfaction of any additional access criterion, a return data value corresponding to the request key automatically is provided, the return data value having been generated based on at least one of the associations that involve the request key.04-01-2010
20100083003METHOD AND APPARATUS FOR NON-REDUNDANT ENCRYPTED STORAGE - For secure non-redundant storage of data, to store a data blocklet (sub-block), one takes a hash of each blocklet. The hash value is used as a key to encrypt the blocklet data. The key is then hashed to encrypt it and the hashed key used in the blocklet index to identify the blocklet. The blocklet index entry also conventionally includes the address of that encrypted blocklet. Unless one has a file representation which is a vector of the hash values, one cannot obtain direct information about the original blocklet from the blocklet index or the blocklet storage. To retrieve data, each original blocklet hash is hashed again to generate the index entry. Once the encrypted blocklet is located via the index, the same key (original hash) is used to decrypt the blocklet back to its original form and a file is assembled as a sequence of its blocklets.04-01-2010
20110173459BIOS LOCK ENCODE/DECODE DRIVER - Systems and methods for preventing the unauthorized access to data stored on removable media, such as software, include storing a predetermined signature in the area of non-volatile memory in a computer system. Upon initialization of the computer system, a check is made to verify the signature. Only if the signature is verified will decoding software operate.07-14-2011
20120290851METHOD AND COMPUTER PROGRAM FOR SECURELY STORING DATA - A method of securely storing data comprising the steps of: dividing the data into a plurality of secure components; encrypting the secure components; moving each secure component to a different location which is substantially inaccessible to an unauthorized request; storing the secure components at the different locations for a period of time; repeating the moving and storing steps; moving all of the secure components to a single location in response to an authorized request; decrypting each of the secure components; and assembling the plurality of secure components to reconstruct the original data.11-15-2012
20100088527MEMORY PROTECTION SYSTEM AND METHOD - A memory protection method is provided with a user input key: The user input key is compared with an internal private key in a memory security circuit having an integral connection with a solid-state memory for controlling data flow therefrom.04-08-2010
20090222675TAMPER RESISTANT MEMORY PROTECTION - Various mechanisms are disclosed for protecting the security of memory in a computing environment. A security layer can have an encryption layer and a hashing layer that can dynamically encrypt and then dynamically hash sensitive information, as it is being loaded to dynamic memory of a computing device. For example, a memory unit that can correspond to a memory page can be processed by the security layer, and header data, code, and protect-worthy data can be secured, while other non-sensitive data can be left alone. Once such information is secured and stored in dynamic memory, it can be accessed at a later time by a processor and unencrypted and hash checked. Then, it can be loaded back onto the dynamic memory, thereby preventing direct memory access attacks.09-03-2009
20090089593Recording system, information processing apparatus, storage apparatus, recording method, and program - Disclosed herein is a recording system including a storage apparatus incorporating a storage medium, and an information processing apparatus which is connectable to the storage apparatus and which holds a content to be recorded to the storage apparatus.04-02-2009
20090089592INFORMATION PROCESSING DEVICE, LOG MANAGEMENT APPARATUS, AND LOG MANAGEMENT PROGRAM PRODUCT - Technology is provided, which allows to easily find tampering of event logs created by an information processing device and transmitted to a log management apparatus, without increasing communication load. A printer (i.e. information processing device) creates a hash value from the event log of an event every time the event occurs. The printer generates a digital signature by encrypting the hash value with its own private key. The printer transmits the signature-bound event log obtained by binding the digital signature with the event log to a server (i.e. log management apparatus). The server decrypts the hash value from the event log of the received signature-bound log information using a device public key. The server also generates a new hash value from the event log. The server verifies the coincidence of the decrypted hash value and the new hash value, and authenticates signature-bound event logs for which this coincidence has been verified. The server stores signature-bound event logs that have been authenticated. Every time an event occurs, the printer transmits an event log bound with a digital signature that is created using its private key. Only signature-bound event logs are communicated between the printer and the server. Event log tampering can easily be discovered from the signature-bound event logs. Thus, tampering of event logs can easily be discovered without increasing the communication load between the printer and server.04-02-2009
20090138730Methods and Systems For Providing A Secure Electronic Mailbox - A secure electronic mailbox is provided to a customer having an electronic account. The electronic account links the secure electronic mailbox to a physical address of the customer. The customer can send and receive secure and non-secure messages via the secure electronic mailbox. The customer can also access electronic services such as electronic bill presentment and payment using the secure electronic mailbox.05-28-2009
20090287941INFORMATION PROCESSING APPARATUS, CONTROL METHOD THEREFOR, AND STORAGE MEDIUM - An information processing apparatus which makes it possible to store encrypted data of packets in a decrypted state, and improve the efficiency of data analysis. A network interface receives encrypted data which has been encrypted, and data which has not been encrypted, from a network. A HDD stores received data. A IPSec module is operable when an item of the received is an item of the encrypted data, to decrypt the item of the encrypted data. A packet acquisition sub application searches the data stored in HDD for an item of the encrypted data corresponding to an decrypted item of data. The packet acquisition sub application updates the item of the received encrypted data based on the decrypted item of the data.11-19-2009
20080282096SYSTEM AND METHOD FOR ORDER-PRESERVING ENCRYPTION FOR NUMERIC DATA - A system, method, and computer program product to automatically eliminate the distribution information available for reconstruction from a disguised dataset. The invention flattens input numerical values into a substantially uniformly distributed dataset, then maps the uniformly distributed dataset into equivalent data in a target distribution. The invention allows the incremental encryption of new values in an encrypted database while leaving existing encrypted values unchanged. The flattening comprises (1) partitioning, (2) mapping, and (3) saving auxiliary information about the data processing, which is encrypted and not updated. The partitioning is MDL based, and includes a growth phase for dividing a space into fine partitions and a prune phase for merging some partitions together.11-13-2008
20080282094Optical storage media and the corresponding cryptography for data encryption thereof - Based on the demand of developing a data encryption technique for the optical storage media, the present invention discloses a cryptography for data encryption based on a design of specific hardware conditions, so as to achieve the security requirements for the encrypted digital data stored in the optical storage media and the design requirements for the security issues on the optical storage media for software vendors in the current market.11-13-2008
20090089590MERGING EXTERNAL NVRAM WITH FULL DISK ENCRYPTION - Methods and arrangements for managing a flash drive, hard disk, or connection between the two, in a manner to ensure that sensitive data is not decrypted at any time when it would be vulnerable. Accordingly, in a first implementation, the data may preferably be encrypted as it first goes into a flash drive and decrypted when it comes out of the flash drive. In another implementation, the flash drive may be logically bound to the hard disk, so that they would both use the same encryption key. In yet another implementation, if a hard disk is moved to another system, then the flash drive may also preferably be simultaneously moved.04-02-2009
20090089591Data security in a disconnected environment - Systems and methods are provided for the detection and prevention of intrusions in data at rest systems such as file systems and web servers. The systems and methods regulate access to sensitive data with minimal dependency on a communications network. Data access is quantitatively limited to minimize the data breaches resulting from, e.g., a stolen laptop or hard drive.04-02-2009
20120144210ATTRIBUTE-BASED ACCESS-CONTROLLED DATA-STORAGE SYSTEM - The current application is directed to computationally efficient attribute-based access control that can be used to secure access to stored information in a variety of different types of computational systems. Many of the currently disclosed computationally efficient implementations of attribute-based access control employ hybrid encryption methodologies in which both an attribute-based encryption or a similar, newly-disclosed policy-encryption method as well as a hierarchical-key-derivation method are used to encrypt payload keys that are employed, in turn, to encrypt data that is stored into, and retrieved from, various different types of computational data-storage systems.06-07-2012
20120297204Security Architecture For Using Host Memory in the Design of A Secure Element - Embodiments of a security architecture for securely storing applications, such as Near Field Communication (NFC) applications, in host memory of a mobile device are provided. The mobile device includes a host application processor, a non-volatile memory, a NFC controller, and an embedded Secure Element (eSE). The eSE is configured to encrypt code and state data associated with a NFC application; store the code and the state data, after having been encrypted, in the non-volatile memory as a binary large object (blob); load the blob from the non-volatile memory in response to an action performed by the host application processor or the NFC controller; decrypt and authenticate the code and the state data; and execute the code to exchange data with a contactless communication device via the NFC controller. The non-volatile memory is external to the eSE.11-22-2012
20080209232Method and Device for Controlling Access to Encrypted Data - The invention concerns a method for controlling access to encrypted data by control words (CW), said control words being received by a security module in control messages (ECM) and returned to a unit operating on (STB) the encrypted data. The method includes the following steps: receiving a first control message (ECM) comprising at least one control word (CW) and a time stamp (TS), receiving a second control message (ECM08-28-2008
20100281275METHOD OF RECORDING CONTENT ON DISC, METHOD OF PROVIDING TITLE KEY, APPARATUS FOR RECORDING CONTENT ON DISC, AND CONTENT PROVIDING SERVER - Provided are a method of recording content, a method of providing a title key, an apparatus for recording content, and a content providing server, which can prevent unauthorized users from recording the title key on a plurality of discs. The method of recording content downloaded from a network includes: receiving a title key, which is encrypted with a disc key of a disc on which content is to be recorded in a recording apparatus, from a server; and recording the received title key and the content on the disc.11-04-2010
20100138672RAID CONTROLLER, STORAGE CONTROL DEVICE, AND STORAGE CONTROL METHOD - A RAID controller selecting a plurality of storages forming RAID includes a data input part having a plurality of data input terminals; a control signal input part having a control signal input terminal to which a control signal related to path setting is inputted; a data output part having a plurality of data output terminals; and a path selection part connecting a data input terminal selected from among the plurality of data input terminals with a data output terminal selected from among the plurality of data output terminals based on the control signal when the control signal is inputted to the control signal input terminal.06-03-2010
20110173460INFORMATION PROCESSING DEVICE, METHOD, PROGRAM, AND INTEGRATED CIRCUIT - The aim is to provide high-speed data synchronization. To achieve the aim, in data synchronization using a plurality of key databases with respect to same data pieces, a key for one key database, which has been determined in advance, is used for updating the data piece managed under the other key database. This reduces the number of key decryption operations. A key management software 07-14-2011
20110173458Secure portable data storage device - A portable memory device for use with a host device includes an array of non-volatile memory and a memory controller for performing memory access operations. A processor issues an authorization challenge to a host device prior to enabling external access to the memory. Upon receipt of a valid authorization from the host device, access is enabled. In one embodiment, the processor preconditions at least one signal in the interface between the host device and the memory controller. The preconditioning results in a desynchronization of synchronized signals applied at the memory device interface, thereby interfering with proper operation of the memory device. Attempts to access the memory device prior to authorization lead to intentional corruption of data stored in the memory.07-14-2011
20100281274System and Method for Executing Code Securely in General Purpose Computer - The various embodiments of the invention provide a method for executing code securely in a general purpose computer. According to one embodiment, a code is downloaded into a cache memory of a computer in which the code is to be executed. The code downloaded into the cache memory is encrypted in the cache memory. Then the encrypted code in the cache memory is decrypted using a decryption algorithm to obtain the decrypted code. The decrypted code is executed in the cache to generate a result. The decrypted code is destroyed in the cache memory after the forwarding the result to a user.11-04-2010
20100299539ENCRYPTION BASED STORAGE LOCK - In one embodiment an encryption based storage lock comprises at least one storage media, at least one processor, at least one drive controller, and logic to; store at least a first encryption key in a persistent memory location, establish a logical association between the first encryption key and a first drive, receive a write operation in a drive controller, wherein the write operation is associated with the first drive in the network attached storage device, encrypt data associated with the write operation using the first encryption key, and store the encrypted data in the first drive in the network attached storage device.11-25-2010
20090119518Server-Implemented System And Method For Providing Private Inference Control - A server system maintains records and their associated attributes in a secure database. A plurality of queries generated by encrypting indices identifying a records and their associated attributes, by homomorphic encryption is received from a client system. A secret key is generated at a certain query count and is divided into randomly generated key shares. A key share sequence is homomorphically encrypted. A table is formed by encrypting the indices, secret key and attributes. Query responses, which each comprise the attributes for each of the records of the table of entries are provided. The key shares are decrypted sufficient to recover the secret key subject to a non-inference enabling query.05-07-2009
20100146302Microcontroller and Method for Starting an Application Program on a Microcontroller - A microcontroller comprises a microprocessor (06-10-2010
20100005319HARDWARE PROTECTION FOR ENCRYPTED STRINGS AND PROTECTION OF SECURITY PARAMETERS - In one embodiment, a disk drive is provided that is adapted for security authentication. The disk drive includes: a non-volatile memory storing object code; a processor for retrieving the stored object code; a decryption engine for decrypting a retrieved shared secret from the object code; and a first memory for storing the decrypted retrieved shared secret; wherein the processor is configured to overwrite the written decrypted retrieved shared secret after it has been used in an authentication procedure.01-07-2010
20100005317Securing temporary data stored in non-volatile memory using volatile memory - Temporary digital data received for storage in non-volatile memory are encoded using a key stored in volatile memory. The encoded digital data are then stored in the non-volatile memory. As long as there has been no interruption of supply of power to the volatile memory, the key is available enabling decoding of the encoded digital data stored in the non-volatile memory. Upon interruption of supply of power to the volatile memory the key is erased. Absent the key, access to the encoded digital data stored in the non-volatile memory is prevented.01-07-2010
20090006869Techniques for synchronizing and archive-versioning of encrypted files - Techniques are presented for synchronizing and archive-versioning encrypted files. Blocks of encrypted data are managed and metadata is maintained for the blocks. The metadata identifies a maximum number of blocks and an index or parameter string. The string includes transaction identifiers and relative block numbers. The metadata is used as parameter information to a hash algorithm along with a hash key to acquire a unique initialization vector for each block. Each initialization vector when supplied to a cipher service along with a particular block of data produces an encrypted version of the data supplied or supplies a decrypted version of the data supplied. The techniques are also applied to files being archived and versioned from a storage volume.01-01-2009
20090063871Method and device for managing proprietary data format content - The invention provides a method for generating a protected data object from an original content by means of digital rights management (DRM) protection techniques, wherein said original content has a proprietary data format. Further, a method for providing a proprietary data format content included in a protected data object having a MIME-type field is proposed, wherein said protected data object is generated by means of digital rights management (DRM) techniques.03-05-2009
20080288788Digital Rights Management Metafile, Management Protocol and Applications Thereof - Methods, systems and computer program products to create and manage encapsulated Digital Rights Management (DRM) metafiles, also referred to as objects, are provided herein. Each object comprises a file header section, an encrypted webpage metadata section, an encrypted preferences section, an encrypted tracking section, an encrypted license section, a media file section and an encrypted file trailer section. Each section comprises multiple attributes. A metabase is provided herein to catalog objects, sections and attributes. Instructions are provided herein to allow for setting a current object, section or attribute; retrieving an object, section or attribute; and enumerating objects, sections and attributes in a device memory.11-20-2008
20120297206Securing Encrypted Virtual Hard Disks - Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.11-22-2012
20100211803Multi-Valued Scrambling and Descrambling of Digital Data on Optical Disks and Other Storage Media - Method and apparatus for writing scrambled multi-value data to a physical media and for reading scrambled multi-value data from a physical media, are disclosed. The physical media can be an optical disk. The scrambling can be performed by a multi-valued LFSR scrambler and the descrambling can be performed by a multi-valued LFSR descrambler. Further, the multi-valued data that is scrambled can include synchronization data and/or user data. Error correction coding can be used during the writing process and processing to correct for errors can be used during the reading process. Also, methods and apparatus for synchronizing multi-valued data written to and read from physical media are disclosed. Multi-value correlation methods and apparatus are also disclosed.08-19-2010
20080235521METHOD AND ENCRYPTION TOOL FOR SECURING ELECTRONIC DATA STORAGE DEVICES - The present invention relates to a method and an encryption tool for securing electronic data storage devices. The method and encryption tool of the present invention install a file system on the electronic data storage device. Then, an input module of the encryption tool receives a user password. A key cryptography unit generates, from the user password, at least one key. A storage module stores the at least one key on the electronic data storage device. All data that is to be stored on the electronic data storage devices is encrypted using one of the at least one key. In accordance with some embodiments of the invention, the electronic data storage device is further filled with insignificant data.09-25-2008
20120297205Secure User/Host Authentication - A portable storage device has a storage peripheral interface connecting to a computer. An encrypted data storage is available to the computer connected to the interface. The encrypted data storage includes a first part accessible after an authentication. A controller has a first operation mode performing encryption and decryption of data of the first part after the authentication of a first combined credential. The encryption and the decryption rely on a cipher key derived from a second combined credential. The first combined credential and the second combined credential are derived from at least a computer signature of the computer connected to the interface and a user credential of a user of the computer connected to the portable storage device.11-22-2012
20080320318METHOD AND APPARATUS FOR DATA ENCRYPTION AND DECRYPTION - A method is provided for encrypting data to be stored in a data storage medium. The method includes encrypting the data using a special key associated with the electronic device. One example of the special key is a barcode of the electronic device. The encrypted data then is stored in the data storage medium. When the data stored in the data storage medium is decrypted, only the electronic device has the special key i.e., the barcode, can reproduce the encrypted data. When the data storage medium is lost or stolen, the encrypted data cannot be decrypted by another electronic device because the barcode of current electronic device is different from the original electronic device. Therefore, the encrypted data stored in the data storage medium is prevented from being read out by other electronic devices.12-25-2008
20080263370Cryptographic Role-Based Access Control - A hierarchical tree structure is used to facilitate the communication of encrypted keys to particular users having access to the tree. All users are in communication with a root node, but the information content of the material at the root node is decipherable only by the intended users of this information. Protected data is encrypted using a variety of data-keys specific to the data. These data-keys are encrypted using a combination of node-keys that are specific to particular users or groups of users. Users having access to the node-key associated with a particular encrypted data-key are able to decipher the data associated with the data-key; users without access to the particular node-key are unable to decrypt the data-key, and thus unable to decipher the data. The hierarchical tree is preferably structured based on a similarity of access rights among users, to minimize the overhead associated with providing user-specific access rights.10-23-2008
20080288787Export control for a GNSS receiver - Embodiments of the present invention recite a method and system for implementing export control for a Global Navigation Satellite System (GNSS) receiver. In one embodiment, a GNSS receiver is used to determine the geographic position of an electronic device. It is then determined that the geographic region corresponds to an exclusion zone. In response to determining that the geographic region corresponds to the exclusion zone, accessing data from the electronic device is prevented.11-20-2008
20080244277Secure data parser method and system - The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.10-02-2008
20080263367DIGITAL CONTENT PROTECTION SYSTEM - The media inherent key storing unit 10-23-2008
20110271121DATA PROCESSING APPARATUS, DATA PROCESSING SYSTEM, AND METHOD FOR CONTROLLING THE SAME - A data processing apparatus acquires content, generates an encryption key by using an initial value written in an unwritten memory block in a write-once recording medium, encrypts the content by using the encryption key, and writes to the write-once recording medium the encrypted content and an address table for identifying the memory block storing the initial value used for generating the encryption key.11-03-2011
20080276102Data Protection Systems and Methods - Systems and methods are provided for protecting electronic content from the time it is packaged through the time it is experienced by an end user. Protection against content misuse is accomplished using a combination of encryption, watermark screening, detection of invalid content processing software and hardware, and/or detection of invalid content flows. Encryption protects the secrecy of content while it is being transferred or stored. Watermark screening protects against the unauthorized use of content. Watermark screening is provided by invoking a filter module to examine content for the presence of a watermark before the content is delivered to output hardware or software. The filter module is operable to prevent delivery of the content to the output hardware or software if it detects a predefined protection mark. Invalid content processing software is detected by a monitoring mechanism that validates the software involved in processing protected electronic content. Invalid content flows can be detected by scanning the information passed across system interfaces for the attempted transfer of bit patterns that were released from an application and/or a piece of content management software.11-06-2008
20100138673Method for Secure Storage and Delivery of Media Content - The memory device contains control structures that allow media content to be stored securely and distributed in a manner envisioned by the content owner, or service providers involved in the distribution. A wide variety of different avenues become available for distributing media content using such memory devices, such as where the devices contain one or more of the following: abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content. The memory device has a type of control structures that enable a service provider (who can also be the content owner) to create a secure environment for media content distribution where end users and terminals register with the service provider, and gain access to the content in a manner controlled by the service provider. The various components to be loaded (e.g. abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content) may be generated and loaded in a secure and efficient manner.06-03-2010
20120144209METHODS FOR PROCESS KEY ROLLOVER/RE-ENCRYPTION AND SYSTEMS THEREOF - A method according to one embodiment includes defining a new encryption band with a length that is consistent with a redundant array of inexpensive disks (RAID) parity strip; freeing a working extent in a working stride on the RAID. In an iterative process until each stride in a source band is depleted of data: marking a source extent in a source stride from which to gather data to be re-encrypted; marking parity inconsistent in the working stride in the new encryption band; performing a second iterative process; and freeing the working extent. The second iterative process is performed until each extent in a source stride is depleted of data. Additional systems, methods and computer program products are also presented.06-07-2012
20100005318Process for securing data in a storage unit - The invention is a process for securing data in a storage unit using public and private key encryption and symmetrical encryption techniques by a owner of the data for use by multiple users. The process including the steps of: 1) encrypting the data; 2) attaching encrypted meta data to the encrypted data providing access at a selected level to the data by each of the multiple users, the access level to each of the multiple users being the ability to read and change the data, or the ability to only read the data, or no access to the data; 3) storing the encrypted data and meta data in the storage unit; and 4) providing each of the multiple users with de-encryption means such that the encrypted data can be de-encrypted at the selected level granted to each of the multiple users.01-07-2010
20080270807Method for Selective Encryption Within Documents - The present invention allows the user (author or creator) of a document to specify that certain portions of a document be selected for encryption while other portions of the document remain displayed as created. In addition, each encrypted section could have multiple encryption keys such that some viewers can review certain parts of the document while other viewers will not have that same access. The user could employ a standard word processing editor technique to highlight (or swipe) portions of a document that the user desires to be encrypted. The highlighted portion would then be tagged with a surrounding attribute indicating to the word processor that this highlighted portion of the document is to be encrypted. The highlighted sections would also have encryption keys associated with the highlighted and encrypted section. Any one of the encryption keys for that section would decrypt that section. With proper authorization, any encrypted portion of a document would be displayed as part of the document. Without proper authorization, the display of the document would only contain the unencrypted portions of the document.10-30-2008
20100146301PRIVACY PROTECTION SYSTEM - Novel system and methodology for protecting privacy of a computer device's user. A privacy protection device interacts with the computer device to enable the user to operate in multiple private modes. The system involves a data storage coupled to the privacy protection device, via a secure link, such as a Secure Sockets Layer (SSL) tunnel that provides an encryption protocol. The data storage is divided into multiple storage sections corresponding to the multiple private modes. Each section is configured for storing encrypted data supporting a particular private mode. The privacy protection device enables the user to set a selected private mode and runs software applications that use the data from the storage section corresponding to the selected mode.06-10-2010
20110208979Method and Apparatus for Implementing Secure and Selectively Deniable File Storage - The invention concerns a method for writing data to a memory device arrangement comprising a first and a second memory device in which the first memory device comprises data blocks numbered with block numbers and the second memory device comprises at least one reference calculated from a data block digest and its physical block number. The invention is characterized in that it comprises the following steps: calculating the digest from at least part of the data block content, receiving at least one physical block number, to which the data block contents in the first memory device is stored, encrypting the data block content, storing the data block content to the first memory device to the position pointed by the physical block number, and storing or issuing a command to save the digest, or a number derived from it, and at least one said physical block number to the second memory device. Also a system, a computer program and server computer in accordance to the invention are presented.08-25-2011
20090083547CONFIDENTIAL INFORMATION PROCESSING HOST DEVICE AND CONFIDENTIAL INFORMATION PROCESSING METHOD - In the case where a target device stores: m keys {Ka03-26-2009
20090183009DATA PROCESSING SYSTEM, METHOD FOR EXECUTING A CRYPTOGRAPHIC ALGORITHM AND METHOD FOR PREPARING EXECUTION OF A CRYPTOGRAPHIC ALGORITHM - A data processing system including a memory configured to store confidential data and non-confidential data; a cache memory which is configured to cache data stored in the memory and which comprises a first cache memory region and a second cache memory region; a processing circuit configured to carry out, in a first state of the data processing system, a cryptographic algorithm which operates on the confidential data and on the non-confidential data, wherein the confidential data are cached using the first cache memory region and the non-confidential data are cached using the second cache memory region; and an invalidating circuit configured to invalidate the first cache memory region when the data processing system switches from the first state into a second state.07-16-2009
20090083548SECURE DATABASE ACCESS THROUGH PARTIAL ENCRYPTION - The present invention generally is directed to systems, methods, and articles of manufacture for securing sensitive information involved in database transactions. Embodiments of the present invention selectively encrypt only portions of transactions involving sensitive data, thereby reducing or eliminating the processing overhead resulting from wastefully encrypting non-sensitive data. The sensitive data may be identified by a document. The document may be accessed by a requesting entity to determine which portions of a query should be encrypted prior to sending the query to a database server over a network. The document may also be accessed by a database server to determine which portions of query results should be encrypted prior to sending the query results to the requesting entity over the network.03-26-2009
20090138727Challenge And Response Access Control Providing Data Security In Data Storage Devices - Techniques for securing data stored on a data storage device are provided. The data storage device encrypts the data using a bulk encryption key and stores the bulk encryption key in non-volatile memory in an encrypted format. The data storage device generates a challenge and response pair, wraps a secret key with the response to generate a wrapped secret key, and stores the challenge and the wrapped secret key in the non-volatile memory. The data storage device authenticates a host by reading the challenge and the wrapped secret key from the non-volatile memory, erasing the challenge and the wrapped secret key from the non-volatile memory, sending the challenge to the host, receiving the response from the host, and unwrapping the wrapped secret key using the response from the host to regenerate the secret key.05-28-2009
20090177894SYSTEMS AND METHODS FOR SECURING DATA USING MULTI-FACTOR OR KEYED DISPERSAL - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. A keyed information dispersal algorithm (keyed IDA) may also be used. The key for the keyed IDA may additionally be protected by an external workgroup key, resulting in a multi-factor secret sharing scheme.07-09-2009
20090144564DATA ENCRYPTION INTERFACE FOR REDUCING ENCRYPT LATENCY IMPACT ON STANDARD TRAFFIC - Methods and apparatus that may be utilized in systems to reduce the impact of latency associated with encrypting data on non-encrypted data are provided. Secure and non-secure data may be routed independently. Thus, non-secure data may be forwarded on (e.g., to targeted write buffers), without waiting for previously sent secure data to be encrypted. As a result, non-secure data may be made available for subsequent processing much earlier than in conventional systems utilizing a common data path for both secure and non-secure data.06-04-2009
20090138728Program update method and server - A system including a secure LSI 05-28-2009
20120198244HARDWARE-BASED KEY GENERATION AND RECOVERY - A system and method of recovering encoded information contained in a device by storing and retrieving at least part of the necessary decoding data by setting and measuring the physical characteristics of the device. Storage and recovery options include, but are not limited to, measurement of electronic or optical characteristics of electrically or optically conductive portions of the device using a range of measurement techniques that include, but are not limited to, time-domain reflectometry.08-02-2012
20090055660Security flash memory, data encryption device and method for accessing security flash memory - The present invention discloses a security flash memory which includes a flash memory chip with a plurality of data transmission terminals, and a data encryption device. The data encryption device includes a verifier module with default pass code, a secret key module and a switching module. The verifier module compares a pass code with the default pass code for outputting a control signal. The secret key module is used for data encryption and data decryption. The switching module is connected to the verifier module, the data transmission terminals of the flash memory chip and the secret key module, and may connect or disconnect the data transmission terminals of the flash chip and the secret key module in response to the control signal.02-26-2009
20090187771Secure data storage with key update to prevent replay attacks - A key update process applied to encrypted memory in a processing system determines an address from contents of a boundary register, reads an encrypted data block from a memory location specified by the address, decrypts the encrypted data block using a first key, re-encrypts the decrypted data block using a second key, writes the re-encrypted data block back to the memory location specified by the address, and updates the boundary register. These operations are repeated for one or more additional addresses. The boundary register contents are also used to determine appropriate keys for use in other read and write transactions to the memory. The key update process can be run as a background process, separate from the other read and write transactions to the memory, so as to incur minimal processing overhead.07-23-2009
20090144563Method of detecting data tampering on a storage system - A storage system according to the invention maintains an arithmetic signature or fingerprint generated using the content of selected units of data stored on the media. The signature is stored in metadata in non-volatile storage on the system's electronics card preferably in a tamper resistant module (TRM). When reading a data unit from storage, the system uses the saved signature to verify that the data unit has not been altered by unauthorized means after it was stored. The content of the stored data is thereby bound to the metadata stored in the system's non-volatile storage so that by-passing or physically separating the bulk storage media (e.g. disks) from the system's electronics will not allow alteration of the data without detection. The method also prevents unauthorized data roll-back because the signature of old data will not match the current signature in the metadata.06-04-2009
20090144565Method and system for asymmetrically encrypting .ZIP files - The present invention provides a method of integrating existing strong encryption methods into the processing of a .ZIP file to provide a highly secure data container which provides flexibility in the use of symmetric and asymmetric encryption technology. The present invention adapts the well established .ZIP file format to support higher levels of security and multiple methods of data encryption and key management, thereby producing a highly secure and flexible digital container for electronically storing and transferring confidential data.06-04-2009
20090144562Method and system for encryption of file characteristics of .ZIP files - The present invention provides a method of integrating existing strong encryption methods into the processing of a .ZIP file to provide a highly secure data container which provides flexibility in the use of symmetric and asymmetric encryption technology. The present invention adapts the well established .ZIP file format to support higher levels of security and multiple methods of data encryption and key management, thereby producing a highly secure and flexible digital container for electronically storing and transferring confidential data. 06-04-2009
20090199015METHOD FOR PROTECTING AUDIO CONTENT - Techniques for protecting information in an audio file are provided. The techniques include obtaining an audio file, detecting information bearing one or more segments in a speech signal, wherein the information comprises information sought for protection, encrypting the information sought for protection by scrambling the one or more segments using a scrambling filter, and selectively decrypting an amount of the encrypted information, wherein the amount of the encrypted information to be decrypted depends on user access privilege, and wherein selectively decrypting the amount of the encrypted information protects said amount of the encrypted information. Techniques are also provided for protecting information in an audio file.08-06-2009
20090199016Storage system, and encryption key management method and encryption key management program thereof - A user no longer needs to restore key information upon restoring data. Proposed is a storage system having a storage apparatus, a tape library apparatus for backing up data stored in the storage apparatus, and a management terminal for managing the storage apparatus and the tape library apparatus. The management terminal identifies a key of a tape to be restored and restores a management Information file based an a tape management file, a tape group information file and a key information file upon restoring data stored in the tape in the tape library apparatus, and commands the restoration of the tape based on the restored management information file.08-06-2009
20090049311Efficient Elimination of Access to Data on a Writable Storage Media - A system provided for eliminating access to data within a writable storage media cartridge. The system comprises a writable storage media drive, such as a tape drive. The writable storage drive determines if at least a first portion of data on the writable storage media is encrypted. If it is determined that the first portion of data is encrypted then the writable storage drive shreds a second portion of data within the writable storage media cartridge related to said encrypted first portion of data. The first portion of data and the second portion are not the same portions of the writable storage media cartridge.02-19-2009
20090049310Efficient Elimination of Access to Data on a Writable Storage Media - A method and computer program product are provided for eliminating access to data within a writable storage media cartridge. If it is determined if at least a first portion of data on the writable storage media is encrypted then a second portion of data within the writable storage media cartridge related to said encrypted first portion of data is shredded. The first portion of data and the second portion are not the same portions of the writable storage media cartridge.02-19-2009
20090313483Single Instance Storage of Encrypted Data - Described is a technology by which data is efficiently and securely stored in a single instance store. A hash value is computed from data in its unencrypted form. The hash value is used to reference a single instance of that data when stored in its encrypted form. In this manner, duplicate data blocks are detectable independent of their encryption, yet stored in an encrypted form in a single instance store. In one aspect, context information for decrypting the encrypted data is stored in association with the data. When the client wants to restore the data, the client sends the hash value for that block to the single instance store service. The service returns the block and the associated context information. The client uses the context information to decrypt the block. For example, the context may comprise a key identifier which the client uses to lookup the correct key.12-17-2009
20110145602SYSTEMS AND METHODS FOR SECURE TRANSACTION MANAGEMENT AND ELECTRONIC RIGHTS PROTECTION - The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.”06-16-2011
20090070599MEMORY CARD, APPLICATION PROGRAM HOLDING METHOD, AND HOLDING PROGRAM - A memory card of the present invention is a memory card which receives an encrypted application program from a host apparatus, the encrypted application program being downloaded to the host apparatus, the memory card including: an Integrated Circuit (IC) card unit having a tamper resistant function; and a flash memory unit, wherein the IC card unit includes: a tamper resistant storage unit; a program acquisition unit which acquires the encrypted application program from the host apparatus; a storage control unit which stores the acquired encrypted application program in the tamper resistant storage unit or the flash memory unit; and a move control unit which, when the application program stored in the tamper resistant storage unit is to be executed and the size of the to-be-executed application program in the decrypted form exceeds the size of free space of the tamper resistant storage unit, moves an arbitrary encrypted application program stored in the tamper resistant storage unit to the flash memory unit.03-12-2009
20080263372Method and apparatus for transmitting content data and recording and/or reproducing apparatus - A data transmission method and apparatus for transmitting data, such as encrypted content data. A device that is to be a destination of transmission is authenticated. If the device has not been authenticated, encrypted data read out from a storage unit is decrypted to give decoded data which then is re-encrypted based on innate key data acquired from the device that is to be the destination of transmission to give re-encrypted data. The re-encrypted data is then transmitted to the device that is to be a destination of transmission.10-23-2008
20080263371PROTECTED VOLUME ON A DATA STORAGE DEVICE WITH DUAL OPERATING SYSTEMS AND CONFIGURABLE ACCESS AND ENCRYPTION CONTROLS - A method provides a protected region of a data storage device associated with a computational device, where data in the protected region is primarily protected by preventing access without proper access authorization. The method comprises the steps of providing, in an unprotected region of the data storage device, a first operating system and associated operating system data; monitoring operating system data accessed by the computational device until a predetermined functionality becomes available; storing, in the protected region, the monitored operating system data; providing, in the protected region, a second operating system; transferring control of the computational device from the first operating system to the second operating system; storing data in the protected region; and preventing access to the stored data in the protected region without access authorization. In a further embodiment of the method, the second operating system optionally provides a second level of security by preventing decryption of data stored in the protected region without decryption authorization.10-23-2008
20080263369METHOD AND APPARATUS FOR ENCRYPTING AND PROCESSING DATA IN FLASH TRANSLATION LAYER - A method for preventing a user from interpreting optional stored data information even when the user extracts the optional stored data, and an apparatus thereof. The apparatus for encrypting and processing data in a flash translation layer includes a flash memory and a controller. The flash translation layer searches at least one page of the flash memory storing the data when a write of optional data is requested from the controller, generates, corresponding to respective searched pages, a page key according to a predetermined encrypting function when the searched page supports an encryption, and encrypts and stores the data by the page key in the respective searched pages.10-23-2008
20080263368COMPUTER SYSTEM, MANAGEMENT TERMINAL, STORAGE SYSTEM AND ENCRYPTION MANAGEMENT METHOD - To provide a computer system in which an encryption-decryption process performed by one encryption-decryption module can be moved to the other encryption-decryption module without stopping the process for a read/write request from a host computer. The computer system has a host computer 10-23-2008
20090204825INFORMATION PROCESSING APPARATUS AND METHOD, INFORMATION RECORDING MEDIUM, AND COMPUTER PROGRAM - An information processing apparatus includes a data processor configured to obtain first content stored in a first information recording medium and second content which is stored in a second information recording medium and which is usable together with the first content, and to perform content playback processing by using the first content and the second content. The data processor calculates a hash value of a certificate stored in the first information recording medium, and verifies the calculated hash value against a hash value stored in a content certificate corresponding to the first content, and on the condition that the calculated hash value and the hash value stored in the content certificate coincide with each other, the data processor performs the content playback processing by using the first content and the second content.08-13-2009
20110029786METHOD FOR ACCESSING AND TRANSFERRING DATA LINKED TO AN APPLICATION INSTALLED ON A SECURITY MODULE ASSOCIATED WITH A MOBILE TERMINAL, AND ASSOCIATED SECURITY MODULE, MANAGEMENT SERVER AND SYSTEM - A method is provided for transferring data linked to an application installed on a security module associated with a mobile terminal, the data being stored in a first secure memory area of the security module, suitable for receiving a request to access the data, to read the data, and to transmit or store the data after encryption. A method is also provided for accessing these data suitable for transmitting a request to access, to receive and to decrypt the encrypted data. A security module, a management server, and a system implementing the transfer and access methods are also provided.02-03-2011
20090222676SECURITY PROCESSOR AND METHODS FOR REGISTERING ACCESS ENTITLEMENTS AND CRYPTOGRAPHIC KEYS - This security method for scrambled multimedia signal decoder comprises at least one rewritable lock (09-03-2009
20090217058SECURE DATA TRANSFER AFTER AUTHENTICATION BETWEEN MEMORY AND A REQUESTER - Systems and/or methods are presented that can facilitate controlling access to secure memory blocks within a memory module. The subject innovation can employ key components that can contain two or more storage locations for authentication information that can facilitate controlling access to secure memory block components. Secure memory block counter components can be employed to indicate which storage location within the key component contains current authentication information associated with the respective secure memory block components. The disclosed subject matter allows for multiple secure memory block components to have separate authentication information to provide more than one user or entity to store data in their own secure memory block component. Multiple storage locations associated with the key components to substantially alleviated or eliminate the loss of secure areas of a memory module if power is lost during the updating of the authentication information associated with the secure areas.08-27-2009
20090249081STORAGE DEVICE ENCRYPTION AND METHOD - A hard disk drive, and methods of providing secure access to data on a hard disk drive, are shown. In one example, an access code is sent to a hard disk drive to decipher an encrypted user key stored on the hard disk drive. In one example, at least a portion of the access code is not stored anywhere within the hard disk drive, and is provided from a host.10-01-2009
20090222674APPLICATION EXECUTING DEVICE, MANAGING METHOD, AND PROGRAM - A BD-ROM stores a disc root certificate 09-03-2009
20090249084REMOVABLE STORAGE DEVICE AND ASSOCIATED METHODOLOGY OF DATA ENCRYPTION - A data encryption transmission system and associated methodology is provided including a data input site that compresses and encrypts data based on a shared encryption key and then transmits the compressed and encrypted data to an external network. A database server which is operably linked to the external network and stores, manages, transmits, and receives data. A removable storage stores an identification code, and a client site which is configured to receive the removable storage generates an encryption key based on the identification code, receives encrypted data from the external network, decrypts and expands the received data based on the shared encryption key, encrypts the data based on the encryption key and saves the encrypted data, and finally decrypts the encrypted data and outputs the data using the encryption key.10-01-2009
20090249082Method and apparatus for tokenization of sensitive sets of characters - A method and system for secure handling of sensitive sets of characters in a distributed hierarchical system are disclosed, comprising at least one local server on a lower hierarchic level and at least one central server at a higher hierarchic level. The method comprises the steps: receiving a sensitive set of characters in said local server; replacing a part of said sensitive set of characters with a token to form a tokenized set of characters, said token belonging to a subset of possible tokens assigned to the local server by the central server; transferring at least one of said sensitive set of characters and said tokenized set of characters to the central server; and canceling said sensitive set of characters from said local server within a limited time from said transferring, while maintaining said tokenized set of characters in a local database connected to said local server.10-01-2009
20090254762Access control for a memory device - Access control for a memory device is provided. In one embodiment, a portable memory device is provided comprising a storage medium comprising a private area and circuitry operative to (a) receive, from a host device, a password to unlock the host device, (b) compare the password with a password stored in the portable memory device, and (c) if the passwords match, allow the host device to access the private area. In another embodiment, a portable memory device is provided comprising a storage medium comprising a private area and a public area. The public area stores computer-readable program code to facilitate interaction with the access control features of the portable memory device. Methods for use with such memory devices are also provided. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.10-08-2009
20090254761Secure data processing method and associated device - A secure data processing method includes the following steps: padding (E10-08-2009
20090240952Method and system for decryption of file characteristics of .ZIP files - The present invention provides a method of integrating existing strong encryption methods into the processing of a .ZIP file to provide a highly secure data container which provides flexibility in the use of symmetric and asymmetric encryption technology. The present invention adapts the well established .ZIP file format to support higher levels of security and multiple methods of data encryption and key management, thereby producing a highly secure and flexible digital container for electronically storing and transferring confidential data 09-24-2009
20100275038Memory Device and Method for Adaptive Protection of Content - A memory device and method for adaptive protection of content are disclosed. In one embodiment, a memory device is provided comprising a memory operative to store content and a controller in communication with the memory. The controller is operative to generate a content protection algorithm that is different from at least one content protection algorithm previously generated by the controller, protect the content in accordance with the content protection algorithm, generate virtual machine code containing instructions on how to unprotect the protected content, and provide the protected content and the virtual machine code to a host in communication with the memory device. In another embodiment, a method for adaptive protection of content is provided comprising generating a content protection algorithm that is different from at least one previously-generated content protection algorithm, protecting content in accordance with the content protection algorithm, generating virtual machine code containing instructions on how to unprotect the protected content, and providing the protected content and the virtual machine code to a host in communication with the memory device.10-28-2010
20100275039SECURE ARCHIVE - Storage apparatus (10-28-2010
20090240957COPY PROTECTION METHOD, CONTENT PLAYBACK APPARATUS, AND IC CHIP - An IC chip that can be added to a content recording medium and that has a chip ID which is non-rewritably and uniquely set and originally recorded therein, wherein the IC chip includes a writable/readable ID memory that stores an encrypted content ID obtained by encrypting a content ID that identifies content, and an encrypted chip ID obtained by encrypting the chip ID.09-24-2009
20090240956Transparent encryption using secure encryption device - A system and method for allowing application programs that are external to the relational database to access the sensitive data in the database in a seamless fashion are described. The application programs are allowed to use existing query statements without having to modify such statements for accessing encrypted data in the relational database.09-24-2009
20100162004STORAGE OF CRYPTOGRAPHICALLY-SPLIT DATA BLOCKS AT GEOGRAPHICALLY-SEPARATED LOCATIONS - A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary data blocks by performing splitting and encrypting operations on a primary data block received from the client for storage on the virtual disk. For security, the secondary data blocks are stored at geographically-distributed locations. The secure storage appliance is also capable of executing program instructions configured to reconstitute the primary data block from at least a portion of the plurality of secondary data blocks stored in shares on corresponding physical storage devices in response to a request from the client.06-24-2010
20130219193ENCRYPTED BIOMETRIC DATA MANAGEMENT AND RETRIEVAL - Aspects of the present invention provide a solution for managing and retrieving encrypted biometric data. A plurality of biometric entries is obtained and each one is encrypted with a unique non-invertible encryption function to get a plurality of encrypted biometric entries. A biometric measurement to be compared against the biometric entries is obtained, a predetermined noise is applied to the biometric measurement, and then the biometric measurement if encrypted using the non-invertible encryption function, resulting in a scrambled encrypted biometric. For each comparison, one of the encrypted biometric entries is subtracted from the scrambled encrypted biometric to get a calculated noise. This calculated noise is then compared with the predetermined noise to determine whether a match exists. Based on a determination that a match exists any information associated with the encrypted biometric entry is forwarded to the requestor.08-22-2013
20100153746MEMORY CONTROLLER, SECURE MEMORY CARD, AND SECURE MEMORY CARD SYSTEM - The present patent application is for solving a problem of occurrence of efforts required to replace a signature and consumption of time induced by the efforts.06-17-2010
20090282268CROSS VALIDATION OF DATA USING MULTIPLE SUBSYSTEMS - A method and apparatus for cross validation of data using multiple subsystems are described. According to one embodiment of the invention, a computer comprises a first subsystem and a second subsystem; and a memory, the memory comprising a first memory region and a second memory region, the first memory region being associated with the first subsystem and a second memory region being associated with the second subsystem; upon start up of the computer, the first subsystem to validate the second memory region and the second subsystem to validate the first memory region.11-12-2009
20090282266Corralling Virtual Machines With Encryption Keys - A virtual machine comprises a unique identifier that is associated with one or more encryption keys. A management server encrypts the virtual machine's virtual hard disk(s) using the one or more associated encryption keys. The management server further provides the one or more encryption keys to a limited number of one or more servers in a system. Only those one or more servers that have been provided the one or more encryption keys can be used to load, access, and/or operate the virtual machine. The management server can thus differentiate which virtual machines can be operated on which servers by differentiating which servers can receive which encryption keys. In one implementation, a management server encrypts all virtual machines in the system, but encrypts virtual machines with sensitive data with a limited set of encryption keys, and further provides those encryption keys to a limited set of trusted servers.11-12-2009
20100162005STORAGE COMMUNITIES OF INTEREST USING CRYPTOGRAPHIC SPLITTING - Methods and systems of presenting data in a secure data storage network are disclosed. One method includes defining a community of interest capable of accessing data stored in a secure data storage network, the community of interest including a plurality of users desiring access to a common set of data. The method also includes associating the community of interest with a workgroup key. and, upon identification of a client device as associated with a user from among the plurality of users in the community of interest, presenting a virtual disk to the client device, the virtual disk associated with the workgroup key and a volume containing the common set of data, the volume including a plurality of shares stored on a plurality of physical storage devices.06-24-2010
20100162002VIRTUAL TAPE BACKUP ARRANGEMENT USING CRYPTOGRAPHICALLY SPLIT STORAGE - Methods and systems for providing data backup are disclosed. One method includes receiving at a virtual tape backup system a data image to be maintained, and transmitting the contents of the data image to a secure storage appliance. The method also includes processing the contents of the data image with the secure storage appliance to cryptographically split one or more blocks of data of the data image such that each of the one or more blocks of data is split into a plurality of secondary data blocks. The method further includes storing the plurality of secondary data blocks in a corresponding plurality of shares located on a plurality of physical storage devices.06-24-2010
20100162001SECURE NETWORK ATTACHED STORAGE DEVICE USING CRYPTOGRAPHIC SETTINGS - A secure storage network includes a secure storage appliance connected to a client via an IP network. The secure storage appliance facilitates storing and reading data in the secure storage network. The secure storage appliance presents a virtual disk to the client via the IP network. The virtual disk is associated with a volume mapped to shares stored on physical storage devices. The secure storage appliance receives various requests from the client. In response to a request to store data to the volume, the secure storage appliance splits and encrypts data into secondary blocks of data and stores the secondary blocks of data to the shares. In response to a request to read data from the volume, the secure storage appliance reconstitutes data from at least a portion of the secondary blocks of data stored in the shares on the physical storage devices.06-24-2010
20120246489ENCRYPTING AND STORING CONFIDENTIAL DATA - Data storage circuitry for securely storing confidential data and a data processing apparatus for processing and storing the data and a method are disclosed. The data storage circuitry comprises: a data store comprising a plurality of data storage locations for storing data; an input for receiving requests to access the data store; renaming circuitry for mapping architectural data storage locations specified in the access requests to physical data storage locations within the data store; encryption circuitry for encrypting data prior to storing the data in the data store, the encryption circuitry being configured to generate an encryption key in dependence upon a physical data storage location the data is to be stored in; and decryption circuitry for decrypting data read from the data store, the decryption circuitry being configured to generate a decryption key in dependence upon the physical data storage location the data is read from.09-27-2012
20120246490TAMPERING MONITORING SYSTEM, PROTECTION CONTROL MODULE, AND DETECTION MODULE - Tampering monitoring system 09-27-2012
20100191983SYSTEM AND METHOD FOR SECURE LOGGING OF DOCUMENT PROCESSING DEVICE MESSAGES - The subject application is directed to a system and method for secure logging of document processing device messages. A duration for capturing status messages is first defined and unencrypted document processing device status messages are received during the defined duration. An encryption key is generated for association with the duration and is thereafter associated with the duration. Each of the unencrypted document processing status messages is then encrypted using the key as it is received. The encrypted messages are then stored in an associated data storage. Following a completion of the defined duration, each of the encrypted messages is decrypted and then stored in a single, signed storage file. The signed storage file is then encrypted using the generated encryption key, and the encrypted storage file is associatively stored with the key.07-29-2010
20120198243PROGRAM EXECUTION DEVICE - A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program.08-02-2012
20100262841METHOD FOR SECURE PROGRAM CODE EXECUTION IN AN ELECTRONIC DEVICE - The invention relates to a method for secure piecemeal execution of a program code. In the method, the program code is split to a number of pieces in a first electronic device. The pieces are provided one after another to a second electronic device, which computes a message authentication code from the pieces and returns the authenticated pieces back to the first electronic device. In order to execute the program, the authenticated pieces are provided for execution to the second electronic device, which verifies the message authentication codes in the pieces to allow the execution of the pieces in the second electronic device.10-14-2010
20100153749DEVICE-ACCESS CONTROL PROGRAM, DEVICE-ACCESS CONTROL PROCESS, AND INFORMATION PROCESSING APPARATUS FOR CONTROLLING ACCESS TO DEVICE - In a computer on which operating systems (OSs) run in parallel: a key storage with a memory area different from that used by the Oss stores keys for use by the OSs in encryption-related processing of data which is to be inputted into or outputted from a device, in correspondence with the OSs; and an encryption processor encrypts first data outputted from a first OS by using a first key corresponding to the first OS in response to a first request by the first OS for access to the device before transferring the first data to the device, and decrypts second data being encrypted and outputted from the device, by using a second key corresponding to a second OS in response to a second request by the second OS for access to the device before transferring the second data to the second OS.06-17-2010
20100229006Memory for Protecting Data, Memory System Including the Memory, and Method of Driving the Memory - A memory for protecting data includes a first storage area storing N-number of encryption keys, where N is a natural number, a second storage area receiving the N-number of encryption keys from the first storage area and storing again the received N-number of encryption keys, and a selection unit selecting one of the N-number of encryption keys stored in the second storage area according to a control signal, and encoding data input from outside the memory using a selected encryption key or decoding the data stored in the first storage area using the selected encryption key.09-09-2010
20090077389SECURITY FEATURES IN AN ELECTRONIC DEVICE - A method of establishing security in an electronic device. The method includes generating a statistically unique root key value and storing the root key value in a one-time programmable memory of the device. The method also includes isolating firmware in the device from access to the root key value. The root key value is used as a root of trust that ensures that each electronic device has its own key. In general, the root key is used to encrypt other keys in the device. In different aspects, a root key test value, which is utilized to test the root key, and other security features such as a re-purpose number and a cipher block chaining re-purpose value are included to protect the electronic device from unauthorized access. An electronic device that includes these security features is also provided.03-19-2009
20100146303PROTECTING EXTERNAL VOLATILE MEMORIES USING LOW LATENCY ENCRYPTION/DECRYPTION - A data processing apparatus includes a volatile memory, a random number generator adapted for generating random numbers from which one or more keys are generated, and a memory encryption unit (MEU). The MEU is configured to receive an N-bit block of data and to divide the N-bit block of data into two more sub-blocks of data, where each sub-block contains fewer than N-bits. The MEU is further configured to encrypt each sub-block of data using the one more keys, to combine the encrypted sub-blocks into an N-bit block of encrypted data, and to write the encrypted N-bit block of data to the volatile memory.06-10-2010
20100153747PARALLEL ENCRYPTION/DECRYPTION - The present disclosure includes methods and devices for parallel encryption/decryption. In one or more embodiments, an encryption/decryption device includes an input logic circuit, an output logic circuit, and a number of encryption/decryption circuits arranged in parallel between the input logic circuit and the output logic circuit. For example, each encryption/decryption circuit can be capable of processing data at an encryption/decryption rate, and the number of encryption/decryption circuits can be equal to or greater than an interface throughput rate divided by the encryption/decryption rate.06-17-2010
20100153748Method for reencryption of a database - The present invention relates to a method for encryption of the content in a database, for accomplishing increased protection against unauthorised access to the data. The method assures that every row and item is re-encrypted with a valid key. More specifically this process, the so-called KeyLife process, is executed every time a row is inserted, updated or retrieved after a scanning operation. The key life value, defining the number of days a key is valid for each item, could differ for the items, and could typically be between 30 and 90 days. The scanning operation, checking the validity of the presently used keys, the so-called KeyLife checking, is executed each time a new key generation is created.06-17-2010
20100241874Method and Apparatus to Scramble Data Stored in Memories Accessed by Microprocessors - A scrambler/descrambler module included in an integrated circuit device is operable for receiving a scrambling key and constant data that is unique to the integrated circuit device. The scrambler/descrambler module includes a first layer or circuit arrangement that uses a scrambling key to generate first scrambled data. The scrambler/descrambler module includes a second layer or second circuit arrangement that uses data that is unique to the integrated circuit device, and that is constant over the life of the integrated circuit device, to scramble the first scrambled data to generate second scrambled data.09-23-2010
20100229007Nonvolatile Memory Device and Operating Method Thereof - An operating method of a non-volatile memory device includes randomizing source data to form randomized source data, storing the randomized source data, generating a seed based on an address, generating a random data sequence based on the seed, and de-randomizing the randomized data using the random data sequence. Related nonvolatile memory devices and methods of reading data stored in non-volatile memory devices are also disclosed.09-09-2010
20100229004PROTECTION OF SECURITY PARAMETERS IN STORAGE DEVICES - Security parameters used to encrypt data stored on a storage device may be protected using embodiments of systems and methods described herein. During a resize operation, data stored on a memory unit in the storage device may be altered prior to communicating an updated partition size to a host computer. In some examples, data is altered prior to storing the updated partition sizes in the storage device. In this manner, a host system may not receive the updated partition sizes until after the data is altered. Altering data may avoid exposure encrypted data, information about one or more security parameters used to encrypt data on the memory unit or decrypt data retrieved from the memory unit, or combinations thereof.09-09-2010
20100241875EXTERNAL STORAGE DEVICE AND METHOD OF CONTROLLING THE SAME - The external storage device has a read-only section and a read/write enabled section in a storage section. In the read-only section there is stored an antivirus software detection program adapted to detect the presence of antivirus software installed on a host computer. When the external storage device is connected to the host computer, the antivirus software detection program will be executed automatically by the host computer. When a storage section access controller provided to the external storage device receives from the antivirus software detection program a notification that the presence of antivirus software has been detected, it will allow writing to the read/write enabled section.09-23-2010
20100211802Storage Volume Protection Supporting Legacy Systems - A storage volume is encrypted using a particular encryption technique, the storage volume including an access application and one or more cover files. The access application can be executed by a computing device having an operating system lacking support for the particular encryption technique, and allows the computing device to access data on the storage volume encrypted using the particular encryption technique.08-19-2010
20100250969Privacy-Enhanced Searches Using Encryption - Encryption with keys that form an Abelian group are used in combination with a semi-trusted party that converts queries that are encrypted with the key of a querier to queries that are encrypted with the key of the encrypted database, without knowing the actual keys. In an illustrative embodiment, encryption is done with Bloom filters that employ Pohlig-Hellman encryption. Since the querier's key is not divulged, neither the semi-trusted party nor the publisher of the database can see the original queries. Provision can be made for fourth party “warrant servers”, as well as “censorship sets” that limit the data to be shared.09-30-2010
20110016331APPARATUS AND METHOD FOR MANAGEMENT FOR FILE AGGREGATES AND FILE DIRECTORIES - A method for accessing data in a data storage system is presented. The method includes supplying a host computer that is in communication with the data storage system, where the data storage system includes a data storage medium and a holographic data storage medium. A first request is generated to access a directory encoded in the data storage medium and includes a first encryption key. The requested directory recites a listing of data files encoded in the holographic storage medium. If the first encryption key decrypts the directory, the directory is read and a data file encoded in the holographic data storage medium is identified. A second request is then generated to access the data file and includes a second encryption key. Finally, if the second encryption key decrypts the data file, then it is read.01-20-2011
20100125741OPTICAL DISC EMULATOR - A system and method that maps an emulated optical disc file structure to a secure region of a data storage device, and translates cryptographic challenges received from a media player licensed under a digital rights management specification into firmware command sets of the data storage device.05-20-2010
20090327761RECORDING MEDIUM, ATTACHING KIT FOR ATTACHING ENCRYPTION KEY STICKER TO THE RECORDING MEDIUM, AND RECORDING APPARATUS AND REPRODUCING APPARATUS FOR THE RECORDING MEDIUM - A sticker (12-31-2009
20100199108Device Enforced File Level Protection - Described is a technology by which files that are hardware protected on a storage device, such as a USB flash drive, are managed on a host, including by integration with an existing file system. Each file maintained on a storage device is associated with a protection attribute that corresponds to that file's device hardware protection level. Requests directed towards accessing metadata or actual file data are processed based upon the protection attribute and a state of authentication, e.g., to allow or deny access, show file icons along with their level of protection, change levels, and so forth. Also described is splitting a file system file table into multiple file tables, one file table for each level of protection. Entries in the split file tables are maintained based on each file's current level; space allocation tracking entries are also maintained to track the space used by other split tables.08-05-2010
20090259857System and Method for Efficient Security Domain Translation and Data Transfer - A mobile UE includes a CPU, a secure DMA module, a secure cryptographic module, secure memory, and non-secure memory. The secure cryptographic module and secure memory allow access only by secure processes, including the secure DMA module. The CPU manages cryptographic keys and initializes DMA transfers in secure mode. The CPU executes the DMA transfers in non-secure mode. A first DMA transfer moves data encrypted in a first security domain to the secure cryptographic module, and moves clear text data to the secure memory. A second DMA transfer moves the clear text data to the secure cryptographic module, and data encrypted in a second security domain out of the secure cryptographic module. The data encrypted in the second security domain are transmitted to an external device. The secure memory protects the clear text data from being copied; only encrypted data is accessible by non-secure processes.10-15-2009
20090327760Tachograph - A tachograph includes at least one chip card reading unit and, at least one chip card with secure memory. Secured data transmission can be fed to the at least one chip card reading unit. On the at least one chip card, at least one user-defined piece of identification information is securely stored which is independent of a specified piece of identification information for a specified operation of the tachograph. The tachograph is constructed so as to authenticate the at least one chip card in accordance with the at least one piece of user-defined identification information, and to read data securely from the at least one chip card and/or to store data securely on the at least one chip card.12-31-2009
20110066864Methods And Apparatus For Use In Transferring User Data Between Two Different Mobile Communication Devices Using A Removable Memory Card - Methods and apparatus for use in transferring user data from a first (“source”) mobile communication device to a second (“target”) mobile communication device using a removable memory card are disclosed. The source and target devices may be possessed and/or owned by the same end user. The source device is initially enabled to maintain data synchronization with a host server over a wireless communication network via a first wireless transceiver for user data of an application program associated with the user account. To enable the target device for the communications associated with the user account, the source device is operative to establish a programming session with the target device via a second wireless transceiver. During the programming session, the source device causes user account data (e.g. at least one encryption/decryption key for the data-synchronized communications) for the user account to be transmitted to the target device via the second wireless transceiver. Preferably, the user account data is encrypted based on a passkey for the programming session. The user data associated with the application program may then be transferred from the source device to the target device via a removable memory card such as a secure digital (SD) card.03-17-2011
20090249083Method and System for Telephone Wait User Interface Selection - In the method of the present invention, a customer of a service provider would be placed in hold while waiting to speak to a customer service representative. The method and system of the invention would recognize the telephone number of the caller using a “caller ID” system. If this call is the first time the caller has ever called, the caller would be presented with an audible listing of listening choices that would include but not be limited to the latest news, the weather (of the caller's location), financial headlines, or a selection of music stations (via cable radio, for example). The caller would then speak or type his/her preference into the keypad and the selection would be played. If the caller does not like the selection, the caller can then speak another selection or type the new selection as many times as the caller prefers. The caller selection is recorded in a caller preference database. Finally, when the same customer calls one or more additional times, the system would retain the caller's number and preferred listening selection, based on caller ID value. The listening selection would automatically be played on subsequent calls.10-01-2009
20090183010Cloud-Based Movable-Component Binding - This document describes tools capable of enabling cloud-based movable-component binding. The tools, in some embodiments, bind protected media content to a movable component in a mobile computing device in a cryptographically secure manner without requiring the movable component to perform a complex cryptographic function. By so doing the mobile computing device may request access to content and receive permission to use the content quickly and in a cryptographically robust way.07-16-2009
20090319807SYSTEMS AND METHODS FOR CONTENT PLAYBACK AND RECORDING - A method for content playback and recording may include using a computer to obtain media content from a recorded medium. Concurrently with obtaining the media content, the method may include reencrypting the encrypted media content using a secondary encryption key and storing the reencrypted media content in a storage device.12-24-2009
20090319806Extensible pre-boot authentication - In one embodiment, the present invention includes a method for obtaining a pre-boot authentication (PBA) image from a full disk encryption disk in a pre-boot environment, executing the PBA using a chipset to obtain user credential information, authorizing the user based on the user credential information and stored credential information, and storing the user credential information in a PBA metadata region of the disk. Other embodiments are described and claimed.12-24-2009
20100223479Method for Protection of A Chip Card From Unauthorized Use, Chip Card and Chip Card Terminal - A method for protection of a chip card from unauthorized use includes: inputting a first identification into a chip card terminal, producing a cipher of at least one first communication parameter using a first symmetric key derived from the first identification, a protected first communication channel being definable between the chip card terminal and the chip card, using the communication parameter, transmitting the cipher via a predefined communication channel from the chip card terminal to the chip card, attempting to decrypt the cipher using a second symmetric key by means of the chip card, the result of decryption only being the first communication parameter if the first symmetric key is identical to the second symmetric key so that the protected first communication channel can only be defined between the chip card terminal and the chip card if the first identification is correct.09-02-2010
20090113220ENCRYPTED BACKUP DATA STORAGE DEVICE AND STORAGE SYSTEM USING THE SAME - An encrypted backup data storage device and a storage system using the same are provided. A backup memory stores at least one of plain-text data and a secret key. A leakage current blocking circuit includes at least one inverter and a complementary metal oxide semiconductor (CMOS) NAND gate circuit and cuts off leakage current paths formed by the lines connected to the battery backup memory.04-30-2009
20090113219OPTIMIZED HIERARCHICAL INTEGRITY PROTECTION FOR STORED DATA - A method for data integrity protection includes receiving items of data for storage in a storage medium. The items are grouped into multiple groups, such that at least some of the groups include respective pluralities of the items. A respective group signature is computed over each of the groups, thereby generating multiple group signatures. An upper-level signature is computed over the group signatures. Groups of the items, the group signatures, and the upper-level signature are stored in respective locations in the storage medium.04-30-2009
20080282095METHOD FOR TRANSFERRING AND/OR PROVIDING PERSONAL ELECTRONIC DATA OF A DATA OWNER - In a method to transfer and/or to provide personal electronic data of an owner, in particular health-related electronic data of a patient, the personal electronic data are transferred and/or provided in a form stored on a data medium, at least partially encrypted, together with at least one decryptor for at least partial decryption, as well as at least one mechanism to present and/or to access and/or to enable the presentation of and/or the access to at least one part of the personal electronic data.11-13-2008
20090106562Method of protecting data saved to recording medium and data storage apparatus adopting method - An apparatus, a computer-readable recording medium, and a method of controlling data recording and reproducing to and from a disk. Controlling the recording of data includes storing password information set in a recording mode and key information to a first area of the disk, encrypting location information of the first area, storing the encrypted location information to a second area of the disk, encrypting desired data and an address of the desired data using the key information, and recording the encrypted data at the encrypted address. Controlling the reproducing of data includes, when the password information is received in a reproducing mode, reading the encrypted location information saved to the second area of the disk, decrypting the encrypted location information of the first area, reading the password information saved to the first area, comparing the received password information with the read password information, and when the received password information is identical to the read password information, reading the key information saved to the first area and reproducing the desired data and the address using the read key information.04-23-2009
20110119504CONTENT PROTECTING METHOD, CONTENT REPRODUCING APPARATUS, AND PROGRAM - A content reproducing apparatus includes a viewing expiration time determining unit which determines lapse of a viewing expiration time, a decryption key temporary storage unit which temporarily stores a decryption key, a decryption key moving unit which moves the decryption key from a recording medium to the decryption key temporary storage unit and returns the decryption key onto the recording medium, and a content protection control unit which controls the movement and the return of the decryption key. The content protection control unit performs control to move, when a reproduction start instruction is received, the decryption key from the recording medium to the decryption key temporary storage unit, return, when the reproduction of the content ends, the decryption key onto the recording medium when the viewing expiration time has not lapsed, and not return the decryption key onto the recording medium if the viewing expiration time has lapsed.05-19-2011
20100293392SEMICONDUCTOR DEVICE HAVING SECURE MEMORY CONTROLLER - A secure memory controller includes a memory unit and a controller. The memory unit stores the information of the predetermined scenario in accordance with an application to be executed. The controller gives the right to access the memory area based on the set scenario. The controller judges whether the bus master which is requesting an access to the memory area has the right to access.11-18-2010
20090106561DATA MANAGEMENT APPARATUS AND DATA MANAGEMENT METHOD - A data management apparatus is adaptable to an encryption system using a common key and a pair of keys comprising a public key and a private key. The data management apparatus includes: a common key encryption unit configured to encrypt a first common key with a first public key to generate an encrypted first common key; a password setting receiving unit configured to receive a setting of a first password; and a private key encryption unit configured to encrypt a first private key with the first password to generate an encrypted first private key.04-23-2009
20100318812SECURE AND PRIVATE BACKUP STORAGE AND PROCESSING FOR TRUSTED COMPUTING AND DATA SERVICES - A digital escrow pattern is provided for backup data services including searchable encryption techniques for backup data, such as synthetic full backup data, stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, an operational synthetic full is maintained with encrypted data as a data service in a cryptographically secure manner that addresses integrity and privacy requirements for external or remote storage of potentially sensitive data. The storage techniques supported include backup, data protection, disaster recovery, and analytics on second copies of primary device data. Some examples of cost-effective cryptographic techniques that can be applied to facilitate establishing a high level of trust over security and privacy of backup data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof of Application, blind fingerprints, Proof of Retrievability, and others.12-16-2010
20100306554DISTRIBUTED KEY ENCRYPTION IN SERVERS - Architecture that stores specific passwords on behalf of users, and encrypts the passwords using encryption keys managed by a distributed key management system. The encryption keys are stored in a directory service (e.g., hierarchical) in an area that is inaccessible by selected entities (e.g., administrative users) having superior permissions such as supervisory administrators, but accessible to the account components that need to access the unencrypted passwords. The distributed key management system makes the encryption key stored in the directory service available to all hardware/software components that need the key to encrypt or decrypt the passwords.12-02-2010
20090070601METHOD AND APPARATUS FOR RECURSIVELY ANALYZING LOG FILE DATA IN A NETWORK - Method and apparatus for processing log data produced by a network is described. In one example, entries in the log data are filtered using a plurality of filters to select first entries from the entries. The first entries are filtered using a plurality of false positive filters associated with the plurality of filters to select second entries from the first entries. Unique IP addresses are identified in the second entries. The entries in the log data are then filtered using the unique IP addresses to select third set entries. The third entries are analyzed to detect one or more patterns.03-12-2009
20090070600Method for Etching and Secure Distribution of Digital Data, Access Device and Writer - The invention relates to a method of receiving and securely recording digital data comprising a step for recording said digital data on a secured disk by a recorder/receiver belonging to a determined secured domain comprising several equipment items and defined by an identifier, a step for recording on the secured disk the identifier of the domain of the recorder/receiver to define this domain as the only domain in which the reproduction/copying of the multimedia content is authorized, wherein it comprises a prior step for recovering a disk key from the secured disk, and in that the domain identifier is encrypted by said disk key and the digital data is scrambled by title keys, said title keys being encrypted by said disk key. The invention also relates to a method of securely distributing digital data, an access device and a recorder/receiver.03-12-2009
20130132739STORAGE DEVICE - A storage device started when connected to a computer so as to be able to communicate. The storage device includes: an interface for controlling communication with the computer, a data storage unit for storing data received from the computer via the interface, a radio signal processing unit for receiving radio signals including ID information at a predetermined timing and for authenticating the received ID information, and a control unit for encrypting data using the authenticated ID information as a key, for sending the encrypted data to a data storage unit, and for disabling communication with the computer via the interface when radio signals including the authenticated ID information are not received by the radio signal processing unit within a predetermined period of time.05-23-2013
20090063872MANAGEMENT METHOD FOR ARCHIVE SYSTEM SECURITY - Creating a plaintext index from a text that is extracted from a file presents the risk of a leak of confidential information from the created index. To address this problem, provided is a computer system which has a computer, a storage subsystem coupled to the computer, and a network coupling the computer and the storage subsystem. The computer has an interface coupled to the network, a first processor coupled to the interface, and a memory coupled to the first processor. The storage subsystem has a disk device which stores data. A storage area of the disk device is divided into a plurality of storage areas including, at least, a first storage area and a second storage area. The first processor reads a part of data stored in the first storage area, encrypts the part of data read from the first storage area when the data stored in the first storage area is judged as encrypted data, and writes the encrypted part of data in the second storage area.03-05-2009
20100306556METHOD AND SYSTEM FOR RANDOM DATA ACCESS FOR SECURITY APPLICATIONS - A method for securely handling processing of information in a chip may include randomly selecting one of a plurality of data processes based on a random process index. A time interval may be randomly allocated on the chip, for processing the randomly selected one of the plurality of data processes. When the randomly allocated time interval has elapsed, the randomly selected one of the plurality of data processes may be initiated. The randomly selected one of the plurality of data processes may include one or both of accessing data and acquiring the data. Data may be verified by the randomly selected one of the plurality of data processes prior to the processing of the data. The data may be verified utilizing at least one digital signature verification algorithm, such as a Rivest-Shamir-Adelman (RSA) algorithm and/or a secure hash algorithm (SHA-1).12-02-2010
20100306555Storage apparatus and authentication method - A storage apparatus includes a key control part to judge a validity of a data access from a request source based on authorization information received therefrom and authorization information created from an enciphering key included in enciphering key information received from a key management apparatus, and a control part to make the data access to the recording medium using the enciphering key in response to an access request from the request source, if the validity of the data access is confirmed. The authorization information from the request source includes a unique code created from the enciphering key if an authentication is successful in the key management apparatus in response to an authentication request from the request source.12-02-2010
20100313040Segment deduplication system with encryption and compression of segments - A system for storing encrypted compressed data comprises a processor and a memory. The processor is configured to determine whether an encrypted compressed segment has been previously stored. The encrypted compressed segment was determined by breaking a data stream, a data block, or a data file into one or more segments and compressing and then encrypting each of the one or more segments. The processor is further configured to store the encrypted compressed segment in the event that the encrypted compressed segment has not been previously stored. The memory is coupled to the processor and configured to provide the processor with instructions.12-09-2010
20130138974SYSTEM AND METHOD FOR ENCRYPTING AND STORING DATA - A computing device connects with a vision measuring machine (VMS). Then the computing device generates a one time password (OTP). A size of the OTP, the OTP are stored in a predefined file. The computing device obtains a size of measurement program codes of the VMS. The size of the OTP and the size of the measurement program codes are stored in the predefined file. The measurement program codes are encrypted by the OTP. If the measurement data includes image data of an object which is measured by the VMS, the computing device stores the encrypted program codes, a type of the image data, image data, and a size of the image data in the predefined file.05-30-2013
20130138975PROTECTION OF MEMORY AREAS - A method for loading a program, contained in at least a first memory, into a second memory accessible by an execution unit, in which the program is in a cyphered form in the first memory, a circuit for controlling the access to the second memory is configured from program initialization data, instructions of the program, and at least initialization data being decyphered to be transferred into the second memory after configuration of the circuit.05-30-2013
20110145601METHOD FOR OPERATING A SECURITY DEVICE - A method for operating a security device includes a microcontroller, a protected memory area, in which at least one item of protection-worthy information is stored, and a unit, the microcontroller being connected to the protected memory area via the unit, the at least one item of protection-worthy information being accessed by the microcontroller via the unit when the method is carried out.06-16-2011
20110145600NONVOLATILE MEMORY INTERNAL SIGNATURE GENERATION - A nonvolatile memory device generates a signature using a private key and contents within the memory device. The signature is stored in a secure area within the nonvolatile memory device. A processor having the same private key also generates a signature that is stored in the clear. The processor validates the contents of the nonvolatile memory by comparing the signatures.06-16-2011
20130145177MEMORY LOCATION SPECIFIC DATA ENCRYPTION KEY - Contents of a memory are encrypted using an encryption key that is generated based on a random number and a memory location at which the contents are stored. Each of a plurality of locations of a memory can be associated with a respective unique pointer value, and an encryption key may be generated based on the unique pointer value and the random number. In some examples, the random number is unique to a power-up cycle of a system comprising the memory or is generated based on a time at which the data to be stored by the memory at the selected memory location is written to the memory.06-06-2013
20130145178PORTABLE SECURE DATA FILES - A portable secure data file includes an encrypted data portion and a metadata portion. When a request associated with a current user of a device to access a portable secure data file is received, one or more records in the metadata portion are accessed to determine whether the current user is permitted to access the file data in the encrypted data portion. If a record indicates the user is permitted to access the file data, a content encryption key in that record is used to decrypt the encrypted data portion.06-06-2013
20130145179Corralling Virtual Machines With Encryption Keys - A virtual machine comprises a unique identifier that is associated with one or more encryption keys. A management server encrypts the virtual machine's virtual hard disk(s) using the one or more associated encryption keys. The management server further provides the one or more encryption keys to a limited number of one or more servers in a system. Only those one or more servers that have been provided the one or more encryption keys can be used to load, access, and/or operate the virtual machine. The management server can thus differentiate which virtual machines can be operated on which servers by differentiating which servers can receive which encryption keys. In one implementation, a management server encrypts all virtual machines in the system, but encrypts virtual machines with sensitive data with a limited set of encryption keys, and further provides those encryption keys to a limited set of trusted servers.06-06-2013
20090138729INFORMATION PROCESSING DEVICE, PROGRAM VERIFICATION METHOD, AND RECORDING MEDIUM - A first storage unit stores a plurality of security functions each defining a first protection attribute requiring a storage of a value of an argument for input/output of data. A second storage unit stores a program list describing a second protection attribute of a variable indicating a storage area of the data and an executing procedure of a predetermined process. An identifying unit identifies a third protection attribute of an actual argument for input/output of a security function based on the second protection attribute. When a judging unit judges not all of third protection attributes match with first protection attributes, an output unit outputs error information indicating a mismatch of the protection attributes.05-28-2009
20100332854STORAGE DEVICE, METHOD OF CONTROLLING STORAGE DEVICE, AND COMPUTER PROGRAM PRODUCT - A storage device with an authentication feature providing enhanced convenience during locking. The device is a USB hard disk designed for connection to a personal computer, and includes a disk, an access controller, and a push-button. The access controller includes an encryption/decryption module 12-30-2010
20090187772TAMPER EVIDENCE PER DEVICE PROTECTED IDENTITY - Various techniques are described to protect secrets held by closed computing devices. In an ecosystem where devices operate and are offered a wide range of services from a service provider, the service provider may want to prevent users from sharing services between devices. In order to guarantee that services are not shared between devices, each device can be manufactured with a different set of secrets such as per device identifiers. Unscrupulous individuals may try to gain access to the secrets and transfer secrets from one device to another. In order to prevent this type of attack, each closed computing system can be manufactured to include a protected memory location that is tied to the device.07-23-2009
20110246792METHOD, SYSTEM AND MEDIUM FOR ANALOG ENCRYPTION IN A FLASH MEMORY - A system and method for analog encryption and decryption. A threshold level encryption key stream is generated and a programming level for each bit of a cipher data stream, with each bit having a one or zero state, is determined, where a threshold for distinguishing between the one or zero state for each bit varies based on a corresponding entry in the threshold level encryption key steam. Each bit of the cipher data stream in a cell of a memory is programmed based on the programming level.10-06-2011
20110246791MEMORY CHIP, INFORMATION STORING SYSTEM, AND READING DEVICE - According to one embodiment, a memory chip, which is connected to a writing device that writes data and to a reading device that reads data, includes: a memory including a first area that is a predetermined data storage area; a second encryption key generating unit that receives second key information stored in the reading device and generates a third key; and a sending unit that transmits, to the reading device, second encrypted data obtained by encrypting data stored in the memory using the third key. The second encrypted data is received by the reading device and is decrypted by using a fourth key that is stored in the reading device and that corresponds to the third key.10-06-2011
20110113260Block Encryption Security for Integrated Microcontroller and External Memory System - A secure microcontroller system comprising an integrated cache sub-system, crypto-engine, buffer sub-system and external memory is described according to various embodiments of the invention. The secure microcontroller incorporates block encryption methods to ensure that content communicated between the integrated microcontroller and external memory is protected and real-time performance of the system is maintained. Additionally, the microcontroller system provides a user-configurable memory write policy in which memory write protocols may be selected to balance data coherency and system performance.05-12-2011
20110113259RE-KEYING DURING ON-LINE DATA MIGRATION - A method of migrating data comprises migrating source encrypted data from a source storage device to a target storage device and re-keying while migrating the source encrypted data. The method further comprises while re-keying and migrating the source encrypted data, performing an access request to the source encrypted data apart from the migrating and re-keying.05-12-2011
20110040986METHOD, SYSTEM, AND PROGRAM FOR SECURELY PROVIDING KEYS TO ENCODE AND DECODE DATA IN A STORAGE CARTRIDGE - Provided is a method, system, and program for enabling access to data in a storage medium within one of a plurality of storage cartridges capable of being mounted into a interface device. An association is provided of at least one coding key to a plurality of storage cartridges. A determination is made of one coding key associated with one target storage cartridge, wherein the coding key is capable of being used to access data in the storage medium within the target storage cartridge. The determined coding key is encrypted. The coding key is subsequently decrypted to use to decode and code data stored in the storage medium.02-17-2011
20110213990APPARATUS AND METHOD FOR CONTENT PROTECTION USING ONE-WAY BUFFERS - Method and apparatus for content protection using one-way buffers. In one embodiment, the method includes storage of content decrypted by a host processor within a reserved range of memory. In one embodiment, a peripheral device requires the host processor to decrypt the received content for playback by the peripheral device. The decrypted content is stored within a reserved range of memory that is not accessible by malicious software. Hence, content is transferred from the reserved range of memory to a device driver of the peripheral device. In one embodiment, access to the reserved range of memory consists of write-only access by the host processor and read-only access by the peripheral device. In one embodiment, prior to storage of the content within the reserved range of memory, the content is re-encrypted prior to storage and decryption prior to transfer to the peripheral device. Other embodiments are described and claimed.09-01-2011
20110213989OPTICAL STORAGE MEDIA AND THE CORRESPONDING CRYPTOGRAPHY FOR DATA ENCRYPTION THEREOF - Based on the demand of developing a data encryption technique for the optical storage media, the present invention discloses a cryptography for data encryption based on a design of specific hardware conditions, so as to achieve the security requirements for the encrypted digital data stored in the optical storage media and the design requirements for the security issues on the optical storage media for software vendors in the current market.09-01-2011
20100031056STORAGE SYSTEM TO WHICH REMOVABLE ENCRYPTION/DECRYPTION MODULE IS CONNECTED - A storage system comprises a connector to which a removable module is connected. The removable module comprises a storage section for storing encryption/decryption information related to encryption and decryption of data, and/or an encryption/decryption engine for encrypting/decryption data by a predetermined encryption/decryption scheme. A control section and/or a module of the storage system encrypts data using the encryption/decryption information, or decrypts encrypted data using the encryption/decryption information. Alternatively the encryption/decryption engine encrypts data or decrypts encrypted data.02-04-2010
20090077391Method and apparatus for protecting data during storage/retrieval - For protecting data during transmission between a host device and a data storage device, the host device encrypts command-related information and sends the encrypted command-related information to the data storage device. The data storage device decrypts the encrypted command-related information, interprets the decrypted command-related information to generate interpreted commands, and executes the interpreted commands.03-19-2009
20090077390Electronic file protection system having one or more removable memory devices - The electronic file protection system includes at least one first memory device removably disposable in communicative relation with one or more computers, wherein the first memory device includes a unique identifier. The system further includes unique, non-reproducible encryption key data disposed or otherwise saved on the first memory device. The encryption key data is structured to be utilized in conjunction with at least one encryption algorithm so as to at least partially protect the electronic file, or otherwise orient the electronic file in an encrypted mode. Further, the unique identifier is reproducible and disposable in associated relation with a replacement memory device.03-19-2009
20100229005DATA WHITENING FOR WRITING AND READING DATA TO AND FROM A NON-VOLATILE MEMORY - Systems, apparatuses, and methods are provided for whitening and managing data for storage in non-volatile memories, such as Flash memory. In some embodiments, an electronic device such as media player is provided, which may include a system-on-a-chip (SoC) and a non-volatile memory. The SoC may include SoC control circuitry and a memory interface that acts as an interface between the SoC control circuitry and the non-volatile memory. The SoC can also include an encryption module, such as a block cipher based on the Advanced Encryption Standard (AES). The memory interface can direct the encryption module to whiten all types of data prior to storage in the non-volatile memory, including sensitive data, non-sensitive data, and memory management data. This can, for example, prevent or reduce program-disturb problems or other read/write/erase reliability issues.09-09-2010
20100131775Method for Secure Storage and Delivery of Media Content - The memory device contains control structures that allow media content to be stored securely and distributed in a manner envisioned by the content owner, or service providers involved in the distribution. A wide variety of different avenues become available for distributing media content using such memory devices, such as where the devices contain one or more of the following: abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content. The memory device has a type of control structures that enable a service provider (who can also be the content owner) to create a secure environment for media content distribution where end users and terminals register with the service provider, and gain access to the content in a manner controlled by the service provider. The various components to be loaded (e.g. abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content) may be generated and loaded in a secure and efficient manner.05-27-2010
20100131774Method for Secure Storage and Delivery of Media Content - The memory device contains control structures that allow media content to be stored securely and distributed in a manner envisioned by the content owner, or service providers involved in the distribution. A wide variety of different avenues become available for distributing media content using such memory devices, such as where the devices contain one or more of the following: abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content. The memory device has a type of control structures that enable a service provider (who can also be the content owner) to create a secure environment for media content distribution where end users and terminals register with the service provider, and gain access to the content in a manner controlled by the service provider. The various components to be loaded (e.g. abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content) may be generated and loaded in a secure and efficient manner.05-27-2010
20100131773System and Method for Providing Data Integrity - Systems and methods for providing data integrity for stored data are disclosed. A method may include, in connection with the receipt of a read command at a storage resource, reading a data block from the storage resource, the data block including a data field, a data integrity field indicating the integrity the data field, and an encryption indicator field indicating whether the data block is encrypted with a current cryptographic key for the storage resource. The method may further include determining whether the data field is encrypted with the current cryptographic key based at least on the encryption indicator field. The method may additionally include returning at least a portion of the data block in reply to the read command in response to determining that the data field is encrypted with a cryptographic key other than the current cryptographic key.05-27-2010
20110087899FIREWALL PLUS STORAGE APPARATUS, METHOD AND SYSTEM - A storage firewall architecture, method and system that works in parallel with existing security technologies and, inter alia, provides application software authentication, user authentication & authorization in the execution of an application, examination, verification, and authentication of all storage access requests, monitoring of protected storage to detect & repair anomalous changes, encryption of protected storage, both data and software, provisioning (deployment) of patches, configuration changes, and software through a secure synchronization link to a configuration and patch management server, and server-based system administration & configuration to prevent malware from penetrating local configuration mechanisms.04-14-2011
20110087898SAVING ENCRYPTION KEYS IN ONE-TIME PROGRAMMABLE MEMORY - Described embodiments provide encryption/decryption of data transferred between a media controller and a storage device. The media controller provides encryption/decryption based on a root key (RK). Storage in a one-time programmable (OTP) memory is provided as a plurality of un-burned slots. The OTP memory is initially provided without the RK, which is generated with a random number generator. A control module performs the steps of i) burning the RK to an initial slot of the OTP memory, and ii) validating the burned RK (bRK) stored at the initial slot based on a comparison of the RK and the burned RK. If the control module validates the burned RK, the burned RK is employed by the media controller. Otherwise, one or more subsequent slots of the OTP memory are burned with the RK until the control module validates the corresponding burned RK.04-14-2011
20110087897Hardware-Based Key Generation and Recovery - A system and method of recovering encoded information contained in a device by storing and retrieving at least part of the necessary decoding data by setting and measuring the physical characteristics of the device. Storage and recovery options include, but are not limited to, measurement of electronic or optical characteristics of electrically or optically conductive portions of the device using a range of measurement techniques that include, but are not limited to, time-domain reflectometry.04-14-2011
20110087896SECURE STORAGE OF TEMPORARY SECRETS - Temporarily sensitive information can be stored in the non-volatile storage of a TPM, from which it can be securely, and irretrievably, deleted. Additionally, information stored in a TPM can secure information stored on communicationally disconnectable storage media such that, when communicationally disconnected, the information stored on such media is inaccessible. A whole volume encryption service key can be protected by a key stored in a TPM and, even if the protector remains accessible, the secure deletion of the key from the TPM prevents unauthorized disclosure of the whole volume encryption service key. Additionally, TPM stored data can be released only when a computing device is in a particular state, as determined by the PCRs. A hibernation image can be encrypted and the key stored with the TPM such that it is released to decrypt the image and restore active computing only if the state has not materially changed during hibernation.04-14-2011
20100070781METHOD AND SYSTEM FOR BOOTSTRAPPING A TRUSTED SERVER HAVING REDUNDANT TRUSTED PLATFORM MODULES - Multiple trusted platform modules within a data processing system are used in a redundant manner that provides a reliable mechanism for securely storing secret data at rest that is used to bootstrap a system trusted platform module. A hypervisor requests each trusted platform module to encrypt a copy of the secret data, thereby generating multiple versions of encrypted secret data values, which are then stored within a non-volatile memory within the trusted platform. At some later point in time, the encrypted secret data values are retrieved, decrypted by the trusted platform module that performed the previous encryption, and then compared to each other. If any of the decrypted values do not match a quorum of values from the comparison operation, then a corresponding trusted platform module for a non-matching decrypted value is designated as defective because it has not been able to correctly decrypt a value that it previously encrypted.03-18-2010
20090031143Method and system for securing a disk key - In accordance with an embodiment of the present invention, a trusted client includes a non-volatile memory programmed with an encrypted disk key. The encrypted disk key in the non-volatile memory is encrypted with a master key of a security processor. Accordingly, encrypted data received by the central processor from a disk's security logic is forwarded to a security processor along with the encrypted disk key. The security processor decrypts the encrypted disk key and then decrypts the encrypted data, utilizing the disk key. The disk key is never available to the central processing unit in the clear.01-29-2009
20090210724CONTENT MANAGEMENT METHOD AND CONTENT MANAGEMENT APPARATUS - A technique is provided which protects copyrights of contents and at the same time enhances the user's convenience.08-20-2009
20090327759Encrypting data on a non-volatile memory - A non-volatile memory, such as a NAND memory, may be encrypted by reading source blocks, writing to destination blocks, and then erasing the source blocks. As part of the encryption sequence, a power fail recovery procedure, using sequence numbers, is used to reestablish a logical-to-physical translation table for the destination blocks.12-31-2009
20090327758STORAGE APPARATUS AND DATA PROCESSING METHOD FOR STORAGE APPARATUS - A storage apparatus is provided, which allows a user to properly use an encrypted text and a plain text even when the storage apparatus has an encrypting function. An adaptor controlling transmission and reception of data to and from a memory device is provided with an encrypting function. Data requiring no encryption is transmitted to an adaptor having no encrypting function, and data to be encrypted is transmitted to the adaptor having an encrypting function. Thus, a user of the storage apparatus can properly use an encrypted text and a plain text.12-31-2009
20090217057Download And Burn To Rent System - A system and method provide for content to be downloaded by an information handling system (IHS) and written to an optical storage medium. The content is protected by a content protection system. The content on the storage medium may be decrypted and displayed by a playback device. An invalid credential is written to the storage medium, for example, after display of the content. The invalid credential restricts decryption of the content. Examples of credentials that may be invalidated by writing an invalid credential to the storage medium include any keys, usage rules, or other items required for the decryption of content, for example, under content scrambling system (CSS) or advanced access content system (AACS) content protection systems.08-27-2009
20090217056Secure and Usable Protection of a Roamable Credentials Store - A tool which facilitates a balancing of security with usability enabling secure user access to multiple secure sites and locations from several computing devices utilizing a roamable credential store (RCS) which is highly resistant to offline attack. The RCS facilitates a protected Unified Credential Vault (UCV) via a multi-stage encryption process such that user credentials are protected by making offline dictionary attacks prohibitively expensive to an attacker without causing usability to deteriorate commensurately.08-27-2009
20080256369DISC DRIVE COUNTERFEITING COUNTERMEASURE - Counterfeiting of optical disc drives used with game systems is prevented by storing an obfuscated authentication key in firmware of the disc drive. Each disc drive can implement a different obfuscation scheme. The authentication key is parsed into components and the components are stored in various locations in firmware of the disc drive. Drive specific software also is stored in the firmware. Remaining locations of the firmware are randomly populated with binary values.10-16-2008
20100058072CONTENT CRYPTOGRAPHIC FIREWALL SYSTEM - A system and method that regulates the various operations between computing stations and storage or content. Any operation that involves or may lead to the exchange or accessing of content (data) between storage or hosting content container and computing station may be regulated by means of a policy which comprise a set of rules. Rules may be defined according to specific criteria, including the type of storage, the type of content, the attributes of the content, and other attributes associated with the storage device and/or the content. The policy will be dynamically installed/updated upon a computing station for specific User(s) and will regulate the data operations that may take place between the computing stations and storage or content based on evaluation of the policy. Based on the evaluation of the policy, the requested operation is permitted, restricted in some areas, or denied.03-04-2010
20100058075METHOD AND APPARATUS FOR LOADING A TRUSTABLE OPERATING SYSTEM - A method and apparatus is provided for securing a region in a memory of a computer. According to one embodiment, the method comprises halting of all but one of a plurality of processors in a computer. The halted processors entering into a special halted state. Content is loaded into the region only after the halting of all but the one of the plurality of processors and the region is protected from access by the halted processors. The method further comprises placing the non-halted processor into a known privileged state, and causing the halted processors to exit the halted state after the non-halted processor has been placed into the known privileged state.03-04-2010
20100058076METHOD AND APPARATUS FOR LOADING A TRUSTABLE OPERATING SYSTEM - An article of manufacture is provided for securing a region in a memory of a computer. According to one embodiment, the article of manufacture comprises a machine-accessible medium including data that, when accessed by a machine, causes the machine to: halt all but one of a plurality of processing elements in a computer, where the halted processing elements enter into a special halted state; load content into the region only after the halting of all but the one of the plurality of processing elements and the region is protected from access by the halted processing elements; place the non-halted processing element into a known privileged state; and cause the halted processing elements to exit the halted state after the non-halted processing element has been placed into the known privileged state.03-04-2010
20100058073STORAGE SYSTEM, CONTROLLER, AND DATA PROTECTION METHOD THEREOF - A storage system including a storage unit, a connector, and a controller is provided. A personal identification number (PIN) message digest and a cipher text are stored in the storage unit. When the storage system is connected to a host system through the connector, the controller requests a password from the host system and generates a message digest through a one-way hash function according to the password. After that, the controller determinates whether the message digest matches the PIN message digest. If the message digest matches the PIN message digest, the controller decrypts the cipher text in the storage unit through a first encryption/decryption function according to the password to obtain an encryption/decryption key. Eventually, the controller encrypts and decrypts user data through a second encryption/decryption function according to the encryption/decryption key. Thereby, the user data stored in the storage system can be effectively protected.03-04-2010
20110107114ELECTRONIC DEVICE AND METHOD FOR SECURITY MONITORING THEREOF - A method for security monitoring of an electronic device includes determining whether a storage system of the electronic device is a secured storage system according to a signal of a first switch of the electronic device, determining whether an encryption key of the secured storage system is modifiable according to a detected signal of a second switch of the electronic device. Decrypting the secured storage system using a decryption key if the decryption key is the same as a preset decryption key in the secured storage system.05-05-2011
20100250970STORAGE DEVICE - The storage device used in connection with an information processing apparatus is provided. The storage device includes: an authentication storage area storing an authentication program in advance, wherein the authentication program is executed to authenticate whether each user operating the information processing apparatus is an approved user; an operating system storage area storing an operating system in advance, wherein the operating system is encrypted and is used by the information processing apparatus; an access controller configured to control accesses the authentication storage area and the operating system storage area from the information processing apparatus; and a decoder configured to decrypt the encrypted operating system, wherein upon notification of successful authentication representing that the user is authenticated as the approved user by the authentication program, the access controller allows an access the operating system storage area from the information processing apparatus.09-30-2010
20110154062PROTECTION OF ELECTRONIC SYSTEMS FROM UNAUTHORIZED ACCESS AND HARDWARE PIRACY - A method of designing an electronic system is provided to protect the electronic system from unauthorized access and hardware piracy. The method includes describing the electronic system in a first design and replacing a portion of the electronic system with a reconfigurable module to generate a second design. The reconfigurable module includes a reconfigurable logic block and a configuration block for storing configuration data. The method also includes encrypting configuration data and saving the encrypted configuration data separately from the reconfigurable module. The reconfigurable logic block is configured to correspond to the portion of the electronic system in the first design when the configuration data is loaded in the configuration block.06-23-2011
20110154060IMPLEMENTING SECURE ERASE FOR SOLID STATE DRIVES - A method and apparatus are provided for implementing secure erase for solid state drives (SSDs). An encryption key is used to encrypt data being written to SSD. A controller identifies a key storage option, and responsive to the identified key storage option, stores a key for data encryption and decryption. The controller deletes the key within the SSD responsive to the identified key storage option, ensuring that once the key is deleted, the key is not recoverable and data is effectively erased.06-23-2011
20120303975DATA CONVERSION METHOD ON STORAGE MEDIUM, APPARATUS AND PROGRAM - In a data conversion auxiliary module which is at a higher level than a file system in a disk management hierarchy, data stored in a storage medium, which becomes an object, is successively accessed. Then, a data conversion module captures a sector-unit access request to a device driver from the file system, converts data of a sector which is returned from the device driver, and writes the conversion data in the sector. Thereby, data conversion can be executed on a specific region of the storage medium, which is associated with the data in the storage medium.11-29-2012
20120303974Secure Removable Media and Method for Managing the Same - The invention provides a secure removable media. In one embodiment, the secure removable media comprises a non-volatile memory and a controller. The non-volatile memory corresponds to a media identifier, and comprises a public area, a hidden area, and a reserved hidden area for data storage, wherein a security program is stored in the public area, and a first firmware for retrieving the media identifier and a second firmware for accessing the hidden area are stored in the reserved hidden area. The controller receives secure data from an external device. The security program uses the first firmware to retrieve the media identifier from the secure removable media, generates an encryption key according to the media identifier given by the first firmware, encrypt the secure data according to the encryption key to obtain an encrypted secure data, and uses the second firmware to write the encrypted secure data to the hidden area. When the secure data is to be retrieved from the secure removable media, the security program reads the encrypted secure data from the hidden area, retrieves the media identifier from the non-volatile memory, generates a decryption key according to the media identifier given by the first firmware, and decrypts the encrypted secure data according to the decryption key to obtain the secure data.11-29-2012
20110072278DATA PROCESSING APPARATUS AND DIGITAL SIGNATURE METHOD - A data processing apparatus includes, an input unit to accept information on one or more deletion-target data blocks specified from a plurality of data blocks, a hash generating unit to calculate a hash value of each of the plurality of data blocks, an auxiliary data generating unit to calculate auxiliary data β=g03-24-2011
20120079288SECURE HOST AUTHENTICATION USING SYMMETRIC KEY CRYTOGRAPHY - Methods of securely authenticating a host to a storage system are provided. A series of authentication sessions are illustratively performed. Each of the authentication sessions includes the host transmitting an authentication request to the storage system. The storage system authenticates the host based at least in part upon a content of the authentication request. After each successful authentication of the host to the storage system, an encryption key that was utilized in encrypting the authentication request that was transmitted to the storage system is deleted. After each encryption key deletion, a new encryption key that is different than the previous key is optionally stored and is utilized in the next authentication session.03-29-2012
20110258462METHOD, SYSTEM AND INTEGRATED CIRCUIT FOR ENABLING ACCESS TO A MEMORY ELEMENT - A system comprises signal processing logic that is operably coupled to at least one memory element and is arranged to enable access to the at least one memory element. The signal processing logic is arranged to receive a security key, generate a system key using the received security key and a system specific seed, perform a comparison of the generated system key to a reference key stored in an area of memory of the at least one memory element. The signal processing logic is also arranged to configure a level of access to the at least one memory element based at least partly on the comparison of the generated system key to the reference key stored in memory.10-20-2011
20090327757Computer system for managing storage area state of a storage system - There is provided a computer system, having a host and at least one storage system. The at least one storage system provides storage area includes at least one of an encrypted storage area and a plaintext storage area The at least one storage system is configured to: receive an instruction about what type of storage area is available to the host computer; present the encrypted storage area to the host as an available storage area separate from unavailable storage areas in the case of the type of storage area being available according to the instruction indicating “encrypted”; and present, in the case of the type of storage area being available according to the instruction indicating other than “encrypted”, one of both the encrypted storage area and the plaintext storage area to the host computer as available storage areas, and only the plaintext storage area as an available storage area.12-31-2009
20090240955SECURE MEDIA STORAGE DEVICE AND METHOD OF SECURING MEDIA STORAGE DEVICES - A secure media storage device for an imaging device, comprising an interface (09-24-2009
20090240953ON-DISK SOFTWARE IMAGE ENCRYPTION - A technique is introduced to support on-disk software image encryption. Image of a software component deployed to a host is encrypted when the image is created and/or its content is changed, before such image of the software component is being saved to a non-volatile storage of the host. The encrypted image of the software component is decrypted only at startup and/or resume time of the software component. Once decrypted, the image of the software component is loaded into a volatile storage of the host so that the software component can be up and running.09-24-2009
20110154063INFORMATION MANAGEMENT SYSTEM, INFORMATION MANAGEMENT METHOD AND APPARATUS, AND ENCRYPTION METHOD AND PROGRAM - An information management system provided with an encrypting means for encrypting an original file to prepare an encrypted file, a data storage memory which stores the encrypted file, a decrypting means, a general memory, an information managing means for decrypting the encrypted file to an editable display file etc. and storing it in the general memory in a regular operational processing cycle, performing the required editing in the form of the display file etc., converting the display file etc. after editing to an encrypted file by the encrypting means, and storing this in the data storage memory, and an information management file which controls processing of or operations on the encrypted file by the information managing means. This standardizes information management at the different levels of an organization, managers, etc., enables secure protection and management of information contained in the different machinery and equipment, lightens the load of information management, prevents leakage of information, and preserves and protects files and prevents their destruction, tampering, and alteration.06-23-2011
20090204824SYSTEM, METHOD AND MEMORY DEVICE PROVIDING DATA SCRAMBLING COMPATIBLE WITH ON-CHIP COPY OPERATION - Data scrambling techniques implemented externally to a flash memory device are disclosed which can be used in concert with flash memory on-chip copy functionality operating internally to the flash device, thus supporting high performance copying operations. All the data stored in the flash may be scrambled, including headers and control structures. Robust file system operation may be achieved, including the capability to tolerate a power loss at any time, and yet be able to relocate data internally within the flash without having to de-scramble and then re-scramble the data. An exemplary hardware based solution has little or no impact on overall system performance, and may be implemented at very low incremental cost to increase overall system reliability. The data scrambling technique preferably uses a logical address, such as logical block address or logical page address, rather than a physical address, to determine a seed scrambling key.08-13-2009
20080320319SYSTEM AND METHOD FOR ENCRYPTING SECONDARY COPIES OF DATA - A system and method for encrypting secondary copies of data is described. In some examples, the system encrypts a secondary copy of data after the secondary copy is created. In some examples, the system looks to information about a data storage system, and determines when and where to encrypt data based on the information.12-25-2008
20080307237Method for improving accuracy of a time estimate used to authenticate an entity to a memory device - A method for improving accuracy of a time estimate used to authenticate an entity to a memory device is disclosed. In one embodiment, a memory device receives a request to authenticate an entity. Before attempting to authenticate the entity, the memory device determines if a new time stamp is needed. If a new time stamp is needed, the memory device receives the new time stamp and then attempts to authenticate the entity using a time estimate based on the new time stamp. In another embodiment, the memory device comprises a plurality of different time stamp update policies (TUPs) that specify when a new time stamp is needed, and the determination of whether a new time stamp is needed is based on a TUP associated with the entity. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.12-11-2008
20080288789Reducing information leakage between processes sharing a cache - A method of impeding leakage of cache access behavioural information of a section of a sensitive process to an untrusted process, said sensitive and untrusted processes being performed by a processor within a data processing apparatus, said data processing apparatus further comprising at least one cache operable to store information required by said processor while performing said sensitive and untrusted processes, the method comprising the steps of: prior to commencing processing of a section of said sensitive process by said processor, evicting information stored in locations of said at least one cache which may otherwise be evicted by said sensitive process loading information that may be required by said section of said sensitive process in said at least one cache; commencing processing of said section of said sensitive process by said processor; switching said processor during processing of said section of said sensitive process to said untrusted process in response to a switching request; on switching back to said section of said sensitive process from said untrusted process, evicting information stored in locations of said at least one cache which may otherwise be evicted by said sensitive process loading information that may be required by said section of said sensitive process in said at least one cache prior to recommencing processing of said section of said sensitive process.11-20-2008
20080229119Information Carrier Authentication With a Physical One-Way Function - The present invention relates to a method of enabling authentication of an information carrier (09-18-2008
20110161681DIRECTORY SYNCHRONIZATION OF A DISPERSED STORAGE NETWORK - A method begins by a processing module dispersed storage error encoding data to produce a set of encoded data slices and generating a transaction identifier regarding storage of the set of encoded data slices. The method continues with the processing module outputting a plurality of write request messages to a plurality of dispersed storage (DS) units, wherein each of the plurality of write request messages includes the transaction identifier and a corresponding one of the set of encoded data slices. The method continues with the processing module receiving write response messages from at least some of the DS units, wherein each of the write response messages includes a reference to the transaction identifier. The method continues with the processing module updating directory information regarding storage of the data to produce updated directory information when at least a write threshold number of the write response messages have been received.06-30-2011
20110161680DISPERSED STORAGE OF SOFTWARE - A data de-duplication method begins by a processing module receiving a plurality of data storage requests from a plurality of requesting devices wherein a data storage request includes the data and a requester identifier (ID). The method continues with the processing module obtaining a data identifier (ID) for the data. For each of the plurality of data storage requests, the method continues with the processing module producing a requester storage record, dispersed storage error encoding the requester storage record to produce a set of encoded requester storage record slices, and sending the set of encoded requester storage record slices to a dispersed storage network (DSN) memory for storage therein. The method continues with the processing module dispersed storage error encoding at least a portion of the data to produce a set of encoded data slices and sending the set of encoded data slices to the DSN memory for storage therein.06-30-2011
20110161678CONTROLLER FOR CONTROLLING NAND FLASH MEMORY AND DATA STORAGE SYSTEM - According to one embodiment, a controller controlling a storage device connected to a host device and storing data includes a pseudorandom number generator, and a scramble circuit. The pseudorandom number generator generates a pseudorandom number based on identification information of the controller. The scramble circuit scrambles data received from the host device using the pseudorandom number.06-30-2011
20110055593METHOD AND APPARATUS FOR PROTECTING ACCOUNT NUMBERS AND PASSWORDS - A method and apparatus are provided for protecting confidential information. The method includes the steps of providing a plurality of files where each file contains at least one item of secret information, such as a password for a private account. Access to the plurality of files is password protected with a master password. To access the plurality of files, the master password must be entered into a master password entry field. The files are deleted upon successive entry of incorrect passwords into the master password entry field a predetermined number of times.03-03-2011
20080256368Method and Device For Protecting Digital Content in Mobile Applications - The present invention provides methods and devices allowing a secure way of sharing protected content. A content holder may share the content under certain restrictions. The invention offers a secure sharing method preventing copyright violations and preserving the copyright owners control over the content use, while also offering new marketing possibilities to him. A method for protecting digital content is provided which comprises receiving said digital content, encrypting said digital content using a encryption algorithm resulting in encrypted content, generating license information associated to said encrypted content, wherein said license information is provided as one or more executable code sections, which are executable on a processor-based entity.10-16-2008
20100174922ENCRYPTION BRIDGE SYSTEM AND METHOD OF OPERATION THEREOF - A method of operation of an encryption bridge system that includes: authenticating a user using a self-authenticating encryption bridge; and controlling encryption using the self-authenticating encryption bridge disposed between a computer system and a storage system in response to the authenticating of the user.07-08-2010
20110167279METHOD FOR PROTECTING A PROGRAMMABLE CRYPTOGRAPHY CIRCUIT, AND CIRCUIT PROTECTED BY SAID METHOD - A programmable cryptography circuit includes memory-based cells defining the logic function of each cell, integrating a differential network capable of carrying out calculations on pairs of binary variables, including a first network of cells implementing logic functions on the first component of the pairs and a second network of dual cells operating in complementary logic on the second component of the pair. A calculation step includes a precharge phase, in which the variables are put into a known state at the output of the cells, and an evaluation phase in which a calculation is made by the cells. A phase of synchronizing the variables is inserted before the evaluation phase or the precharge phase in each cell capable of receiving several signals conveying input variables, the synchronization being carried out on the most delayed signal.07-07-2011
20110264926USE OF A SECURE ELEMENT FOR WRITING TO AND READING FROM MACHINE READABLE CREDENTIALS - A method for conducting secure communications with credential cards using existing reader/writer hardware that enhances the security of the provisioning process is provided. The method moves the sensitive data contained in these communications together with the program that uses this sensitive data for the purpose of interacting with a credential card inside a secure computational element such as an integrated circuit card. The provisioning program inside the secure element issues commands to readers/writers of existing art in order to establish secure communication with the credential card and then uses the secure channel so created for the purpose of direction communication between the secure computation element and the credential card.10-27-2011
20110264925SECURING DATA ON A SELF-ENCRYPTING STORAGE DEVICE - Disclosed embodiments relate to a method for securing data on a self-encrypting storage device. The method may comprise, for example, receiving, by a self-encrypting storage device, information indicating a procedure for securing data stored on the self-encrypting storage device and selecting, by the self-encrypting storage device, a procedure for securing data stored on the self-encrypting storage device based on the received information. The procedure may comprise replacing data stored on the self-encrypting storage device or deleting a decryption key associated with data stored on the self-encrypting storage device. In one embodiment, the method further involves performing, by the self-encrypting storage device, the selected procedure.10-27-2011
20100287386SECURE INTEGRATED CIRCUIT COMPRISING MEANS FOR DISCLOSING COUNTERPART MASK VALUES - An integrated circuit includes a communication interface circuit, a cryptographic algorithm, a countermeasure configured to protect the cryptographic algorithm against side-channel attacks, and a mask generator configured to provide the countermeasure with mask values. The integrated circuit is configured to execute a specific command requiring the disclosure of mask values used by the countermeasures to protect the cryptographic algorithm during a cryptographic session, and, in response to such a command, to send the mask values through the communication interface circuit.11-11-2010
20100293393Memory Controller, Memory System Including the Same, and Method for Operating the Same - A memory controller includes a first interface unit, a processor, a randomization unit, a state conversion unit, and a second interface unit. The first interface unit exchanges data with an external device, and the processor determines whether to randomize or state-convert the received data. The randomization unit randomizes data received through the first interface unit in response to the processor and generates randomization information in response to the randomization operation. The state conversion unit state-converts data received through the first interface unit in response to the processor and generates conversion information in response to the state conversion operation. The second interface unit receives the randomized data and the randomization information from the randomization unit, receives the state-converted data and the conversion information from the state conversion unit, and exchanges at least one of the randomized data, the randomization information, the state-converted data and the conversion information with a memory.11-18-2010
20110119505SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, data is received and a digital signature is generated and output. The digital signature can be a digital signature of the data and one or more conditions that are to be satisfied in order for the data to be revealed, or a digital signature over data generated using a private key associated with a bound key that is bound to one or more processors.05-19-2011
20110119503COPY-PROTECTED SOFTWARE CARTRIDGE - A cartridge preferably for use with a game console. The cartridge comprises a ROM, a non-volatile memory, a processor and an encryption unit. An application running on the console may read data from the ROM, read data from the non-volatile memory, and write data in the non-volatile memory. Data to be written in the non-volatile memory is encrypted by the encryption unit, but data to be read is returned in encrypted form for decryption by a decryption function of the game application. Data may also be received encrypted to be decrypted and returned. The encryption or decryption unit may also receive data from the non-volatile memory and send it to the interface. The invention improves on the prior art copy protection as a hacker must reverse engineer the game application in order to copy it, if the encryption unit is unknown. The invention also provides an optical medium equipped with a RFID circuit.05-19-2011
20120151224SYSTEMS AND METHODS FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.06-14-2012
20110126027SECURE SEED MEDIA - Accessing a data set with secret and non-secret data. A method includes accessing a data set image. The data set image comprises secret data. The data set image is derived from an authorized data set associated with a master key that authorizes access to the secret data. The master key is not provided with the data set image. The method further comprises restoring the data set image to a computing system to create a degraded data set. Data in the degraded data set other than the secret data is accessed without restoring the master key.05-26-2011
20110126026EFFICIENT STORAGE OF ENCRYPTED DATA IN A DISPERSED STORAGE NETWORK - A method begins with a processing module obtaining data to store and determining whether substantially similar data to the data is stored. When the substantially similar data is not stored, the method continues with the processing module generating a first encryption key based on the data, encoding the first encryption key into encoded data slices in accordance with an error coding dispersal storage function, and storing the encoded data slices in a dispersed storage network (DSN) memory. The method continues with the processing module encrypting the data using an encryption key of the substantially similar data in accordance with an encryption function to produce encrypted data, compressing the encrypted data in accordance with a compression function to produce compressed data, storing the compressed data when the substantially similar data is stored.05-26-2011
20110191600System, Method and device for playing back recorded audio, video or other content from non-volatile memory cards, compact disks, or other media - A secure software package for original equipment manufacturers to run in electronic devices in order to access and dynamically decrypt encrypted audio video or other content from a memory storage device such as a memory card, optical or hard disk such that the user interface of the device need only send simple commands and the decrypted content is output.08-04-2011
20110191599Apparatus and method for providing hardware security - A technique to provide a hardware security module that provides a secure boundary for retention of a secure key within the secure boundary and prevention of unauthorized accesses from external sources outside of the secure boundary to obtain the secure key. The hardware security module includes a security processor to unwrap and authenticate a secure key within the secure boundary to decrypt or encrypt data and to provide data through a single interface that communicates with external sources, so that all data transfers between the secure boundary, formed by the hardware security module, and external sources are transferred only through the interface. The hardware security module ensures no unwrapped key leaves the secure boundary established by the hardware security module.08-04-2011
20120079289SECURE ERASE SYSTEM FOR A SOLID STATE NON-VOLATILE MEMORY DEVICE - A secure erase system for a solid state memory device is disclosed. A memory area provides a data block for storing data and a key block for storing at least one key. A translation unit maps a logical address to a physical address associated with the memory area. An encryption unit encrypts plaintext data to be written to the memory area with the associated key and decrypts the encrypted data to be read by a host with the associated key. The key associated with a logical erase group to be secure erased is deleted after receiving a command requesting to erase the data associated with the logical erase group.03-29-2012
20100332853NETWORK TRANSMISSION METHOD, NETWORK TRANSMISSION SYSTEM AND NETWORK TRANSMISSION DEVICE THEREOF - The present invention discloses a network transmission system, network transmission method, and network transmission device thereof. The network transmission device is connected to an operating center and a user device, and comprises at least one storage device. The operating center is capable of transmitting data to the network transmission device and storing the data in the storage device. Moreover, the operating center is able to control the network transmission device to transmit the data stored in the storage device to the user device12-30-2010
20100180130Cryptographic Protection of Usage Restrictions in Electronic Devices - An electronic device requires valid control keys to change any usage restriction setting. The device is provided control keys, a secret key, and a signed software object including a batch ID and a hash of the secret key. For each control key, the device generates a cryptographic footprint bound to the device and the secret key. A message authentication code (MAC) of each usage restriction setting is generated, the MAC bound to the device and a control key. To change a usage restriction, the device receives a control key, validates it against the stored footprint, changes the usage restriction settings, and generates a new usage restriction setting MAC. The control key footprints are bound to the secret key, but the device retains only a hash of the secret key.07-15-2010
20100162003RETRIEVAL OF CRYPTOGRAPHICALLY-SPLIT DATA BLOCKS FROM FASTEST-RESPONDING STORAGE DEVICES - A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk and reconstitute the block of data from at least a portion of the plurality of secondary blocks of data stored in shares on corresponding physical storage devices in response to a request from the client.06-24-2010
20110093723Display of a verification image to confirm security - A handheld device 04-21-2011
20120151223METHOD FOR SECURING A COMPUTING DEVICE WITH A TRUSTED PLATFORM MODULE-TPM - Methods, systems and computer program products for securing a computing device with data storage, power-on firmware—BIOS, geolocation and mobile data module—GPS/GSM, and a Trusted Platform Module—TPM, including establishing a shared-secret between the BIOS and the TPM, requesting the TPM to generate suitable encryption keys, namely for encrypting the data storage, supplying the user of the computing device suitable keys for external storage, calculating a hash-based message authentication codes over the BIOS, MBR, unique ID of the TPM, unique ID of the GPS/GSM module and unique ID of the BIOS; using user provided password and/or token device; using mobile data messages to secure the device if misplaced.06-14-2012
20090300371SEMICONDUCTOR INTEGRATED DEVICE AND METHOD OF TESTING SEMICONDUCTOR INTEGRATED DEVICE - According to one embodiment, a semiconductor integrated device which stores secret data and is capable of operating in a test mode in which a scan test with respect to an internal circuit is executed, the semiconductor integrated device comprises a mode signal receiving module configured to receive a scan mode signal designating the test mode, a mask module configured to mask the secret data when the mode signal receiving module receives the scan mode signal, and an error detection module configured to detect presence or absence of error in the secret data and to store detection result in a first flip-flop.12-03-2009
20090300372SOLID STATE DISK AND INPUT/OUTPUT METHOD - Disclosed is a solid state disk including a storage unit configured to store data, and a control part configured to control enciphering and writing operation for the data using a key value and an initialization vector. The initialization vector is generated by processing an address corresponding to the data.12-03-2009
20090300370Enabling byte-code based image isolation - In one embodiment, the present invention includes a method for setting an extensible policy mechanism to protect a root data structure including a page table, interpreting a bytecode of a pre-boot driver in a byte code interpreter, and controlling access to a memory location based on the extensible policy mechanism. Other embodiments are described and claimed.12-03-2009
20090300369Security unit and protection system comprising such security unit as well as method for protecting data - In order to provide a protection system (12-03-2009
20110191598 DOCK FOR A PORTABLE HARD DISK AND A METHOD FOR ACCESSING CONTENT ON A HOST DEVICE USING THE DOCK - There is provided a first dock for a portable hard disk, where the first dock is connectable to a host device. There is also provided a corresponding method for accessing content on the host device during use of the dock. It is advantageous that the host device is able to access content from portable hard disks that are docked with the first dock and a second dock.08-04-2011
20100031063System for and Method of Remote Secure Backup - Systems and methods for registering a module for backup, backing up a module, and restoring a backed up module are provided.02-04-2010
20100031062Storage Device and Data Processing Method of Storage Device - The present invention provides a storage device and a data processing method of the storage device which can prevent leaking of data attributed to stealing or taking out of a disk device. A storage device includes: a plurality of disk adapters each of which is connected to HDDs which constitutes at least one RAID group; and a management part which manages a storage area provided by the plurality of HDD in a state that the storage area is divided into a plurality of logical storage areas, and manages the plurality of RAID groups. The management part sets an encryption state indicative of whether or not the data is to be encrypted with respect to the RAID group when all of the disk adapters connected to the HDD which belong to the RAID group are the encryption adapters the data, and the encryption adapter encrypts, based on the encryption state set with respect to the RAID group, and stores the encrypted data in the HDD.02-04-2010
20100031061Data storage device and management method of cryptographic key thereof - Embodiments of the present invention help to securely manage a data cryptographic key in a data storage device. In an embodiment of the present invention, a cryptographic processor for encrypting and decrypting data is located between a host interface and a memory manager. In parts of the hard disk drive (HDD), except for the host interface, the HDD handles user data in an encrypted state. A data cryptographic key which the cryptographic processor uses to encrypt and decrypt the user data is encrypted and stored in a magnetic disk. A multiprocessing unit (MPU) decrypts the data cryptographic key using a password and a random number to supply it to the cryptographic processor. Using the password and the random number, the HDD can manage the data cryptographic key with more security.02-04-2010
20100031059SECURITY DEVICE, SECURE MEMORY SYSTEM AND METHOD USING A SECURITY DEVICE - A security device including a first external interface; a second external interface; and a security controller connected to said first external interface and said second external interface, said security controller being adapted to validate an access right based on a codeword received via said first interface to perform an encrypted memory access via said second external interface to an external memory coupleable to said second external interface, and to prevent that encrypted memory access via said first external interface or prevent any output of data via said first external interface depending on data received via said second external interface in case of a negative validation.02-04-2010
20100031057Traffic analysis resistant storage encryption using implicit and explicit data - An encryption scheme for mass storage devices employing a tweakable encryption scheme to add variability to the encrypted data to resist attacks by traffic analysis. Explicit tweak and implicit tweak may be used to add variability to plaintext prior to encryption and eventual storage. The tweak information is either stored on the storage device along with the encrypted data as in the case of an explicit tweak, or it is derived from another source when needed as in the case of an implicit tweak. The ciphertext is decrypted using either the stored explicit tweak value or derive the implicit tweak value to “de-tweak” the decrypted data prior to usage. The data may be deleted by destroying the cipher key(s) to render the ciphertext useless. The tweak information alone is useless for decryption, as the ciphertext needs to be decrypted with the cipher key(s).02-04-2010
20100017627ENSURING AUTHENTICITY IN A CLOSED CONTENT DISTRIBUTION SYSTEM - A technique for maintaining encrypted content received over a network in a secure processor without exposing a key used to decrypt the content in the clear is disclosed.01-21-2010
20100017626INFORMATION PROCESSING APPARATUS, AUTHENTICATION METHOD, AND STORAGE MEDIUM - According to one embodiment, a storage medium comprises an encrypted content, key management information which is updated whenever necessary and includes a media key block including encrypted media keys obtained by encrypting a media key which is a base of an authentication key used for mutual authentication with another apparatus by using different device keys, and first and second application keys which encrypt the title keys for each application of the content and are alternately updated and encrypted when the key management information is updated.01-21-2010
20110154061DATA SECURE MEMORY/STORAGE CONTROL - A method includes encrypting, in a security engine associated with a memory/storage controller of a memory/storage device in a data processing device, a pre-encrypted/unencrypted data stream associated with a multimedia content in accordance with a data write request to transfer the pre-encrypted/unencrypted data stream to the memory/storage device using a security key configured to uniquely identify the data processing device during each data write session and a security flag configured to uniquely identify each data write session during a secure mode of operation. The method also includes transmitting the security engine encrypted data stream to the memory/storage device in accordance with the data write request, and decrypting the security engine encrypted data stream using the security key and the security flag in accordance with a data read request to read the security engine encrypted data stream stored in the memory/storage device.06-23-2011
20090172418Methods and Apparatus for Efficient Computation of One-Way Chains in Cryptographic Applications - Techniques are disclosed for efficient computation of consecutive values of one-way chains and other one-way graphs in cryptographic applications. The one-way chain or graph may be a chain of length s having positions i=1, 2, . . . s each having a corresponding value ν07-02-2009
20090172417KEY MANAGEMENT METHOD FOR REMOTE COPYING - A computer system comprising a host computer and a first storage system coupled to the host computer. The first storage system includes a first controller for controlling the first storage system, a first volume for storing data written by the host computer and a second volume for storing updated data when the data stored in the first volume is updated The first controller generates update information based on write data contained in the write request upon reception of a write request from the host computer, encrypts the write data based on an encrypted status of the data stored in the second volume and an encryption key for encrypting the data stored in the second volume and stores the generated update information and the encrypted write data in the second volume.07-02-2009
20090172416Storage and Retrieval of Encrypted Data Blocks with In-Line Message Authentication Codes - Techniques are disclosed for in-line storage of message authentication codes with respective encrypted data blocks. In one aspect, a given data block is encrypted and a message authentication code is generated for the encrypted data block. A target address is determined for storage of the encrypted data block in a memory. The target address is then modified to permit in-line storage of the message authentication code with the encrypted data block in the memory, and the encrypted data block and the message authentication code are transferred to the memory for storage at the modified address. Illustrative embodiments of the techniques advantageously facilitate secure off-chip storage of data in a processing system.07-02-2009
20090070598System and Method for Secure Data Disposal - A system, method, and program product is provided that initializes expected PCRs stored in a TPM by generating and storing a random number, seeding expected PCRs with the random number, inputting a set of startup code processes to a hash algorithm resulting in a set of hash values, updating the expected PCRs using the set of hash values, and saving the expected PCRs in a nonvolatile data area that is secured by the TPM. Upon reboot, the random number is retrieved from the nonvolatile data area, the PCRs are seeded with the retrieved random number, the startup code processes are input to the hash algorithm process resulting in another set of hash values, the PCRs are updated using the resulting set of hash values, and an encrypted data object is decrypted in response to the PCRs being the same as the expected PCRs.03-12-2009
20120124394System and Method for Providing a Virtual Secure Element on a Portable Communication Device - A system for providing a virtual secure element on a portable communication device having a secured element. The system comprising memory; a card management module operably associated with the secure element providing an application programming interface to the secure element and controlling writing to and reading from at least a portion of the memory; a virtual encryption key preferably stored within the secured element; and an encryption engine capable of encrypting data before its placed in the memory and decrypting that data using the virtual encryption key.05-17-2012
20120005487IMAGE CAPTURE APPARATUS - An image capture apparatus captures an image, and performs an authentication process with an external device. The image capture apparatus encrypts a captured image to generate an encrypted image if the authentication unit succeeds in performing the authentication process, and stores the encrypted image in a recording medium. The image capture apparatus displays whether the authentication unit succeeded in performing the authentication process, and whether the external device includes key information used in encrypting the captured image.01-05-2012
20120005488ENCRYPTION PROCESSOR OF MEMORY CARD AND METHOD FOR WRITING AND READING DATA USING THE SAME - An encryption processor, for storing encrypted data in a memory chip of a memory card, includes a FIFO memory for sequentially outputting m-bit data in response to a first signal, and an encryption key generator for generating m-bit encrypted keys (m being a positive integer) in response to a second signal and for sequentially outputting the keys in response to a third signal. A logic operator performs a logic operation on the data from the FIFO memory with the keys from the encryption key generator during a data write operation to sequentially encrypt the data. The logic operator performs a logic operation on the encrypted data received from a memory interface with the keys output from the encryption key generator during a data read operation in order to sequentially decode the encrypted data. The second signal is simultaneously generated with one of the write command or the read command.01-05-2012
20120005485STORAGE DEVICE AND INFORMATION PROCESSING APPARATUS - According to one embodiment, a storage device includes a data storage unit, a receiving unit, a selecting unit, and an authenticating unit. The data storage unit includes a secret area that becomes readable when authentication has been made by using reading authentication information and that becomes writable when authentication has been made by using writing authentication information. The receiving unit receives an access request that is either a write request indicating that data should be written into the secret area or a read request indicating that data should be read from the secret area. The selecting unit selects the writing authentication information if the access request is the write request and selects the reading authentication information if the access request is the read request. The authenticating unit authenticates an access to the secret area by using one of the writing authentication information and the reading authentication information that has been selected.01-05-2012
20120005486METHOD OF PROCESSING DATA TO ENABLE EXTERNAL STORAGE THEREOF WITH MINIMIZED RISK OF INFORMATION LEAKAGE - A method is provided to process data so that the data can be externally stored with minimized risk of information leakage. A framework (virtual execution framework) based on virtual machines (VMs) is utilized as a substitute for a trusted institution. Encryption of consolidated data can reduce risk of information leakage and enhance security. Since the virtual execution framework can control connection and direction of communication, financial institutions are allowed to apply encryption to data on their own, which makes the data further appropriate for external storage. By allowing financial institutions to apply their own decryption, it is possible to prevent one of two financial institutions from retrieving externally stored data into the external execution framework without intervention of the other. Additionally, associated acting subjects can be provided with freedom depending on the degree of information leakage risk.01-05-2012
20110167278Secure processor and a program for a secure processor - The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside.07-07-2011
20120011373System and Method for Secure Device Key Storage - Disclosed are systems and methods for protecting secret device keys, such as High-bandwidth Digital Content Protection (HDCP) device keys. Instead of storing secret device keys in the plain, a security algorithm and one or more protection keys are stored on the device. The security algorithm is applied to the secret device keys and the one or more protection keys to produce encrypted secret device keys. The encrypted secret device keys are then stored either on chip or off-chip.01-12-2012
20120011374DATA SECURITY FOR DIGITAL DATA STORAGE - A computing system includes data encryption in the data path between a data source and data storage devices. The data encryption may utilize a key which is derived at least in part from an identification code stored in a nonvolatile memory. The key may also be derived at least in part from user input to the computer.01-12-2012
20120011372Encryption flash disk - An encryption flash disk comprises a memory module, an encryption system, and a switch device wherein the memory module has a substrate accommodating an inner surface provided with a memory chip as well as a control device at least and a plurality of metal contacts; the encryption system is installed in the memory chip electrically connected to the control device and comprises a public zone and a private zone at least and a public program wherein the public program has a password configure module used to configure, input, and clear a password; the switch device is electrically connected to the memory module's control device. Accordingly, the encryption flash disk is capable of keeping digital data secret and safe.01-12-2012
20120017098Computer Memory With Cryptographic Content Authentication - A computer memory with cryptographic content authentication that provides a means of verifying that the contents of the memory are those intended.01-19-2012
20120023338MEMORY CONTROL DEVICE, SEMICONDUCTOR MEMORY DEVICE, MEMORY SYSTEM, AND MEMORY CONTROL METHOD - A technique for improving data security is provided. To be specific, in a memory system including an information processing apparatus and a semiconductor memory device, the semiconductor memory device has an interface section that transmits, to the information processing apparatus, data read out from a memory core according to a plurality of communication protocols having different signal transmission/reception methods. Based on a switch command inputted from the information processing apparatus, a communication protocol selection section inputs, to the interface section, a selection signal for selecting a particular communication protocol from the plurality of communication protocols.01-26-2012
20120060040FLASH MEMORY DISTRIBUTION OF DIGITAL CONTENT - Methods, apparatuses, and computer-readable media for distributing digital content. One embodiment comprises an apparatus comprising: a device (03-08-2012
20120159197SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.06-21-2012
20120159196INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - A content providing system includes: a server which provides to a host apparatus a first encrypted content including an encrypted area having applied thereto a replacement key; a host apparatus which receives the first encrypted content and replacement key application area information indicating the encrypted area having applied thereto the replacement key from the server; and a data storage device which receives the replacement key from the server and an individual key set in terms of content distribution processing from the server and performs key replacement processing for changing the replacement key application area of the first encrypted content to an encrypted area by the individual key to store a second encrypted content after the key replacement processing in a data recording area.06-21-2012
20120159195WRITING APPLICATION DATA TO A SECURE ELEMENT - Systems, methods, computer programs, and devices are disclosed herein for partitioning the namespace of a secure element in contactless smart card devices and for writing application data in the secure element using requests from a software application outside the secure element. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. A control software application resident in the same or a different secure element provides access types and access bits, for each access memory block of the secure element namespace, thereby portioning the namespace into different access types. Further, a software application outside the secure element manages the control software application by passing commands using a secure channel to the secure element, thereby enabling an end-user of the contactless smart card device or a remote computer to control the partitioning and use of software applications within the secure element.06-21-2012
20110107113DISTRIBUTED STORAGE NETWORK DATA REVISION CONTROL - Multiple revisions of an encoded data slice are generated, with each revision having the same slice name. Each of the data slices represents the same original data portion, but each is encoded so that no single data slice can be used to reconstruct the original data portion. Appropriate revision numbers are associated with each encoded data slice, and the encoded data slices and associated revision numbers are transmitted for storage in selected storage units of a distributed storage network. If write confirmations are received from at least a write threshold number of storage units, a commit command is transmitted so that the most recently written data slices will be available for access. After a commit command is issued, a current directory used to access the encoded data slices can be sliced, encoded, and stored in the same way as the data slices.05-05-2011
20110107112DISTRIBUTED STORAGE NETWORK AND METHOD FOR ENCRYPTING AND DECRYPTING DATA USING HASH FUNCTIONS - A distributed storage network received a data segment. The data segment is partitioned into two or more portions. A first portion hash is calculated from the first portion of data and used to encrypt the second portion of data. A hash of the encrypted second portion of data is then used to either encrypt the next portion of data (in this case, a third portion of data) or to circle back to the beginning and encrypt the first portion of the data if the second portion of data is the last in data segment. This iterative process continues until all portions of the data segment are encrypted in a sequence. In essence, the data portions of the segment are sequentially processed in some order to encrypt the various portions in that progressing order. A reverse order is used to derive the hash values and decrypt the encrypted data portions into decrypted original data to recreate the data segment.05-05-2011
20110099388METHOD AND COMPUTER SYSTEM FOR LONG-TERM ARCHIVING OF QUALIFIED SIGNED DATA - The current invention describes a method for long term archiving of qualifiedly signed data in accordance with the current invention, which comprises the steps of hashing the data, encrypting the data through a cryptography algorithm, hashing the encrypted data, signing the hashed data with an advanced time stamp, generating a hash tree over the whole data file or the subgroups thereof and signing the hash tree(s) with a qualified time stamp. Furthermore, a computer system for conducting the method is disclosed.04-28-2011
20090132833STORAGE DEVICE, TERMINAL DEVICE USING THE STORAGE DEVICE, AND METHOD THEREOF - A method of using a storage device in a terminal device connected to the storage device includes reading an identification key stored in the storage device, if the storage device is connected, recovering, based on the identification key, one or more characteristic parameters regarding at least one of the storage device and a file stored in the storage device, and authenticating the storage device using the one or more recovered characteristic parameters. If the authentication is successful, the file is decrypted using the identification key and used. As a result, increased security is provided for the file stored in the storage device.05-21-2009
20120317424Switching between unsecure system software and secure system software - Unsecure system software and secure system software on the same computer system is switched between. A computer system includes one or more processors, which may not have any built-in security features, memory, and firmware. The memory stores secure system software and unsecure system software. In response to receiving a user signal, the firmware switches from the unsecure system software running on the processors to the secure system software running on the processors (and back again). While the unsecure system software is running, the secure system software is protected from tampering by the unsecure system software.12-13-2012
20120166818SYSTEMS AND METHODS FOR SECURE MULTI-TENANT DATA STORAGE - Systems and methods are provided for transmitting data for secure storage. For each of two or more data sets, a plurality of shares are generated containing a distribution of data from an encrypted version of the data set. The shares are then stored in a shared memory device, wherein a data set may be reconstructed from a threshold number of the associated plurality of shares using an associated key. Also provided are systems and methods for providing access to secured data. A plurality of shares containing a distribution of data from an encrypted version of a data set are stored in a memory device. A client is provided with a virtual machine that indicates the plurality of shares, and the capability to reconstruct the data set from the plurality of shares using an associated key.06-28-2012
20120166817Secured Data Display Method, Data Storage Device and Encryption Chip Card - The present invention discloses secured data display method capable of non-intrusively and non-destructively displaying secured data in a secured data storage device of an encryption system. The secured data display method includes steps of receiving and storing a secured data transmitted via a first encryption mechanism according to a first communication protocol, and receiving an output data transmitted by a data access device of the encryption system according to a second communication protocol. The secured data and the output data comprise a same content.06-28-2012
20100083005Encryption device and encryption method - Even if failure, or the like, occurs during the encryption process, the encryption process is surely resumed. A flag changing unit changes an encryption flag of one disk to being encrypted after an encryption request is received and before the encryption of the data stored on the one disk is started. The flag changing unit changes the encryption flag of the one disk to having been encrypted and changes the encryption flag of the other disk to being encrypted before copying the encrypted data from the one disk to the other disk is started. The flag changing unit changes the encryption flag of the other disk to having been encrypted after copying to the other disk is completed.04-01-2010
20120216052EFFICIENT VOLUME ENCRYPTION - A computer system comprises a first region including a base image in the form of machine readable code stored on a non-volatile storage medium, a second region including a machine image in the form of machine readable code stored on a non-volatile storage medium, and a deduplicator. The second region machine image comprises a base part sufficiently similar to the base image for deduplication, and a part special to the second region machine image. The first region base image and the second region machine image are deduplicated by the deduplicator. The second region special part is encrypted by full disk encryption using a key not available to the first region. Methods of, and computer programs for, implementing such a system are described.08-23-2012
20100205461METHOD FOR GENERATING DATA FOR DETECTION OF TAMPERING, AND METHOD AND APPARATUS FOR DETECTION OF TAMPERING - In a target apparatus which stores at least one piece of domain key information in a first area and a plurality of pieces of content key information each associated with any one of the domain key information in a second area, a method for generating data for detecting tampering of the content key information. The method comprises the steps of encrypting the content key information associated with one of the domain key information using a chain encryption technique; extracting data at predetermined positions in the encrypted content key information, concatenating the pieces of data extracted at the predetermined positions in the encrypted content key information to obtain concatenated data, performing a hash calculation with respect to the concatenated data to obtain a hash value, storing check values corresponding to the data at the predetermined positions in plain text, in the target apparatus, and storing the hash value in the target apparatus.08-12-2010
20100205460ENCRYPTION METHOD FOR DIGITAL DATA MEMORY CARD AND ASSEMBLY FOR PERFORMING THE SAME - Embodiments of a portable data storage device and a method of protecting data stored in the portable data storage device are provided. In one embodiment, the portable data storage device includes a device identification unique to the portable data storage device, a rights object containing information indicative of access rights and a verification identification, a memory to store the device identification and the verification identification, and controller logic. The memory is partitioned into a plurality of areas of memory, including: a first area as a protection area to store an instruction code, a second area as a partition table area to store a partition table, and a third area as a file area to store data files. In response to a request from a client external to the portable data storage device, the controller logic compares the verification identification with the device identification to allow the client to access of the data files if the verification identification matches the device identification.08-12-2010
20110185192STORAGE SYSTEM, CONTROL METHOD THEREFOR, AND PROGRAM - It is made possible to correctly decrypt data in a storage area in a computer system (storage system) having various encryption execution sections (such as a storage device or encryption appliance having an encryption function). In the case where storage areas may be encrypted by the various encryption execution sections, there is a possibility that, when a storage area is copied or the configuration of the computer system is changed, the storage area cannot be correctly decrypted unless it is managed where the storage area has been encrypted or whether the storage area is not encrypted. To prevent this, a management computer manages the key and the encryption execution section for each storage area in the system. Furthermore, when copying a storage area or the like is performed, the management computer determines which storage area's state and key should be changed together with performing the copy operation is performed, and instructs the encryption execution section to change the state and key for the storage area if it is necessary to change it.07-28-2011
20090172419DATA STORAGE DEVICE, MANAGEMENT SERVER, INTEGRATED CIRCUIT, DATA UPDATE SYSTEM, HOME ELECTRIC APPARATUSES, DATA UPDATE METHOD, ENCRYPTION METHOD, AND ENCRYPTION/DECRYPTION KEY GENERATION METHOD - Provided is a data storage device capable of safely and effectively updating software of a home electric apparatus. In the home electric apparatus (07-02-2009
20100174920DATA PROCESSING APPARATUS - A data processing apparatus comprises an integrated circuit containing a data processor and a non-volatile store storing at least one security code. A first memory external to the integrated circuit stores data, the data being cryptographically protected in a first format. A second memory external to the integrated circuit is provided for storing data. The apparatus is arranged to transfer data from the first memory via the integrated circuit to the second memory to be accessed by the data processor from the second memory. The integrated circuit is arranged to validate during the transfer the data read from the first memory using a security code stored in the non-volatile store. If the data is validated, cryptographic protection is applied in a second format to the validated data using a security code stored in the non-volatile store. The protected data is stored in the second memory in the second format.07-08-2010
20120173887METHOD AND SYSTEM FOR PROVIDING DATA FIELD ENCRYPTION AND STORAGE - An approach is provided for securely storing and managing sensitive data. A system and method are provided that include a central device that receives an actual data value from a requestor, encrypts the actual data value, obtains a replacement value for the encrypted actual data value, obtains a secondary replacement value based on the encrypted actual data value, and transmits the replacement value to the requestor for storage by the requestor. The system and method also includes a storage device for storing the secondary replacement value in association with the encrypted actual data value at a secure location. The requestor can later use the replacement value to retrieve the actual data value from the central device.07-05-2012
20120173886ELECTRONIC DEVICE WITH A FILE AUTHORIZATION MANAGEMENT FUNCTION AND METHOD THEREOF - An electronic device for managing file authorization is provided. The electronic device stores encrypted files. Each encrypted file presets a predetermined password. When receiving an operation signal of one of the encrypted file, the electronic device determines whether the operation signal matches the predetermined password of the selected file. The electronic device processes the file in response to the operation signal if the input matches the predetermined password of the selected file, and does not respond to the operation of the selected file if the input does not match the predetermined password of the selected file.07-05-2012
20120173885KEY MANAGEMENT USING TRUSTED PLATFORM MODULES - Described herein are techniques for distributed key management (DKM) in cooperation with Trusted Platform Modules (TPMs). The use of TPMs strengthens the storage and processing security surrounding management of distributed keys. DKM-managed secret keys are not persistently stored in clear form. In effect, the TPMs of participating DKM nodes provide security for DKM keys, and a DKM key, once decrypted with a TPM, is available to be used from memory for ordinary cryptographic operations to encrypt and decrypt user data. TPM public keys can be used to determine the set of trusted nodes to which TPM-encrypted secret keys can be distributed.07-05-2012
20100049993SYSTEMS AND METHODS FOR LOCKING AND EXPORTING THE LOCKING OF A REMOVABLE MEMORY DEVICE - A device and method is provided for commonly and securely allowing, as access control on a memory card, a plurality of information processing apparatuses to lock/unlock the memory. On the basis of a lock command input from an information processing apparatus serving as a host, such as a PC, an information storage device, such as a memory card, determines whether (a) a standard lock key set serving as a key set prohibiting output or (b) an export lock key set serving as a key set permitting output is detected and stores corresponding key set information. Only when the export lock key set is detected, output is permitted provided that predetermined verification succeeds.02-25-2010
20100049992APPLICATION EXECUTING DEVICE, MANAGING METHOD, AND PROGRAM - A BD-ROM stores a disc root certificate 02-25-2010
20100049991SAFE SELF-DESTRUCTION OF DATA - A method for securing data includes encrypting the data and storing a key (02-25-2010
20120179920SECURING CRYPTOGRAPHIC PROCESS KEYS USING INTERNAL STRUCTURES - In the field of cryptography, such as for a computer enabled block cipher, a cipher or other cryptographic process is hardened against an attack by protecting the cipher key or subkeys by using a masking process for these keys. The subkeys are thereby protected by applying to them a mask or set of masks to hide their contents. This is especially advantageous in a “White Box” computing environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during execution. Further, this method and the associated apparatus are useful where the key is derived through a process and so is unknown when the software code embodying the cipher is compiled. This is typically the case where there are many users of the cipher and each has his own key or where each user session has its own key.07-12-2012
20100031060SECURITY FOR RAID SYSTEMS - Methods and apparatus for accessing a redundant array of independent drives (RAID) storage device are disclosed. In some embodiments file data is broken into multiple segments. A cryptographic operation is performed on one or more segments to generate encrypted segment(s). One or more parity syndrome is computed from the encrypted segment(s) and the unencrypted segment(s). The encrypted segment(s), the unencrypted segment(s) and the parity syndrome(s) are striped onto different individual drives. Since the cryptographic operation is not performed on all the segments, it may also be performed concurrently with computing of parity syndrome(s) from other unencrypted segments.02-04-2010
20100023782CRYPTOGRAPHIC KEY-TO-POLICY ASSOCIATION AND ENFORCEMENT FOR SECURE KEY-MANAGEMENT AND POLICY EXECUTION - Key-to-policy association and hardware-based policy enforcement for file/folder encryption (FFE) and/or full-disk encryption (FDE) are provided. A CPU independent microprocessor (CIM) is coupled to a platform and provides a secure storage service, secure non-volatile storage, secure policy enforcement engine, and system interface for communication with platform components independent of the CPU. The CIM stores a key and its associated policies by generating a hardware-derived key to wrap the key prior to securely storing it in non-volatile storage on the CIM. Upon receiving a request for key-access by an application, policy status and credentials are verified before the key is returned.01-28-2010
20120254630METHOD, HOST, STORAGE, AND MACHINE-READABLE STORAGE MEDIUM FOR PROTECTING CONTENT - Methods and apparatus are provided for protecting content of a storage. First authentication information regarding a first module is acquired. The first module is one of a plurality of modules included in the storage. The first module is authenticated based on first Unique Individual Information (UII) of the first module and the first authentication information. Second authentication information regarding a second module is acquired. The second module is another of the plurality of modules included in the storage. The second module is authenticated based on second UII of the second module and the second authentication information. Access to content stored in the storage is permitted when at least the first module and the second module are successfully authenticated.10-04-2012
20120254629Read and Write Optimization for Protected Area of Memory - A system (and method) to update content of a secure area of a secure digital (SD) card is disclosed. The system performs a first authenticated key exchange to access the secure area of the secure digital memory. The system reads content from the secure area in response to successful performance of the first authenticated key exchange. The system modifies the content in a memory of a computer system. The system performs a second authenticated key exchange to access the secure area of the secure digital card in preparation to write to the secure area of the secure digital memory. The system then writes modified content to the secure area of the secure digital memory in response to successful performance of the second authenticated key exchange.10-04-2012
20100287385SECURING DATA CACHES THROUGH ENCRYPTION - Encryption techniques for securing data in a data cache are generally disclosed. Example methods may include one or more of reading the cache to identify data, determining whether the data is encrypted to identify previously unencrypted data and/or previously encrypted data, and encrypting selectively at least a portion of the previously unencrypted data. The present disclosure also generally relates to a computer system data processor configured to read a cache to identify data, determine whether the read data is encrypted, and encrypt selectively at least a portion of the previously unencrypted data. The present disclosure also generally relates to computer accessible mediums containing computer-executable instructions for data encryption upon execution of the instructions by a data processor. The instructions may configure the data processor to perform procedures that read the cache to identify data, determine whether the data is encrypted, and selectively encrypt data determined as unencrypted.11-11-2010
20120185701DOCUMENT SECURITY SYSTEM AND METHOD - A method and system for document security are described. The method decrypts a key-map file located a composite document with embedded access control, decrypts a content part from the composite document with embedded access control, wherein the key-map file provides a key to access the content part, loads the content part in decrypted form into a document serialization maintained in a transient memory where the content part in decrypted form is maintained exclusively in the transient memory, and erases the content part in decrypted form upon termination of a program to access the decrypted content part from the document serialization.07-19-2012
20120185702STORAGE CONTROL APPARATUS TO WHICH THIN PROVISIONING IS APPLIED - A storage control apparatus stores a device attribute that indicates whether a physical storage device that is made to be a basis of a pool of a creation target is an encryption device (a physical storage device that is provided with an encryption function) or an unencryption device (a physical storage device that is not provided with an encryption function) as a pool attribute for the pool. In the case in which a pool attribute that has been stored for a pool with which a virtual volume that is a virtual logical volume of a creation target is associated indicates both of an encryption and an unencryption, the storage control apparatus associates the virtual volume of a creation target with a physical storage device that conforms to an attribute that has been specified as a volume attribute of the virtual volume of a creation target among an encryption device and an unencryption device that are a basis of a pool of the associated destination. The storage control apparatus stores a volume attribute of the virtual volume of a creation target.07-19-2012
20120221865METHOD AND APPARATUS FOR PROTECTING CACHED STREAMS - A system and method for protecting cached streamed data is disclosed. The method may include the steps of generating an encryption key from the streamed data itself, encrypting the streamed data stored in the storage device and requesting the portion of the streamed data from the content server again when later playback is desired so as to allow the content server to enforce access limitations or takedown policies relating to the streamed data. The method may also include procedures for handling key generation over reliable or unreliable protocols.08-30-2012
20120221866SYSTEM AND METHOD FOR SECURELY STORING FIRMWARE - A mechanism for creating secure storage for firmware for a computing device. A designated secure storage area holding firmware that is executable prior to a loading of an operating system for the computing device is created during a build of a ROM image. The creating marks one or more files as requiring encrypted storage and the one or marked files are combined during the build into the designated secure storage area. The designated secure storage area is located outside the ROM image and includes, during the build of the ROM image, a reference to the designated secure storage area in a build of firmware placed in the ROM image. The reference includes a flag indicating a current encrypted status of the designated secure storage area.08-30-2012
20120221867SECURE CACHING TECHNIQUE FOR SHARED DISTRIBUTED CACHES - The present invention relates to a secure caching technique for shared distributed caches. A method in accordance with an embodiment of the present invention includes: encrypting a key K to provide a secure key, the key K corresponding to a value to be stored in a cache; and storing the value in the cache using the secure key.08-30-2012
20120084574INFORMATION STORAGE APPARATUS, INFORMATION STORAGE METHOD, AND ELECTRONIC DEVICE - According to one embodiment, there is provided an information storage apparatus, including: a plurality of nonvolatile memories configured to store encryption information so that the stored encryption information are read out therefrom; a plurality of encryption processing modules provided correspondingly with the respective memories, and configured to encrypt the information to be stored in the memories and to decrypt the encryption information read out from the memories; and a storage processing module configured to collectively store a plurality of key information that are utilized when the encryption processing modules encrypt the information to be stored or decrypt the encryption information read out.04-05-2012
20120084573SECURITY PROTECTION FOR MEMORY CONTENT OF PROCESSOR MAIN MEMORY - Subject matter disclosed herein relates to memory devices and security of same.04-05-2012
20120226916PROTECTED HEALTH CARE DATA MARKETING SYSTEM AND METHOD - Personally-identifying, protected health information (“PHI”) is stored in encrypted form in protected data records, and hash values derived from the PHI are stored in associated search records. A healthcare marketer may identify market segments of individuals by querying the search records using hashed query predicates, identifying protected data records based on the search record results, and providing anonymized data-record results to the healthcare marketer. Once a market segment has been anonymously identified, the marketer may cause personalized marketing messages to be generated for individuals in the market-segment without the marketer having been exposed to PHI associated with those individuals.09-06-2012
20120226915Content Playback APIS Using Encrypted Streams - One embodiment of the present invention sets forth a technique for decrypting digital content in a secure environment. The technique includes the steps of receiving a digital rights management (DRM) license associated with a first frame of encrypted data from a DRM server, where the DRM license includes a decryption key for decrypting the first frame of encrypted data, transmitting the DRM license to a secure content playback pipeline for storage, and transmitting the first frame of encrypted data to the secure content playback pipeline for decryption, where, in response to receiving the first frame of encrypted data, a trusted processing entity within the secure content playback pipeline decrypts the first frame of encrypted data based on the decryption key included in the DRM license to generate a first set of decrypted data and store the first set of decrypted data in a secure memory space.09-06-2012
20090037748METHOD AND APPARATUS FOR FORBIDDING USE OF DIGITAL CONTENT AGAINST COPY CONTROL INFORMATION - Provided is a method of preventing digital content from being used despite the presence of copy control information. In the method, a security apparatus capable of restricting use of contents generates a nonce with respect to a storage device and stores the nonce in the storage device and a memory separated from the storage device when content is stored in the storage device; updates the nonces stored in the memory and storage device when movement of the content occurs; and permits use of the content only when the nonce of the storage device, which is stored in the memory, is equal to the nonce stored in the storage device if the content is requested for use, thereby preventing a disk cloning attack.02-05-2009
20090019293AUTOMATIC DATA REVOCATION TO FACILITATE SECURITY FOR A PORTABLE COMPUTING DEVICE - Some embodiments of the present invention provide a system that automatically revokes data on a portable computing device. During operation, the system uses a key K01-15-2009
20090019292Secure management of information - Methods and system are devised to provide security with regard to position data recorded by an electronic pen. The position data originates from a specific area of a position-coding pattern and is destined for a specific Application Service Handler, ASH, which is allocated the specific area of the pattern. The pen stores one or more Pen Application Licenses, PALs, which each includes license data in association with an encryption key, the license data identifying an area of the pattern. The encryption key of a given PAL corresponds to an encryption key of a given ASH. Thus, the PALs enable the pen to encrypt recorded position data, originating from the specific area of the pattern, with the encryption key that is related to the encryption key of the receiving ASH. The license data may further define a group of pens and a validity period, allowing a party generating a PAL to control its use. Generating a PAL may in turn need prior authorization, given by PAL validation data derived from an authorizer. The PAL validation data, which is to be included in the PAL, may set boundaries for the license data that can be included in a PAL, and may also be digitally signed by the authorizer. The pen may be prohibited to install the PAL unless its license data can be properly validated against the PAL validation data.01-15-2009
20080301468Cryptographic Secure Program Overlays - A method, computer program product, and data processing system for executing larger-than-physical-memory applications while protecting sensitive program code (and also data) from unauthorized access in a memory space not subject to protection fault or page fault detection are disclosed. Large applications are accommodated by providing a mechanism for secure program overlays, in which a single large application is broken into two or more smaller applications (overlays) that can be executed from the same memory space by overwriting one of the smaller applications with another of the smaller applications when the latter needs to be executed. So that the data may be shared among these smaller applications, each of the applications contains embedded cryptographic keys, which may be used to encrypt or decrypt information to be stored persistently while control is transferred from one application to the other.12-04-2008
20080301472METHOD OF ENCRYPTING AND STORING DIGITAL CONTENT USING FIRMWARE REGIONAL CODE AND APPARATUS THEREFOR - A method of processing digital content performed by an apparatus for storing digital content. In the method, a hardware regional code extracted from a memory of a content storage device is compared with a firmware regional code extracted from firmware, and the digital content is selectively encrypted and stored according to a corresponding regional code only when the hardware regional code matches the firmware regional code.12-04-2008
20080301471Systems and methods in electronic evidence management for creating and maintaining a chain of custody - Systems and methods are provided for electronic evidence management for creating and maintaining a chain of custody. The exemplary systems and methods comprise storing captured electronic evidence in a repository, and recording one or more interactions with the stored electronic evidence in one or more chain of custody logs, wherein at least one chain of custody logs is encrypted and at least one chain of custody logs is unencrypted. The exemplary systems and methods further comprise monitoring the one or more chain of custody logs for unauthorized alterations to the recorded interactions with the stored electronic evidence.12-04-2008
20080301470TECHNIQUES FOR SECURING CONTENT IN AN UNTRUSTED ENVIRONMENT - Techniques for securing content in an untrusted environment are provided. Content is encrypted and stored with a content delivery service in an encrypted format. Encrypted versions of a content encryption/decryption key and a first key are also housed and distributed by the content delivery service. The first key is used to decrypt the encrypted version of the content encryption/decryption key. The content delivery service is unaware of the content encryption/decryption key and the first key; and the content held by the content delivery service is encrypted with the content encryption/decryption key. Principals securely share, create, manage, and retrieve the encrypted versions of the content encryption/decryption key and the first key from the content delivery service using secure communications. The encrypted content is obtainable via insecure communications from the content delivery service.12-04-2008
20080301469Cryptographically-enabled Privileged Mode Execution - A method, computer program product, and data processing system are disclosed for protecting sensitive program code (and also data) from unauthorized access in a memory space not subject to protection fault detection. In a preferred embodiment, secure initialization hardware loads the sensitive code from a storage location accessible only to the secure initialization hardware itself and decrypts the sensitive code into a portion of the processor-accessible memory space, from which the code is executed. Once execution of the sensitive code has completed, all or at least a portion of the code is deleted before passing control to application software. If the application software needs to cause the sensitive code to be executed, the secure initialization hardware is activated to reload/decrypt a fresh copy of the sensitive code into the memory space and cause the code to be executed. Before control is returned to the application software, the sensitive code is again deleted to prevent unauthorized access.12-04-2008
20120239944Selective Encryption of Data Stored on Removable Media in an Automated Data Storage Library - In an automated data storage library, selective encryption for data stored or to be stored on removable media is provided. One or more encryption policies are established, each policy including a level of encryption, one or more encryption keys and the identity of one or more data cartridges. The encryption policies are stored in a policy table and the encryption keys are stored in a secure key server. A host requests access to a specified data cartridge and the cartridge is transported from a storage shelf in the library to a storage drive. Based on the identity of the specified cartridge, the corresponding encryption policy is selected from the table and the appropriate encryption key is obtained from the key server. The storage drive encrypts data in accordance with the key and stores the data on the media within the specified data cartridge.09-20-2012
20120239943STORAGE SYSTEM, STORAGE CONTROL APPARATUS, AND STORAGE CONTROL METHOD - In a storage system, a storage apparatus has an encryption key generator and an encryption processor that encrypts data to be recorded in a storage region using an encryption key from the encryption key generator, and is able to change an encryption key for each divided region set in the storage region. A control apparatus has a logical volume setting unit that requests the encryption processor to set an individual divided region for each storage region set as a logical volume in the storage region of the storage apparatus and a data erasure processor that requests the encryption processor to change the encryption key used for encryption in the divided region corresponding to the logical volume to be erased.09-20-2012
20120324244KIOSK DISTRIBUTION OF LICENSED CONTENT TO PORTABLE DEVICE WITHIN DVD AVAILABILITY WINDOW - A system and method are disclosed for kiosk distribution of licensed content to one or more portable devices. The system stores and distributes licensed content in such a manner as to be compatible with the DVD window such that MFN contract provisions are not triggered during the window. Therefore consumers can use the system to purchase additional content or watch content that has been previously purchased without any blackout period as experienced using other content distribution methods such as Internet video streaming or other types of digital download services.12-20-2012
20100250968DEVICE FOR DATA SECURITY USING USER SELECTABLE ONE-TIME PAD - Devices for securing data and method of managing a one-time pad stored in nonvolatile memory of a device. In one embodiment, the device for securing data includes: (1) a nonvolatile memory, (2) a nonvolatile memory controller coupled to the nonvolatile memory and configured to cooperate with the nonvolatile memory to make a key available when a password provided to the device is valid and (3) a self-destruct circuit coupled to the nonvolatile memory and configured to corrupt at least part of the nonvolatile memory when the password is invalid.09-30-2010
20110276809Method of Storing Data in a Memory Device and a Processing Device for Processing Such Data - In a method of storing data in a memory device, which data comprise content to be processed in a processing device in which the memory device is installed, the method comprises the steps of writing encrypted content (Enc_K11-10-2011
20120102337STORAGE MEDIUM HAVING AN ENCRYPTING DEVICE - A storage medium having an encrypting device, including an electronic memory area, a read-in device, a read-out device, a key memory, in which a secret key is or can be stored, an encrypting device, and a decrypting device. The read-in device is designed to encrypt any data input at the interface for storage in the memory area using the key stored in the key memory and to store said encrypted data in the memory area. The read-out device has a direct read-out channel, by means of which stored encrypted data can be output to the interface in encrypted form by circumventing the decrypting device, and a decrypting read-out channel, by means of which stored encrypted data in the memory area can be decrypted by means of the decrypting device using the key stored in the key memory or a decryption key stored in the key memory and corresponding to the key and can be output to the interface in decrypted form.04-26-2012
20100229003METHOD, SYSTEM AND COMPUTER PROGRAM FOR SECURELY STORING DATA - A method of securely storing data comprising the steps of: 09-09-2010
20100174921DEVICE SIDE HOST INTEGRITY VALIDATION - Described is a technology by which a transient storage device or secure execution environment-based (e.g., including an embedded processor) device validates a host computer system. The device compares hashes of host system data against valid hashes maintained in protected storage of the device. The host data may be a file, data block, and/or memory contents. The device takes action when the host system data does not match the information in protected storage, such as to log information about the mismatch and/or provide an indication of validation failure, e.g., via an LED and/or display screen output. Further, the comparison may be part of a boot process validation, and the action may prevent the boot process from continuing, or replace an invalid file. Alternatively, the validation may take place at anytime.07-08-2010
20100169669Method and apparatus for enforcing use of danbury key management services for software applied full volume encryption - A method, system, and computer-readable storage medium containing instructions for controlling access to data stored on a plurality of storage devices associated with a first platform. The method includes authenticating a user to access the first platform, wherein the first platform includes first and second storage devices, chipset encryption hardware, and a memory. Data stored on the storage devices are encrypted, with first data on the first storage device being encrypted by the chipset encryption hardware and second data stored on the second storage device being encrypted by another encryption mechanism. The data are decrypted and the user is allowed to access the first data and the second data.07-01-2010
20100169667Protecting content on client platforms - A method, computer system, and computer-readable medium with instructions to provide a client security management layer and a content player that ensure that the content is protected from malware on the receiving computer system. The client security management layer controls access to a protected portion of a memory of a computer system on behalf of a component, such as the content player, running on the processor of the computer system. The client security management layer receives an encrypted content key from the component, confirms the integrity of the component, decrypts the encrypted content key to provide a decrypted content key, and places the decrypted content key in the protected portion of the memory in response to confirming the integrity of the component. Other embodiments are described and claimed.07-01-2010
20130019110APPARATUS AND METHOD FOR PREVENTING COPYING OF TERMINAL UNIQUE INFORMATION IN PORTABLE TERMINALAANM LEE; Ji-HyunAACI Yongin-siAACO KRAAGP LEE; Ji-Hyun Yongin-si KRAANM JUNG; Hyung-ChulAACI Suwon-siAACO KRAAGP JUNG; Hyung-Chul Suwon-si KRAANM RIM; Heung-SoonAACI Yongin-siAACO KRAAGP RIM; Heung-Soon Yongin-si KRAANM CHO; Sung-KyuAACI Suwon-siAACO KRAAGP CHO; Sung-Kyu Suwon-si KR - An apparatus and a method for preventing copying of terminal unique information in a portable terminal are provided. The method includes storing a root public key for certifying the terminal unique information and a first model class ID of the portable terminal in an One-Time Programmable (OTP) region, encrypting the terminal unique information and certification information of the terminal unique information for certifying the terminal unique information with a terminal unique value and storing the encrypted terminal unique information and the encrypted certification information thereof, obtaining the certification information based on the root public key if certification with respect to the terminal unique information is requested, and certifying the terminal unique information based on the certification information.01-17-2013
20130019109METHOD AND APPARATUS FOR USING NON-VOLATILE STORAGE DEVICEAANM KANG; Bo-GyeongAACI Suwon-siAACO KRAAGP KANG; Bo-Gyeong Suwon-si KRAANM Kwon; Moon-SangAACI SeoulAACO KRAAGP Kwon; Moon-Sang Seoul KRAANM Lee; Byung-RaeAACI SeoulAACO KRAAGP Lee; Byung-Rae Seoul KRAANM Lee; Jae-BumAACI Yongin-siAACO KRAAGP Lee; Jae-Bum Yongin-si KR - A method and apparatus for using a non-volatile storage device includes reading device identification information from the non-volatile storage device, application identification information corresponding to a content application related to a type of content to be protected or utilized among a plurality of content applications is acquired, usage identification information is generated using the device identification information and the application identification information, and protecting or utilizing content using the usage identification information.01-17-2013
20130019111SECURE DATA RECORDERAANM Martin; ThomasAACI SharjahAACO AEAAGP Martin; Thomas Sharjah AE - A method and apparatus for securely encrypting data is disclosed. Conventional protections against the loss or theft of sensitive data such as full disk encryption are not effective if the device is, or has recently been, running when captured or found because the keys used for full disk encryption will still be in memory and can be used to decrypt the data stored on the disk. Some devices, such as devices which gather sensitive data in use, must run in environments in which they might be captured by a person seeking access to the sensitive data already recorded by the device. An encryption method is proposed in which files on a recorder's persistent memory are initialised with pseudo-random masking data whilst the recorder is in a relatively secure environment. One or more parameters which can be used to re-create the pseudo-random masking data are encrypted with a public key using a public-key encryption algorithm and stored on the recorder. The device's memory is then purged to remove the one or more parameters. Later, when miming in a relatively insecure environment, the sensitive data is encrypted (01-17-2013
20110161679TIME BASED DISPERSED STORAGE ACCESS - A method begins with a processing module receiving a data retrieval request and obtaining a real-time indicator corresponding to when the data retrieval request was received. The method continues with the processing module determining a time-based data access policy based on the data retrieval request and the real-time indicator and accessing a plurality of dispersed storage (DS) units in accordance with the time-based data access policy to retrieve encoded data slices. The method continues with the processing module decoding the threshold number of encoded data slices in accordance with an error coding dispersal storage function when a threshold number of the encoded data slices have been retrieved.06-30-2011
20130173931Host Device and Method for Partitioning Attributes in a Storage Device - A host device and method for partitioning attributes in a storage device are provided. In one embodiment, a host device is provided that is in communication with a storage device storing a table associating logical address ranges with an encryption key and read/write permissions. The host device sends a request to the storage device to add a column to the table and then sends a request to the storage device to add an attribute to a cell of the added column to the table associated with a particular logical address range. The table and commands can be those compatible with the Trusted Computing Group's (TCG's) Opal standard.07-04-2013
20080244276Method and Device for Creating a Group Signature and Related Method and Device for Verifying a Group Signature - A method for creating a group signature of a message to be implemented by a member of a group in a system, the system including a trust authority, the group including at least the member provided with a secure portable electronic entity including storage elements and computing elements wherein are implanted a cryptographic algorithm. The method includes the following steps: generating via the computing elements a signature of the message using a private key common to the members of the group and integrating a data identifying the group member and a temporal data representing a temporal information of the member's membership to the group and of the date of the signature of the message, the private key common to the members of the group, the identifying data and the temporal data being stored in the storage elements.10-02-2008
20080235522CONTENT PLAYBACK METHOD AND RECORDING AND PLAYBACK DEVICE - Where a follow-up playback is realized for content data that is recorded by changing an encryption key at predetermined intervals for copyright protection, fast feed and playback operations are provided that can get close to a video scene of a present point of time. There are two areas on the memory in which to manage key information. The key information and seed information being written into a hard disk drive are held in memory in order to allow access to the key information and seed information even as they are written.09-25-2008
20080229118Storage apparatus - Provided is a storage apparatus capable of encrypting data without affecting the business performance. This storage apparatus includes a cache memory, a first controller for controlling the writing of data in the cache memory pursuant to the write command, a second controller for controlling the writing of the data written in the cache into the storage devices, and an encryption engine for encrypting data pursuant to the write command. When the second controller reads the data from the cache memory and writes the data in said storage devices, the encryption engine encrypts the data, and the second controller writes the encrypted data in said storage devices.09-18-2008
20130173930ADDING OR REPLACING DISKS WITH RE-KEY PROCESSING - In a network of multiple storage devices, a storage device may become faulty and need to be replaced or additional capacity may need to be added through additional storage devices. When the storage devices communicate through a secure communications link using an encryption key for cryptographically splitting data, replacement or new storage devices may be re-keyed using an encryption key from an existing or prior storage device on the secure data network. After the storage device is re-keyed, the new or replacement storage device may continue to function on the secure data network without requiring changes to clients accessing the secure data network.07-04-2013
20110246790SECURED REMOVABLE STORAGE DEVICE - This present disclosure combines a data storage drive, such as flash-based USB drive or a SSD drive with redundant, multiple levels of security protection. In an embodiment, the security protection includes password protection, fingerprint recognition, and real-time data encryption. The biometric sensors may be integrated into the storage device without substantially adding weight and size. Further, the secured device may have a built-in internal power source to self-sustain the protection without having to connect to a host device or an external power source. Thus, it is possible to remotely track the location of the secured device and disable or enable the security protection or manage the security setups.10-06-2011
20080222429DATA MANAGEMENT SYSTEM - A data management system and method are provided. Specifically, the present invention includes a system for controlling access to data and ensuring that the confidentiality of the data maintained. In addition, the present invention provides a system for updating data so that confidential data, which has become non-confidential, can be identified and exposed.09-11-2008
20080222428Method for Securing Authenticity of Data in a Digital Processing System - The invention describes a method and a corresponding digital processing system for ensuring that data is unmodified while reducing the amount of one-time programmable memory in the system. The data is stored in modifiable memory and an authentication value of the data is stored in unmodifiable memory. Before the data is used according to its purpose the digital processing system authenticates that the data is unmodified, for example by using a cryptographic hash algorithm.09-11-2008
20080215895Electronic book secure communication with home subsystem - The invention, an electronic book selection and delivery system, is a new way to distribute books and other textual information to bookstores, libraries and consumers. The primary components of the system are a subsystem for placing text in a video signal format and a subsystem for receiving and selecting text that is placed in the video signal format. The system configuration for consumer use contains additional components and optional features that enhance the system, namely: (1) an operation center, (2) a video distribution system, (3) a home subsystem, including reception, selection, viewing, transacting and transmission capabilities, and (4) a billing and collection system. The operation center and/or video distribution points perform the functions of manipulation of text data, security and coding of text, cataloging of books, messaging center, and uplink functions. The home subsystem performs the functions of connecting to a video distribution system, menu selecting text, storing text, and transacting through phone or cable communicating mechanisms. A portable book-shaped viewing device is used for viewing the textual material delivered. The billing and collection system performs the transaction, management, authorization, collection and publisher payments automatically utilizing the telephone system.09-04-2008
20130124876DATA ENCRYPTION AND/OR DECRYPTION BY INTEGRATED CIRCUIT - In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, in at least in part, stored in and/or retrieved from, respectively, at least one region of the at least one storage device. The at least one region and a second key may be associated with at least one access privilege authorized, at least in part, by an administrator. The second key may be stored, at least in part, externally to the at least one storage device. The first key may be obtainable, at least in part, based, at least in part, upon at least one operation involving the second key. Of course, many alternatives, modifications, and variations are possible without departing from this embodiment.05-16-2013
20130124877COMMUNICATION METHOD, COMMUNICATION EQUIPMENT, AND STORAGE EQUIPMENT - A communication equipment, method and storage device cooperate to assist in connecting a storage device between different devices. The equipment includes an interface configured to be electrically connected to information terminal equipment. It also includes a communication mechanism that performs communication with storage equipment that has a region assigned to the communication equipment. It further includes a controller that transmits device class information indicating that the communication equipment is of a mass storage class to information terminal equipment in response to the communication equipment being connected to the information terminal equipment via the interface. The controller transfers an accepted inquiry command relating to a memory region to the storage equipment, and the controller receives memory region information relating to the assigned region from the storage equipment by the communication mechanism and transfers the received memory region information to the information terminal equipment.05-16-2013
20120278635Cascaded Data Encryption Dependent on Attributes of Physical Memory - Apparatus and method for providing data security through cascaded encryption. In accordance with various embodiments, input data are encrypted in relation to a first auxiliary data value to provide first level ciphertext. The first level ciphertext are encrypted using a second auxiliary data value associated with a selected physical location in a memory to produce second level ciphertext, which are thereafter stored to the selected physical location. In some embodiments, migration of the stored data to a new target location comprises partial decryption and re-encryption of the data using a third auxiliary data value associated with a new target physical location to produce third level ciphertext, and the storage of the third level ciphertext to the new target physical location.11-01-2012
20130132738Externally Powered System Access - A method, programmed medium and system are provided for an enhanced interface connection for a primary electronic device such that system storage devices (e.g. hard drives, solid state drives, flash drives, etc.) within the primary device may be made available to other nearby devices in the event of a power supply failure or battery failure or to preserve-battery power in the primary system whereby the data on a storage device within a primary system becomes accessible by external devices, without necessitating the removal of the storage medium or full powering-up of the primary system.05-23-2013
20130151866METHOD AND SYSTEM FOR SECURE DATA STORAGE - A method and system for secure data storage and retrieval is provided. A sequence of data units is divided into multiple subsets of data units corresponding to multiple data channels. The multiple data channels are assigned to multiple data writers based on a key code. Then, each subset of data units is transferred to a writer via an assigned channel for writing to storage media. Thereafter, to securely retrieve the stored data, each subset of data units is read from the storage media using a data reader. The original sequence of data units can only be reassembled using the key code for properly reassembling the subsets of data units into their original sequence.06-13-2013
20120284536Method and System for Mixed Symmetric and Asymmetric Decryption of .ZIP Files - The present invention provides a method of integrating existing strong encryption methods into the processing of a .ZIP file to provide a highly secure data container which provides flexibility in the use of symmetric and asymmetric encryption technology. The present invention adapts the well established .ZIP file format to support higher levels of security and multiple methods of data encryption and key management, thereby producing a highly secure and flexible digital container for electronically storing and transferring confidential data.11-08-2012
20120284535INFORMATION PROCESSING APPARATUS CAPABLE OF REDUCING LABOR FOR DATA MANAGEMENT OPERATION, AND DATA MANAGEMENT METHOD AND STORAGE MEDIUM THEREFOR - An information processing apparatus capable of reducing user's labor required for a data management operation by enabling the user to leave the data management operation to a serviceman without lowering the security of user data. User data and serviceman data both stored in a data storage unit are encrypted by an encryption unit with an encryption key generated based on information set in advance in the information processing apparatus and with an encryption key generated based on information input by a serviceman, respectively. These encrypted data are output from an export unit to an auxiliary storage unit.11-08-2012
20120284534Memory Device and Method for Accessing the Same - A method is provided for accessing a memory device that stores a master key and at least one encrypted data file and that includes a data-key storage portion being encrypted using the master key and having at least one data key. In the method, a control unit is configured to receive a personal identification number (PIN), to determine whether the received PIN is authentic, to obtain the master key from the memory device upon determining that the PIN is authentic, to decrypt the encrypted data-key storage portion using the master key to obtain the at least one data key, and to decrypt the at least one encrypted data file using the data key to obtain a data file.11-08-2012
20130159733MEMORY DEVICE WHICH PROTECTS SECURE DATA, METHOD OF OPERATING THE MEMORY DEVICE, AND METHOD OF GENERATING AUTHENTICATION INFORMATION - In one embodiment, the memory device includes a first memory area and a second memory area. The first memory area stores secure data. The first memory area is inaccessible by an external device. The second memory area is configured to store encrypted secure data. The second memory area is accessible by the external device, and the encrypted secure data is an encrypted version of the secure data in the first memory area.06-20-2013
20130159732PASSWORD-LESS SECURITY AND PROTECTION OF ONLINE DIGITAL ASSETS - Digital assets stored on an asset server by an asset owner are protected without a password. Instead, the digital assets are functionally handicapped by removing at least a portion of digital data (or a key) associated with the digital asset and discarding the key after being sent to an enabling device. The portion of digital data (or a key) is then handicapped by the enabling device by a cryptographic key which is formed from a human gesture and subsequently discarded. When access to the digital asset is requested, an asset owner is notified by the enabling device for approval. A human gesture from the asset owner first provides a key to reconstitute the digital data portion which is transmitted to the asset server to reconstitute the digital asset upon which the access is granted and logged.06-20-2013
20110314304MASS STORAGE DEVICE MEMORY ENCRYPTION METHODS, SYSTEMS, AND APPARATUS - Mass storage devices and methods for securely storing data are disclosed. The mass storage device includes a communication interface for communicating with a connected host computer, a mass-memory storage component for storing data, a secure key storage component adapted to securely store at least one master secret, and an encryption-decryption component different from the secure key storage component and connected to the secure key storage component and the mass-memory storage component. The encryption-decryption component may be adapted to encrypt data received from the host computer using an encryption algorithm and at least one encryption key and to write the encrypted data into the mass-memory storage component. The encryption-decryption component may also be adapted to decrypt encrypted data stored in the mass-memory storage component for returning the data to the host computer in response to a read data command from the host computer using a decryption algorithm and at least one decryption key the security of which is protected using a master secret securely stored in the secure key storage component.12-22-2011
20130191651MEMORY ADDRESS TRANSLATION-BASED DATA ENCRYPTION WITH INTEGRATED ENCRYPTION ENGINE - A method and circuit arrangement utilize an integrated encryption engine within a processing core of a multi-core processor to perform encryption operations, i.e., encryption and decryption of secure data, in connection with memory access requests that access such data. The integrated encryption engine is utilized in combination with a memory address translation data structure such as an Effective To Real Translation (ERAT) or Translation Lookaside Buffer (TLB) that is augmented with encryption-related page attributes to indicate whether pages of memory identified in the data structure are encrypted such that secure data associated with a memory access request in the processing core may be selectively streamed to the integrated encryption engine based upon the encryption-related page attribute for the memory page associated with the memory access request.07-25-2013
20120036373Method system and device for secure firmware programming - The present invention provides a secure firmware programming technique wherein a corrupted version of the binary image code to be programmed in microcontroller devices is loaded into a modified programmer device which is adapted to receive the corrupted binary image code, transfer code sections of the corrupted binary image code to the memory of the programmed microcontroller, restore corrupted code sections of the corrupted binary image code and transfer them to the programmed microcontroller in order to restore the binary image code stored therein into its original executable state.02-09-2012
20120066518CANISTER-BASED STORAGE SYSTEM SECURITY - Security is provided for a data set stored in a data storage canister. The data set has a data size when received for storage within the canister. At least one data security operation is performed on the received data set to generate secure data having a secure data size that may be different than the set data size. The secure data is stored on at least one data storage device within the canister. Any information about the secure data size is kept from the data producer sending the data set for storage.03-15-2012
20120066517DISPERSED SECURE DATA STORAGE AND RETRIEVAL - A computer-implemented method that includes secure storage and retrieval of data is described herein.03-15-2012
20120096284CONTENT DATA REPRODUCTION SYSTEM AND RECORDING DEVICE - To exclude any unauthorized device from a system and thereby prevent illegal use of content data, a memory card 04-19-2012

Patent applications in class By stored data protection