Entries |
Document | Title | Date |
20080199012 | Method for identifying a server device in a network - According to an aspect of an embodiment, an apparatus connectable to a storage device through a network, comprising: a network interface module for connecting the apparatus to the storage device through the network; a memory for storing identification information identifying said network interface module in said network; a receiving module for receiving set up information including identification information identifying said network interface module through said network; and a controller for writing said identifying information into the memory on the basis of said set up information. | 08-21-2008 |
20080205651 | Secure processor system without need for manufacturer and user to know encryption information of each other - A secure processor system capable of improving the security of processor processing by the addition of minimum modules without the need for a manufacturer and a user to know encryption information of each other has been disclosed. The secure processor system includes a secure processor having a CPU core that executes a instruction code, an encryption key hold part that holds a processor key, and an encryption processing part that encrypts or decrypts data input/output to/from the core with a processor key and a memory, and the encryption key hold part includes a hardware register that holds a hardwired encryption key, a write only register that stores an encryption key for instruction to be input and holds the stored encryption key for instruction so that it cannot be read, and the encryption key hold part outputs a hardware encryption key as a processor key at the time of activation and outputs a command encryption key as a processor key after a encryption key for instruction is written. | 08-28-2008 |
20080205652 | CONTENT PROTECTION SYSTEM, KEY DATA GENERATION APPARATUS, AND TERMINAL APPARATUS - A content protection system prevents illegal key acquisition, without checking uniqueness of device keys. The content protection system includes a key data generation apparatus and a user terminal. The key data generation apparatus converts first key data, which is for using content, based on a predetermined conversion rule, thereby generating second key data, encrypts the second key data using a device key held by valid terminals, and outputs the encrypted key data. The user terminal obtains the encrypted key data, decrypts the encrypted key data using a device key held by the user terminal, thereby generating second key data, converts the second key data based on a re-conversion rule corresponding to the conversion rule, thereby generating the first key data, and uses the content with use of the generated first key data. | 08-28-2008 |
20080212778 | Communication System and Communication Apparatus - A communication system and communication apparatus that can improve the stability and security of communication. In this communication system, a communication apparatus ( | 09-04-2008 |
20080212779 | Ordering Content by Mobile Phone to be Played on Consumer Devices | 09-04-2008 |
20080212780 | Homomorphic Encryption For Secure Watermarking - A method and a system for embedding a watermark in a media signal x are disclosed. The method comprises providing an at least partially encrypted media signal c | 09-04-2008 |
20080212781 | System, Method and Apparatus for Decrypting Data Stored on Remobable Media - A technique that decrypts data stored on removable media, if the device on which the encryption was performed is lost, unavailable, or the user credentials are lost. In example embodiment, this is achieved by using the administrator UID, the administrator UDID, the removable media, the names of one or more data files to be decrypted, the administrator Pswd, and a KeyID to decrypt data stored on the removable media associated with a lost or unavailable mobile device on which encryption was performed. | 09-04-2008 |
20080212782 | Approach For Managing Access to Messages Using Encryption Key Management Policies - Controlling access to disseminated messages includes implementing one or more key management policies that specify how various encryption keys are maintained and in particular, when encryption keys are made inaccessible. Deleting a particular key renders inaccessible all copies of messages, known or unknown, associated with the particular key, regardless of the location of the associated messages. A message may be directly or indirectly associated with a deleted key. Any number of levels of indirection are possible and either situation makes the message unrecoverable. The approach is applicable to any type of data in any format and the invention is not limited to any type of data or any type of data format. | 09-04-2008 |
20080219448 | Multiple-layers encryption/decryption and distribution of copyrighted contents - A method and an apparatus for providing multiple-layers of encryption/decryption of contents and the transferring of protected content between devices based on each device's multiple IDs. Furthermore, it related to a two-way secure communication between two or more devices. The encryption/decryption is based on a common content ID that is used for providing multiple layers of encryption that can be used by hardware and software. Each byte of the digital stream is XORed with each byte of the content ID thus providing the encryption strength. The same process is applied to the encrypted content (ciphertext) thus reproducing the plaintext. As well, means for encrypting/decrypting digital content using its plain byte values as part of the content private key's registers. | 09-11-2008 |
20080219449 | Cryptographic key management for stored data - A method is provided for performing application-transparent key management in a storage library associated with an encrypting removable storage device. Encryption and decryption is performed by a key manager and the removable storage device, and is transparent to the application. Data is encrypted using keys that are managed by the storage key manager. An administrative interface allows an administrator to specify and manage encryption keys. A key identifier is associated with each key, and the key identifier is written to the tape along with the encrypted data. When reading encrypted data, the removable storage device reads the key identifier from the tape and requests the corresponding encryption key from the key manager. The removable storage device then provides the decrypted data to the application. The encryption key may be exported from the key manager or library in an encrypted XML format. Encrypted tapes can therefore be decrypted in different libraries by exporting the keys from one library to another. | 09-11-2008 |
20080219450 | Methods And Apparatus For Performing An Elliptic Curve Scalar Multiplication Operation Using Splitting - For an Elliptic Curve Scalar Multiplication (ECSM) operation to be performed on a scalar and a base point, a given previous set of parameters that was used to split the scalar for a previous ECSM operation and a selected random integer are used to determine a new set of parameters for splitting the scalar. By basing the new set of parameters on the previous set of parameters, repeated use of the scalar to determine key-splitting parameters is avoided and susceptibility to a Differential Power Analysis Side Channel attack is minimized. | 09-11-2008 |
20080226077 | Apparatus, Method, and Computer Program Product for Playing Back Content - A content playback apparatus includes an SKF selecting unit that selects one segment key file from plural segment key files recorded in a DVD media at a time of playback of a content of the sequence key section, a data selecting unit that selects each content corresponding to a segment number of each key entry registered in the selected segment key file, a moving picture data decrypting unit that decrypts the selected moving picture data by a segment key corresponding to the segment number, and a decoder that plays back the decrypted moving picture data. | 09-18-2008 |
20080226078 | ENABLING RECORDING AND COPYING DATA - A data encryption key may be generated for encrypting data content. The data encryption key includes multiple portions. For example, the data encryption key may be generated by combining a drive seed and a media seed where the drive seed includes a value that is unique to the drive reading data content or a group of drives sharing the same drive seed. The media seed may include a value unique to the media from which data content may be read. The data encryption key thus generated may be unique to a combination of a specific drive or group of drives and a media or group of media. | 09-18-2008 |
20080226079 | METHOD AND APPARATUS FOR CONDITIONALLY DECRYPTING CONTENT - Provided is a method of conditionally decrypting content. In the method, whether a content key for encrypting and/or decrypting content is revoked is determined, and encrypted content is selectively decrypted using the content key. | 09-18-2008 |
20080226080 | ENCRYPTION KEY RESTORING METHOD, INFORMATION PROCESSING APPARATUS, AND ENCRYPTION KEY RESTORING PROGRAM - A disclosed encryption key restoring method enables restoration of an encryption key in the event of inability to use the encryption key stored in a secure memory of an information processing apparatus, in which data encrypted by the encryption key is stored in an internal storage unit. A disclosed information processing apparatus includes a key management module that checks the validity of the encryption key. If the encryption key is not valid, the key management module acquires a restore key for the encryption key from outside the information processing apparatus, and checks the validity of the restore key. If the restore key is valid, the key management module stores it in the secure memory, and reboots the information processing apparatus in a normal mode. | 09-18-2008 |
20080226081 | DATA RECOVERY METHOD, IMAGE PROCESSING APPARATUS, CONTROLLER BOARD, AND DATA RECOVERY PROGRAM - A disclosed data recovery method, image processing apparatus, controller board, and data recovery program enable data stored encrypted in a storage unit within an information processing apparatus to be recovered when an internal encryption key of the apparatus becomes unavailable. A first encryption key is stored in a secure memory, a second encryption key is stored in a first storage unit, and data is stored in a second storage unit. The second encryption key is decrypted with the first encryption key. The second encryption key is backed up outside the information processing apparatus as a backup key, such as by printing it on a sheet with a plotter. When the first encryption key becomes unavailable, the backup key is restored back in the information processing apparatus. The data stored in the second storage unit is then decrypted with the restored backup key. | 09-18-2008 |
20080226082 | Systems and methods for secure data backup - Systems and methods are provided for securely backing up data files of a computing system onto a backup device. An encryption key is generated using some identification found on and unique to the computing system. The encryption key is used to encrypt the data which is then stored on the backup device as encrypted backed up data. The encrypted backed up data stored on the backup device can later be accessed, e.g., for data recovery purposes, by once again using the computing system unique identification to generate the encryption key which can then be used to decrypt the encrypted backed up data. In this way, the backed up data remains secure even if the backup device is lost or stolen. | 09-18-2008 |
20080232590 | Micropayment Processing Method and System - A method of producing an offer package includes defining, within the offer package, a description of an offered product. The cost of the offered product and the merchant making the offer are also defined within the offer package, which includes an encrypted version of the offered product. | 09-25-2008 |
20080232591 | SIMPLE AND EFFICIENT ONE-PASS AUTHENTICATED ENCRYPTION SCHEME - The present invention provides encryption schemes and apparatus, which are more efficient than the existing single pass authenticated encryption schemes, while providing the same level of security. The initial vectors, which are an essential part of these schemes, are chosen in an incremental and safe fashion. This also leads to an incremental method for generating the pair-wise differentially uniform sequences or XOR-universal sequences which are another essential part of such schemes. The incrementality of the generation of these sequences extends to even across different plain-text messages being encrypted, leading to substantial savings in time to encrypt. A further step of encryption is shown to be redundant and leads to savings over earlier schemes. Another embodiment describes splitting the plain-text blocks into two sets, and using the block-cipher in encrypt mode on one set and the block-cipher in decrypt mode on the other set, leading to beneficial hardware solutions. | 09-25-2008 |
20080232592 | Method and apparatus for performing selective encryption/decryption in a data storage system - One embodiment of the present invention provides a system for performing selective encryption/decryption in a data storage system. During operation, the system receives a data block from a storage medium at an input/output layer, wherein the input/output layer serves as an interface between the storage medium and a buffer cache. Next, the system determines whether the data block is an encrypted data block. If not, the system stores the data block in the buffer cache. Otherwise, if the data block is an encrypted data block, the system retrieves a storage-key, wherein the storage-key is associated with a subset of storage, which is associated with the encrypted data block. Using the storage-key, the system then decrypts the encrypted data block to produce a decrypted data block. Finally, the system stores the decrypted data block in the buffer cache, wherein the data block remains encrypted in the storage medium. | 09-25-2008 |
20080232593 | SYSTEM AND METHOD FOR LOGICAL SHREDDING OF DATA STORED ON WORM MEDIA - Files are encrypted and stored on a WORM media device along with their encryption keys, the binary values of which are stored as a combination of written and unwritten sectors in a key storage portion of the media. To shred a file, the associated key is destroyed simply by writing into the unwritten sectors that are associated with the key. | 09-25-2008 |
20080232594 | SYMMETRIC KEY SUBSCRIPTION - A method and system for symmetric key subscription. A register R issues to a subject A a possession that stores a first symmetric key X or comprises a deriving means configured to derive the first symmetric key X. The register R receives from a counterparty B a request for a subscription to a symmetric key with respect to the subject A. In response to the received request, the register R derives a second symmetric key Y from both the first symmetric key X and a first value N. The register R transmits to the counterparty B the second symmetric key Y derived by the register R. | 09-25-2008 |
20080232595 | Vehicle Segment Certificate Management Using Short-Lived, Unlinked Certificate Schemes - The present invention advantageously provides a system and method for management of cryptographic keys and certificates for a plurality of vehicles. Each vehicle of the plurality of vehicles generates public/private key pairs, requests multiple time-distributed certificates, creates an encrypted identity, and surrenders expired certificates. An assigning authority receives the public/private key pairs, the request for multiple time-distributed certificates, the encrypted identity, and the expired certificates from said vehicle. The assigning authority authorizes the vehicle with an authorizing authority, validates the expired certificates, proves ownership, and distributes the requested time-distributed certificates to said vehicle. Validation can comprise checking expired certificates against misused, compromised and/or previously surrendered certificates. Time-distributed certificates can have lifetimes adjustable based on certificate misuse detection system algorithms, amount of malicious activity detected, and/or certificate authority capacity. | 09-25-2008 |
20080232596 | DATA PROCESSING APPARATUS AND PROGRAM - A data processing apparatus capable of updating and writing a plurality of distributed information items generated based on to-be-held secret information with respect to a data storage device in which access is not limited includes a secret distribution processing portion which generates a plurality of distributed information items updated this time according to secret information to be held this time based on a threshold value secret distribution method, and a distributed information management portion which selects recording positions of distributed information items updated this time to leave behind distributed information items of a number less than a threshold value among a plurality of distributed information items updated last time with respect to a plurality of distributed information items updated and stored in the data storage device and writes distributed information items updated this time to the data storage device based on the selected recording positions. | 09-25-2008 |
20080240440 | SYNCHRONIZATION TEST FOR DEVICE AUTHENTICATION - Device authentication is based on the ability of a human to synchronize the movements of his or her fingers. A pairing procedure for two wireless devices may thus involve a synchronization test that is based on the relative timing of actuations of input devices on each of the wireless devices. In some aspects a synchronization test involves determining whether actuations of user input devices on two different wireless devices occurred within a defined time interval. In some aspects a synchronization test involves comparing time intervals defined by multiple actuations of user input devices on two wireless devices. | 10-02-2008 |
20080240441 | STORAGE CONTROLLER COMPRISING ENCRYPTION FUNCTION, DATA ENCRYPTION METHOD, AND STORAGE SYSTEM - Proposed are a storage controller equipped with an encryption function, a data encryption method, and a storage system enabling a user to apply one's desired encryption policy to data received from a computer or the like. This storage controller includes a storage apparatus for storing data from a computer, and a controller for controlling the input and output of data stored in the storage apparatus. The controller has a configuration information management unit for managing configuration information of attributes concerning an encryption function as information for encrypting data, and an encryption execution unit for performing encryption of data from the computer and data stored in the storage apparatus based on the configuration information of attributes concerning the encryption function. | 10-02-2008 |
20080240442 | Managing copy protecting information of encrypted data - The present invention provides according to an embodiment a method of reproducing digital content, comprising the steps of: (a) reading a position information where a sample data is present, the sample data being same as a portion of digital content and not encrypted; and (b) reproducing the sample data based on the read position information without a key information, the key information required for decrypting an encrypted digital content. | 10-02-2008 |
20080240443 | METHOD AND APPARATUS FOR SECURELY PROCESSING SECRET DATA - Using the same secret key for different secret operations in the frame of public key cryptosystems raises security problems because attackers can gain statistical information about the secret key. Indeed, when randomization techniques are used, the same secret key is randomized differently for every new operation, and since information leakage sums up, eventually, the attacker is able to recover the secret key. | 10-02-2008 |
20080240444 | METHOD OF DISTRIBUTING A DECRYPTION KEY IN FIXED-CONTENT DATA - Secondary content in encrypted for distribution to client terminals by selecting at least a portion of raw encrypted audio-video data (REAVD) that is provided on a media article as an encryption key, encrypting secondary content using the encryption key, and storing encrypted secondary content at a remotely located host. The media article can then be used for providing access to the encrypted secondary content to client terminals by receiving encrypted secondary content at a client terminal, extracting a decryption key from a media article encoded with REAVD, the decryption key being determined by at least a portion of the REAVD, using the decryption key to decrypt the secondary content, and outputting the decrypted secondary content from the client terminal. | 10-02-2008 |
20080240445 | DEVICE, METHOD AND PROGRAM FOR PROVIDING MATCHING SERVICE - A computer for a service provider receives from each member of two groups who is a user of a service via a mediating computer, a priority list in which member IDs of the other group is permuted in the priority order of a user and processing information that are encrypted so as not to be decrypted by the mediating computer. The ID of the priority list is encrypted with an encrypting key that is common to all members. The computer for a service provider performs matching, with ID in the priority list being left encrypted when the list is decrypted. The computer for a service provider decrypts the processing information, makes it in a state in which the matching result can be decrypted based on the processing information by only a person concerned, and sends it to each member via the mediating computer. | 10-02-2008 |
20080247548 | CONTENT PROCESSING APPARATUS AND ENCRYPTION PROCESSING METHOD - A content processing apparatus includes a read unit which reads encrypted key information from a recording medium, a decryption unit which decrypts the encrypted key information with a device key and dynamic information to obtain key information containing content keys, an update unit which updates the dynamic information, a key information processing unit which updates the key information by extracting a content key corresponding to a move target content from the key information, and removing the content key from the key information, a first encryption unit which encrypts the updated key information with the device key and the updated dynamic information, a second encryption unit which encrypts the content key with a shared key, and a write unit which overwrites the updated encrypted key information on the encrypted key information in the medium and writes the encrypted content key in the medium. | 10-09-2008 |
20080247549 | Remote diagnostic system for robots - A remote diagnostic system for robots including a number of at least two robots, wherein a controller of each robot of the system is locally connected to a service unit provided with local processing power, a remote service center provided with a connector server is arranged, and a communications infrastructure for transferring packets of information between a controller of a robot of the system and connector server via the service unit is arranged for performing remote monitoring and diagnostics at the remote service center, wherein the communications infrastructure uses internet and/or GPRS communication lines. | 10-09-2008 |
20080253570 | SYSTEM AND METHOD FOR PROCESSING USER DATA IN AN ENCRYPTION PIPELINE - A method, system and program are disclosed for efficiently processing host data which comprises encrypted and non-encrypted data and is to be written to a storage medium. The encrypted data is written to the storage medium in encrypted form. The non-encrypted data is encrypted by a storage device using a well known encryption key and written to the storage medium. In this way, the data that is processed by the storage device to and from the storage medium can always be processed through a single encryption engine. | 10-16-2008 |
20080253571 | METHOD AND A SYSTEM FOR PROTECTING PATH AND DATA OF A MOBILE AGENT WITHIN A NETWORK SYSTEM - Secure message transfer of at least one message from a sender to a receiver within a network system may be provided. For example, a message structure information regarding the at least one message may be computed on a sender-side and according to a pre-given scheme. The computed message structure information may be added as message account information into the at least one message to be sent. The message account information may be protected by a signature. The at least one message may be transferred through the network system to the receiver. On a receiver-side, the message account information may be validated after reception of the at least one message and according to the pre-given scheme. | 10-16-2008 |
20080260155 | Storage Medium Processing Method, Storage Medium Processing Device, and Program - Spread of a forged storage medium is prevented suppressing an authentic storage medium's damage and trouble of a owner to the minimum. When there is an update request of user key data, the update history of the user key data concerning the shown above-mentioned medium identifier IDm is referred to. When judged that the update of the user key data concerning the shown medium identifier IDm not being performed within a predetermined period, the update of user key data is performed. The request of a update is refused when judged that the update of the user key data concerning the shown medium identifier IDm being performed within a predetermined period. | 10-23-2008 |
20080260156 | Management Service Device, Backup Service Device, Communication Terminal Device, and Storage Medium - It is an object to provide a method for invalidation and new registration of a storage medium, a method for backup of data stored in a storage medium and for restoration of backup data to a storage medium, and a method for encryption of and application of an electronic signature to data to be backed up, and for decryption of backup data to be restored and verification of a signature. A service device includes a reception unit for receiving a request for data processing regarding a storage medium from a communication terminal device connected to the storage medium, an authentication unit for performing authentication of whether or not the storage medium connected to the communication terminal device is valid, and a database for storing a public key of the storage medium, wherein, when the reception unit receives a request for invalidation of the first storage medium from the communication terminal device, and the authentication unit authenticates the second storage medium connected to the communication terminal device as a valid storage medium, the database deletes the public key of the first storage medium stored in the database. | 10-23-2008 |
20080260157 | Recording Apparatus and Recording Medium - A recording apparatus includes an encryption/decryption section for encrypting first and second contents obtained from the same content, using first and second keys, respectively, and outputting the results as first and second encrypted contents, respectively, and a recording medium. The encryption/decryption section encrypts the first and second keys using the second and first keys, respectively, and outputs the results as first and second encrypted keys, respectively, to the recording medium. The recording medium records the first and second encrypted contents and the first and second encrypted keys. | 10-23-2008 |
20080260158 | Methods and apparatus for initialization vector pressing - Methods and apparatus are provided for using explicit initialization vectors in both encryption and decryption processing. In one example, a sender generates an initialization vector, identifies cryptographic keys, encrypts data using the initialization vectors and the cryptographic keys, and transmits the encrypted data in a packet along with the initialization vector. A receiver identifies cryptographic keys, extracts the initialization vector from the received packet, and decrypts the encrypted data using the cryptographic keys and the initialization vector extracted from the received packet. | 10-23-2008 |
20080260159 | Computer system, storage system, and data management method for updating encryption key - A computer system encrypts write-data to be written to the volume in response to a write command. The system transmits a rekey command from host computer system to the storage system when the key data stored in the host key data memory is changed to second key data. The storage system receives the rekey command transmitted from host computer system and stores the first and second key data contained in the received rekey command to a volume key data memory of the storage system. The storage system reads out data encrypted with the first key data from an original block address in the volume. The storage system decrypts the data read out from the volume using the first key data. The storage system encrypts the data decrypted by the first key data using the second key data, and writs the data encrypted with the second key data to the original block address. | 10-23-2008 |
20080260160 | Opt-in process and nameserver system for IETF DNSSEC - The process of signing and then publishing a DNS zone according to the IETF DNSSEC protocols is improved by the present invention, in order to facilitate the DNSSEC deployment until most of the DNS zones are signed. The prior art situation is that a second-level domain, e.g. example.com, often faces an unwanted status of “DNSSEC island of security,” and a challenging task of “trust anchor key” out-of-band distribution. The invention somehow fixes such broken DNSSEC chains of trust, e.g. it fills the gap between a DNSSEC island of security and its signed grandparent or ancestor. The invention is deemed useful for the introduction of DNS root nameservice substitution for DNSSEC support purposes, and allows opt-in while NSEC | 10-23-2008 |
20080267406 | Method and Device for Verifying The Integrity of Platform Software of an Electronic Device - A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed. | 10-30-2008 |
20080267407 | Method and Apparatus for New Key Derivation Upon Handoff in Wireless Networks - A novel key management approach is provided for securing communication handoffs between an access terminal and two access points. As an access terminal moves from a current access point to a new access point, the access terminal sends a short handoff request to the new access point. The short handoff request may include the access terminal ID; it does not include the access point ID. The new access point may then send its identifier and the access terminal's identifier to the authenticator. Using a previously generated master transient key, the access point identifier and the access terminal identifier, an authenticator may generate a master session key. The master session key may then be sent to the access point by the authenticator. The access terminal independently generates the same new security key with which it can securely communicate with the new access point. | 10-30-2008 |
20080273701 | Secure Paper Comprising a Fiber Layer and an Electronic Chip - The present invention relates to secure paper ( | 11-06-2008 |
20080273702 | METHOD, SYSTEM AND PROGRAM PRODUCT FOR ATTACHING A TITLE KEY TO ENCRYPTED CONTENT FOR SYNCHRONIZED TRANSMISSION TO A RECIPIENT - A method and system for attaching a title key to encrypted content for synchronized transmission to, or storage by, a recipient is provided. Specifically, under the present invention, an elementary media stream is parceled into content units that each include a content packet and a header. The content packets are encrypted with one or more title keys. Once the content packets have been encrypted, the title keys are themselves encrypted with a key encrypting key. The encrypted title keys are then attached to the corresponding encrypted content packets for synchronized transmission to a recipient. | 11-06-2008 |
20080279382 | SECURE AND SCALABLE SOLID STATE DISK SYSTEM - A solid state disk system is disclosed. The system comprises a user token and at least one level secure virtual storage controller, coupled to the host system. The system includes a plurality of virtual storage devices coupled to at least one secure virtual storage controller. A system and method in accordance with the present invention could be utilized in flash based storage, disk storage systems, portable storage devices, corporate storage systems, PCs, servers, wireless storage, and multimedia storage systems. | 11-13-2008 |
20080279383 | METHOD AND APPARATUS OF ENCIPHERING AND DECIPHERING DATA USING MULTIPLE KEYS - On a recording medium, first information obtained by enciphering data with the first key and second information obtained by enciphering the first key with each of the predetermined second keys are recorded. A deciphering method is characterized by comprising the steps of inputting the first and second information, deciphering the first key using at least one of the second keys, determining by a specific method that the obtained first key is correct, and then deciphering the data using the first key to obtain the data. | 11-13-2008 |
20080279384 | Information delivery system, information delivery method, node device, key data management device, and recording medium - Provided is an information distribution system capable of acquiring the program information failed to be recorded, reliably and by a simple operation, without burdening a server device with heavy loads. The system includes plural node devices capable of communicating with each other through a network. The node device receiving the program information broadcasted from a broadcasting station creates the identification information corresponding to the program code intrinsic to the program information stored, and sends a message to register the node device storing the program information, based on the identification information, to the node device managing that identification information. The node device desiring to acquire the program information creates the identification information corresponding to the program code, and sends a message requesting the program information, on the basis of the identification information, to the node device having managed the identification information, thereby to acquire that program information from the node device. | 11-13-2008 |
20080285756 | RANDOM SHARED KEY - A key server is configured to execute on a computer. The key server is further configured to programmatically respond to a request by a sender by generating a message identifier connected with a message to be communicated and a random shared key for encrypting the message by the sender if the sender has registered with the key server. The key server is yet further configured to programmatically respond to a receiver by extracting the random shared key for decrypting the message if the receiver has registered with the key server, the receiver provides the message identifier to the key server, and the receiver is an intended recipient of the message. | 11-20-2008 |
20080292103 | METHOD AND APPARATUS FOR ENCRYPTING AND TRANSMITTING CONTENTS, AND METHOD AND APPARATUS FOR DECRYPTING ENCRYPTED CONTENTS - Provided are a method and apparatus for encrypting and transmitting contents and decrypting the encrypted contents in order to improve security for authority of use of the contents in a contents used environment by installing various content protection software in a content device. The method of encrypting and transmitting the contents includes: receiving contents to be transmitted; encrypting the contents using a content key which is an encryption key according to the received contents; encrypting the content key using an external device key of an external device which is permitted to receive the encrypted contents to be used and a software key of a software program which is executed in the external device and permitted to decrypt the encrypted contents; and transmitting the encrypted contents and the encrypted content key to the external device. Therefore, security for authority of use of the contents, and more particularly, security for the content key are improved so that illegal distribution of the contents can be prevented. | 11-27-2008 |
20080292104 | Recovery of Expired Decryption Keys - At least one expired decryption key intended to be used for asymmetrical decryption of encrypted data is recovered in a terminal after generation of a cryptographic encryption key/decryption key pair stored in a cryptographic medium such as a microchip card. The expired decryption key is stored in a database accessible to a user of the terminal and encrypted beforehand as a function of the new generated encryption key. In the terminal connected to the cryptographic medium, the encrypted expired encryption key is decrypted as a function of the decryption key stored in the cryptographic medium so that the encrypted data is decrypted as a function of the thus decrypted expired decryption key. | 11-27-2008 |
20080298591 | Interoperable Systems and Methods for Peer-to-Peer Service Orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs. | 12-04-2008 |
20080304668 | SYSTEM AND METHOD FOR LOST DATA DESTRUCTION OF ELECTRONIC DATA STORED ON A PORTABLE ELECTRONIC DEVICE USING A SECURITY INTERVAL - A data security system and method protects stored data from unauthorized access. According to one aspect of the invention, a client computing device communicates periodically with a server. If communications is not established between the client and the server for a selected activation interval and a subsequent grace period, the data is determined to be lost, and programmed security rules are automatically executed. | 12-11-2008 |
20080310635 | APPARATUS, SYSTEM, AND METHOD FOR MANAGING LICENSE KEYS - An apparatus, system, and method are disclosed for managing license keys. A license key service module creates a license key service object of a license key service class. The license key service class extends a SMI-S CIM CIM_Service class. The license key service object comprises a plurality of management operations. A hosted license key service module creates a hosted license key service object of a hosted license key service class. A license key module creates a license key object of a license key class. The license key class extends a SMI-S CIM CIM_ManagedElement class. The license key object comprises a license key and employs the plurality of management operations. A management module manages the license key using the license key object, license key service object, and hosted license key service object. | 12-18-2008 |
20080310636 | ACCESS-CONTROLLED ENCRYPTED RECORDING SYSTEM FOR SITE, INTERACTION AND PROCESS MONITORING - A high level of security for access to recorded information is provided by provision of a trusted/protected communication linkage such as a tamper-resistant or tamper evident enclosure, a physical close coupling between information source and encryption processor and/or obfuscated code or end-to-end network encryption and encryption, possibly symmetrical, of the information to be recorded by a preferably random session key or segment key. The session key or segment key may then be encrypted, preferably asymmetrically, by a secure key which may be shared or access thereto shared in accordance with any desired security policy. Use of a public key or public key/private key infrastructure also provides for authentication of the recorded information. | 12-18-2008 |
20090003606 | CHANGING THE ORDER OF PUBLIC KEY CRYPTOGRAPHIC COMPUTATIONS - In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase. This may be accomplished by creating a permutation of an order of powers and then performing a table initiation phase using a part of a key and the permuted order of powers to populate a data structure. | 01-01-2009 |
20090003607 | ALTERING THE SIZE OF WINDOWS IN PUBLIC KEY CRYPTOGRAPHIC COMPUTATIONS - In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase. Then an exponentiation phase is performed, wherein the exponentiation phase includes two or more parsing steps, wherein each of the parsing steps includes parsing a part of a cryptographic key into a window of size n, wherein n is a difficult to predict number. | 01-01-2009 |
20090003608 | BLOCK-LEVEL STORAGE DEVICE WITH CONTENT SECURITY - A block-level storage device is provided that implements a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key. | 01-01-2009 |
20090010437 | INFORMATION PROCESSING DEVICE, INFORMATION RECORDING MEDIUM, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM - A data placement configuration which ensures seamless playback of contents having segment portions including multiple different variations of encrypted data is provided. With regard to contents having segment portions configured of multiple different variations of encrypted data to which individual segment keys have been applied, and non-segment portions serving as encrypted data to which a unit key has been applied, the placement of segment data and non-segment portion configuration data is determined such that the maximum jump distance executed at the time of playback processing is equal to or less than a maximum jump distance set beforehand. Data placement has been determined based on seek time, ECC block processing time, sequence key usage time which is key switchover time, and so forth. | 01-08-2009 |
20090010438 | Security mechanism for wireless video area networks - A device is disclosed including a security module to generate and update cryptographic keys to establish a secure relationship between the device and one or more station devices in a wireless video area network (WVAN) and a domain manager to maintain a list of the station devices that are authorized to operate in the WVAN. | 01-08-2009 |
20090016532 | Portable data carrier featuring secure data processing - Disclosed is a method for securely processing data in a portable data carrier. Said method is characterized by the following steps: a) the data to be processed is requested; b) the data to be processed is encoded; c) the encoded data is temporarily stored in a buffer storage zone of the data carrier; d) the temporarily stored, encoded data is decoded by means of a decoding key; and e) the decoded data is processed. | 01-15-2009 |
20090016533 | Controlling With Rights Objects Delivery Of Broadcast Encryption Content For A Network Cluster From A Content Server Outside The Cluster - Methods, systems, and products are disclosed for controlling with rights objects delivery of broadcast encryption content for a network cluster from a content server outside the cluster that include receiving in the content server from a network device a key management block for the cluster, a unique data token for the cluster, and an encrypted cluster id; calculating a binding key for the cluster in dependence upon the key management block for the cluster, the unique data token for the cluster, and the encrypted cluster id; inserting a title key into a rights object defining rights for the broadcast encryption content; and sending the rights object to the cluster. In typical embodiments, the rights for content include an authorization for a play period and an authorized number of copies of the broadcast encryption content to devices outside the cluster. | 01-15-2009 |
20090016534 | METHOD AND SYSTEM OF GENERATING IMMUTABLE AUDIT LOGS - This method and system uses means of cryptographic techniques reproducing the functionality of a continuous roll of paper. The audit logs can contain any kind of data information (text, voice, video, actions . . . ) and this invention provides full guarantees for data integrity: order of data logged can't be altered and content can't be modified neither added nor deleted without detection. Authenticity of the IAL is guaranteed by the use of digital signatures. Confidentiality is also guaranteed by encrypting the data information. By using PKI encryption the invention also guarantees that only authorized auditors will be able to check the integrity of the IAL and access to the data content. | 01-15-2009 |
20090016535 | Fuzzy Keys - A method can be provided for performing encryption using a fuzzy key. The method can comprise generating a message, dividing a fuzzy key into a plurality of blocks; and generating an encrypted message by selecting a block from the fuzzy key corresponding to a bit position or bit pattern in the message. | 01-15-2009 |
20090016536 | DATA ENCRYPTION SYSTEM AND METHOD - A data encryption system implemented by running on a cache-equipped computer an encryption program including transformation tables each of which contains a predetermined number of entries. All or necessary ones of the transformation tables are loaded into the cache memory before encryption/decryption process. This causes encryption/decryption time to be made substantially equal independently of the number of operation entries for the transformation table. It is very difficult to extract plain texts used to determine a key differential, resulting in difficulties in cryptanalysis. | 01-15-2009 |
20090022317 | VEHICLE SECURITY SYSTEM - A vehicle security system includes a reception device that is mounted on a vehicle, and a transmission device that remotely operates the vehicle. The transmission device includes an encryption section that encrypts identification information that identifies the transmission device with a first encryption key, and a transmission section that transmits to the reception device instruction information that includes the identification information encrypted and gives an operation instruction to the reception device. The reception device includes a FeRAM that stores a second encryption key to pair with the first encryption key, wherein the second encryption key is erased from the FeRAM when the second encryption key is read out from the FeRAM, a reception section that receives the instruction information transmitted from the transmission device, a decoding section that decodes the identification information received, which is encrypted with the first encryption key and included in the received instruction information, with the second encryption key that is supposed to be stored in the FeRAM, and a judgment section that judges based on the decoded identification information as to whether the transmission device matches with the reception device. | 01-22-2009 |
20090022318 | CONTENT DATA DISTRIBUTION TERMINAL AND CONTENT DATA DISTRIBUTION SYSTEM - A content distribution terminal includes a user key data generation unit generating new user key data representing a new version of the user key data; a user key update unit capturing, from the recordable medium, already-recorded user key data that has already been recorded on the recordable medium, and ordering the user key data generation unit to generate the new user key data when a predetermined situation is identified in the already-recorded user key data to execute an update procedure for the user key data; an erase control unit erasing, when a predetermined situation is identified in the already-recorded user key data, the first encrypted content key data that is encrypted with the already-recorded user key data and stored in the recordable medium; an encryption/decryption unit decrypting, with terminal-unique key, second encrypted content key data resulting from encryption of the content key data with different terminal-unique keys for different terminals, encrypting again content key data resulting from decryption of the second encrypted content key data with the new user key data to generate the first encrypted content key data, and encrypting the content data with the content key data to generate the encrypted content data; a write control unit writing the data to the recordable medium. | 01-22-2009 |
20090028336 | Encryption Key Path Diagnostic - A method and a computer program product are provided to perform a key path diagnostic that aids in isolating an error within the encryption storage system. A first communication test is performed on a path between the key proxy and the drive. The first communication test verifies that the path between the drive and the key proxy is operational. A second communication test is performed on a path between the key proxy and the key server. The second communication test verifies that the path between the key proxy and the key server is operational. In addition, the drive or the key proxy sends a command to the key manager to attempt communication with the key manager. The communication attempt verifies the installation and configuration parameters related to the key manager. | 01-29-2009 |
20090028337 | Method and Apparatus for Providing Security in a Radio Frequency Identification System - A method and apparatus involve storing in a tag a selected digital certificate that permits secure access to said tag from externally thereof. | 01-29-2009 |
20090028338 | SOFTWARE PRODUCT AUTHENTICATION - The present application discloses a method and a system for authenticating software products. Computer software is often sold with a unique validation number. In order to register the product a user has to connect to a remote server and he is then asked to enter the validation number. The disadvantage of this is that it can take time, and further the verification can be delayed or entirely prevented due to network problems. The invention solves this problem by supplying a validator ( | 01-29-2009 |
20090034732 | MANUFACTURING EMBEDDED UNIQUE KEYS USING A BUILT IN RANDOM NUMBER GENERATOR - A method of manufacturing a device containing a key is disclosed. The method generally includes the steps of (A) fabricating a chip comprising a random number generator, a nonvolatile memory and a circuit, (B) applying electrical power to the chip to cause the random number generator to generate a signal conveying a sequence of random numbers, (C) commanding the chip to program a first arbitrary value among the random numbers into the nonvolatile memory, wherein the device is configured such that the first arbitrary value as stored in the nonvolatile memory is unreadable from external to the device and (D) packaging the chip. | 02-05-2009 |
20090034733 | Management of cryptographic keys for securing stored data - Systems and methods secure data in storage. A management system generates a sequence of keys and an identifier of each key in the sequence. A current key in the sequence and the identifier of the current key are transferred from the management system to a storage system. The storage system encrypts the data into encrypted data using the current key. The storage system stores the identifier and the encrypted data. The identifier and the encrypted data are retrieved from the storage system. The key in the sequence identified by the identifier is transferred from the management system to the storage system. The storage system decrypts the encrypted data using the decryption key. | 02-05-2009 |
20090034734 | Multi-Level Key Manager - A cryptographic device and method are disclosed for processing different levels of classified information. A memory caches keys for use in a cryptographic processor. The cryptographic processor requests a key associated with a particular classification level when processing a packet of the particular classification level. The cryptographic device confirms that the key and the packet are of the same classification level in a high-assurance manner. Checking header information of the keys one or more times is performed in one embodiment. Some embodiments authenticate the stored key in a high-assurance manner prior to providing the key to the cryptographic device. | 02-05-2009 |
20090034735 | AUDITING SECRET KEY CRYPTOGRAPHIC OPERATIONS - In a cryptographic system, the unlocking of secret keys on a user system is audited and correlated with other events that typically occur after the secret key is used to perform a cryptographic operation. Audit evidence of secret key cryptographic operations is recorded for later review and/or analysis, for use as stored evidence of unauthorized activity and/or for use in refuting false claims of repudiation of authorized activity. Some systems might also provide users with user activity reports that can alert a user to suspicious or unauthorized activity using that user's access. | 02-05-2009 |
20090041248 | RECORDING MEDIUM, AUTHORING DEVICE, AND AUTHORING METHOD - A recording medium has authoring data recorded thereon. The authoring data has a plurality of formats. Data items common to all the plurality of formats include, a content, a content key for encrypting the content, a hash value of the content, a media key for encrypting the content key, and revocation information for revoking an unauthorized device from using the media key. The plurality of formats include a first format and a second format. In the first format, the content is not encrypted and each of the content key, the hash value, the media key, the revocation information is dummy data. In the second format, the content is encrypted and each of the media key and the revocation information is dummy data. | 02-12-2009 |
20090041249 | METHOD AND SYSTEM FOR MANAGING A KEY FOR ENCRYPTION OR DECRYPTION OF DATA - A user private key is stored in a database of the user terminal. A user public key and user information are stored in the user management DB. The encryption/decryption unit encrypts an authority private key specific to a first authority given to a user, by using a user public key associated with user information to indicate a user. The secret sharing unit shares in secret an authority private key into two or more shared authority private keys. The encryption/decryption unit encrypts the shared authority private keys, by using an authority public key specific to each of second authorities to manage the first authority in a shared manner. The authority management DB stores the encrypted authority private key and authority public key in association with the first authority, and stores the encrypted shared authority private keys in association with the second authorities. | 02-12-2009 |
20090041250 | Authentication method in communication system - An authentication method is provided in which a first portable device generates and transmits a first random number and a first timestamp to a first USIM in the first portable device; the first USIM calculates a first sign for the first portable device; the first portable device requests authentication for authenticated communication from a second portable device through transmission of the first random number, the first timestamp, and the first sign to the second portable device; the second portable device generates a second random number and a second timestamp and transmits the information to a second USIM in the second portable device; the second USIM generates a second sign for the second portable device and a second personal key which the second portable device transmits to the first portable device; the first portable device then transmits the information to the first USIM which generates a first personal key for authenticated communication. | 02-12-2009 |
20090041251 | Method and Device for Agreeing Shared Key Between First Communication Device and Second Communication Device - Based on security parameters previously agreed upon by first and second communication devices, a first security value is determined by the second communication device and transmitted to the first communication device. The first communication device determines second and third security values based on the security parameters and the first security value and transmits the second and third security values to the second communication device. The second communication device determines a fourth security value based on the security parameters and, if the second security value matches the fourth security value, authenticates the first communication device. Upon successful authentication of the first communication device, a shared key is determined by both communication devices based on the third security value and the security parameters. | 02-12-2009 |
20090046862 | METHOD AND DEVICE FOR SPEEDING UP KEY USE IN KEY MANAGEMENT SOFTWARE WITH TREE STRUCTURE - In the key management software having a key database with a tree structure, a high-speed data encryption/decryption process is achieved by changing the tree structure without reducing the security strength when deleting or adding a key from/to the tree structure. The key management software | 02-19-2009 |
20090052669 | METHOD AND SYSTEM FOR DISASTER RECOVERY OF DATA FROM A STORAGE DEVICE - Aspects of the invention provide a method and system for securely managing the storage and retrieval of data. Securely managing the storage and retrieval of data may include receiving a first disaster recovery code and acquiring a first password corresponding to the first disaster recovery code. A first disaster recovery key may be generated based on the first disaster recovery code and the first password. Another aspect of the invention may also include generating the received first disaster recovery code based on said first password and the first disaster recovery key. The generated disaster recovery code may be securely stored on at least a portion of a storage device or a removable media. Data stored on the storage device may be encrypted using the first generated disaster recovery key. Additionally, data read from the storage device may be decrypted using the generated first disaster recovery key. | 02-26-2009 |
20090052670 | METHOD AND APPARATUS FOR STORING DIGITAL CONTENT IN STORAGE DEVICE - Disclosed are a method and apparatus for storing digital content in a storage device. A content key, which is a key used by a host for encrypting content when the content is stored to a storage device connected to the host, is encrypted by using a storage key of the storage device. The encrypted content key and encrypted content are stored in the storage device, and the host only stores storage keys. Thus, quantity of information maintained by the host can be reduced. Also, when a storage key is stored in a portable security component (PSC), portability and mobility of content bound to a single host may be improved. | 02-26-2009 |
20090052671 | SYSTEM AND METHOD FOR CONTENT PROTECTION - The invention provides a system and method for content protection. A system in accordance with an embodiment includes a media center connectable to a mobile master memory unit associated with an identifier, the media center including: a protection key; storage means for storing files identified by respective file identifiers; a processing unit comprising file encryption for encrypting each file before storage, using a title key computed from the protection key of the media center and for encrypting the title key using the protection key of the master storage device and the identifier of the master memory unit, the master storage device being further provided to write the encrypted title key in association with the corresponding file identifier to the master memory unit. | 02-26-2009 |
20090052672 | SYSTEM AND METHOD FOR PROTECTION OF CONTENT STORED IN A STORAGE DEVICE - The invention provides a system and method for content protection. A system according to an embodiment includes a media center connectable to a mobile secure and protection keyring associated with an identifier and with a media Key block MKB. The media center includes: a unique identifier identifying the media center MC_UID, a set of device keys DK; storage means for storing files identified by respective file identifiers; and a processing unit comprising file encryption means for encrypting each file before storage in the storage means, using a title key (Kt) computed from the identifier MC_UID of the media center and for encrypting the title key Kt from the set of device keys DK of the media center, and from the identifier and the media key block MKB of the mobile secure and protection keyring, the media center being further provided to write the encrypted title key (eKt) in association with the file identifier of the file to the mobile secure and protection keyring. | 02-26-2009 |
20090060194 | ADAPTABLE MICROCONTROLLER BASED SECURITY MONITOR - A method is provided for protecting embedded cryptographic processing circuits ( | 03-05-2009 |
20090060195 | Storage apparatus and data managament method - Provided is a storage system that includes a first storage apparatus and a second storage apparatus each connected to a host computer. The first and second storage apparatuses each include a controller and a disk drive. The controller manages an encryption status and an encryption key for each of a data volume and a journal volume in the disk drive. The controller in the first storage apparatus receives a write request from the host computer, creates a journal based on write data, encrypts the journal, and stores in an order the journal in a storage area in the journal volume. The controller in the order the encrypted journal stored in the journal volume, decrypts the journal, and transmits the decrypted journal to the second storage apparatus. | 03-05-2009 |
20090060196 | TRANSMITTING APPARATUS, RECEIVING APPARATUS, AND CONTENT TRANSMITTING METHOD - A transmitting apparatus includes a transaction transmitting unit configured to transmit to a receiving apparatus a content to be moved to the receiving apparatus, by using a first transaction established with the receiving apparatus, a counter unit configured to count a progress quantity representing a degree of progress of the transmission of the content from a given point of time with respect to the transmission of the content corresponding to the first transaction to obtain a count value, and a transaction switching unit configured to switch the first transaction used for the transmission of the content to a second transaction, if the count value of the counter unit reaches a predetermined value and the transmission of the content is not completed. | 03-05-2009 |
20090060197 | Method and Apparatus for Hardware-Accelerated Encryption/Decryption - An integrated circuit for data encryption/decryption and secure key management is disclosed. The integrated circuit may be used in conjunction with other integrated circuits, processors, and software to construct a wide variety of secure data processing, storage, and communication systems. A preferred embodiment of the integrated circuit includes a symmetric block cipher that may be scaled to strike a favorable balance among processing throughput and power consumption. The modular architecture also supports multiple encryption modes and key management functions such as one-way cryptographic hash and random number generator functions that leverage the scalable symmetric block cipher. The integrated circuit may also include a key management processor that can be programmed to support a wide variety of asymmetric key cryptography functions for secure key exchange with remote key storage devices and enterprise key management servers. Internal data and key buffers enable the device to re-key encrypted data without exposing data. The key management functions allow the device to function as a cryptographic domain bridge in a federated security architecture. | 03-05-2009 |
20090067630 | RECORDING OF A KEY IN AN INTEGRATED CIRCUIT - The invention concerns a method and a system for customizing electronic components ( | 03-12-2009 |
20090067631 | MEMORY EFFICIENT STORAGE OF LARGE NUMBERS OF KEY VALUE PAIRS - In one embodiment of the present invention, storing a plurality of key value pairs may be accomplished by first, for each of two or more quantities of most significant bits, determining how much overall memory usage will be saved upon removal of the corresponding quantity of most significant bits from each key in the plurality of key value pairs. Then, for the quantity of most significant bits determined to have the most overall memory usage savings, the quantity of most significant bits may be removed from each key in the plurality of key value pairs. Then a first auxiliary data structure may be formed, wherein the first auxiliary data structure contains the removed quantity of most significant bits from each key in the plurality of key value pairs and pointers to the remaining bits of each key of the plurality of keys in a primary data structure. | 03-12-2009 |
20090067632 | Circuit updating system - An information processing apparatus is provided with a reconfigurable unit ( | 03-12-2009 |
20090074188 | MEMBER CERTIFICATE ACQUIRING DEVICE, MEMBER CERTIFICATE ISSUING DEVICE, GROUP SIGNING DEVICE, AND GROUP SIGNATURE VERIFYING DEVICE - It is an object of the present invention to enhance the security and reduce the data amount of data to be handled in a group signing system, in which when the group public key which includes: a description for four groups: group 1, group 2, group T, and group E of the same order number; a description of bilinear mapping from group 1 and group 2 to group T; each generator of group 1, group 2, group T, and group E; and a signature public key of a signature scheme using group 1, group 2, and group T, is input, the member secret key including an integer not larger than the order number, member evidence which is a value given by multiplying the generator of group E by the member secret key, and an element of group 1 or group 2 which is a value given by multiplying the generator of the group 1 or the group 2 by the member secret key are sent to the member-certificate issuing device, and thereafter upon receipt of a signature for the member secret key, which is verifiable by the signature public key, from the member-certificate issuing device, the signature is used as the member certificate. | 03-19-2009 |
20090074189 | METHOD OF PROVIDING SECURITY FOR RELAY STATION - A method of providing security of a relay station is disclosed, by which the security can he provided for the relay station in a broadband wireless access system having the relay station. In a mobile communication system to relay a signal transfer between a base station and a mobile station, the present invention includes the steps of performing a relay station authentication from an authentication server using an authentication protocol, receiving a master key from the authentication server, deriving an authentication key from the received master key, deriving a message authentication code (MAC) key using the derived authentication key, and relaying a signal exchanged between the mobile station and the base station using the derived message authentication code key. | 03-19-2009 |
20090074190 | Method and Apparatus for Cryptographic Conversion in a Data Storage System - When data is encrypted and stored for a long time, encryption key(s) and/or algorithm(s) should be updated so as not to be compromised due to malicious attack. To that end, stored encrypted data is converted in the storage system with new set of cryptographic criteria. During this process, read and write requests can be serviced. | 03-19-2009 |
20090074191 | GAMING MACHINE HAVING MULTI-STAGE FAILURE RECOVERY FEATURE AND METHOD OF OPERATING SAME - A gaming machine may include memory, a software program loaded into the memory and a trusted cache. The trusted cache may include a context data save engine, a context data recovery engine and a restart engine. The context data save engine may be configured to save the context and state of the gaming machine at least upon sensing a failure condition. The context data recovery engine may be configured to load the context and state from the context data save engine back into memory, and the restart engine may be configured to restart the gaming machine and restore execution of the software program, and may be further configured to carry out a multi-stage recovery process that may include a soft reboot, a hardware reset and a power-off and, after a predetermined delay, a power-on of the gaming machine, attempting to restart the software program between each stage of the process. | 03-19-2009 |
20090080656 | METHODS AND COMPUTER PROGRAM PRODUCTS FOR PERFORMING CRYPTOGRAPHIC PROVIDER FAILOVER - Performing cryptographic provider failover utilizing an integrated cryptographic provider to register for each of a plurality of service type—algorithm pairs already registered by each of a plurality of underlying cryptographic providers, such that the integrated cryptographic provider specifies failover support for all registered service type—algorithm pairs using the one or more underlying cryptographic providers. Upon receipt of a first security request, the integrated cryptographic provider constructs a table including a list of cryptographic providers for each of the plurality of service type—algorithm pairs, wherein the table identifies a temporal order in which two or more of the plurality of underlying cryptographic providers were registered for each of the plurality of service type—algorithm pairs. In response to a subsequent security request received from an application, the list of cryptographic providers is used to identify a second cryptographic provider to which the request will be routed if a first cryptographic provider fails. | 03-26-2009 |
20090080657 | ACTIVE-ACTIVE HIERARCHICAL KEY SERVERS - In one embodiment, group member devices may be divided into at least one cluster, wherein each cluster includes a primary key server designated to synchronize with a master key server. Each cluster further includes at least one registration server configured to communicate with member devices in the group within the cluster and to synchronize with the primary key server. | 03-26-2009 |
20090080658 | METHOD AND APPARATUS FOR ENCRYPTING DATA FOR FINE-GRAINED ACCESS CONTROL - In one embodiment, the present invention is a method and apparatus for encrypting data for fine-grained access control. One embodiment of a method for encrypting data includes encrypting the data as a ciphertext, labeling the ciphertext with a set of one or more descriptive attributes, generating a decryption key for decrypting the ciphertext, associating an access structure with the decryption key, such that the data is recoverable from the ciphertext using the decryption key only if the set of one or more descriptive attributes satisfies the access structure, and outputting the ciphertext and the decryption key. | 03-26-2009 |
20090086974 | Support for Multiple Security Policies on a Unified Authentication Architecture - A method, computer program product, and data processing system are disclosed for ensuring that applications executed in the data processing system originate only from trusted sources are disclosed. In a preferred embodiment, a secure operating kernel maintains a “key ring” containing keys corresponding to trusted software vendors. The secure kernel uses vendor keys to verify that a given application was signed by an approved vendor. To make it possible for independent developers to develop software for the herein-described platform, a “global key pair” is provided in which both the public and private keys of the pair are publicly known, so that anyone may sign an application with the global key. Such an application may be allowed to execute by including the global key pair's public key in the key ring as a “vendor key” or, conversely, it may be disallowed by excluding the global public key from the key ring. | 04-02-2009 |
20090086975 | Flexible format media content and method for providing same - There is presented a method for providing a media content, one embodiment comprising recording a first version of a movie on a first content medium in a first format, encrypting one or more content supplement to the movie, each content supplement having a format different from the first format, embedding at least one encryption key in each content supplement, providing a retrieval code for key data enabling playback of the content supplement, and bundling the content supplement and the retrieval code for distribution with the first content medium. In one embodiment, a flexible format media bundle comprises a first content medium, a first version of a media content recorded on the first content medium in a first format, at least one content supplement having a different format, at least one encryption key, and a retrieval code enabling access to the content supplement. | 04-02-2009 |
20090086976 | SUBSTITUTION TABLE MASKING FOR CRYPTOGRAPHIC PROCESSES - A computing device-implemented method and system is provided for obtaining an interim masked substitution table value for a given input component in a cryptographic round, such as an AES cryptographic round, using a substitution table and a self-cancelling mask. A mask with a length equal to an entry in the substitution table is provided, wherein the mask comprises a plurality of mask components of equal length such that a bitwise logical inequality operation such as NOR on the mask components equals zero, and the substitution table is masked with this mask. For each of input component, an interim masked substitution table value is obtained from the substitution table thus masked. | 04-02-2009 |
20090092252 | Method and System for Identifying and Managing Keys - A system and method for managing encryption keys, wherein one of more of they keys incorporates a disabled state, and wherein the system further incorporates a namespace. | 04-09-2009 |
20090097653 | ENCRYPTION KEY STORED AND CARRIED BY A TAPE CARTRIDGE - In a cartridge key carrier, a data processing system employing an encryption key carrier, and a method for communicating an encryption key, an empty cartridge housing is provided that has a standardized form factor allowing insertion of the cartridge into a standardized magnetic tape drive. A memory chip is permanently attached to the cartridge housing, and has an encryption key stored therein. The memory chip has a chip configuration that allows readout of the encryption key from the memory chip when the housing is inserted into the tape drive. | 04-16-2009 |
20090097654 | METHOD AND SYSTEM FOR PERFORMING EXACT MATCH SEARCHES USING MULTIPLE HASH TABLES - A method and system to perform exact match searches for fixed- or variable-length keys stored in a search database. The method is implemented using a plurality of hash tables, each indexed using an independent hash function. A system implementing this method provides deterministic search time, independent of the number of keys in the search database. The method permits two basic implementations; one which minimizes memory storage, and another which minimizes search time. The latter requires only two memory accesses to locate a key. | 04-16-2009 |
20090097655 | Storage system and storage system management method - An object of the present invention is to prevent data from being tampered with, and to prevent operation mistakes, when sending and receiving data between a management software managing storage devices. | 04-16-2009 |
20090097656 | ELECTRONIC DEVICE AND ENCRYPTION METHOD THEREOF - An electronic device and an encryption method thereof are provided. The electronic device includes a control unit which encrypts an encryption key using an inherent key, and transmits the encrypted encryption key and a key index corresponding to the inherent key to a recording medium. Accordingly, encrypted content stored in a recording medium can be decrypted when an electronic device is malfunctioning or replaced with a new one. | 04-16-2009 |
20090097657 | Constructive Channel Key - A method of generating a constructive channel key includes providing an issuer with a card public key as the keying part of a CKM credential. An ephemeral key pair is computed by the issuer using pre-established enterprise domain parameters. A shared value for the ephemeral private key and the card public key is computed using D-H key agreement. The ephemeral private key is destroyed. The shared value is combined with a static key value. The static key value is split into four blocks. The first block is truncated to be used for a session encryption key. The second block is truncated to be used for a session MAC key. The third block is truncated to be used for a session key encryption key. The fourth block is truncated to be used for an initial IVEC. | 04-16-2009 |
20090097658 | Method and System for Archiving Communication Data by Means of Data Tracing - In a method for operating a computer system connected to a telecommunication network and provided with a data memory for storing communication data, a data trace is compiled from parameters selected from time, at least one position designation, and at least one content. A communication data set together with the data trace is stored as a data set that is retrievable by authorized persons. | 04-16-2009 |
20090103733 | METHOD AND SYSTEM FOR THE MANIPULATION-PROTECTED GENERATION OF A CRYPTOGRAPHIC KEY - The embodiments relate to a near field communication system including a plurality of near field communication devices which communicate with each other via a radio interface. During generation of a common cryptographic key between the near field communication devices of the near field communication system, at least one of the two near field communication devices monitors during generation of the cryptographic key via the radio interface in a generation period whether an additional near field communication device which could be a potential active attacker communicates with one of the near field communication devices via the radio interface. If such a suspicious type of communication is detected, generation of the common cryptographic key is optionally terminated. | 04-23-2009 |
20090110198 | METHOD AND APPARATUS FOR RESTORING ENCRYPTED FILES TO AN ENCRYPTING FILE SYSTEM BASED ON DEPRECATED KEYSTORES - The present invention provides a computer implemented method, data processing system, and computer program product to restore an encrypted file. A computer receives a command to restore an encrypted file, wherein the encrypted file was previously backed up. The computer identifies a user associated with the encrypted file. The computer looks up a first keystore of the user based on the user, the first keystore having an active private key. The computer determines that a public key of the encrypted file fails to match an active public key of the first keystore. The computer restores a second keystore of the user to form a restored private key, wherein the second keystore was previously backed up. The computer responsive to a determination that the public key of the encrypted file fails to match the active public key of the first keystore, decrypts the encrypted file encryption key based on the restored private key to form a file encryption key. The computer encrypts the file encryption key with the active private key of the first keystore. | 04-30-2009 |
20090116648 | Key production system - A key production system to determine a cryptographic key for a selected cryptoperiod being later than or equal to a cryptoperiod-A, and earlier than or equal to a different cryptoperiod-B, the system including a first receiver to receive a first key-component, associated with cryptoperiod-A, forming part of a first hash-chain progressing via a first one-way function, progressive key-components corresponding to later cryptoperiods, a second receiver to receive a second key-component, associated with cryptoperiod-B, forming part of a second hash-chain progressing via a second one-way function, progressive key-components corresponding to earlier cryptoperiods, first and second key-component determination modules to determine key-components in the first hash-chain and the second hash-chain, respectively, for the selected cryptoperiod, and a key determination module to determine the cryptographic key based on the key-components in the first and second hash chain for the selected cryptoperiod. Related methods and apparatus are also included. | 05-07-2009 |
20090116649 | REVOCATION OF A SYSTEM ADMINISTRATOR IN AN ENCRYPTED FILE SYSTEM - A method of securely storing electronic information includes a step in which target electronically stored information is encrypted with a first encryption key and then partitioned into a first set of encrypted ESI partitions a subset of which is able to reconstruct the unpartitioned encrypted ESI. This first set of encrypted ESI partitions is then encrypted with a first set of user encryption keys to form a first set of user-associated encrypted ESI partitions that are made available to a first set of users. When access to the target electronically stored information is changed, the target electronically stored information is accessed and then re-encrypted with a second encryption key to form a second encrypted ESI. This second encrypted ESI is then partitioned and distributed to a second set of users. | 05-07-2009 |
20090122987 | Enhanced transmission systems for use in wireless personal area networks - Method and computer program products for enhancing wireless communication in a wireless network are disclosed. In the wireless network, frames of data are transmitted in bursts. Wireless communication is enhanced by transmitting a first frame of source data that is scrambled using a scrambling sequence in a first burst, storing an indicator corresponding to the scrambling sequence for the first frame, identifying the scrambling sequence of the first frame for retransmission of the first frame, retransmitting the first frame (which is scrambled using the identified scrambling sequence) in a subsequent burst, receiving the transmitted and retransmitted first frames, and processing the received transmitted and retransmitted first frames to recover the source data. | 05-14-2009 |
20090122988 | METHOD AND APPARATUS FOR SECURELY REGISTERING HARDWARE AND/OR SOFTWARE COMPONENTS IN A COMPUTER SYSTEM - A system that securely registers components in a first system is presented. During operation, the first system receives a request from an intermediary system to obtain configuration information related to the components in the first system. In response to the request, the first system: (1) encrypts configuration information for the first system using a first encryption key; (2) encrypts the first encryption key using a second encryption key; and (3) sends the encrypted configuration information and the encrypted first encryption key to the intermediary system so that the intermediary system can forward the encrypted configuration information and the encrypted first encryption key to the second system, whereby the encrypted configuration information is cryptographically opaque to the intermediary system. Next, the second system uses the configuration information to register the components in the first system. | 05-14-2009 |
20090129595 | Verification of a product identifier - A system and method for enabling the verification of the authenticity of a product identification circuit, wherein the checking is based on an encryption key ( | 05-21-2009 |
20090129596 | System and Method for Controlling Comments in a Collaborative Document - A system, method, and program product is provided that operates when opening a word processing document that includes document content inserted at various insertion points within the document. The document is opened by a user that corresponds to a particular user identifier. The comments included in the document include recipient identifiers. A first set of comments are selected where the user's identifier is included in the recipient identifiers of the corresponding comments, and a second set of comments are selected where the user's identifier is not included in the recipient identifiers of the corresponding comments. The word processor displays the first set of comments at their respective insertion points within the document content and does not present the second set of comments. | 05-21-2009 |
20090129597 | REMOTE PROVISIONING UTILIZING DEVICE IDENTIFIER - Embodiments of the present invention provide for remote provisioning using a device identifier. In some embodiments, a client device may transmit the device identifier to a provisioning server and, sometime after an association of the device identifier and the client device has been authenticated, receive an operating system boot image from the provisioning server. Other embodiments may be described and claimed. | 05-21-2009 |
20090129598 | Microprocessor locking circuit and locking method therefor with locking function - A microprocessor locking circuit for use in a microprocessor comprising at least one program code is provided. The microprocessor locking circuit includes a predetermined key, wherein the microprocessor locking circuit receives an input key and compares the input key with the predetermined key after a reset period starts, wherein the program code is unlocked if the input key is identical to the predetermined key, and the program code is locked if the input key is different from the predetermined key. | 05-21-2009 |
20090136038 | APPARATUS FOR RECEIVING ENCRYPTED DIGITAL DATA AND CRYPTOGRAPHIC KEY STORAGE UNIT THEREOF - An apparatus for receiving encrypted digital data is provided. The apparatus includes a decryption circuit, a controller, an NVM, and a one-way device. The decryption circuit receives a piece of encrypted digital data and decrypts the encrypted digital data into a piece of decrypted digital data. The controller is coupled to the decryption circuit for controlling the flow of the decryption performed by the decryption circuit. The NVM is coupled to the decryption circuit for storing and providing a cryptographic key required in the decryption. The one-way device is coupled between an input bus and the NVM. The one-way device blocks read requests received from the input bus. Besides, the one-way device translates write requests received from the input bus into access signals compatible with the NVM and then outputs the access signals to the NVM. | 05-28-2009 |
20090136039 | SYSTEM AND METHOD OF RESTRICTING RECORDING OF CONTENTS USING DEVICE KEY OF CONTENT PLAYBACK DEVICE - The present invention relates to a system and method for restricting recording of contents using a device key of a content reproduction device. A content recording device includes a content recording unit for encrypting contents using a Content Encryption Key (CEK) and recording the encrypted contents in a recording medium; a CEK transmitting/receiving unit for transmitting the CEK to at least one content reproduction device, and receiving, from the at least one content reproduction device, an encrypted CEK being encrypted using a device key of each of the at least one content reproduction device; and a CEK recording unit for recording the encrypted CEK in the recording medium. | 05-28-2009 |
20090136040 | INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - Encrypted text data c | 05-28-2009 |
20090141901 | TERMINAL AND METHOD OF INCLUDING PLURALITY OF CONDITIONAL ACCESS APPLICATIONS IN BROADCASTING SYSTEM - A method of selectively using a CA application of a terminal, the method including: searching a CA application table when a service of fee-based contents is requested, and determining whether a corresponding CA application is installed; and extracting a key required for descrambling a broadcasting signal using the CA application, when the CA application is installed based on a result of the determining. | 06-04-2009 |
20090147959 | KEY STATUS DETECTING CIRCUIT - The present invention provides a key status detecting circuit for detecting key statuses of a plurality of key modules, wherein the key modules respectively include a plurality of key units. The key status detecting circuit includes a plurality of first logic units, a plurality of first signal registering units, a plurality of second logic units, a second signal registering unit, and a control unit. The key status detecting circuit provided by the present invention does not have to connect each key to different pins of the control unit respectively and does not have to have the control unit regularly poll a data bus to detect which key is pressed, and thus the pin amount and loading of the control unit can be reduced, and efficiency of the control unit can be improved. | 06-11-2009 |
20090147960 | CONTENT SEARCH DEVICE - A content search device calculates the number of valid encrypted contents as comparison objects contained in encrypted content databases and the number of valid decryption keys contained in decryption key databases. The database having the smaller number is decided to be a reference database. By successively reading out entries contained in the reference database, a combination of an encrypted content and a corresponding decryption key is searched. | 06-11-2009 |
20090154703 | Content Protection Using Encryption Keys Where only part of the private key is associated with end user data - The current invention addresses the problem of securely encrypting video content or any other content where a secret symmetrical key is used to decrypt the data by a hardware device such as a DVD player. The invention uses the same length of symmetrical key as used by current technology but the key is changed for every dataset encrypted. The symmetrical key is itself contained inside a packet attached to the first encryption data set where the packet is encrypted with a device's public key. The invention further adds to the security of the asymmetrical private key where the device itself only has part of the private key and the user has the other part of the private key. | 06-18-2009 |
20090154704 | Method and apparatus for securing content using encryption with embedded key in content - Method and apparatus enabled by computer (or equivalent) hardware and software for protection of content such as audio and video to be downloaded or streamed over a computer network such as the Internet. The content is provided to the user via streaming or downloads in encrypted form. The encryption is such that the content key decryption information is transmitted so that it itself is encrypted to be both device and session unique. That is, the key information can be used only to extract the content decryption key for a particular session and for a particular client device such as an audio or video consumer playing device. This prevents any further use or copying of the content other than in that session and for that particular client. The specificity is accomplished by using a device unique identifier and antireplay information which is session specific for encrypting the content key. A typical application is Internet streaming of audio or video to consumers. | 06-18-2009 |
20090154705 | Apparatus and Method for Facilitating Cryptographic Key Management Services - A cryptographic key management system includes executable instructions to control access to keys based on permissions for users and groups. Executable instructions support cryptographic operations on the keys through a network application program interface. The cryptographic operations are controlled by the permissions. The cryptographic operations are distributed between the servers and the clients in accordance with criteria specifying optimal execution of cryptographic operations between the servers and the clients. | 06-18-2009 |
20090161873 | METHOD AND APPARATUS FOR KEY MANAGEMENT IN AN END-TO-END ENCRYPTION SYSTEM - A method executed by a first network entity in communication with a second network entity. The method comprises maintaining a first key bank containing a key designated as an active key for the first network entity; maintaining a second key bank containing a key designated as a standby key for the first network entity; encrypting data for transmission to the second network entity using the active key for the first network entity; attempting to detect a match between (i) a representation of the standby key for the first network entity and (ii) a representation of a standby key for the second network entity received from the second network entity; and upon detecting a match, causing the active key for the first network entity to designate thereafter the key contained in the second key bank. | 06-25-2009 |
20090161874 | Key Management Method for Security and Device for Controlling Security Channel In Epon - A key management method for encrypting a frame in an Ethernet passive optical network (EPON) is provided. In the method, secure parameters including secure keys and their association numbers which are used in the present or will be used in the next by each secure channel are managed by composing a key information table. Then, it determines whether an association number of a received encryption frame is valid or not with reference to the key information table if the encryption frame of which association number has been changed is received. A secure key changes if the association number is determined to be valid, and the secure key does not change if the association number is not valid. | 06-25-2009 |
20090161875 | Mini Time Key Creation Memory Medium and System - To provide a method and a system for creating a mini time key from a time key, a plurality of mini time keys are created within a unit time period. First, a unit time decryption key is prepared immediately after the unit time is created. Then, the last mini time key is created by applying a one-way function to the unit time decryption key. A desired mini time key is created by applying the one-way function to a mini time key following the desired mini time key. In other words, the mini time keys are created as a timed series arranged in a descending order beginning with the last mini time key. In this manner, even when a specific mini time key is externally leaked for a specific reason, a following mini time key in a timed series can not be created by using this mini time key. In addition, even when the mini time keys are sequentially published, the security of the unit time decryption key is maintained. | 06-25-2009 |
20090169010 | METHOD AND SYSTEM FOR PROVIDING DATA FIELD ENCRYPTION AND STORAGE - An approach is provided for securely storing and managing sensitive data. A system and method are provided that include a central device that receives an actual data value from a requester, encrypts the actual data value, obtains a replacement value for the encrypted actual data value, obtains a secondary replacement value based on the encrypted actual data value, and transmits the replacement value to the requester for storage by the requester. The system and method also includes a storage device for storing the secondary replacement value in association with the encrypted actual data value at a secure location. The requester can later use the replacement value to retrieve the actual data value from the central device. | 07-02-2009 |
20090169011 | APPARATUS AND METHOD FOR NEGOTIATING PAIRWISE MASTER KEY FOR SECURING PEER LINKS IN WIRELESS MESH NETWORKS - A system and method for negotiating a pairwise master key (“PMK”) in wireless mesh networks. The system includes a plurality of mesh points that are configured to perform an abbreviated handshake protocol in negotiating a PMK and establishing a secure connection. The method for establishing a negotiated PMK is based on selecting a PMK before transmitting any data, and arranging available PMKs in a predetermined list so that a PMK can be negotiated in a limited number of exchanges. | 07-02-2009 |
20090169012 | VIRTUAL TPM KEY MIGRATION USING HARDWARE KEYS - The present subject matter is related to trusted computing, and more particularly to migration of virtual trusted platform module keys that are rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module that may perform one or more of inbound and outbound trusted platform module key migrations. Such migrations may be performed between a virtual trusted platform module and either a hardware or a virtual trusted platform module. | 07-02-2009 |
20090169013 | SYSTEM FOR AND METHOD OF CRYPTOGRAPHIC PROVISIONING - A system for and method of securely provisioning a module with cryptographic parameters, such as cryptographic keys and key tables, is presented. Such modules may be used to enable encrypted communications between mobile phones to which they are coupled. The system and method prevent a malevolent individual involved in manufacturing the modules from compromising the security of the module. In particular, the modules are provisioned by an entity different from the manufacturer. | 07-02-2009 |
20090169014 | DISTRIBUTION AND AUTHENTICATION OF PUBLIC KEYS USING RANDOM NUMBERS AND DIFFIE-HELLMAN PUBLIC KEYS - A system to exchange and authenticate public cryptographic keys between parties that share a common but secret password, using a pair of random numbers, a pair of Diffie-Hellman public keys computed from the random numbers and the password, a Diffie-Hellman symmetric secret key computed from the Diffie-Hellman public keys and the random numbers, and hashed values of arguments that depend upon these elements. | 07-02-2009 |
20090175450 | Systems and methods for obtaining information on a key in BB84 protocol of quantum key distribution - Systems and methods for obtaining information on a key in the BB84 (Bennett-Brassard 1984) protocol of quantum key distribution are provided. A representative system comprises a quantum cryptographic entangling probe, comprising a single-photon source configured to produce a probe photon, a polarization filter configured to determine an initial probe photon polarization state for a set error rate induced by the quantum cryptographic entangling probe, a quantum controlled-NOT (CNOT) gate configured to provide entanglement of a signal with the probe photon polarization state and produce a gated probe photon so as to obtain information on a key, a Wollaston prism configured to separate the gated probe photon with polarization correlated to a signal measured by a receiver, and two single-photon photodetectors configured to measure the polarization state of the gated probe photon. | 07-09-2009 |
20090175451 | Target Of Opportunity Recognition During An Encryption Related Process - A method, system, and computer program product are provided for utilizing target of opportunity to perform at least one special operation while a key session is opened with a key manager for another purpose. The method of recognizing a target of opportunity includes receiving a command to be performed on a removable storage medium and determining if the command requires interaction with the encryption key manager. If it is determined that the command requires interaction with the key manager the command is held off. A request is sent to the encryption key manager. A target of opportunity is recognized by determining if at least one special operation may be performed. If it is determined that at least one special operation may be performed then the at least one special operation and the request are performed. | 07-09-2009 |
20090175452 | Key Management and User Authentication for Quantum Cryptography Networks - Key management and user authentication systems and methods for quantum cryptography networks that allow for users securely communicate over a traditional communication link (TC-link). The method includes securely linking a centralized quantum key certificate authority (QKCA) to each network user via respective secure quantum links or “Q-links” that encrypt and decrypt data based on quantum keys (“Q-keys”). When two users (Alice and Bob) wish to communicate, the QKCA sends a set of true random bits (R) to each user over the respective Q-links. They then use R as a key to encode and decode data they send to each other over the TC-link. | 07-09-2009 |
20090175453 | STORAGE APPARATUS AND ENCRYPTED DATA PROCESSING METHOD - A storage apparatus has an encryption key updater for configuring an updated encryption key and identification information thereof, an encryptor for encrypting data by a specific unit according to the encryption key, a storage for adding the identification information to the encrypted data and storing the data and the identification information onto a recording medium, a reader for reading the encrypted data and the identification information, a judge for judging whether the identification information read by the reader matches the identification information configured by the encryption key updater, and a decryptor for decrypting the encrypted data and outputting the decrypted data where the judge judges that the identification information matches the identification information configured by the encryption key updater. | 07-09-2009 |
20090175454 | WIRELESS NETWORK HANDOFF KEY - The present invention provides a method and system for handoff in a wireless communication network. In one embodiment, a common handoff encryption key is generated by an authentication server and transmitted to a first access point and a second access point. The first access point transmits the handoff encryption key to a wireless terminal. The wireless terminal encrypts output data with the handoff encryption key. When the wireless terminal is associated with the second access point, the second access point decrypts data from the wireless terminal with the handoff encryption key. In a second embodiment, a handoff WEP key generation secret parameter is provided to a first and a second access point. Both access points generate a handoff WEP key as a function of the handoff WEP key generation secret parameter and an address of a wireless terminal. The first access point transmits the handoff WEP key to the wireless terminal. The second access point communicates data packets encrypted with the handoff WEP key with the wireless terminal. | 07-09-2009 |
20090185686 | METHOD TO TRACE TRACEABLE PARTS OF ORIGINAL PRIVATE KEYS IN A PUBLIC-KEY CRYPTOSYSTEM - The aim of the present invention is to propose a very fast alternative mechanism to the traitor tracing algorithm introduced by Boneh and Franklin to trace private keys in a public-key cryptosystem. This invention concerns a method to trace traceable parts of original private keys in a public-key cryptosystem consisting of one public key and l corresponding private keys, a private key being formed by a traceable array of 2 | 07-23-2009 |
20090185687 | Systems and Methods for Mutual Authentication Using One Time Codes - Methods and systems for mutual authentication and personalizing a transaction device, such as a payment, transaction, or identity card. Successively generated one time codes are calculated by a first and second entity. One of the codes is transmitted to the second entity, which verifies the code is proper, then encrypts a second one time code using a third one time code and transmits the encrypted data to the first entity. The first entity decrypts the data using the third one time code, verifies the encrypted second one time code is proper, thereby mutually authenticating, and establishing a shared encryption key for subsequent communications, including transmission of personalization data. | 07-23-2009 |
20090185688 | DELIVERING ENHANCED MULTIMEDIA CONTENT ON PHYSICAL MEDIA - Enhanced multimedia content on physical media interacts with the user through a media player and the Internet. Enhanced multimedia utilizes IDs for pieces of content on the media and a media key block. On the enhanced media is a file with a list of URLs. As the enhanced media plays a section requiring a set of keys for decryption, the media player accesses the URL for that section and obtains the decryption key. The decryption key may be purchased or provided for free. Secure encryption and transmission of these keys is accomplished by broadcast encryption using a media key block. Each media has a unique set of keys that allow the media player to process the media key block; however, each media follows a unique path through the media key block. All legitimate media players obtain the media key; circumvention devices cannot decipher the media key block. | 07-23-2009 |
20090190762 | METHOD AND SYSTEM FOR PREVENTING GENERATION OF DECRYPTION KEYS VIA SAMPLE GATHERING - Methods and systems for preventing generation of decryption keys via statistical sample gathering may include verifying a one-key message authentication code (OMAC) decryption key in received data and inserting a delay time before subsequent OMAC verifications upon a failure of the verifying. The delay time may be increased, doubled, for example, with each failure of the subsequent OMAC verifications. The cryptographic system may be disabled upon reaching a defined number of OMAC verification failures. The delay time may be reset upon an OMAC verification pass. A number of OMAC verification failures may be stored in non-volatile memory. The OMAC verification may be one of a plurality of key verifications in a key ladder system. A service provider may be required to reset the cryptographic system when the cryptographic system may be disabled due to multiple OMAC failures. The received data may be AES, DES or 3-DES encrypted. | 07-30-2009 |
20090190763 | Processing Multi-Key Content - Multi-key content processing systems and methods, for processing content with at least one distribution target position. Each of the distribution target positions corresponds to an authorization key. An example method includes the steps of: encrypting said content with a content key; forming a key link based on said content key and the authorization key of said at least one distribution target position; and attaching said key link to the encrypted content. | 07-30-2009 |
20090196423 | METHODS TO DEFEND AGAINST TAMPERING OF AUDIT RECORDS - Embodiments of the invention provide systems and methods for detection of tampering with an audit record for a database. According to one embodiment, a method for detection of tampering with an audit record for a database can comprise reading one or more audit records for a time period from an audit table. The one or more audit records can each include a time stamp and reading the one or more audit records can comprise reading audit records having a timestamp within the time period. An encrypted record, such as a message digest record, for the time period can be generated based on the one or more audit records and including the time stamps. The message digest record can be stored in a message digest table. In some cases, the message digest table can be maintained in a trusted data store. | 08-06-2009 |
20090196424 | Method for security handling in a wireless access system supporting multicast broadcast services - One object of the present invention is a method for security handling in a wireless access system supporting Multicast Broadcast Services MBS, said method comprising the steps of:
| 08-06-2009 |
20090202077 | APPARATUS AND METHOD FOR SECURE DATA PROCESSING - A method for secure processing of a data stream using a secret key stored in a key storage, with the data stream including content data and context information, with the key storage holding several secret keys, the method including: extracting the context information from the content data stream; generating address information based on the context information for accessing one of the several secret keys stored in the key storage; retrieving from the key storage the one of the several secret keys using the address information; processing the content data using the retrieved secret key. Further disclosed is an apparatus for secure data processing. | 08-13-2009 |
20090202078 | DEVICE, SYSTEM, AND METHOD OF SECURELY EXECUTING APPLICATIONS - Device, system, and method of executing secure-processing (SEP) applications. Some demonstrative embodiments include a secure-processing (SEP) hardware module including a processor capable of executing at least one SEP application, wherein the SEP hardware module is configured to perform at least one of encrypting and decrypting data handled by the SEP application using an application-specific application-key corresponding to the SEP application, only if the processor begins execution of the SEP application at an approved entry point of the SEP application, and wherein the application-key corresponding to the SEP application is based at least on an internal key internally stored by the SEP hardware module and on application-specific information corresponding to the SEP application. Other embodiments are described and claimed. | 08-13-2009 |
20090208014 | METHOD AND APPARATUS FOR VERIFYING AND DIVERSIFYING RANDOMNESS - Method and apparatus for ensuring randomness of pseudo-random numbers generated by a conventional computer operating system or electronic device. Typically pseudo-random number generators used in computer operating systems or electronic devices may be penetrated by a hacker (pirate), who penetrates a cryptographic or other supposedly secure process using the random numbers by tampering with the input random numbers, thus making them nonrandom. The present method and apparatus are intended to verify such random numbers to make sure that they are indeed random enough, by applying suitable random tests. Only if the values pass the test are they passed on for use in the cryptographic or other process. If they fail the test, a new set of random numbers is requested from the pseudo-random number generator. These are again tested. Further a diversity function may be applied to the random numbers even if they have passed the random number test in order to improve their randomness. This diversity function is for instance double encryption. An anti-replay feature is also included by which the pool of random numbers is subject to a check on each cycle to make sure that there has been no duplication of the input random numbers. | 08-20-2009 |
20090208015 | OFFLINE CONSUMPTION OF PROTECTED INFORMATION - The offline consumption and publication of protected information in a networked environment. The offline consumption of protected information is accomplished by having the consuming user maintain a store of asymmetric encryption keys. The protected information is encrypted by the publishing user using a symmetric key and the symmetric key is then encrypted using a public asymmetric key associated with the consuming user. The consuming user received the protected information and a usage policy containing the encrypted symmetric key. The consuming user verifies that it can decrypt the symmetric key using a private asymmetric key maintained by the consumer. The user then decrypts the symmetric key and accesses the content of the protected information. | 08-20-2009 |
20090208016 | DOMAIN DIGITAL RIGHTS MANAGEMENT SYSTEM, LICENSE SHARING METHOD FOR DOMAIN DIGITAL RIGHTS MANAGEMENT SYSTEM, AND LICENSE SERVER - Disclosed is a domain DRM system, a license sharing method for the domain DRM system, and a license server. The domain DRM system includes at least one domain including at least one user module adapted for encryption or decryption using a provided encryption key and a domain manager adapted for decryption using a provided encryption key, and a license server for creating encryption keys corresponding to the domain manager and the one user module, respectively, and providing them with the created contents, respectively, so that, when at least one user module requests contents, a contents encryption key used to encrypt the contents is encrypted by using an encryption key of the user module and an encryption key of the domain manager according to a commutative encryption scheme, and one of the domain manager and the user module is provided with a shared license obtained as a result of encryption. | 08-20-2009 |
20090208017 | VALIDATION OF ENCRYPTION KEY - A label corresponding to a cryptographic key is stored at a first computational device. A user provided label is received at a second computational device. The user provided label is sent from the second computational device to the first computational device. The user provided label is compared to the label stored at the first computational device. The cryptographic key is used to perform cryptographic operations on data, in response to determining that the user provided label matches the label stored at the first computational device. | 08-20-2009 |
20090208018 | DATA TRANSFER DEVICE - A data transfer device for transferring data to a removable data storage item. The data transfer device receives content data to be stored to the removable data storage item, encrypts the content data using an encryption key, and transforms at least one of predetermined reference data and the encryption key. The data transfer device also encrypts the transformed predetermined reference data using the encryption key or encrypts the predetermined reference data using the transformed encryption key, and then stores the encrypted content data and the encrypted transformed/predetermined reference data to the removable data storage item. | 08-20-2009 |
20090208019 | METHOD AND APPARATUS FOR ENCRYPTING/DECRYPTING DATA - The present invention relates to a method and apparatus for encrypting data ( | 08-20-2009 |
20090208020 | Methods for Protecting from Pharming and Spyware Using an Enhanced Password Manager - Methods implemented by enhanced Password Manager for protecting against Pharming and Spyware comprising matching a saved record with certificate of website and withholding saved record's data if a match is not found. Further comprising, scrambling of retrieved data with a scrambling key wherein said key is synchronized with website. | 08-20-2009 |
20090214040 | Method and Apparatus for Protecting Encryption Keys in a Logically Partitioned Computer System Environment - In a logically partitioned computer system, a partition manager maintains and controls master encryption keys for the different partitions. Preferably, processes executing within a partition have no direct access to real memory, addresses in the partition's memory space being mapped to real memory by the partition manager. The partition manager maintains master keys at real memory addresses inaccessible to processes executing in the partitions. Preferably, a special hardware register stores a pointer to the current key, and is read only by a hardware crypto-engine to encrypt/decrypt data. The crypto-engine returns the encrypted/decrypted data, but does not output the key itself or its location. | 08-27-2009 |
20090214041 | Image forming apparatus, data processing method, and computer readable recording medium - A disclosed image forming apparatus has a cryptographic unit for performing a cryptographic function. The image forming apparatus includes a first managing unit for managing data representing first lists of cryptographic strengths authorized to be used separately for each subject that uses the cryptographic function; and a second managing unit for managing data representing a second list of cryptographic strengths set for the image forming apparatus. The cryptographic unit obtains the first list of the cryptographic strengths authorized to be used for the subject attempting to use the cryptographic function from the first managing unit. The obtained first list of the cryptographic strengths and the second list of the cryptographic strengths are logically multiplied to produce one or more first logical multiplication cryptographic strengths. The one or more first logical multiplication cryptographic strengths are usable to perform the cryptographic function. | 08-27-2009 |
20090220088 | AUTONOMIC DEFENSE FOR PROTECTING DATA WHEN DATA TAMPERING IS DETECTED - A computer implemented method, data processing system, and computer program product for providing an autonomic defense when data tampering is detected in a data processing system where data is maintained and transmitted in unencrypted form. When notification of data tampering activity in the data processing system is received, a determination is made as to whether the data tampering activity meets or exceeds a threshold. If the threshold is met or exceeded, an encryption key is read from a persistent storage location into memory. The key is erased from the persistent storage location. The data in the data processing system is encrypted using the key to form encrypted data. The key is then erased from memory. | 09-03-2009 |
20090220089 | METHOD AND APPARATUS FOR MAPPING ENCRYPTED AND DECRYPTED DATA VIA A MULTIPLE KEY MANAGEMENT SYSTEM - A method, apparatus and program product for encryption/decryption of data on a volume of data storage media including dividing the volume into a plurality of locations, assigning a unique key to each location for encryption/decryption of data in the respective location of the volume, mapping the locations and keys in the key manager, and encrypting/decrypting data on the volume based on the data's physical location on the volume. The owning entity owning each location on the volume may also be mapped, and the keys for each location owned by the same owning entity may be the same. | 09-03-2009 |
20090220090 | TAMPER RESISTANT METHOD, APPARATUS AND SYSTEM FOR SECURE PORTABILITY OF DIGITAL RIGHTS MANAGEMENT-PROTECTED CONTENT - An apparatus and system provide a tamper-resistant scheme for portability of DRM-protected digital content. According to embodiments of the invention, a portable crypto unit may be utilized in conjunction with a VT integrity services (VIS) scheme as well as a Virtual Machine Manager (VMM) and a TPM to provide a secure scheme to protect digital content. Additionally, in one embodiment, the digital content may be partitioned into blocks comprising multiple segments to further enhance the security of the scheme. | 09-03-2009 |
20090220091 | COMMUNICATION SECURITY - The current IMS security architecture only protects data transmitted in the IMS control plane. Embodiments are described which provide end-to-end encryption of data transmitted in the IMS media plane but which also allow lawful interception and interpretation of such end-to-end communications under the control of the relevant IMS core ( | 09-03-2009 |
20090232310 | Method, Apparatus and Computer Program Product for Providing Key Management for a Mobile Authentication Architecture - An apparatus for providing key management for a mobile authentication architecture may include a processor. The processor may be configured to provide a request for key revocation over an interface otherwise defined for sharing key acquisition information between a bootstrapping server function and a network application function, and cancel key information associated with the request for key revocation. | 09-17-2009 |
20090232311 | METHOD FOR SECURELY AND AUTOMATICALLY CONFIGURING ACCESS POINTS - The present invention is contemplates an automatic, secure AP configuration protocol. Public/private keys and public key (PK) methods are used to automatically establish a mutual trust relationship and a secure channel between an AP and at least one configuration server. An AP automatically forwards a location identifier to the configuration server, and the configuration server delivers common, AP specific, and location specific configuration parameters to the AP. | 09-17-2009 |
20090245519 | RENEWAL MANAGEMENT FOR DATA ITEMS - A system, method apparatus, and computer readable medium for managing renewal of a dynamic set of data items. Each data item has an associated renewal deadline, in a data item management system. A renewal schedule allocates to each data item a renewal interval for renewal of the data item. On addition of a new data item, if a potential renewal interval having a duration required for renewal of the data item, and having an ending at the renewal deadline for that item does not overlap a time period in the schedule during which the system is busy, the renewal schedule is automatically updated by allocating the potential renewal interval to the new data item. If the potential renewal interval does overlap a busy period, the renewal schedule is automatically updated by selecting an earlier renewal interval for at least one data item in the set. | 10-01-2009 |
20090252327 | COMBINATION WHITE BOX/BLACK BOX CRYPTOGRAPHIC PROCESSES AND APPARATUS - Method and apparatus for increasing security of a cryptographic algorithm such as deciphering, enciphering, or a digital signature. A cryptographic algorithm and a key are provided such that a deciphering process, for instance, is partitioned between two portions. The portion of the cryptographic algorithm carried out in the first portion is implemented in a “white box” model such that it is highly secure even against an attack by the user who has full access to internal operations, code execution and memory of the user device, such as a hacker or attacker. The remaining portion of the algorithm is carried out in the second portion. Since this second portion has relaxed security constraints, its code may be implemented using a “black box” approach where its code execution may be more efficient and faster, not requiring the code obfuscation of the white box implementation in the user device. This partitioning may be achieved using a delegation protocol. The chief advantage is that even given a limited code size for the cryptographic process, the security of the system is improved by carrying out the more computationally intensive functions more efficiently in the black box portion and executing the less computationally intensive function in the white box portion. | 10-08-2009 |
20090257594 | SECURE DEBUG INTERFACE AND MEMORY OF A MEDIA SECURITY CIRCUIT AND METHOD - A method, system and apparatus of a secure debug interface and memory of a media security circuit and method are disclosed. In one embodiment, a host processor, an external hardware circuit to encrypt an incoming data bit communicated to a debug interface using a debug master key stored at a pointer location of a memory (e.g., the memory may be any one of a flash memory and/or an Electrically Erasable Programmable Read-Only Memory (EEPROM)) and to decrypt an outgoing data bit from the debug interface using the debug master key, and a media security circuit having the debug interface to provide the pointer location of the memory having the debug master key to the external hardware circuit. | 10-15-2009 |
20090257595 | Single Security Model In Booting A Computing Device - A method and apparatus for securely booting software components in an electronic device to establish an operating environment are described herein. According to an aspect of the invention, software components are to be executed in sequence in order to establish an operating environment of a device. For each software component, a security code is executed to authenticate and verify an executable code image associated with each software component using one or more keys embedded within a secure ROM (read-only memory) of the device and one or more hardware configuration settings of the device. The security code for each software component includes a common functionality to authenticate and verify the executable code image associated with each software component. In response to successfully authenticating and verifying the executable code image, the executable code image is then executed in a main memory of the device to launch the associated software component. | 10-15-2009 |
20090262940 | MEMORY CONTROLLER AND MEMORY DEVICE INCLUDING THE MEMORY CONTROLLER - A memory controller includes a security key and parameter storage unit and a security engine. The security key and parameter storage unit stores at least one security key and at least one parameter that are used during encryption or decryption. The security engine receives encrypted data stored in an external boot memory, decrypts the received encrypted data by using the security key and the parameter, and outputs the decrypted data to a central processing unit (CPU), in a security operation mode. | 10-22-2009 |
20090262941 | TECHNIQUES FOR MANAGING KEYS USING A KEY SERVER IN A NETWORK SEGMENT - The election of a key server is provided. The key server is a single device that broadcasts an encryption key to other devices in a network segment. Also, automatic reelection of a new key server is provided when a current key server becomes unavailable. Key receivers may separately detect that a new key server is needed and separately determine from state information which key receiver should be elected the new key server. The state information may have been received in previously sent messages. Thus, further messaging is not needed to elect a new key server. | 10-22-2009 |
20090274304 | LICENSE MANAGEMENT APPARATUS AND METHOD AND LICENSE MANAGEMENT SYSTEM - When a function inactivation process is instructed on an MFP A, all the functions are inactivated and a function inactivation certification key is issued, and then resources related to the functions are transmitted to an MFP-B. When reception of the resources is completed on the MFP-B, a function duplication completion certification key is issued. When these keys are input to a licensing server, a database is updated, and a function activation key is issued. When the function activation key is input to the MFP B, the functions related to the transmitted resources are carried out. | 11-05-2009 |
20090285396 | Database processing on externally encrypted data - Various techniques are described for processing externally encrypted data by database management system. Specifically, techniques are described for incorporating encrypted data stored in a first database that was encrypted by a first database management system into a second database where the encrypted data is accessed by a second database management system. When accessing externally encrypted data incorporated into the second database, the second database management system can decrypt portions of the data as needed. Because of the manner of incorporation of externally encrypted data into the second database, specifically because the externally encrypted data need not be decrypted before being incorporated into the second database, the computational overhead and security concerns associated with conventional approaches for migrating encrypted data from one database management system to another are avoided. | 11-19-2009 |
20090285397 | MEDIA PROCESSOR AND RECORDING MEDIUM CONTROL METHOD - In a media processor for reading data from or writing data into a recording medium with which mutual authentication has been performed, an authentication processing section generates key information of the recording medium and obtains authentication information of attributes of data stored in the recording medium. An identification information retrieval section obtains identification information of the recording medium. A control section associates the key information, the authentication information, and the identification information with each other to store them in a storage section. In a case in which the recording medium is changed to anther one, if the identification information of the another recording medium matches the identification information stored in the storage section, the media processor uses the key information and the authentication information stored in the storage section. | 11-19-2009 |
20090285398 | VERIFICATION OF THE INTEGRITY OF A CIPHERING KEY - A method for verifying the integrity of a key implemented in a symmetrical ciphering or deciphering algorithm, including the steps of complementing to one at least the key; and verifying the coherence between two executions of the algorithm, respectively with the key and with the key complemented to one. | 11-19-2009 |
20090290712 | ON-DIE CRYPTOGRAPHIC APPARATUS IN A SECURE MICROPROCESSOR - An apparatus providing for a secure execution environment, including a secure non-volatile memory and a microprocessor. The secure non-volatile memory stores a secure application program. The secure application program is encrypted according to a cryptographic algorithm. The microprocessor is coupled to the secure non-volatile memory via a private bus and to a system memory via a system bus. The microprocessor executes non-secure application programs and the secure application program. The non-secure application programs are accessed from the system memory via the system bus. Transactions over the private bus are isolated from the system bus and corresponding system bus resources within the microprocessor. The microprocessor has a cryptographic unit, disposed within execution logic. The cryptographic unit is configured to encrypt the secure application program for storage in the secure non-volatile memory, and is configured to decrypt the secure application program for execution by the microprocessor. | 11-26-2009 |
20090290713 | Privacy-aware content protection system - A method for preventing rendering of content at overlapping time periods on more rendering devices than permitted by a license associated with the content is disclosed. The method includes: transmitting the following to a rendering device of a user: the content, first software that is operative to receive the content and to associate keys with the content, identification information (ID) that is associated with the user, and second software that comprises a player for rendering the content, receiving the following information from the rendering device during rendering of the content: a number representation X which comprises a number representation in bits of a result obtained from encrypting together a number representation of a present time interval and the ID, both encrypted with a public key of a key pair generated at the rendering device, and a number representation which comprises a number representation in bits of a share (SH) of a private key of the key pair generated at the rendering device, and detecting an attempt to render the content at overlapping time periods on more rendering devices than permitted by the license associated with the content based on a determination that number representations X received from separate rendering devices are identical, and number representations Y received from the separate rendering devices and paired with the number representations X received from the separate rendering devices are different. Related apparatus and methods are also disclosed. | 11-26-2009 |
20090296933 | INTEGRATED CIRCUIT AND A METHOD FOR SECURE TESTING - An integrated circuit that includes a controller and multiple internal circuitries, whereas the integrated circuit is characterized by further including a security mode determination unit that includes multiple one time programmable components for defining a security mode out of multiple possible security modes, whereas a selected circuitry mode affects access to an internal circuitry. | 12-03-2009 |
20090296934 | METHODS AND SYSTEMS FOR MAINTAINING SECURITY KEYS FOR WIRELESS COMMUNICATION - Certain embodiments allow security keys to be maintained across mobile device states, or communication events, such as hand-over, and system idle and sleep power savings modes. By monitoring the lifetime of security keys, keys may be refreshed in an effort to ensure key lifetimes will not expire during a hand-over process or other device unavailable state. | 12-03-2009 |
20090296935 | DECODING AND ENCODING DATA - Various example embodiments are disclosed. According to an example embodiment, a method may include receiving data which has been encoded according to a first higher complexity protection scheme and compressed. The method may also include decompressing the data. The method may also include decoding the data according to the first higher complexity protection scheme using a first higher complexity key. The method may also include encoding at least the first portion of the data according to a second higher complexity protection scheme using a second higher complexity key. The method may also include encoding at least a second portion of the data according to a lower complexity protection scheme using a lower complexity key. | 12-03-2009 |
20090296936 | SYSTEM AND METHOD FOR CREATING A SECURE BILLING IDENTITY FOR AN END USER USING AN IDENTITY ASSOCIATION - A system and method include a device connectable to a private network and designed to access to a public network, the device used to control identity associations for end user devices in the private network, wherein the device has an associated device key and is operable to receive additional keys associated with service providers, and a conditional access system associated with the device, the conditional access system operated by a key authority to manage the device key and to authenticate the service provider keys thereby allowing identity associations between the private network and the service providers. | 12-03-2009 |
20090296937 | DATA PROTECTION SYSTEM, DATA PROTECTION METHOD, AND MEMORY CARD - This data protection system encrypts and stores data in a memory card, using a double encryption key scheme for encrypting the data with a data key and further encrypting the data key with a user key. This system provides data to a particular host device from the memory card and limits provision of the data to other host devices. The host device includes DPS program that governs control of writing data to, and reading data from the memory card. The memory card includes a first non-volatile memory and a memory controller that controls the first non-volatile memory. DPSA program is implemented in the memory controller that manages ID information for identifying a user capable of decrypting the encrypted data with the user key. | 12-03-2009 |
20090304185 | METHOD OF TRACING DEVICE KEYS FOR BROADCAST ENCRYPTION - Provided are a method of tracing a device key in a user key management system using a hierarchical hash chain broadcast encryption scheme (HBES) algorithm, a user key management system for executing the method of tracing a device key, and a computer program for executing the method of tracing a device key. The method of tracing a device key of an illegal decoder in a user key management system for broadcast encryption includes: tracing a device key using a binary search; and revoking the traced device key. The technology according to the present invention can be applied to prevent exposure of the device keys to hacking. The present invention provides a method of tracing which can be applied to an HBES algorithm structure. | 12-10-2009 |
20090310787 | Image Forming Apparatus, Key Management Server, Activation System, and Deactivation System - The image forming apparatus has: a network communication unit capable of communicating with a web server via a network; a web browser that accesses the web server via communication by the network communication unit, and acquires an activation key from the web server; and an activating unit that activates an optional function with the activation key. The key management server machine has: an activation key generating unit that generates an activation key corresponding to an optional function of an image forming apparatus; and a web server that receives identification information on the image forming apparatus and identification information on the optional function, and transmits an activation key to the image forming apparatus, the activation key corresponding to an optional function specified by the identification information on the optional function. | 12-17-2009 |
20090316905 | KEY EXCHANGE THROUGH A SCRAMBLE METHODOLOGY AND SYSTEM - The method, system, and apparatus of key exchange through a scramble methodology and system is disclosed. In one embodiment, the method includes generating a security key associated with a protected media content, disassembling the security key (e.g., may be an unencrypted key) into a set of key bits, generating non-key bits (e.g., may be arbitrarily and/or randomly created binary numbers), placing the non-key bits disbursed between at least some of the set of key bits based on an algorithm of a control register module of a scatter module, algorithmically specifying a number of the set of key bits and the non-key bits in a packet, and communicating the packet and other packets each having the non-key bits disbursed between at least some the set of key bits of each of the packet and the other packets to a gather module. | 12-24-2009 |
20090316906 | METHOD OF VERIFYING THE INTEGRITY OF AN ENCRYPTION KEY OBTAINED BY COMBINING KEY PARTS - The method of verifying the integrity of an encryption key (K) obtained by combining at least two key portions (KM, M) in a protected zone ( | 12-24-2009 |
20090323958 | EXTENDING A SECRET BIT STRING TO SAFEGUARD THE SECRET - A method and system extends a secret bit string to safeguard the secret. In one embodiment, the method comprises adding a secret bit string of length s to a product of two random bit strings using arithmetic defined for polynomials over GF(2) to produce an extended bit string. The extended bit string has a length m that is longer than s. A total of n shares are generated from the extended bit string, of which at least k shares are needed to reconstruct the secret bit string. The n shares are distributed to a plurality of cooperating computing entities for secret sharing. | 12-31-2009 |
20090323959 | Method for producing two-dimensional code reader for reading the two-dimensional code - A method of producing a two-dimensional code having a code area in which data codes coded as codewords are mapped. First type of data codes is mapped in the code area. The first type of data codes are coded as the codewords and indicating data to be disclosed. An end identification code is added to an end of a code string composed of the first type of data codes, the end identification code showing the end. Second type of data codes are mapped after the end identification code in the code area, the second type of data codes being coded as the codewords and indicating data to be kept in secret. Filler codes showing no data after the second type of data codes are mapped to fill up the code area, when a total amount of the codewords in the code area is less than a capacity of the code area. | 12-31-2009 |
20090323960 | METHOD AND SYSTEM FOR HIDING THE DECRYPTION KEY IN A DISPERSIVE WAY - A method for hiding the decryption key in a dispersive way is disclosed. A decryption key corresponding to content to be accessed is decomposed into at least two partial decryption keys, comprising first partial decryption key and second partial decryption key. The first partial decryption key is stored in a memory device. The second partial decryption key is stored in a hidden area of the memory device. When the memory device is installed on an electronic device, an application installed in the electronic device is activated. The application retrieves the first partial decryption key from the memory device and the second partial decryption key from the hidden area of the memory device, re-organizes and codes the first and second partial decryption keys to recover the decryption key, and decrypts the content using the decryption key, enabling the electronic device to access the content. | 12-31-2009 |
20090323961 | DATA ENCRYPTION AND/OR DECRYPTION BY INTEGRATED CIRCUIT - In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, in at least in part, stored in and/or retrieved from, respectively, at least one region of the at least one storage device. The at least one region and a second key may be associated with at least one access privilege authorized, at least in part, by an administrator. The second key may be stored, at least in part, externally to the at least one storage device. The first key may be obtainable, at least in part, based, at least in part, upon at least one operation involving the second key. Of course, many alternatives, modifications, and variations are possible without departing from this embodiment. | 12-31-2009 |
20090323962 | SECURE MULTICAST CONTENT DELIVERY - In one embodiment, a method for establishing a secure multicast channel between a service provider and a terminal is provided. A request is received from the service provider for a configuration of the terminal. A configuration of the terminal at a first time is sent to the service provider. A security key is obtained, wherein the security is bound to the configuration of the terminal at the first time. Then the security key is decrypted using a configuration of the terminal at a second time, wherein the decryption fails if the configuration of the terminal at the second time is not identical to the configuration of the terminal at the first time. A secure multicast channel is then established with the service provider using the security key. | 12-31-2009 |
20090323963 | Methods and Media for Recovering Lost Encryption Keys - An information handing system provides a method for recovering encryption keys. The method includes providing a first recording medium of a plurality of recording media in a first drive of a plurality of drives. A first key is requested from a primary key manager (PKM) associated with the first drive, wherein the first drive provides a first key identifier (ID) to the PKM. If it is determined that the PKM provides the first key corresponding to the first key ID, a first identifying information for the PKM is stored in a memory for the first recording medium. | 12-31-2009 |
20090323964 | SYSTEM AND METHOD OF UPDATING KEY BASED ON COMMUNICATION COST AND SECURITY DAMAGE COST - A system and method of updating a key based on communication and security damage costs are provided. The key updating system for group communication between a plurality of group members, includes a key update cycle determining unit to determine a key update cycle based on a communication cost and a security damage cost, and a key updating unit to perform a key updating with respect to one or more group members of the group communication based on the determined key update cycle. | 12-31-2009 |
20100014675 | Appraising Systems With Zero Knowledge Proofs - A system, method, and computer program product are provided for requesting a proof of a security policy in a client system. Additionally, a system, method, and computer program product are provided for proving a security policy to an interrogator system. | 01-21-2010 |
20100014676 | PRIVACY MANAGEMENT FOR TRACKED DEVICES - A device, method, system and computer readable medium for the protection of private data while permitting the monitoring or tracking of electronic devices that are shared for both business and private purposes. | 01-21-2010 |
20100027797 | Playing Apparatus and Management Method - According to one embodiment, a playing apparatus reading a encrypted content and a content key configured to decrypt the encrypted content with use conditions set therein from a storage medium with the encrypted content and the content key for decrypting the encrypted content stored therein, decrypting the encrypted content by using the content key, and playing decrypted content, the apparatus includes a deletion module configured to delete the content key and the encrypted content from the storage medium with reference to the use conditions of the content key when the encrypted content is unable to be decrypted by using the content key. | 02-04-2010 |
20100034388 | DATA PROTECTION SYSTEM THAT PROTECTS DATA BY ENCRYPTING THE DATA - A data protection system is provided that reduces, to a degree, the amount of encrypted data that is distributed to a plurality of terminals. In the data protection system a terminal whose decryption keys are exposed by a dishonest party is made to be unable to decrypt the data correctly, while other terminals are able to decrypt the data correctly. | 02-11-2010 |
20100034389 | CONDITIONAL ACCESS SYSTEM AND METHOD FOR LIMITING ACCESS TO CONTENT IN BROADCASTING AND RECEIVING SYSTEMS - A conditional access system and method provides conditional access by a subscriber's network terminal over a computer network to encrypted content of a content provider. The conditional access system includes a content stream adapting server that receives streams of encrypted content from the content provider, reformats the encrypted content streams using session keys into a format suitable for transmission by IP addressing, and assigns a unique IP address in the computer network to the reformatted encrypted content streams. An access control server provides access to the encrypted content streams under control of an operator of the computer network. A validating server provides the session keys to the content stream adapting server, receives from a subscriber a request for an encrypted content stream, validates the subscriber for access to the requested encrypted content stream and, upon validation of the subscriber, provides the subscriber's network terminal with the session keys for the selected encrypted content stream through a secure network channel and authorizes the access control server to provide access to the selected encrypted content stream by the network terminal of the subscriber. The content provider maintains control over distribution of the selected encrypted content stream through selective validation of subscribers at the validating server and may be paid directly for the selected content by the subscriber using a prepaid PIN code card issued by the content provider. | 02-11-2010 |
20100040233 | PROTOCOL FOR DEVICE TO STATION ASSOCIATION - A technique that enables a portable device to be automatically associated with a plurality of computers. Information that a computer can use to authenticate a portable device and establish a trusted relationship prior to creating an association with the portable device is created and stored in a data store that is accessible by a plurality of computers and is associated with a user of the portable device. When a computer discovers such a portable device with which it is not yet associated, the computer can identify a user logged into the computer and use information identifying the user to retrieve authentication information that is device independent and is expected to be presented by the portable device to authenticate it and allow automatic association. | 02-18-2010 |
20100046757 | Electronic Data Communication System - There is described an electronic mail messaging system in which a plurality of user computers are connected to a mail registration server via the Internet. The mail registration server stores plural sets of decryption data, each set being required to decrypt a corresponding encrypted electronic mail message. Following receipt of an encrypted electronic mail message, a user computer communicates with the mailed registration server to effect decryption of the encrypted electronic mail message using the corresponding decryption data stored by the mail registration server. In this way, the accessing of the electronic mail message can be monitored by the mail registration server. | 02-25-2010 |
20100054474 | SHARING A SECRET USING HYPERPLANES OVER GF(2m) - A method and system distributes N shares of a secret among cooperating entities using hyperplanes over GF(2 | 03-04-2010 |
20100054475 | VALIDATING ENCRYPTED ARCHIVE KEYS - An apparatus and a method for validating encrypted archive keys is described. In one embodiment, a passphrase is enciphered. An archive key used to encipher an archive is enciphered with the enciphered passphrase. A first enciphered block is computed by enciphering a random block with the archive key. A second enciphered block is computed by enciphering the same random block with a Message Authentication Code (MAC) key. The MAC key is derived from the archive key and the passphrase. The validity of keys is determined by comparing the decrypted first block with the decrypted second block. | 03-04-2010 |
20100054476 | VALIDATING ENCRYPTED ARCHIVE KEYS WITH MAC VALUE - An apparatus and a method for validating encrypted archive keys is described. In one embodiment, a passphrase is received. An archive key is recovered with the passphrase. A Message Authentication Code (MAC) value is computed with the recovered archive key. The computed MAC value is compared with a MAC value stored in an archive to determine the validity of the passphrase. The stored MAC value is originally computed with an original passphrase using the archive key as a MAC key. | 03-04-2010 |
20100054477 | ACCELERATED CRYPTOGRAPHY WITH AN ENCRYPTION ATTRIBUTE - Methods and systems for encrypting and decrypting are presented. In one embodiment, the method comprises encrypting one or more segments of a data with a key. The data is associated with at least one encryption attribute and having a plurality of segments. The encryption attribute includes information to identify one or more segments of the data to encrypt. The method further comprises encrypting the encryption attribute and storing the data including the partly encrypted data and the encrypted encryption attribute. | 03-04-2010 |
20100061555 | DEVICE WITH PRIVILEGED MEMORY AND APPLICATIONS THEREOF - A device includes a key store memory, a rule set memory, a plurality of cryptographic clients, and a key store arbitration module. The key store memory stores a plurality of cryptographic keys and the rule set memory stores a set of rules for accessing the cryptographic keys. A cryptographic client is operable to issue a request to access a cryptographic key(s) and, when access to the cryptographic key is granted, execute a cryptographic function regarding at least a portion of the cryptographic key to produce a cryptographic result. The key store arbitration module is operable to determine whether the request to access the cryptographic key is valid; when the request is valid, interpret the request to produce an interpreted request; access the rule set memory based on the interpreted request to retrieve a rule of the set of rules; and grant access to the cryptographic key in accordance with the rule. | 03-11-2010 |
20100067699 | INTEROPERABLE SYSTEMS AND METHODS FOR PEER-TO-PEER SERVICE ORCHESTRATION - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs. | 03-18-2010 |
20100080391 | Auditing Data Integrity - Various approaches are described for auditing integrity of stored data. In one approach, a data set is provided from a client to a storage provider, and the data set is stored at a first storage arrangement by the storage provider. An auditor determines whether the data set stored at the first storage arrangement is corrupt without reliance on any part of the data set and any derivative of any part of the data set stored by the client. While the auditor is determining whether the data set stored at the first storage arrangement is corrupt, the auditor is prevented from being exposed to information specified by the data set. The auditor outputs data indicative of data corruption in response to determining that the data set stored at the first storage arrangement is corrupt. | 04-01-2010 |
20100080392 | Key Management In Storage Libraries - Embodiments include methods, apparatus, and systems for managing encryption keys in a storage library. One method includes using a tape library to determine which key manager is selected for data encryption operations to a tape drive when multiple different key managers exist in a storage system. | 04-01-2010 |
20100086134 | FULL VOLUME ENCRYPTION IN A CLUSTERED ENVIRONMENT - Full volume encryption can be applied to volumes in a clustering environment. To simplify the maintenance of keys relevant to such encrypted volumes, a cluster key table construct can be utilized, where each entry of the cluster key table corresponds to an encrypted volume and comprises an identification of the encrypted volume and a key needed to access that volume. Keys can be protected by encrypting them with a key specific to each computing device storing the cluster key table. Updates can be propagated among the computing devices in the cluster by first decrypting the keys and then reencrypting them with a key specific to each computing device as they are stored on those computing devices. Access control requirements can also be added to the entries in the cluster key table. Alternative access control requirements can be accommodated by assigning multiple independent entries to a single encrypted volume. | 04-08-2010 |
20100086135 | GENERATING UNIQUE ALIASES FOR KEYS USED WITH TAPE LIBRARIES - Unique key aliases are generated for tape libraries. According to one embodiment, a first library identifier associated with a first tape library, which does not conflict with a second library identifier associated with a second tape library, is generated. One library identifier is associated with each of the tape libraries. A unique key alias, which does not conflict with any key aliases associated with the first tape library and does not conflict with any key aliases associated with the second tape library, is generated based on the first library identifier. Tape data is encrypted based on a data key that is identified with the unique key alias as a part of writing the tape data to the first tape library. | 04-08-2010 |
20100091994 | Encryption Validation Systems and Related Methods and Computer Program Products for Verifying the Validity of an Encryption Keystore - Methods for verifying the operability of an encryption keystore are provided. Pursuant to these methods, the keystore may be periodically checked to verify that it has each required CA authority. If one or more of the required CA authorities are missing from the keystore, then an alert is automatically issued. The methods may also include periodically checking the keystore to verify that the keystore has each required digital certificate and that each digital certificate operates properly. The methods can further include periodically checking the keystore to determine if any of the required CA authorities and/or digital certificates have expired and/or are set to expire within a predetermined time period. Related encryption validation systems and computer program products are also provided. | 04-15-2010 |
20100098255 | SYSTEM AND METHOD FOR A DERIVATION FUNCTION FOR KEY PER PAGE - Disclosed herein are systems, methods and computer-readable media to perform data encryption and decryption using a derivation function to obtain a key per page of data in a white-box environment. The method includes sharing a master key with the sender and receiver, splitting the input data into blocks and sub-blocks, and utilizing a set of keys and a master key to derive a page key. In another aspect of this disclosure, the key validation and shuffling operations are included. This method allows for the derivation of a key instead of storing a predetermined key, thus maintaining system security in a white-box environment. | 04-22-2010 |
20100098256 | Decryption Key Management - Provided are, among other things, systems, methods and techniques for decryption key management. In one implementation, a decryption key is managed within a computer processing system by (a) creating within the computer system an association between an access token and retrieval information, the access token being a specified function of an identifier for a data object, and the retrieval information including (1) a first entry that corresponds to a value generated by encrypting a decryption key for the data object using a symmetric encryption/decryption key, and (2) a second entry that corresponds to a value generated by encrypting the symmetric encryption/decryption key using an asymmetric public key; and (b) repeating step (a) for a number of different data objects, keeping the symmetric encryption/decryption key identical across repetitions. | 04-22-2010 |
20100104100 | METHOD AND APPARATUS FOR ADJUSTING DECRYPTION KEYS - In a digital cinema system, a Secure Clock can drift over time, possibly presenting the ability to playout a digital cinema presentation near the end of the validity interval of a decryption key. To accommodate for the drift in the Secure Clock, the validity interval of the decryption key is adjusted in accordance with the time difference between a secure time value and a present time value. | 04-29-2010 |
20100104101 | CRYPTOGRAPHIC SERVER WITH PROVISIONS FOR INTEROPERABILITY BETWEEN CRYPTOGRAPHIC SYSTEMS - The invention is a cryptographic server providing interoperability over multiple algorithms, keys, standards, certificate types and issuers, protocols, and the like. Another aspect of the invention is to provide a secure server, or trust engine, having server-centric keys, or in other words, storing cryptographic keys on a server. The server-centric storage of keys provides for user-independent security, portability, availability, and straightforwardness, along with a wide variety of implementation possibilities. | 04-29-2010 |
20100104102 | Systems and Methods to Securely Generate Shared Keys - A method for secure bidirectional communication between two systems is described. A first key pair and a second key pair are generated, the latter including a second public key that is generated based upon a shared secret. First and second public keys are sent to a second system, and third and fourth public keys are received from the second system. The fourth public key is generated based upon the shared secret. A master key for encrypting messages is calculated based upon a first private key, a second private key, the third public key and the fourth public key. For re-keying, a new second key pair having a new second public key and a new second private key is generated, and a new fourth public key is received. A new master key is calculated using elliptic curve calculations using the new second private key and the new fourth public key. | 04-29-2010 |
20100111307 | CONTROLLING SESSION KEYS THROUGH IN-BAND SIGNALING - The present invention employs in-band signaling between PTEs to provision and control session keys, which are used by the PTEs for encrypting and decrypting traffic that is carried from one PTE to another over a transport network. In operation, a first PTE will receive incoming traffic from a first edge network, map the traffic to frames, encrypt the traffic with a session key, and send the frames with the encrypted traffic over the transport network to a second PTE. The second PTE will extract the encrypted traffic from the frames, decrypt the encrypted traffic with a session key, and send the recovered traffic over a second edge network toward an intended destination. If symmetric encryption is employed, the session key used by the first PTE to encrypt the traffic will be identical to the session key used by the second PTE to decrypt the traffic. | 05-06-2010 |
20100135496 | METHOD OF MODIFYING SECRETS INCLUDED IN A CRYPTOGRAPHIC MODULE, NOTABLY IN AN UNPROTECTED ENVIRONMENT - The invention relates to a method for modifying a set of secrets in a crypto-graphic module. The cryptographic module ensures that the loading of a secret is either complete or null and void. The module enables a reading of a version number for each secret. The module includes information indicating a version number corresponding to the set of secrets. The method of the invention includes a first step during which, if the version number of the set of secrets is equal to a version number that requires the loading of a set of new secrets, the version number of the set of secrets in the cryptographic module is made equal to a distinctive number that determines that the cryptographic module is being uploaded. The method comprises a second step during which, for each secret and if the version number of said secret is different from the version number of the corresponding new secret to be downloaded, the new secret and the version number thereof are loaded. The method comprises a third step during which the version number of the set of secrets in the cryptographic module is made equal to the version umber of the set of new secrets. The invention can be used particularly for downloading access keys included in a set of smart cards in a non-protected environment. | 06-03-2010 |
20100142710 | ENHANCED RELATIONAL DATABASE SECURITY THROUGH ENCRYPTION OF TABLE INDICES | 06-10-2010 |
20100142711 | GROUP KEY MANAGEMENT RE-REGISTRATION METHOD - In an embodiment, a fast group key management re-registration is described. One computer-implemented method comprises, at a key server: receiving a registration request from a network element to join a group of network elements managed by the key server; generating and storing a group member registration state comprising information identifying the network element within the group of network elements; generating a token using information from the group member registration state, wherein the token identifies the network element within the group; deleting the group member registration state for the network element at the key server; generating an encrypted token by encrypting the token using a secret key that is local to the key server; sending the encrypted token to the network element; receiving the encrypted token along with a re-registration request from the network element to re-join the group of network elements; and re-registering the network element using the encrypted token. | 06-10-2010 |
20100150350 | Method and Apparatus for Key Expansion to Encode Data - An encoder according to the present invention embodiments employs a key expansion module to expand an encryption key by using logic and available clock cycles of an encryption process or loop. The key expansion module generates control signals to enable key expansion data to be injected at appropriate times into the encryption loop (e.g., during available clock cycles of the encryption loop) to perform the key expansion, thereby utilizing the resources of the encryption loop for key expansion. The key expansion module dynamically accounts for varying key lengths, and enables the encryption loop to combine the data being encrypted with proper portions of the expanded key. The use of encryption logic and available clock cycles of the encryption loop for the key expansion reduces the area needed by the encoder on a chip and enhances encoder throughput. | 06-17-2010 |
20100150351 | Method of Delivering Direct Proof Private Keys to Devices Using an On-Line Service - Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system. | 06-17-2010 |
20100166185 | Delivering Specific Contents to Specific Recipients Using Broadcast Networks - Systems and methods for delivering specific contents to specific recipients using broadcast networks. The methods include receiving an AV signal of a broadcast program and supplementary content which contains a tag identifying a specific recipient and specific contents. The specific contents are encrypted with a public key associated with the specific recipient. The supplementary content is combined with the AV signal to form a data-augmented signal which is subsequently encoded and modulated with a carrier signal to form a transmit signal for broadcasting to receivers. Each receiver includes a supplementary decoder for extracting the supplementary content, decrypting the specific contents with a private key corresponding to the public key, and providing the decrypted specific contents to the intended recipient. | 07-01-2010 |
20100172501 | Secure key system - A secure key system includes a key provider for partitioning and converting a private key into a plurality of key components, and a plurality of key holders storing the key components therein respectively for enhancing a security level of the private key, wherein all of the key holders are united to synthesize back the private key from the key components in order for completing a confirmation process so as to ensure the confirmation process being verified by all of the key holders. | 07-08-2010 |
20100172502 | SYSTEMS AND METHODS FOR SECURE SUPPLY CHAIN MANAGEMENT AND INVENTORY CONTROL - Systems for encoding and reading RFID tags on a collection of items are shown. One embodiment of the invention includes a plurality of items, where each item possesses an item identifier string, and a plurality of RFID tags, where an RFID tag is affixed to each of the items and each RFID tag is encoded with a code word element generated using at least all of the item identifier strings. In many embodiments, the collection is a plurality of goods contained within a case, pallet, container or storage area. | 07-08-2010 |
20100177900 | METHOD FOR PROVIDING CONFIDENTIALITY PROTECTION OF CONTROL SIGNALING USING CERTIFICATE - A method of enabling a mobile station (MS) to perform initial ranging in a wireless communication system includes transmitting a first message to a base station (BS), the first message comprising an identifier which is digitally signed by using a private key corresponding to a public key included in a certificate of the MS and receiving a second message including a temporary session key that is digitally signed by using a private key corresponding to a public key included in a certificate of the BS. A security threat due to exposure of control signaling can be prevented by securely exchanging session keys between the BS and the MS. | 07-15-2010 |
20100183153 | METHOD OF ESTABLISHING ROUTING PATH OF SENSOR NETWORK FOR IMPROVING SECURITY AND SENSOR NODE FOR IMPLEMENTING THE SAME - Disclosed herein is a method of establishing the routing path of a sensor network and a sensor node for implementing the method. Each of a plurality of sensors belonging to a sensor network is assigned a key index and a key corresponding to the key index. The sensor node acquires information about key indices possessed by sensor nodes existing on a candidate routing path. The sensor node selects a final routing path from among a plurality of candidate routing paths using the information about the key indices. Accordingly, the present invention can implement a sensor network having improved security. | 07-22-2010 |
20100189262 | SECURE KEY ACCESS WITH ONE-TIME PROGRAMMABLE MEMORY AND APPLICATIONS THEREOF - A device includes a key store memory that stores one or more cryptographic keys. A rule set memory stores a set of rules for accessing the cryptographic keys. A key store arbitration module grants access to the cryptographic keys in accordance with the set of rules. The device can be used in conjunction with a key ladder. The device can include a one-time programmable memory and a load module that transfers the cryptographic keys from the one one-time programmable memory to the key store memory and the set of rules to the rule set memory. A validation module can validate the cryptographic keys and the set of rules stored in the key store and rule set memories, based on a signature defined by a signature rule. | 07-29-2010 |
20100195834 | Image generating apparatus, image processing apparatus, image forming apparatus, and recording medium - Additional image data of an additional image, which is based on first data and second data concerning security of obtained data, is added to image data that is based on the obtained data, and an image based on the image data to which the additional image data is added is outputted onto a recording medium, for example. Furthermore, when the additional image data is added to image data of the image obtained from the recording medium, the first data and second data are separated from the additional image data, and reference is made to these pieces of data to perform subsequent processing of the image data. | 08-05-2010 |
20100202616 | METHOD OF SECURING AND AUTHENTICATING DATA USING MICRO-CERTIFICATES - A method of securing wireless communications includes storing a recipient's micro-certificate at a vehicle, a call center, or a certificate authority, transmitting the micro-certificate from its place of storage, extracting the public key from the micro-certificate, encrypting the vehicle communication using the public key, transmitting the encrypted vehicle communication to the recipient, and decrypting the vehicle communication using a private key after receiving the vehicle communication. The micro-certificate can include identifying data for the recipient and can have a length that is less than twice the length of the public key contained in the micro-certificate. | 08-12-2010 |
20100202617 | System and Method for Recovery Key Management - A system and method for managing the recovery key of a computer system is disclosed. The computer system includes a security layer, and the recovery key is stored locally to a memory location on the computer system, including, as examples, flash memory on the motherboard of the computer system or a USB port on the computer system. In operation, when it becomes necessary for the computer system to authenticate the recovery key, the recovery key may be retrieved from the local memory. The retrieval and storage of the recovery key may be managed by a remote administrator. The recovery key may be stored in a hidden partition in the storage location, and the recovery key may be cryptographically wrapped to add an additional layer of security. | 08-12-2010 |
20100202618 | Method and apparatus for updating key in an active state - A method for updating a key in an active state is disclosed according to the embodiments of the present invention. The method includes steps of: initiating a key update by a user equipment in the active state or a network side when a pre-defined condition is met; updating the key by the network side and the user equipment, and negotiating an activation time of the new keys. An apparatus for updating a key in an active state is also disclosed according to the present invention. With the present invention, the user equipment in an active state and the network side may actively initiate the key update procedure in different cases, thereby solving the problem concerning the key update for a session in an active state. | 08-12-2010 |
20100215178 | KEY SELECTION VECTOR, MOBILE DEVICE AND METHOD FOR PROCESSING THE KEY SELECTION VECTOR, DIGITAL CONTENT OUTPUT DEVICE, AND REVOCATION LIST - A key selection vector for a revocation list in an HDCP system as well as a mobile device and a method for processing a key selection vector, a digital content output device using a key selection vector and a revocation list for use in an HDCP system comprising a key selection vector are described. It is desired to improve handling of key selection vectors of revocation lists. A structured key selection vector for a revocation list is provided. The key selection vector is structured to contain at least one bit field with a predetermined number of bits and at a predetermined location in the key selection vector. The bit field contains information relating to a group property of a device, which group property allows to process as a group a plurality of key selection vectors storing the same or similar group property information in said at least one bit field. | 08-26-2010 |
20100220863 | Key Recovery Mechanism for Cryptographic Systems - A cryptographic system can include a register containing a key and a processor coupled to the register. The processor can be operable for performing a first encrypting operation, where the encrypting operation includes computing a key schedule using the register as a workspace. At the end of the first encrypting operation, the key is recovered from the register for use in a second encrypting operation. | 09-02-2010 |
20100246826 | Digital cinema management device and digital cinema management method - A digital cinema management device includes a control unit that manages keys used when exhibiting contents with playback devices and controls a representation of a management window for performing the key management, in which the control unit displays an arrangement representation in the management window and provides a representation at an arrangement position defined by a playback device and content exhibited by the playback device, the representation representing a status of a key used when decoding content corresponding to the arrangement position with a playback device corresponding to the arrangement position. | 09-30-2010 |
20100272264 | METHOD FOR MAKING SAFE AN ELECTRONIC CRYPTOGRAPHY ASSEMBLY WITH A SECRET KEY - An aim of this invention is to eliminate the risks of aggression “DPA of the n order” attacks, for all n values, of cryptography electronic assemblies or systems with a secret or private key. The process according to this invention concerns a securing process for an electronic system using a cryptographic calculation procedure using a secret key. The process consists of masking intermediate results in input or output of at least one critical function for the said procedure. | 10-28-2010 |
20100272265 | SYSTEM AND METHOD TO CONTROL ONE TIME PROGRAMMABLE MEMORY - Systems and methods to control one time programmable (OTP) memory are disclosed. A method may include determining a functionality for a hardware capability bus in an integrated circuit. The method may also include storing data in a first register of the integrated circuit based on the functionality. The method may also include disabling the functionality in the integrated circuit by setting at least one bit in a one time programmable memory bank in the integrated circuit based on the data. | 10-28-2010 |
20100278344 | System, Portable Object and Terminal for Decrypting Encrypted Audio and/or Video Data - The invention relates to a system ( | 11-04-2010 |
20100284537 | Method for efficiently decoding a number of data channels - The present invention relates to a method for efficiently decoding a plurality of ciphertexts comprising the steps of: (a) receiving at least one cipher key associated with said ciphertexts; (b) expanding said at least one cipher key for producing its corresponding subkeys; (c) storing said subkeys in a memory; (d) loading said subkeys from said memory; and (e) decoding said ciphertexts using said loaded subkeys. | 11-11-2010 |
20100284538 | Control of an Entity to be Controlled by a Control Entity - A control entity communicates with an entity to be controlled so as to effect a control, a secret key being associated with the control entity. These entities share public parameters, a second public parameter being a combination of a first public parameter of the said plurality with the secret key. At the level of the entity to be controlled, a random value is generated, a first message is transmitted to the control entity, this first message comprising at least one value obtained by combining the first public parameter with the random value; and a second message is transmitted to the control entity, this second message comprising at least one value obtained by combining the first random value, a secret key of the entity to be controlled and a value received from the control entity. One of the values included in the first or the second message is based on the second public parameter. | 11-11-2010 |
20100290623 | PROTECTION OF ENCRYPTION KEYS IN A DATABASE - System, method, computer program product embodiments and combinations and sub-combinations thereof for protection of encryption keys in a database are described herein. An embodiment includes a master key and a dual master key, both of which are used to encrypt encryption keys in a database. To access encrypted data, the master key and dual master key must be supplied to a database server by two separate entities, thus requiring dual control of the master and dual master keys. Furthermore, passwords for the master and dual master keys must be supplied separately and independently, thus requiring split knowledge to access the master and dual master keys. In another embodiment, a master key and a key encryption key derived from a user password is used for dual control. An embodiment also includes supplying the secrets for the master key and dual master key through server-private files. | 11-18-2010 |
20100290624 | Key Management System and Method - Methods and systems are disclosed for providing secured data transmission and for managing cryptographic keys. One embodiment of the invention provides secure key management when separate devices are used for generating and utilizing the keys. One embodiment of the invention provides secure storage of keys stored in an unsecured database. One embodiment of the invention provides key security in conjunction with high speed decryption and encryption, without degrading the performance of the data network. | 11-18-2010 |
20100303239 | METHOD AND APPARATUS FOR PROTECTING ROOT KEY IN CONTROL SYSTEM - A system-on-chip control system includes a processor for generating a root key for protecting data stored in a memory device connected to the control system, a root key storage unit for storing the root key, and a debug port configured to enable an external device to access the control system. The processor keeps the debug port locked to prevent the external device from accessing the control system if a root key is stored in the storage unit, and unlocks the debug port to enable the external device to access the control system after the root key is erased. | 12-02-2010 |
20100303240 | KEY MANAGEMENT TO PROTECT ENCRYPTED DATA OF AN ENDPOINT COMPUTING DEVICE - Methods and apparatus involve protecting encrypted data of endpoint computing assets by managing decryption keys. The endpoint has both a traditional operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the pre-boot operating system prevents users of the endpoint from accessing the encrypted data and the key. Upon determining the encrypted data has been compromised, the key is disassociated from the encrypted data. Disassociation can occur in a variety of ways including deleting or scrambling the key and/or data or re-encrypting the encrypted data with a new key. Key escrowing and updating through the pre-boot is further contemplated. The pre-boot phase also contemplates a limited computing connection between the endpoint and a specified authentication server and approved networking ports, USB devices and biometric equipment. Security policies and enforcement modules are also disclosed as are computer program products, computing arrangements, etc. | 12-02-2010 |
20100303241 | AUTOMATIC CHANGE OF SYMMETRICAL ENCRYPTION KEY - An encryption system and a method for automatically changing an encryption key. The key is changed in response to an amount of data that has been encrypted. When the amount of data encrypted with a first key reaches or exceeds a byte count threshold, the first key is deactivated and a new key is generated and used for subsequent data encryption. | 12-02-2010 |
20100316222 | IMAGE PROCESSING SYSTEM - An image processing system | 12-16-2010 |
20100322427 | METHOD FOR MANAGING ENCRYPTION KEYS IN A COMMUNICATION NETWORK - The invention provides for a method for managing encryption keys in a communication network ( | 12-23-2010 |
20110026712 | CONCEALING PLAIN TEXT IN SCRAMBLED BLOCKS - An apparatus generally having a first circuit and a second circuit is disclosed. The first circuit may be configured to (i) divide a plain text into at least three input blocks and (ii) generate at least three scrambled blocks by scrambling the input blocks using a first cipher process. The first cipher process may be configured such that a first of the input blocks does not affect the generation of a last scrambled block. The second circuit may be configured to (i) generate at least three output blocks by de-scrambling the scrambled blocks using a second cipher process and (ii) reconstruct the plain text from the output blocks. The second cipher process may be configured such that a first of the scrambled blocks affects the generation of all of the output blocks. | 02-03-2011 |
20110026713 | Efficient Rebinding of Partitioned Content Encrypted Using Broadcast Encryption - Provided is a method for rendering media content wherein a request to render a first media content stored in a first partition is received, wherein the first partition stores the first and a second media content; the media content is correlated to a first management key block (MKB), binding ID (IDb) and authorization table (AT); the first MKB, IDb and AT are compared to a current MKB, IDb and AT; and if any of the first MKB, IDb or AT do not correspond to the current MKB, IDb or AT, respectively, generating a second partition by rebinding the first media content with respect to the current MKB, IDb and AT to generate a title key; and associating the first media content, the current MKB, IDb, AT and title key with the second partition, wherein the second media content remains associated with the first MKB, IDb, AT and partition. | 02-03-2011 |
20110038481 | HIERARCHIZATION OF CRYTOGRAPHIC KEYS IN AN ELECTRONIC CIRCUIT - A method of obtaining, in an electronic circuit, at least one first key intended to be used in a cryptographic mechanism, on the basis of at least one second key contained in the same circuit, the first key being stored in at least one first storage element of the circuit, the first storage element being reinitialized automatically after a duration independent of the fact that the circuit is or is not powered. Also described are applications of this method to encrypted transmissions, usage controls, as well as an electronic circuit implementing these methods. | 02-17-2011 |
20110058675 | CONTROLLING ACCESS TO COPIES OF MEDIA CONTENT BY A CLIENT DEVICE - A key server for controlling access of a client device to a subset of different quality copies of media content to be delivered over a network to the client device. In one embodiment, a key server receives a request for playback permission of media content by a client device, and applies a set of one or more business rules to determine which copies of the media content, if any, can be played by the client device, and allows access to a subset of the copies that can be played back by the client device and restricts access to the copies that are not part of the subset. | 03-10-2011 |
20110064224 | DUPLICATION MEANS FOR AN ELECTRONICALLY CODED KEY AND RELATED METHOD - Procedure/method for the duplication of original electronic keys used in the road vehicle transport sector provided with coded and encrypted electronic authentication means, comprising:
| 03-17-2011 |
20110064225 | SECURITY COUNTERMEASURE FOR POWER ANALYSIS ATTACKS - A countermeasure for differential power analysis attacks on computing devices. The countermeasure includes the definition of a set of split mask values. The split mask values are applied to a key value used in conjunction with a masked table defined with reference to a table mask value. The set of n split mask values are defined by randomly generating n−1 split mask values and defining an nth split mask value by exclusive or'ing the table mask value with the n−1 randomly generated split mask values. | 03-17-2011 |
20110085664 | SYSTEMS AND METHODS FOR MANAGING MULTIPLE KEYS FOR FILE ENCRYPTION AND DECRYPTION - Systems and methods for managing multiple keys for file encryption and decryption may provide an encrypted list of previously used keys. The list itself may be encrypted using a current key. To decrypt files that are encrypted in one or more of the previous keys, the list can be decrypted, and the appropriate previous key can be retrieved. To re-key files, an automated process can decrypt any files using previous keys and encrypt them using the current key. If a new current key is introduced, the prior current key can be used to decrypt the list of keys, the prior current key can be added to the list, and the list can be re-encrypted using the new current key. | 04-14-2011 |
20110103587 | DATA CONCEALING APPARATUS, DATA DECRYPTION APPARATUS AND IMAGE FORMING APPARATUS HAVING DATA ENCRYPTING FUNCTION - Disclosed is a data concealing apparatus, which makes it possible to heighten the strength of the encryption processing that employs such the data cryptography method in which the encryption of compressed image data is achieved by destroying a part of the compressed image data concerned. The data concealing apparatus includes: an establishing section to establish a data size of a portion of compressed data in a changeable manner; a cryptography key extracting section to extract the portion of compressed data from the compressed data as the cryptography key data, while making a data size of the cryptography key data coincide with the data size established by the establishing section; and an encrypting section to encrypt the compressed data by replacing the portion of compressed data, extracted as the cryptography key data by the cryptography key extracting section, with certain data being different from the cryptography key data. | 05-05-2011 |
20110103588 | Key Agreement and Re-keying over a Bidirectional Communication Path - A key agreement method is carried out by a first system in conjunction with a second system over a bidirectional communication path, including generating a first key pair having a first public key and a first private key, sending the first public key to the second system, receiving a second public key generated by the second system, and calculating a master key based upon the first private key, the second public key, a long-term private key, and a long-term public key. The long-term private key was generated by the first system during a previous key-agreement method as part of a long-term key pair. The long-term public key was generated by the second system and received during the previous key-agreement method. The previous key-agreement method required a secret to be known to the first system and the second system, thus conferring authentication based on the secret to the long-term public key. | 05-05-2011 |
20110116634 | METHOD AND SYSTEM FOR INSTALLING SOUND SETS ON ELECTRONIC INSTRUMENTS - A method and system of installing a sound set on an electronic instrument is disclosed. The method and system includes an electronic instrument having a serial number, a sound set having a plurality of sampled sounds, and an encrypted key having a matching serial number and a signature of the sound set. A first step includes comparing the serial number of the electronic instrument with the serial number stored in the encrypted key to ensure they match. A second step includes comparing the signature of the encrypted key and the sound set. A fourth step includes installing the sound set on the electronic instrument only if the signature matches the sound set and the matching serial number matches the serial number of the electronic instrument. | 05-19-2011 |
20110150224 | KEY TREE CONSTRUCTION AND KEY DISTRIBUTION METHOD FOR HIERARCHICAL ROLE-BASED ACCESS CONTROL - A key tree construction and key distribution method for hierarchical role-based access control, includes: constructing a key tree including relationships between a hierarchical structure of role groups and data; performing encryption and decryption of data keys and role keys; and generating a key table, in which the data keys required to decrypt encrypted data and the role keys required to decrypt encrypted data keys are stored, with reference to the key tree. Further, the key tree construction and key distribution method for hierarchical role-based access control includes performing management such that a specific role group can obtain a data key by performing decryption based on its own role key by using both the key tree and the key table. | 06-23-2011 |
20110150225 | ENCRYPTION DEVICES FOR BLOCK HAVING DOUBLE BLOCK LENGTH, DECRYPTION DEVICES, ENCRYPTION METHOD, DECRYPTION METHOD, AND PROGRAMS THEREOF - An encryption device for a block having double block length permutates a plaintext of 2 n bits based on a universal hash function so as to generate first and second intermediate variables of n bits each, encrypts the first intermediate variable with a tweak that is a result in which the second intermediate variable is shortened to m bits using an encryption function for m-bit tweak n-bit block cipher so as to generate a third intermediate variable of n bits, encrypts the second intermediate variable with a tweak that is a result in which the third intermediate variable is shortened to m bits using the encryption function so as to generate a fourth intermediate variable of n bits, concatenates the third and fourth intermediate variables and inversely mingles the concatenated result based on a universal hash function so as to generate a ciphertext of 2 n bits. | 06-23-2011 |
20110164752 | Detection of Stale Encryption Policy By Group Members - Various techniques that allow group members to detect the use of stale encryption policy by other group members are disclosed. One method involves receiving a message from a first group member via a network. The message is received by a second group member. The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to information in the message. In response, a notification message can be sent from the second group member. The notification message indicates that at least one group member is not using the most recently policy update. The notification message can be sent to the key server or towards the first group member. | 07-07-2011 |
20110170693 | STATELESS METHOD AND SYSTEM FOR PROVIDING LOCATION INFORMATION OF TARGET DEVICE - A method of providing a location of a target device includes receiving a first location reference request from the target device at a first location server, generating a first location reference in response to the first request, and including the first location reference in a second location reference request to a second location server. The second location server generates a second location reference in response to the second request, where the second location reference is stateless and refers to the first location reference. The second location reference is received from the second location server, and provided to the target device to be provided to an application requesting location information of the target device from the second location server. The stateless second location reference includes information necessary for the second location server to serve a request for the location of the target device without maintaining state specific to the location reference. | 07-14-2011 |
20110176680 | Method of Handling Security in SRVCC Handover and Related Communication Device - A method for handling security in an SRVCC handover for a mobile device in a wireless communication device is disclosed. The method includes having an active Circuit-Switched (CS) service or a Radio Resource Control (RRC) connection in a CS domain when the mobile device is served by a first network, wherein the first network supports the CS domain and a Packet-Switched (PS) domain; receiving a handover command to handover from the first network to a second network, wherein the second network supports the PS domain; deriving a plurality of security keys used in the second network from a plurality of CS domain keys used in the first network; and applying the plurality of security keys for transmission and reception in the second network. | 07-21-2011 |
20110182430 | NAME ENCRYPTION DEVICE, PSEUDONYMIZATION DEVICE, NAME ENCRYPTION METHOD, AND PSEUDONYMIZATION METHOD - Provided is a name encryption device which suppresses leak and facilities the zero-knowledge proof by making the pseudonymization process to be a simple algebraic calculation. The name encryption device converts an encrypted name text into a pseudonym-encrypted text by dispersing the encrypted name text. The encryption device disperses a name into a plurality of name parts to generate a commitment for each of the parts and encrypts disclosure information and each of the name parts by respective public keys. The encryption device outputs the disclosure information relating to the respective commitments and encrypted texts obtained by the respective public keys of the name parts. | 07-28-2011 |
20110200193 | METHOD AND APPARATUS FOR CONTROLLING THE RECHARGING OF ELECTRIC VEHICLES AND DETECTING STOLEN VEHICLES AND VEHICULAR COMPONENTS - In a system for preventing automobile theft, select automotive components are embedded with digital information and devices, including a unique public key, a unique private key, a decryption/encryption module, and a network address. Upon assembly of a vehicle, the components form addressable nodes of that vehicle. Relevant digital information of all components is recorded in a proprietary, highly secure data base at the time of manufacture, and updated for vehicular repairs. Only registered agents may access the data base or submit updates to the federal network. During refueling or re-charging of a vehicle, a digital handshake compares public keys of the vehicular components to the proprietary data base, and confirms the integrity of at least some components by a public-key/private-key challenge and response. If components have been reported stolen, or other irregularities are detected in the vehicle's network of components during the hand shake process, the vehicle is disabled, and a message is automatically transmitted to one or more law enforcement agencies, identifying the vehicle and its location. | 08-18-2011 |
20110255694 | ENCODING/DECODING CIRCUIT - An encoding/decoding operation portion includes an encoding/decoding operation circuit and an avoiding path for detouring the encoding decoding operation circuit and can select between encoding or decoding input data in the encoding/decoding operation circuit and detouring the encoding/decoding operation circuit to output the input data without change. Only one wire has to be provided from a selector to a key storage portion and an initialization-vector storage portion. With this construction, it is possible to realize an encoding/decoding circuit which can suppress an increase in the number of wires used to transmit a content of key data to the key storage portion and the initialization-vector storage portion and does not cause complication of circuit layout. | 10-20-2011 |
20110261961 | REDUCTION IN BEARER SETUP TIME - A method and apparatus are provided for reducing latency and/or delays in performing a security activation exchange between a communication device and a network entity. The communication device may pre-compute a plurality of possible keys using a base key and a plurality of possible inputs in anticipation of receiving an indicator from the network entity that identifies a selected input to be used in generating a corresponding selected key. An indicator is then received from the network entity, where the indicator identifies the selected input from among the plurality of possible inputs. The communication device then selects a first key among the pre-computed plurality of possible keys as the selected key upon receipt of the indicator, wherein the first key is selected because it was pre-computed using the selected input. Because the first key is pre-computed, delays in responding to the network entity are reduced. | 10-27-2011 |
20110280402 | METHODS AND SYSTEMS FOR UTILIZING CRYPTOGRAPHIC FUNCTIONS OF A CRYPTOGRAPHIC CO-PROCESSOR - A computer platform is provided that comprises a processor and a cryptographic co-processor coupled to the processor. The computer platform further comprises a platform entity coupled to the processor. The platform entity establishes a secure relationship with the cryptographic co-processor that enables the platform entity to utilize cryptographic functions provided by the cryptographic co-processor. | 11-17-2011 |
20110286598 | INFORMATION PROCESSING APPARATUS, METHOD, AND PROGRAM - An information processing apparatus includes a key retaining section retaining a key for use in writing data in a data storage area of another information processing apparatus or reading data stored in the data storage area, and a storage section that stores data. The information processing apparatus is used by being combined with the other information processing apparatus. The key retained in the key retaining section is protected with a key retained in the other information processing apparatus. The storage section is protected with the key retained in the other information processing apparatus. | 11-24-2011 |
20110293096 | Multi-Level Key Management - A key manager provides a way to separate out the management of encryption keys and policies from application domains. The key manager may create cipher objects that may be used by the domains to perform encryption or decryption, without exposing the keys or encryption/decryption algorithms to the domains. A master key managed by the key manager may be used to encrypt and decrypt the domain keys that are stored under the control of the key manager. The key manager supports the rekeying of both the master key and the domain keys based on policy. Multiple versions of domain keys may be supported, allowing domains to access data encrypted with a previous version of a domain key after a rekeying. | 12-01-2011 |
20110299687 | AUTOMATED KEY MANAGEMENT SYSTEM AND METHOD - A system and method for automatic key and certificate management is disclosed. In particular, a key store in a base computer contains both new and previously viewed cryptographic keys. In one embodiment, for each new key, if a corresponding certificate matches an existing certificate, the new certificate may be automatically downloaded to a mobile communications device without prompting a user. | 12-08-2011 |
20110311054 | Asymmetrical Chaotic Encryption - Implementations and techniques for asymmetrical chaotic encryption are generally disclosed. One disclosed method for asymmetrical encryption includes determining a ciphertext control block from data, where the ciphertext control block is based at least in part on one or more Chebyshev polynomials. The method also includes encrypting at least a portion of the data into an encrypted ciphertext block, where the encrypted ciphertext block is based at least in part on Logistic Mapping, and in which a final ciphertext includes the encrypted ciphertext block and the ciphertext control block | 12-22-2011 |
20110317840 | SYSTEM AND METHOD OF PERFORMING AUTHENTICATION - Disclosed herein are systems, method and computer readable medium for providing authentication of an entity B by an entity A. In the method, entity A selects a value p, a range [a, b] and a granularity epsilon. Entity A sends p, [a, b], and epsilon to entity B. Entity B initializes a value y | 12-29-2011 |
20120014523 | Key Validation Scheme - A system and method for validating digital information transmitted by one correspondent to another in a data communication system. The method comprising the steps of generating a public key in accordance with a predetermined, generating a public key in accordance with a predetermined cryptographic scheme having predetermined arithmetic properties and system parameters. The verifying said public key conforms to said arithmetic properties of said scheme, transmitting said verified public key to a recipient. | 01-19-2012 |
20120039473 | Efficient Implementation Of Fully Homomorphic Encryption - In one exemplary embodiment of the invention, a method for homomorphic decryption, including: providing a ciphertext with element c, there exists a big set B having N elements z | 02-16-2012 |
20120045061 | CRYPTOGRAPHY CIRCUIT PARTICULARLY PROTECTED AGAINST INFORMATION-LEAK OBSERVATION ATTACKS BY THE CIPHERING THEREOF - A cryptography circuit, protected notably against information-leak observation attacks, comprises a functional key k | 02-23-2012 |
20120045062 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing device including: a data processing unit that generates an encryption key of content; and a communication unit that transmits an encryption key generated by the data processing unit, wherein the data processing unit generates, as the encryption key, individual keys that are different for each new content recording processing on a recording medium in a content recording device, and transmits the individual keys through the communication unit. | 02-23-2012 |
20120045063 | Techniques for Managing Keys Using a Key Server in a Network Segment - The election of a key server is provided. The key server is a single device that broadcasts an encryption key to other devices in a network segment. Also, automatic reelection of a new key server is provided when a current key server becomes unavailable. Key receivers may separately detect that a new key server is needed and separately determine from state information which key receiver should be elected the new key server. The state information may have been received in previously sent messages. Thus, further messaging is not needed to elect a new key server. | 02-23-2012 |
20120057707 | METHOD OF ABOLISHING UNAUTHORIZED COPYING OF DIGITAL DATA STORED ON AN OPTICAL DISC - A method of abolishing unauthorized copying of digital data stored on an optical disc includes the steps of distributing overwrite modules of a copy protection module into a data file that is to be protected against illegal copying, so as to form a copy-protected data file; and writing the copy-protected data file into a non-rewriteable optical storage media. The overwrite modules are respectively located between any two adjacent data blocks of the data file, such that each data block and a following overwrite module together form a group and the copy-protected data file includes a plurality of sequentially arranged groups of data block and overwrite module. With the overwrite modules, data blocks read out by a readout device are repeatedly overwritten by subsequent data blocks in a specified register, so that no data file from the optical storage media will be stored in the specified register and be illegally copied or pirated. | 03-08-2012 |
20120070002 | PROTECTING INFORMATION IN AN UNTETHERED ASSET - The technology described herein for protecting secure information includes a method. The method includes storing, by a plurality of data store devices, the secure information. Each of the data store devices stores at least one part of the secure information. The method further includes receiving, by at least one of a plurality of embedded sensors, a notification associated with a compromise of at least one part of the secure information. The method further includes destroying one or more parts of the secure information based on the notification. The method further includes processing, by a plurality of intelligent agent modules, one or more parts of the secure information received from one or more of the data store devices if no parts of the one or more parts of the secure information are destroyed. | 03-22-2012 |
20120093318 | Encryption Key Destruction For Secure Data Erasure - Techniques for encryption key destruction for secure data erasure via an external interface or physical key removal are described. Electrical destruction of key material retained in a memory of a storage device renders the device securely erased, even when the device is otherwise inoperable. The memory (e.g. non-volatile, such as flash) stores key material for encrypting/decrypting storage data for the device. An eraser provides power and commands to the memory, even when all or any portion of the device is inoperable. The commands (e.g. erase or write) enable zeroizing or destroying the key material, rendering data encrypted with the destroyed key material inaccessible, and therefore securely erased. Alternatively, the memory is a removable component (e.g. an external security device or smartcard) coupled to the device during storage operation. Removing and physically destroying the memory renders the device securely erased. The device and/or the memory are sealed to enable tamper detection. | 04-19-2012 |
20120099728 | Protocol Based Key Management - A method, system, and computer usable program product for protocol based key management are provided in the illustrative embodiments. A key management protocol associated with a key request is identified, the key request being a request for data usable in cryptographic security. A first subset is selected from a set of policies using the key management protocol. A set of permissions is computed based on the first subset of policies, the set of permissions indicating whether the key request is permitted under the key management protocol. The set of permissions is cached in a cache in a data storage device. | 04-26-2012 |
20120106741 | METHOD FOR CREATING AN ENHANDED DATA STREAM - The present invention provides a method for secure communication of digital information between a transmission entity and at least one reception entity. The method may be applied in the domain of audio/video data transmission, where stuffing data packets comprising random payloads are inserted into a transport stream along with true data packets comprising the audio/video data. The dummy data packets are detectable by an authorized reception entity but not detectable by unauthorized reception entities. A large number of stuffing data packets are included in the transmission to occupy bandwidth and to further render the job difficult for an unauthorized reception entity which tries to intercept the transmission. | 05-03-2012 |
20120121090 | CONTENT PROTECTION METHOD AND APPARATUS - There is disclosed a content protection method and apparatus. The content protection method and apparatus further improves such related schemes by facilitating spatial as well as temporal management of content. This is achieved by storing encrypted content and a corresponding decryption key and destroying the decryption key when suitable. In order to further facilitate the content protection, the decryption key may be received periodically, which allows for a large number of people to connect to the network at different times. | 05-17-2012 |
20120140928 | METHOD AND APPARATUS FOR EXTENDING A KEY-MANAGEMENT PROTOCOL - A method and apparatus for modifying the Multimedia Internet KEYing (MIKEY) protocol to support an extended key-management message (KMM), wherein the apparatus programs a computer to perform the method, which includes: determining that a KMM is directed to a target device; determining that the KMM is an extended KMM related to a key-management operation that is not supported by the standard MIKEY protocol; signaling the extended KMM in at least one field of a MIKEY message; and sending the MIKEY message to the target device. | 06-07-2012 |
20120140929 | INTEGRATED CIRCUITS SECURE FROM INVASION AND METHODS OF MANUFACTURING THE SAME - An integrated circuit device that is secure from invasion and related methods are disclosed herein. Other embodiments are also disclosed herein. | 06-07-2012 |
20120148047 | DETECTING KEY CORRUPTION - Corruption in a key stored in a memory is detected by reading a key from a key memory and determining if detection bits of the key read from the key memory correspond to an expected value. The expected value is a value of the detection bits of the key when the key is written to the key memory. | 06-14-2012 |
20120148048 | METHOD FOR ENCRYPTING CONTENT, METHOD FOR DECRYPTING CONTENT AND ELECTRONIC APPARATUS APPLYING THE SAME - A method for encrypting content includes using a plurality of different encryption schemes to produce encrypted content. Encryption information is provided so as to indicate which of the plurality of different encryption schemes is used on portions of the content that was encrypted. Encryption information and the encrypted content are both sent as a content stream to another device. The decryption involves using the encryption information to help control the decryption so that the correct one of a plurality of different decryption schemes is applied to the proper portions of the encrypted content. | 06-14-2012 |
20120148049 | Handling Medical Prescriptions in a Secure Fashion - Techniques for secure automated dispensing of prescription medications utilize broadcast encryption to encrypt a prescription for storage on a machine-readable medium that is pre-written with a key management block (KMB). The KMB encodes a session key needed to read from or write to the medium. Each prescription-writing device and medication dispensing device is assigned a unique set of device keys, which are used to recover the session key from the medium. Only authorized devices are able to recover the session key from a medium's KMB. Thus, only authorized devices may read or validly write prescriptions from/to the machine-readable medium. In this manner, only authorized providers can write fillable prescriptions and only authorized dispensers can dispense medications to fill those prescriptions. | 06-14-2012 |
20120163602 | Method and Apparatus for Providing Seamless File System Encryption from a Pre-Boot Environment Into a Firmware Interface Aware Operating System - Methods and apparatus for providing seamless functionality in a computer are disclosed. For example, an encrypted file system manager is included to layer an encoded File Allocation Table on top of a disk and to pass to the operating system an Embedded Root Key to provide access to an encrypted Firmware Interface System Partition. | 06-28-2012 |
20120170749 | SECURE MANAGEMENT OF KEYS IN A KEY REPOSITORY - A method, system or computer usable program product for managing keys in a computer memory including receiving a request to store a first key to a first key repository, storing the first key to a second key repository in response to the request, and storing the first key from the second key repository to the first key repository within said computer memory based on a predetermined periodicity. | 07-05-2012 |
20120170750 | SYSTEMS AND METHODS FOR MANAGING CRYPTOGRAPHIC KEYS - A common interface for managing cryptographic keys is provided. A request to manage a cryptographic key may be received in a first interface format, translated to a common interface format, and then executed remotely from the first interface. Return arguments may then be translated from the common interface format to a format compatible with the first interface and communicated securely to the first interface. The cryptographic keys may be used in connection with a secure data parser that secures data by randomly distributing data within a data set into two or more shares. | 07-05-2012 |
20120183143 | METHOD FOR A COMMUNICATION DEVICE TO OPERATE WITH MULTIPLE KEY MANAGEMENT FACILITIES - A method for operating with KMFs includes a communication device having a memory device: receiving a designation of a primary KMF for the communication device, wherein only one primary KMF is designated for the communication device at any given time instance; receiving a designation of a secondary KMF for the communication device; storing, within the memory device, a first and a second set of crypto groups, wherein each crypto group within each set of crypto groups comprises at least one keyset, wherein each set of crypto groups is associated, within the memory device, to only one KMF identifier; associating, within the memory device, the first set of crypto groups to an identifier for the primary KMF; and associating, within the memory device, the second set of crypto groups to an identifier for the secondary KMF. | 07-19-2012 |
20120213369 | SECURE MANAGEMENT OF KEYS IN A KEY REPOSITORY - A method for managing keys in a computer memory including receiving a request to store a first key to a first key repository, storing the first key to a second key repository in response to the request, and storing the first key from the second key repository to the first key repository within said computer memory based on a predetermined periodicity. | 08-23-2012 |
20120219152 | KEY INFORMATION MANAGEMENT SYSTEM, RECORD REPRODUCTION APPARATUS, AND KEY INFORMATION MANAGEMENT APPARATUS - A key information management system includes one or more record reproduction apparatuses and a key information management server. Each record reproduction apparatus has a substrate which can be replaced, and a nonvolatile storage unit which is mounted on the substrate and stores substrate identification information and key information of an encryption key. The key information management server includes a storage unit for storing the substrate identification information and the key information of the substrate in association with product identification information of the record reproduction apparatus, and the key information management server permits access to the storage unit through authentication. The record reproduction apparatus accesses the key information management server through the authentication after the substrate is replaced, and then rewrites substrate identification information and key information of the substrate after the replacement using the substrate identification information and key information of the substrate before replacement. | 08-30-2012 |
20120230492 | ENCRYPTION DEVICE - According to an embodiment, an encryption device includes a symmetric-key operation unit; a division unit; an exclusive OR operation unit; a multiplication unit that performs multiplication on a Galois field; and a control unit that controls the above units. When the input data is divided into blocks, with the predetermined length, and the first mode of operation is designated on a (j−1)-th block, the control unit performs control such that the multiplication unit performs multiplication with a predetermined value based on the (j−1)-th block, performs control such that the exclusive OR operation unit sums a multiplication result and data of a j-th block, and performs control such that the exclusive OR operation unit sums an operation result of the exclusive OR operation unit and an operation result of the multiplication unit on the (j−1)-th block. | 09-13-2012 |
20120237035 | KEY SCHEDULING DEVICE AND KEY SCHEDULING METHOD - According to one embodiment, in a key scheduling device, a non-linear transformation unit non-linearly transforms at least one of partial keys resulting from dividing an expanded key. A first linear transformation unit includes first and second circuits. The second circuit linearly transforms the partial key by directly using a transformation result from the non-linear transformation unit. A first storage stores the partial key linearly transformed by the first linear transformation unit. A second linear transformation unit linearly transforms, inversely to the first linear transformation unit, each of partial keys other than the partial key linearly transformed by the second circuit out of the partial keys stored in the first storage, and outputs inversely transformed partial keys. A second storage stores one of inputs to the second circuit. An outputting unit connects the respective inversely transformed partial keys and the input stored in the second storage to be output as a second key. | 09-20-2012 |
20120243687 | ENCRYPTION KEY FRAGMENT DISTRIBUTION - An encryption key may be fragmented into n encryption key fragments such that k09-27-2012 | |
20120243688 | METHOD AND SYSTEM FOR DELETING DATA - A computer system having at least first and second documents, a plurality of decryption keys, and a plurality of data segments stored therein is provided. Each of the plurality of data segments is decryptable by a selected one of the decryption keys. The decryption keys include a first set of decryption keys associated with the first document and not associated with the second document, a second set of decryption keys associated with the second document and not associated with the first document, and a third set of decryption keys associated with the first document and the second document. The first document is deleted, and in response, the first set of decryption keys is rendered unusable, and the second set of decryption keys and the third set of decryption keys are not rendered unusable. | 09-27-2012 |
20120250862 | METHOD AND APPARATUS OF SECURELY PROCESSING DATA FOR FILE BACKUP, DE-DUPLICATION, AND RESTORATION - Disclosed are an apparatus and method of de-duplicating at least one data file. One example method may include requesting a list of data rows stored in a database to be de-duplicated, receiving the list of the data rows based on a single filekey associated with the at least one data file, copying the at least one data file to a data storage memory, and deleting the data rows entries from a file registry of the database. | 10-04-2012 |
20120275600 | SECURE KEY CREATION - A system for creating a secure key is provided that includes a computer processor and an application configured to execute on the computer processor, the application implementing a method that includes creating a token and populating a key control information section of the token with a value to indicate a minimum number of key parts used to form a key. Creating the secure key also includes populating a payload section of the token with a first key part, binding the key control information section to the payload section, adding a second key part to the first key part and iterating the value and binding the key control information section to the payload section after the second key part has been added. Creating the secure key further includes indicating the key is complete, wherein the key comprises a combination of the first and second key parts. | 11-01-2012 |
20120281836 | SECURE KEY MANAGEMENT - A system for implementing secure key management is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method. The method includes populating a section of information associated with a key, the section being populated with information relating to how the key was created. The method also includes populating the section with information relating to how the key was acquired by a secure module; and binding the section to the key, wherein the key is encrypted. | 11-08-2012 |
20120281837 | SECURE KEY MANAGEMENT - A system for secure key management is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method. The method includes populating a section of information associated with a key, the section of information being populated with information relating to a level of protection of the key accumulated over time. Secure key management further includes securely binding the section of information to the key, wherein the key is encrypted. | 11-08-2012 |
20120281838 | KEY MANAGEMENT POLICIES FOR CRYPTOGRAPHIC KEYS - A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to management of the key material populating one or more key management fields that define attributes that limit distribution of the key material. | 11-08-2012 |
20120281839 | KEY USAGE POLICIES FOR CRYPTOGRAPHIC KEYS - A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to usage of the key material populating one or more key usage fields that define attributes that limit actions that may be performed with the key material. | 11-08-2012 |
20120308010 | Method and Apparatus for Processing Entitlement Control Message Packets - A method for processing Entitlement Control Message (ECM) packets is disclosed in the present invention. The method includes: a terminal receiving a broadcast code stream multiplexing frame and obtaining ECM packets from the received broadcast code stream multiplexing frame; and analyzing the ECM packet if the indicator of the ECM packet is judged to be inconsistent with the indicator of the locally stored ECM packet. An apparatus for processing ECM packets is also disclosed in the present invention, and the apparatus includes: a receiving module, an obtaining module, a judging module and an analyzing module. With the present invention, the efficiency of the terminal processing ECM packets is improved, and the limited resources of the terminal can be saved. | 12-06-2012 |
20120321084 | REVOCATION STATUS USING OTHER CREDENTIALS - Providing revocation status of at least one associated credential includes providing a primary credential that is at least initially independent of the associated credential, binding the at least one associated credential to the primary credential, and deeming the at least one associated credential to be revoked if the primary credential is revoked. Providing revocation status of at least one associated credential may also include deeming the at least one associated credential to be not revoked if the primary credential is not revoked. Binding may be independent of the contents of the credentials and may be independent of whether any of the credentials authenticate any other ones of the credentials. The at least one associated credential may be provided on an integrated circuit card (ICC). The ICC may be part of a mobile phone or a smart card. | 12-20-2012 |
20120321085 | Data Expansion Using an Approximate Method - A method for computation is described, the method including configuring a processor to expand input seed values into respective output data values using an approximated expansion process such that the output data values are not guaranteed to satisfy a required output data criterion, selecting a seed value so that an output data value generated by the processor by application of the approximated expansion process to the selected seed value will yield an output data value that satisfies the required output data criterion, and storing the selected seed value in a non-volatile memory to be accessed by the processor. Related apparatus and systems are also described. | 12-20-2012 |
20120328104 | INPUT CONTENT DATA MANAGING SYSTEM AND METHOD OF MANAGING INPUT CONTENT DATA - An input content data managing system, includes a first storing unit that stores encoded content data generated by encoding content data with a cryptographic key; a second storing unit that stores the cryptographic key with reference value data of the encoded content data capable of identifying sameness of the encoded content data in corresponded with each other; a matching unit that matches the encoded content data stored in the first storing unit and the cryptographic key stored in the second storing unit using reference value data of the encoded content data obtained from the encoded content data stored in the first storing unit and the reference value data of the encoded content data stored in the second storing unit as a matching key at a predetermined time to obtain the content data by decoding the encoded content data by the matched cryptographic key. | 12-27-2012 |
20120328105 | TECHNIQUES FOR ACHIEVING TENANT DATA CONFIDENTIALITY FROM CLOUD SERVICE PROVIDER ADMINISTRATORS - Techniques for achieving tenant data confidentiality in a cloud environment are presented. A daemon process within a Tenant Storage Machine (TSM) manages a key store for a particular tenant of a cloud storage environment having multiple other tenants. Just TSM storage processes are given access to the key store. Data is decrypted for the particular tenant when access is needed and data is encrypted using encryption keys of the key store when written in the cloud storage environment. | 12-27-2012 |
20130003976 | TECHNIQUES FOR ACCESSING FEATURES OF A HARDWARE ADAPTER - A technique for accessing features of a hardware adapter includes reading a first key from a hardware adapter and attempting to decrypt the first key with a second key. In response to the second key successfully decrypting the first key: encrypted code from the hardware adapter is read; the encrypted code is decrypted with the decrypted first key to generate unencrypted code; and a default code in an executable flash sector of the hardware adapter is over-written with the unencrypted code. In this case, the unencrypted code facilitates access to at least one feature of the hardware adapter that is customer specific. In response to the second key not successfully decrypting the first key, the default code in the executable flash sector of the hardware adapter is not over-written. In this case, the default code facilitates access to one or more features that are not customer specific. | 01-03-2013 |
20130010963 | MULTIPLICATIVE SPLITS TO PROTECT CIPHER KEYS - In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of rounds, the cipher is hardened against an attack by a protection process which obscures the round keys using the properties of group field automorphisms and applying masks to the states of the cipher, for encryption or decryption. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during its execution. This method and the associated computing apparatus are useful for protection against known attacks on “White Box” ciphers, by eliminating S-box operations, together with improved masking techniques and increasing the cipher's complexity against reverse engineering and key storage attacks. | 01-10-2013 |
20130010964 | System and Method for Multi-Carrier Network Operation - A system and method for configuring a component carrier is presented. A component carrier assignment message is received. The component carrier assignment message may be configured to identify the component carrier and include at least one of, at least one of a downlink carrier frequency, a carrier frequency of a paired uplink carrier, a bandwidth of the component carrier, and a bandwidth of the paired uplink carrier, an indication of whether the component carrier is a control channel monitoring component carrier configured to signal data channel assignment information for the component carrier, and a logical index of the component carrier. The component carrier assignment message may then be used to configure the component carrier on a user equipment (UE). | 01-10-2013 |
20130010965 | METHOD AND DEVICE FOR PROVIDING AT LEAST ONE SECURE CRYPTOGRAPHIC KEY - A device is configured for providing at least one secure cryptographic key for performing a cryptographic security function using a control device which requires a cryptographic key therefor. A configured key provided for the security function is selected from a first configuration memory and is tested using the read configured key whether a secure replacement key associated with the read configured key is memorised in a second configuration memory, said replacement key is provided for the control device for performing the security function instead of the configured key. | 01-10-2013 |
20130039494 | SECURE KEY MANAGEMENT - According to one embodiment, a method for implementing secure key management is provided. The method includes populating a section of information associated with a key, the section being populated with information relating to how the key was created. The method also includes populating the section with information relating to how the key was acquired by a secure module; and binding the section to the key, wherein the key is encrypted. | 02-14-2013 |
20130039495 | SECURE KEY MANAGEMENT - According to one embodiment, a method for implementing computer security is provided. The method includes creating a token and populating a payload section of the token with key material and selecting a wrapping method that specifies how the key material is securely bound to key control information, wherein a structure of the key control information in the token is independent of the wrapping method. The method also includes wrapping the key material and binding key control information to the key material in the token, wherein the key control information includes information relating to usage and management of the key material. | 02-14-2013 |
20130044878 | Extending credential type to group key management interoperability protocol (KMIP) clients - A key management protocol (such as KMIP) is extended to provide an extended credential type to pass information from clients to the server to enable the server to deduce pre-provisioned cryptographic materials for the individual clients. Preferably, KMIP client code communicates device information to a key management server in a value in the headers of KMIP requests that flow to the server. In this manner, KMIP requests are associated with pre-provisioned cryptographic materials for particular devices or device groups. | 02-21-2013 |
20130044879 | SECURE KEY MANAGEMENT - Secure key management includes populating a section of information associated with a key, the section of information being populated with information relating to a level of protection of the key accumulated over time. Secure key management further includes securely binding the section of information to the key, wherein the key is encrypted. | 02-21-2013 |
20130044880 | KEY MANAGEMENT POLICIES FOR CRYPTOGRAPHIC KEYS - A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method. The method includes creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to management of the key material populating one or more key management fields that define attributes that limit distribution of the key material. | 02-21-2013 |
20130058486 | METHOD OF PROTECTING A CONTROL VECTOR IN AN OPTIONAL BLOCK OF A STANDARD KEY BLOCK - A computer program product is provided and includes a tangible storage medium readable by a processing circuit and on which instructions are stored for execution by the processing circuit for performing a method. The method includes validating parameters passed to a parameter database, computing a length required for control vector CV data, preparing an optional block in accordance with a result of the computation, converting the CV to a format for a standardized key block while copying the converted CV into the optional block and updating optional block data in the standardized key block. | 03-07-2013 |
20130058487 | METHOD OF BUILDING OPTIONAL BLOCKS - A computer program product is provided and includes a tangible storage medium readable by a processing circuit and on which instructions are stored for execution by the processing circuit for performing a method. The method includes verifying conditions for iterative building of optional blocks in a standardized key block, parsing optional block data to validate the optional block data and to determine a length of the optional block data and a number of optional blocks contained in the optional block data, validating an optional block identification to be added, determining a storage location, inserting the optional block into the storage location, updating a value of the optional block data and returning the updated value of the optional block data. | 03-07-2013 |
20130077790 | ENCRYPTION PROCESSING APPARATUS - According to an embodiment, a first linear transformation unit performs a linear transformation from mask data to first mask data. A second linear transformation unit performs a linear transformation from mask data to second mask data. A first calculator calculates first data based upon data to be processed and the first mask data. A selecting unit selects the first data or the second mask data. A non-linear transformation unit performs a non-linear transformation on the selected first data or second mask data. A second calculator calculates second data based upon the first data after the non-linear transformation and the mask data. A third linear transformation unit performs a linear transformation on the second data. The second data after the linear transformation by the third linear transformation unit is retained as new data to be processed, and the second mask data after the non-linear transformation is retained as new mask data. | 03-28-2013 |
20130077791 | REVOCATION LIST GENERATION DEVICE, REVOCATION LIST GENERATION METHOD, AND CONTENT MANAGEMENT SYSTEM - Provided is a revocation list generation device that can suppress an increase in the amount of data of a revocation list. A revocation list generation device | 03-28-2013 |
20130108050 | NETWORK HAVING MULTICAST SECURITY AND METHOD THEREFORE | 05-02-2013 |
20130108051 | Code Diversity Method and System | 05-02-2013 |
20130129094 | ELECTRONIC EQUIPMENT, METHOD OF CONTROLLING ELECTRONIC EQUIPMENT AND CONTROL PROGRAM FOR ELECTRONIC EQUIPMENT - According to one embodiment, an electronic equipment includes: an instruction receiving module configured to communicate with an external equipment to receive a start-up inhibit instruction, an encryption key deletion instruction outputted from the external equipment, and an internal data deletion instruction to which an execution delay time is attached; and an instruction processing module configured to inhibit start-up of the electronic equipment to perform deletion process of the encryption key stored and to perform deletion process of the stored internal data when the start-up inhibit instruction, the encryption key deletion instruction, and the internal data deletion instruction to which the execution delay time is attached are received. | 05-23-2013 |
20130148809 | COMPUTING THE ETH ROOT OF A NUMBER USING A VARIANT OF THE RSA ALGORITHM (FOR EVEN E'S) | 06-13-2013 |
20130156194 | SECURE RECORDING AND SHARING SYSTEM OF VOICE MEMO - According to an aspect of an embodiment, a system for secure recording and sharing of audio data includes a communication interface, a registration module, a microphone, an encryption engine, and a storage device. The registration module is configured to register an attendee device associated with an attendee for a meeting. The microphone is configured to convert sound generated at the meeting to audio data representing the sound. The encryption engine is configured to encrypt the audio data. The storage device is configured to store and associate the encrypted audio data with the attendee device for subsequent access by the attendee. | 06-20-2013 |
20130156195 | METHOD OF OBTAINING A MAIN KEY FROM A MEMORY DEVICE, METHOD OF GENERATING AUTHENTICATION INFORMATION FOR A MEMORY DEVICE, AN EXTERNAL DEVICE AND SYSTEM ICLUDING THE EXTERNAL DEVICE - In one embodiment, the method includes obtaining, at the external device, an encrypted main key and an encrypted first decryption key from the memory device. The encrypted first decryption key is an encrypted version of a first decryption key. The encrypted main key is an encrypted version of the main key. The external device is unable to read the main key from the memory device. The method further includes decrypting, at the external device, the encrypted first decryption key using a second decryption key to obtain the first decryption key; and decrypting, at the external device, the encrypted main key of the memory device using the first decryption key to obtain the main key. | 06-20-2013 |
20130163763 | PC Secure Video Path - A system and method are disclosed for creating a secure video content path, or a protected media content bus, within an unsecure personal computer. A portable security module, or electronic key safe, may be inserted into a personal computer that has different internal components for processing secure and unsecured content. The security module may establish a secure encrypted link with a secure video processor of the personal computer, and may use the personal computer's network interface to request authority to receive secured content. The security module may provide content keys to the secure video processor to access secured content received over an external network. | 06-27-2013 |
20130170644 | Mechanism for Managing Authentication Device Lifecycles - An authentication device is used to authenticate a component to a product using a secret key. The life cycle of the authentication device is controlled by selective deletion of the secret key. An attestation message is sent by the authentication device upon deletion of the secret key. Authentication devices from faulty components or over supply of the authentication devices ma}′ be rendered inoperable and audited. | 07-04-2013 |
20130177156 | Encrypted Data Processing - A computer-implemented method of processing data by a first processor, the data being generated by a second processor. The method comprises receiving a data object encrypted with a first encryption key, the data object comprising the data to be processed and policy data indicating allowed processing for said data. said received data object is decrypted based upon said first encryption key and the data is processed only in accordance with the policy data. | 07-11-2013 |
20130177157 | ENCRYPTION KEY MANAGEMENT - An encryption key fragment is divided into a number of encryption key fragments. Requests to store different ones of the encryption key fragments are transmitted to different computer memory storage systems. An individual request to store an encryption key fragment includes one of the encryption key fragments and bears an access control hallmark for regulating access to the encryption key fragment. | 07-11-2013 |
20130182848 | SECURE GROUP MESSAGING - A method for securing at least one message transferred in a communication system from a first computing device to a second computing device in a peer-to-peer manner. At the first computing device, an identity based authenticated key exchange session is established with a third computing device operating as a peer authenticator. The identity based authenticated key exchange session has an identity based authenticated session key associated therewith. The first computing device obtains from the third computing device a random key component of the second computing device, wherein the random key component of the second computing device is encrypted by the third computing device using the identity based authenticated session key prior to sending the random key component of the second computing device to the first computing device. A peer-to-peer messaging key is computed at the first computing device using the random key component of the second computing device. | 07-18-2013 |
20130182849 | Contact management system and method - In an embodiment of a method of providing contact information, the method includes creating a contact record in a contact management system, where a process associated with a subject of the contact record and/or a recipient of data associated with the contact record is included in creating the contact record. A unique serial number is generated corresponding to the contact record and the serial number is conveyed to the recipient. A request by an application is received for the contact record from the contact management system corresponding to the serial number and data associated with the contact record is transmitted to the application. | 07-18-2013 |
20130208892 | COMPUTER SYSTEM AND COMPUTER SYSTEM CONTROL METHOD - When removing an HDD, in which a failure has occurred, after the execution of hot swap in a storage apparatus having a stored data encryption function, an encryption key assigned to that HDD is shredded and thereby data in the HDD is automatically crypto-shredded; and after a new HDD is installed, data in a spare disk regarding which copy back to the new HDD is completed is automatically crypto-shredded and key generation for the spare disk is requested to a security administrator in preparation for the next hot swap. Then, with the storage apparatus which imports and uses an encryption key generated by an external key management server for encryption/decoding of stored data, the encryption key for the spare disk is imported from the external key management server in advance and the encryption key is prevented from the use other than the intended use in preparation for a case where the encryption key may not be imported due to a communication failure with the external key management server at the time of the hot swap, thereby causing a shortage of encryption keys. | 08-15-2013 |
20130208893 | SHARING SECURE DATA - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for managing secure data are disclosed herein. | 08-15-2013 |
20130216044 | HOMOMORPHIC EVALUATION INCLUDING KEY SWITCHING, MODULUS SWITCHING, AND DYNAMIC NOISE MANAGEMENT - Homomorphic evaluations of functions are performed. The functions include operation(s). Variants of key switching and modulus switching are described and are performed prior to or after the operation(s). A key switching transformation converts a ciphertext with respect to a first secret key and a first modulus to a ciphertext with respect to a second secret key and a second modulus. A key switching transformation converts a first version of a ciphertext with respect to a first secret key and with some number r bits of precision to a second version of the selected ciphertext with respect to a second keys and with some other number r′ bits of precision. The ciphertexts may be operated on as polynomials represented using evaluation representation, which has benefits for multiplication and automorphism. Further, ciphertexts are associated with an estimate of noise, which is used to determine when to perform modulus switching on the ciphertexts. | 08-22-2013 |
20130223628 | STORAGE DEVICE AND MEMORY CONTROLLER THEREOF - A memory controller controlling a nonvolatile memory is provided. The memory controller includes an encryption key feeder configured to feed a cipher key according to a logical address transferred from a host; and an encryption engine configured to perform an encryption operation on data transferred from the host or a decryption operation on data transferred from the nonvolatile memory device, using the cipher key provided from the encryption key feeder. | 08-29-2013 |
20130236018 | DATA PROTECTION SYSTEM THAT PROTECTS DATA BY ENCRYPTING THE DATA - A data protection system includes terminals, and an encryption device that encrypts distribution data distributed to each terminal. Each terminal corresponds with one node on a lowest level of a tree structure having hierarchies. A data protection system excludes nodes on the lowest level, determines a plurality of combination patterns that include combinations of two or more of all four nodes that are reached one level below the node, decides an individual decryption key for each determined combination pattern, and decides an individual decryption key for each node on the lowest level. The data protection system prescribes nodes that are reached from the node on the lowest level and a terminal to the node on the highest level that is an invalid node. For invalid nodes, the data protection system designates an encryption key that corresponds to the decryption key determined in correspondence with the combination pattern that combines all nodes, excluding invalid nodes, and encrypts distribution data that uses each of the designated encryption keys. | 09-12-2013 |
20130243197 | MANAGING ENCRYPTION KEYS IN A COMPUTER SYSTEM - A method and apparatus is disclosed for managing encryption keys in a computer system in which in response to the change of a system key the old key and new key are both maintained for subsequent use. | 09-19-2013 |
20130251152 | KEY TRANSPORT PROTOCOL - The invention enables the transport of a key from a sender to a receiver. The sender comprises means for generating or obtaining a virtual key and securing the virtual key to protect its authenticity and confidentiality. The secured virtual key is provided to the receiver. The receiver comprises means to derive the virtual key from the secured virtual key. The sender and the receiver comprise means to provide the virtual key and a signature verification key associated with the sender as inputs to a cryptographic function to generate an output. The output includes at least one key. The at least one key may be in turn used as input to a cryptographic mechanism, providing a service to a security application. Examples of such services are encryption or decryption of content, or generating a response to a challenge. | 09-26-2013 |
20130259233 | COMMUNICATION APPARATUS AND KEY MANAGING METHOD - According to an embodiment, a communication apparatus includes a key storage unit configured to store therein a cryptographic key; a receiving unit configured to receive a message; an analyzing unit configured to analyze whether the message includes an access request for the cryptographic key; a generating unit configured to, when the message includes the access request, generate request information used to request an access to the cryptographic key requested by the access request; and an access controller configured to control the access to the cryptographic key based on the request information. | 10-03-2013 |
20130315394 | DATA ENCRYPTION METHOD, DATA VERIFICATION METHOD AND ELECTRONIC APPARATUS - A data encryption method, a data verification method and an electronic apparatus are provided. An encryption key is obtained from original data according to a random sequence so as to transform the original data into replace data by using the encryption key, and the replace data is encrypted to obtain a ciphertext. Accordingly, when verification data is received, if the verification data is not conform with the original data, the verification process will not be successful. | 11-28-2013 |
20130322631 | METHOD FOR PRODUCING TWO-DIMENSIONAL CODE AND READER FOR READING THE TWO-DIMENSIONAL CODE - A method of producing a two-dimensional code having a code area in which data codes coded as codewords are mapped. First type of data codes is mapped in the code area. The first type of data codes are coded as the codewords and indicating data to be disclosed. An end identification code is added to an end of a code string composed of the first type of data codes, the end identification code showing the end. Second type of data codes are mapped after the end identification code in the code area, the second type of data codes being coded as the codewords and indicating data to be kept in secret. Filler codes showing no data after the second type of data codes are mapped to fill up the code area, when a total amount of the codewords in the code area is less than a capacity of the code area. | 12-05-2013 |
20130343544 | System and Method for Managing Keys for Use in Encrypting and Decrypting Data in a Technology Stack - In a technology stack including members provided in communication, a system and method are provided for managing keys for use in encrypting and decrypting data. The system comprises a key manager configured to define a group of members and to create at least one encryption key associated with the defined group, and a communications manager configured to transmit the at least one encryption key associated with the group to members in the group. Data encrypted by a member in the group using the at least one encryption key received by the member from the communications manager is transmitted to another member in the group for decryption using the at least one encryption key received by the another member from the communications manager. | 12-26-2013 |
20140016781 | MOTOR VEHICLE CONTROL UNIT HAVING A CRYPTOGRAPHIC DEVICE - It should not be possible for control units for motor vehicles to be exchanged between individual motor vehicles by unauthorized persons. For a motor vehicle it should, therefore, be rendered possible for individual functionalities of a control unit to be unblocked only for a specific motor vehicle. For this purpose, a first cryptographic key and a second cryptographic key are stored in a control unit. A cryptographic device is designed to encrypt a first message initially by one of the cryptographic keys, subsequently to encrypt a result of the encryption by the other cryptographic key and, finally, to provide a result of the second encryption as third cryptographic key for an encryption and/or decryption of a further message. A method configures a control unit in a motor vehicle. | 01-16-2014 |
20140037093 | METHOD OF MANAGING KEY FOR SECURE STORAGE OF DATA AND APPARATUS THEREFOR - A method and apparatus for managing a key for secure storage of data. The apparatus includes a main controller configured to process a command, a cipher unit configured to encrypt a first key to form an encrypted key or encrypt data to form encrypted data based on a result of the main controller processing the command, and decrypt the encrypted key or the encrypted data based on the result of the main controller processing the command, a hash unit configured to hash the first key according to control of the main controller, a decrypted key memory configured to store the first key, and an encrypted key memory configured to store the encrypted key. | 02-06-2014 |
20140044265 | SECURE FEATURE AND KEY MANAGEMENT IN INTEGRATED CIRCUITS - A mechanism for providing secure feature and key management in integrated circuits is described. An example integrated circuit includes a secure memory to store a secret key, and a security manager core, coupled to the secure memory, to receive a digitally signed command, verify a signature associated with the command using the secret key, and configure operation of the integrated circuit using the command. | 02-13-2014 |
20140064489 | METHOD, SYSTEM AND DEVICE FOR ENCRYPTION KEY MATERIAL ERASURE - Method, system and device for generating a signal requesting the execution of deletion of encryption key material in a computer system where the method includes providing a key zeroize activation device ( | 03-06-2014 |
20140079221 | MANAGING ENCRYPTED DATA AND ENCRYPTION KEYS - A data module encrypts a first portion of a drive in a data center using a first encryption key. The data module encrypts the first encryption key using a second encryption key to obtain an encrypted encryption key. The data module stores the second encryption key in a first location and stores the encrypted encryption key in a second location that is separate from the first location and that is inaccessible from outside the data center. | 03-20-2014 |
20140093084 | Secure Escrow Service - A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key. | 04-03-2014 |
20140098958 | ELECTRONIC KEY REGISTRATION SYSTEM - An electronic key registration system includes an electronic key device having a key ID. A controller having a first piece of information is arranged in a communication subject. A registration tool having a second piece of information is configured to write the key ID to the controller. The controller compares, before electronic key registration, the first piece of information and the second piece of information. The controller permits electronic key registration when the comparison indicates that the first piece of information and the second piece of information conform to each other and prohibits the electronic key registration when the comparison indicates that the first piece of information and the second piece of information do not conform to each other. | 04-10-2014 |
20140098959 | ELECTRONIC KEY REGISTRATION SYSTEM - An electronic key registration system includes an electronic key device that stores a key ID and a first piece of information. A controller is arranged in a communication subject. A registration tool writes the key ID to the controller and stores a second piece of information. Encrypted communication between the communication subject and the electronic key device is enabled after the key ID and a corresponding encryption key are written to the controller. An information center, which communicates with the registration tool, receives and compares the first and second pieces of information. The registration tool is permitted to write the key ID when receiving a signal from the information center indicating that the first and second pieces of information conform to each other. | 04-10-2014 |
20140105400 | AUTOMATIC RECOVERY OF TPM KEYS - A trusted platform module (TPM) is a silicon chip that constitutes a secure encryption key-pair generator and key management device. A TPM provides a hardware-based root-of-trust contingent on the generation of the first key-pair that the device creates: the SRK (storage root key). Each SRK is unique, making each TPM unique, and an SRK is never exported from a TPM. Broadly contemplated herein is an arrangement for determining automatically whether a TPM has been replaced or cleared via loading a TPM blob into the TPM prior to the first time it is to be used (e.g. when a security-related software application runs). If the TPM blob loads successfully, then it can be concluded that the TPM is the same TPM that was used previously. If the TPM blob cannot be loaded, then corrective action will preferably take place automatically to configure the new TPM. | 04-17-2014 |
20140105401 | LEVEL-ONE ENCRYPTION ASSOCIATED WITH INDIVIDUAL PRIVACY AND PUBLIC SAFETY PROTECTION VIA DOUBLE ENCRYPTED LOCK BOX - A method substantially as shown and described the detailed description and/or drawings and/or elsewhere herein. A device substantially as shown and described the detailed description and/or drawings and/or elsewhere herein. | 04-17-2014 |
20140112477 | KEYSTORE MANAGEMENT SYSTEM - A keystore management system is provided that manages a keystore. The keystore management system creates a mapping of a plurality of keystore identity parameters to a plurality of keystore repository parameters. The keystore identity parameters identify the keystore. The keystore repository parameters identify a repository that stores the keystore. The keystore is a storage entity stored on the repository. The keystore management system further stores the mapping within a configuration file. The keystore management system further translates the keystore identity parameters into the keystore repository parameters based on the mapping stored within the configuration file. | 04-24-2014 |
20140140512 | REQUESTED AND ALLOWED CRYPTOGRAPHIC OPERATIONS COMPARISON - Embodiments herein relate to cryptographic operations. A process identifier (PID) identifying a process requesting a cryptographic operation is received. Next, at least one allowed cryptographic operation associated with the PID is determined. Then, the requested cryptographic operation is compared to the at least one allowed cryptographic operation, to determine if the requested cryptographic operation is allowable. | 05-22-2014 |
20140153725 | LOW-POWER ENCRYPTION APPARATUS AND METHOD - A low-power encryption apparatus and method are provided. The low-power encryption apparatus includes a mask value generation unit, a mask value application unit, a round key application unit, a mask operation unit, a shift operation unit, and a shift operation correction unit. The mask value generation unit generates a mask value M having the same bit length as input round function values. The mask value application unit generates first masking round function values by applying the mask value M. The round key application unit generates second masking round function values by applying round key values. The mask operation unit generates third masking round function values by performing a mask addition operation. The shill operation unit generates fourth masking round function values by performing a circular shift operation. The shift operation correction unit generates output round function values by performing an operation using the mask value M. | 06-05-2014 |
20140161259 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER READABLE STORAGE MEDIUM - An information processing apparatus includes an encrypting unit that encrypts a value to be kept secret with a predetermined cipher key. The information processing apparatus includes a converting unit that converts, when the value to be kept secret is an initial value written at the time of initialization of a storage device in which a value encrypted by the encrypting unit is stored, the value encrypted by the encrypting unit into a value which is reversibly convertible and is independent of the cipher key used by the encrypting unit. The information processing apparatus includes a storing unit that stores the value converted by the converting unit in the storage device. | 06-12-2014 |
20140177842 | Optimizing Use of Hardware Security Modules - Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device. | 06-26-2014 |
20140211942 | CRYPTOGRAPHIC KEY DERIVATION DEVICE AND METHOD THEREFOR - A data processing system includes a cryptographic processing module providing for cryptographic key generation. A method entails computing derived keys one time, during a first execution of a key generation process, such that they may subsequently be utilized for processing large quantities of data without being re-computed. The derived keys provide for the efficient cryptographic processing of data, including data frames. | 07-31-2014 |
20140233738 | Mechanism for Co-Ordinated Authentication Key Transition for IS-IS Protocol - An automated key transition method is executed by a node in a network. The network includes a set of nodes utilizing a current key identifier provided by a group key management server or provisioned manually. A key identifier specifies an authentication protocol and an authentication key for use in the authentication of intermediate-system to intermediate-system (IS-IS) protocol data units. The method includes receiving a message from the group key management server that includes a most recent key field to replace the current key identifier, advertising the most recent key identifier to all reachable nodes, verifying whether all reachable nodes have advertised the most recent key identifier, continuing authentication using the current key identifier until all reachable nodes have been verified to advertise the most recent key identifier, and switching authentication to use the most recent key identifier upon verification that all reachable nodes have advertised the most recent key identifier. | 08-21-2014 |
20140241527 | DEVICE AND AUTHENTICATION METHOD THEREFOR - According to one embodiment, an authentication method includes generating, by the memory, first authentication information by calculating secret identification information with a memory session key in one-way function operation, transmitting encrypted secret identification information, a family key block, and the first authentication information to a host, and generating, by the host, second authentication information by calculating the secret identification information generated by decrypting the encrypted secret identification information with the host session key in one-way function operation. The method further includes comparing, by the host, the first authentication information with the second authentication information. | 08-28-2014 |
20140301553 | CRYPTOGRAPHIC METHOD FOR PROTECTING A KEY HARDWARE REGISTER AGAINST FAULT ATTACKS - The present invention relates to cryptographic method that are resistant to fault injection attacks, to protect the confidentiality and the integrity of secret keys. For that, the invention describes a method to protect a key hardware register against fault attack, this register being inside an hardware block cipher BC embedded inside an electronic component, said component containing stored inside a memory area a cryptographic key K, characterized in that it comprises following steps: A.) loading the key Kram inside said register; B.) computing a value X such as K=BC(K,X); C.) after at least one sensitive operation, computing a value V such as V=BC(K,X); D.) matching the value V with the key Kram value stored in the memory area; E.) if the matching is not ok detecting that a fault occurs. | 10-09-2014 |
20140362994 | REVOCATION STATUS USING OTHER CREDENTIALS - Providing revocation status of at least one associated credential includes providing a primary credential that is at least initially independent of the associated credential, binding the at least one associated credential to the primary credential, and deeming the at least one associated credential to be revoked if the primary credential is revoked. Providing revocation status of at least one associated credential may also include deeming the at least one associated credential to be not revoked if the primary credential is not revoked. Binding may be independent of the contents of the credentials and may be independent of whether any of the credentials authenticate any other ones of the credentials. The at least one associated credential may be provided on an integrated circuit card (ICC). The ICC may be part of a mobile phone or a smart card. | 12-11-2014 |
20150043735 | RE-ENCRYPTED DATA VERIFICATION PROGRAM, RE-ENCRYPTION APPARATUS AND RE-ENCRYPTION SYSTEM - In a decryption apparatus according to an embodiment, a holding device pre-holds a verification formula. A determination device performs a calculation based on the verification formula read from the holding device by substituting, into the verification formula, the part of the re-encrypted data received from a re-encryption apparatus and the public key of a re-encryption key generation apparatus and the private key of the decryption apparatus, to determine whether or not the verification formula holds true. An output device outputs verification success when a result of the determination indicates that the verification formula holds true. | 02-12-2015 |
20150055780 | Event-driven, asset-centric key management in a smart grid - A security management system comprises a key management sub-system, an asset/workload management sub-system, and an event management sub-system. The event management sub-system detects events. The asset/workload management sub-system correlates events (irrespective of type) with the assets that generate them, and the key management sub-system uses the event-asset associations determined by the asset/workload management sub-system to automatically orchestrate the necessary key management activities (e.g., key creation, revocation, refresh, etc.) across the impacted components in the information technology and operational realms to ensure data security. In one use case, a security event detected by the event management sub-system triggers one or more actions within the asset/workload management sub-system. Service configuration records are identified from this scan, and assets defined in those records are identified. An event-asset association is then supplied to the key management sub-system, which uses this information to determine a key management operation. | 02-26-2015 |
20150086018 | CENTRALIZED KEY DISCOVERY AND MANAGEMENT - Example embodiments include centralized systems for managing cryptographic keys and trust relationships among systems. The centralized systems may create rich search criteria that can be used to search managed systems for key information. The search criteria may be coupled with a tag to assign key information that meets the search criteria and a state to indicate at least one action that may be taken with regard to the search criteria. Agents located on managed systems may receive the search criteria, tag and state, and may implement the search. Alternate embodiments may access file or other operations on managed systems directly from the centralized system. Embodiments may include a centralized key store, a centralized policy store and/or a centralized configuration store. Key objects within the key store may be organized into trust sets and policies may apply at any level within the key store. | 03-26-2015 |
20150110273 | POLYMORPHIC ENCRYPTION KEY MATRICES - Embodiments of the present invention relate to space-efficient key allocations in broadcast encryption systems. In one embodiment, a method of and computer program product for broadcast encryption is provided. In this embodiment, a key bundle is read. The key bundle includes a first cryptographic key, an associated first key identifier, and an associated first cryptographic function identifier. Encrypted content is received. A plurality of encrypted keys is received. Each encrypted key has an associated identifier. A first encrypted key is selected from the plurality of encrypted keys such that the key identifier of the first encrypted is equivalent to the first key identifier. A first cryptographic function is determined corresponding to the first cryptographic function identifier. The first cryptographic function is applied to the first encrypted key using the first cryptographic key to obtain a first intermediate cryptographic key. A content cryptographic key is determined using the first intermediate cryptographic key. The content cryptographic key is applied to the encrypted content to obtain decrypted content. | 04-23-2015 |
20150341170 | LOCATING CRYPTOGRAPHIC KEYS STORED IN A CACHE - Example embodiments provide various techniques for locating cryptographic keys stored in a cache. The cryptographic keys are temporarily stored in the cache until retrieved for use in a cryptographic operation. The cryptographic key may be located or found through reference to its cryptographic key identifier. In an example, a particular cryptographic key may be needed for a cryptographic operation. The cache is first searched to locate this cryptographic key. To locate the cryptographic key, the cryptographic key identifier that is associated with this cryptographic key is provided. In turn, the cryptographic key identifier may be used as an address into the cache. The address identifies a location of the cryptographic key within the cache. The cryptographic key may then be retrieved from the cache at the identified address and then used in the cryptographic operation. | 11-26-2015 |
20160028702 | SYSTEM AND METHOD FOR KEY MANAGEMENT FOR ISSUER SECURITY DOMAIN USING GLOBAL PLATFORM SPECIFICATIONS - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for key management for Issuer Security Domain (ISD) using GlobalPlatform Specifications. A client receives from a server an authorization to update a first ISD keyset. The client encrypts, via a client-side secure element, a second ISD keyset with a server public key. The client sends the encrypted second ISD keyset to the server for updating the first ISD keyset with the encrypted second ISD keyset. Prior to updating, the client generates the first ISD keyset at a vendor and sends the first ISD keyset to the client-side secure element and sends the first ISD keyset encrypted with the server public key to the server. The disclosed method allows for updating of an ISD keyset of which only the client-side secure element and a server have knowledge. | 01-28-2016 |
20160094346 | UNIFIED STORAGE AND MANAGEMENT OF CRYPTOGRAPHIC KEYS AND CERTIFICATES - Cryptographic resources, such as those including PGP keys and certificates, are transformed such that they are understood by certificate repositories, such as in a format understood by the Java tools of Java Keystore. The transformation of the cryptographic resources is completed such that the necessary metadata for retrieving the original cryptographic resources, or artifacts thereof, are retained. In that way, cryptographic resources are effectively hidden within the certificate repository until needed. The security program applies an algorithm to generate keys for JKS storage such that the keys “masquerade” in a JKS canonical format until the time in which the resources are needed to be in a PGP canonical format. | 03-31-2016 |
20160099714 | SYSTEMS AND METHODS FOR ENHANCING CONFIDENTIALITY VIA LOGIC GATE ENCRYPTION - Presented are systems and methods that allow hardware designers to protect valuable IP and information in the hardware domain in order to increase overall system security. In various embodiments of the invention this is accomplished by configuring logic gates of existing logic circuitry based on a key input. In certain embodiments, a logic function provides results that are dependent not only on input values but also on an encrypted logic key that determines connections for a given logic building block, such that the functionality of the logic function cannot be determined by reverse engineering. In some embodiments, the logic key is created by decrypting a piece of data using a secret decryption key. Advantages of automatic encryption include that existing circuitry need not be re-implemented or re-built, and that the systems and methods presented are backward compatible with standard manufacturing tools. | 04-07-2016 |
20160112193 | METHOD AND SYSTEM FOR BACKING UP PRIVATE KEY OF ELECTRONIC SIGNATURE TOKEN - Provided are a method and system for backing up a private key in an electronic signature token, the method comprising: a first electronic signature token and a second electronic signature token negotiate an encryption strategy and a corresponding decryption strategy to use for communication therebetween; the first electronic signature token utilizes the encryption strategy to encrypt a request data packet and transmits the encrypted request data packet; the second electronic signature token decrypts the encrypted request data packet; the second electronic signature token utilizes the encryption strategy to encrypt a response data packet and transmits the encrypted responses data packet; and the first electronic signature token utilizes the decryption strategy to decrypt the response data packet, and acquires a private key from the response data packet. | 04-21-2016 |
20160164675 | COUNTERING SERVER-BASED ATTACKS ON ENCRYPTED CONTENT - Embodiments of the present invention relate to providing encrypted content to authorized content consumers while providing robust traitor tracing. In some embodiments, at least one device key is read. A key block is read. A media key precursor is determined from the key block and the at least one device key. At least one encrypted block key is read. A block master key is determined from the media key precursor. A security program is executed to determine a decrypted block key from the media key precursor, the block master key, and the encrypted block key. The decrypted block key is provided for application to the encrypted content to obtain decrypted content. | 06-09-2016 |
20160173277 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM | 06-16-2016 |
20160380768 | DATA MANAGEMENT DEVICE, SYSTEM, RE-ENCRYPTION DEVICE, DATA SHARING DEVICE, AND STORAGE MEDIUM - A data management device according to an embodiment stores first encrypted data obtained by encrypting plain text data with a first public key of a first user device. The data management device stores a first re-encryption key for re-encrypting the first encrypted data without decrypting to obtain first re-encrypted data decryptable with a private key of a second user device. The data management device stores a conversion key generated from a first private key corresponding to the first public key and a second private key of the first user device. The data management device converts the first encrypted data into second encrypted data with the conversion key. The data management device The data management device converts the first re-encryption key into a second re-encryption key with the conversion key. | 12-29-2016 |