Entries |
Document | Title | Date |
20080209203 | Data encryption apparatus, data decryption apparatus, data encryption method, data decryption method, and data transfer controlling apparatus - A crypt processor is connected to a host computer and a storage apparatus. Data from the host computer is transferred to the crypt processor via DMA (Direct Memory Access) to be encrypted and then stored in the storage apparatus. The crypto processor acquires a descriptor defining a DMA number for identifying a DMA channel used to DMA-transfer the data. The crypto processor stores therein, based on the DMA number included in the acquired descriptor, the data transferred using the same DMA channel in units of a data size specified in a data bus. The crypto processor then encrypts the stored data in units of data size specified in a crypt system, and transfers the encrypted data to the storage apparatus. | 08-28-2008 |
20080229094 | METHOD OF TRANSMITTING CONTENTS BETWEEN DEVICES AND SYSTEM THEREOF - A method of transmitting content between devices and a system therefor are provided. The method of transmitting encrypted content in a state in which the encrypted content and license information is stored and in which an external device is connected, includes: transmitting the license information corresponding to the encrypted content to the external device; transmitting the encrypted content to the external device, when receiving a request for transmitting the encrypted content from the external device; and updating the license information. Accordingly, content can be rapidly and stably transmitted between the devices. Also, it is possible to improve the accuracy and the security in the procedure of updating the license information. | 09-18-2008 |
20080235507 | Encrypted Communication Method - A DNS Proxy unit (A | 09-25-2008 |
20080270785 | Security approach for transport equipment - An apparatus comprising encryption logic that provides security for fiber-based communications may be implemented in accordance with an embodiment of the present invention. A data super frame is created by the encryption logic to comprise two or more data frames. Each of the data frames contains a payload portion. The encryption logic may receive one or more data payloads that are associated with a client signal. Using a single set of security control parameters, the encryption logic encrypts and stores a different encrypted payload in a payload portion of a different frame of the data frames in the data super frame. Instead of storing the set of security control parameters in a single data frame, the encryption logic stores the set of security control parameters in different sets of unused bytes associated with at least two different frames of the data frames. | 10-30-2008 |
20080276083 | Method for Transmitting a Message Containing a Description of an Action to be Executed in a Receiver Equipment - The invention relates to a method for transmitting a message to a reception equipment by an operator, the message containing a description of an action to be executed in the said equipment at a time chosen by the operator. | 11-06-2008 |
20080282078 | GATEWAY DEVICE, CONTROLLING METHOD OF THE SAME, AND PROGRAM RECORD MEDIUM STORING CONTROLLING METHOD - A method of controlling a gateway device includes the steps of converting a plain text mail received from a client device to an encrypted mail; transmitting the encrypted mail to a mail transmission server; and notifying a transmission error to the client device when the transmission error occurs between the gateway device and the mail transmission server is provided. | 11-13-2008 |
20080282079 | System and method for ad-hoc processing of cryptographically-encoded data - The present disclosure provides a system and method for ad-hoc processing of cryptographically-encoded data. In one embodiment, a recipient receives a cryptographically-encoded email and proceeds to contact a processing server to decrypt said cryptographically-encoded email. The recipient may interact with the server either by copying-and-pasting the content of the cryptographically-encoded email to a web interface provided by the processing server or by forwarding it to the processing server using his existing email software. In the case of the forward, the processing server sends yet another email back to the recipient containing a URL to a web interface for continuing to interact with the processing server in order to decrypt the cryptographically-encoded email. Through its web interface, the processing server guides the recipient through the steps required to view a decrypted version of the cryptographically-encoded email. | 11-13-2008 |
20080282080 | Method and apparatus for adapting a communication network according to information provided by a trusted client - Hosts connecting to the network implement an adaptive networks client that monitors other applications on the host and provides information to an adaptive networks server to provide information about traffic being generated by the host. The client may also capture information about the user, host, access type, and other information of interest. The information provided by the adaptive network client may allow the network to adapt to the user, the device, the application, and the protocol being used. Users and applications can be authenticated and trusted. From a network standpoint, having a trusted client associated with the host allows the same benefits as deep packet inspection, regardless of whether the traffic is encrypted, and without requiring the network elements to actually perform deep packet inspection. The administrator may also centrally apply policy to control which applications are allowed to run on the hosts. | 11-13-2008 |
20080288770 | SYSTEM AND METHOD FOR A COMMERCIAL MULTIMEDIA RENTAL AND DISTRIBUTION SYSTEM - A system and method for securing intellectual property rights in distributed intellectual property. Rights are granted and policed in electronically distributed intellectual property. Use limitations are established by agreement by the content provider and the client. The use limitations are reflected in time-based, usage-based and player based component codes that are used to determine if the client is entitled to use the intellectual property. Intellectual property is protected from unauthorized use by encrypting the intellectual property with a key created from some or all of the component codes. As the component codes are known to both the client and the content provider, no key exchange is required. | 11-20-2008 |
20080288771 | SYSTEM AND METHOD FOR DEFINING PROGRAMMABLE PROCESSING STEPS APPLIED WHEN PROTECTING THE DATA - Systems and methods for protecting data being sent between a client and a server include the capability of defining programmable processing steps that are applied by the server when protecting the data and the same steps are applied by the client when unprotecting the data. The programmable processing steps can be defined uniquely for each client, and the programmable processing steps are selected from a number of functions using sequencing data that defines the processing steps. The programmable processing steps allow for each client to process encrypted data in a different manner and the programmable processing steps are defined by what is called a digital rights management (DRM) Sequencing Key, and as such the system and method introduces a key-able DRM whereby each DRM message can be processed in a unique (or pseudo unique) manner. | 11-20-2008 |
20080301429 | Dual Cryptographic Keying - A dual cryptographic keying system. In particular implementations, a method includes responsive to an initial session key negotiation, storing security association information for a tunnel in a security association memory; responsive to a session key renegotiation, storing security association information for the tunnel in a cache; decrypting received packets associated with the tunnel conditionally using the security association information in the cache or the security association information in the security association memory; and upon an expiration condition, overwriting the security association information, for the tunnel, in the security association memory with the security association information, for the tunnel, copied from the cache. | 12-04-2008 |
20080301430 | Interoperable Systems and Methods for Peer-to-Peer Service Orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs. | 12-04-2008 |
20080301431 | TEXT SECURITY METHOD - Disclosed herein is a text security method. The text security method encrypts both a font and a text constituting a text document in the same manner so that the encrypted text can be correctly viewed only when the encrypted font is provided. The text is encrypted by changing, in a regular manner, positions of intrinsic character images or intrinsic codes of the text within different code areas, and the font is encrypted by changing, in the same regular manner, positions of intrinsic character images or intrinsic codes of glyphs of the font corresponding to the text within different font areas. | 12-04-2008 |
20080301432 | Direct mail decoder product - A direct mail decoder device is provided having a mailable carrier, an integral information panel, and an integral decoder. The carrier has a first side and a second side, and contact specific data, such as name and address information, on one of the first and second sides. The information panel is located on one of the first and second sides of the carrier, and contains encrypted information. The decoder is provided to decode the encrypted information. | 12-04-2008 |
20080307217 | CONTENTS TRANSMITTING/RECEIVING APPARATUS AND METHOD - A contents transmitting apparatus includes an encryption algorithm storage section for storing a plurality of encryption algorithms; a key generation section for generating key information based on a mutual authentication result with a contents receiving apparatus; a control section for selecting one encryption algorithm from the encryption algorithm storage section and acquiring a key from the key information to provide it to an encryption section. The encryption section encrypts a content by use of a given encryption algorithm and a given key. During a period in which the generated key information is valid, a different encryption algorithm is selected from the encryption algorithm storage section every time a content to be transmitted is changed, and a different key is acquired from the key information for encryption. | 12-11-2008 |
20080320296 | METHODS AND SYSTEMS FOR SECURE REMOTE MOBILE PRINTING - Systems and methods for for secure, remote printing includes a mobile device (e.g., cell phone or PDA) establishing a secure communication connection with a mobile printer and a server, such a connection using one or more encryption protocols (e.g., SSL, TLS, etc.). The server encrypts the requested data and transmits it to the printer via the secure connection, whereon the printer decrypts and prints the data. The mobile device can, according to other aspects of the invention, logs operational performance characteristic of the printer, the server, and/or the communication connections therebetween. A media cartridge can be provided includes an enclosure having a substantially planar shape, wherein each of its length and width dimensions are greater than its height. An opening is disposed along a width-wise edge (e.g., a “front” of the enclosure), and one or more regions are also disposed on opposing length-wise edges (e.g., a “left side” and a “right side” of the enclosure). The regions permit a user to see and/or exert a force on sheet media (e.g., paper) contained within the enclosure. | 12-25-2008 |
20090006838 | Methods for Downloading a Digital Work Automatically Bound with Characteristics of a Portable Device - Disclosed is a method for downloading a digital work automatically bound with characteristics of a portable device, which refers to a technology of digital rights protection using an embodied system. The method achieves convenient and safe binding of digital works for a portable device. A storage space of the portable device stores digital contents and an executable program which is executed automatically after the portable device is connected to a network terminal. By this method, copyright-protected digital contents can be purchased or borrowed, and downloaded to the portable device. | 01-01-2009 |
20090006839 | Communication device, communication log transmitting method suitable for communication device, and communication system - A communication device collects encrypted packet data passing through the communication device. The communication device extracts parameters required to generate a decryption key used when the collected packet data is decrypted. The communication device notifies a key managing device of the extracted parameters. The communication device acquires the decryption key, generated by the key managing device using the parameters of which notification has been given, from the key managing device. The communication device decrypts the collected packet data using the acquired decryption key and analyzes the decrypted packet data. The communication device extracts profile information from the analyzed packet data. The communication device transmits the extracted profile information and network information related to a network through which the encrypted packet data passes to a communication log device as a communication log. | 01-01-2009 |
20090013172 | METHOD AND DEVICES FOR REPRODUCING ENCRYPTED CONTENT AND APPROVING REPRODUCTION - A reproduction method capable of immediately revoking a leaked device key by dividing the device key into a first partial key and a second partial key is provided. The reproduction method includes the operations of receiving encrypted content to be reproduced, requesting a token for decrypting the received content from an external device containing a first partial key of a device via a network, receiving the requested token from the external device, and decrypting the received token by using a second partial key contained in the device, thereby preventing content encrypted and distributed before revocation of an illegally copied device from being reproduced, and minimizing damage due to key leakage. | 01-08-2009 |
20090013173 | Portable cross platform database accessing method and system - A user manages a database or other application through a remote graphical user interface on a server device through a client device. A cross platform database translation module resides on the client device. The client device may also store cross platform authentication, configuration, and report generating modules for validating a user id and presenting database results in a desirable format. The modules on the client device request applications from a server device, may request validation from an authorization server, may configure embedded devices, and may query a database. The database may reside on a server, on the client device, or on another device. | 01-08-2009 |
20090019279 | USER APPARATUS AND PROGRAM - A user apparatus cannot acquire as many distribution keys K | 01-15-2009 |
20090044005 | Unauthorized communication detection method - According to an aspect of an embodiment, a method for controlling an apparatus for transferring data from a plurality of first devices to a second device via a network, the data being transferred by using a packet, the method comprises the steps of: extracting encryption information identifying method of encryption conveyed by a packet and destination information identifying destination of the packet transmitted from one of the first devices; counting the number of kinds of the destination information extracted from packets associated with the same encryption information, respectively; and determining an unauthorized communication when the number of kinds of the encryption information is less than a predetermined value. | 02-12-2009 |
20090063846 | SYSTEMS AND METHODS FOR PREVENTION OF PEER-TO-PEER FILE SHARING - A secure digital content delivery system includes a content provider and a content user. The content provider delivers encrypted content to the content user in response to delivery requests. The content provider generates encryption algorithms on the fly and encrypts the content prior to delivery, using a different encryption algorithm and key for each content delivery. The content user subsequently requests access permission from the content provider, to access the encrypted content. The content provider grants access by generating an executable decryption module on the fly and providing the executable decryption module to the content user. The content user decrypts the content and accesses it on the fly, using the executable decryption module. The accessed content is then re-encrypted using a different encryption algorithm and key, to preserve the integrity of the secure content delivery system. The content delivery system uses a programmably configurable protocol parsing engine to encrypt and decrypt content. | 03-05-2009 |
20090063847 | CONTENT PROTECTION METHOD AND APPARATUS - There is disclosed a content protection method and apparatus. The content protection method and apparatus further improves such related schemes by facilitating spatial as well as temporal management of content. This is achieved by storing encrypted content and a corresponding decryption key and destroying the decryption key when suitable. In order to further facilitate the content protection, the decryption key may be received periodically, which allows for a large number of people to connect to the network at different times. | 03-05-2009 |
20090063848 | METHOD AND SYSTEM FOR SENDING/RECEIVING DATA, CENTRAL APPARATUS, AND COMPUTER READABLE STORAGE MEDIUM THEREOF - A product data category for sale among product data to be stored in a memory unit of a wireless tag is sent from a first client to a web server. The web server sends the product data category to a second client. The second client sends purchase data for the product data category to the web server. The web server sends an encryption key to the first client. The first client encrypts the product data with the encryption key and writes the encrypted product data in the memory unit of the wireless tag via a reader/writer. The web server sends a decryption key to the second client. On receiving the decryption key, the second client reads the encrypted product data in the wireless tag via a reader/writer to decrypt the encrypted product data with the decryption key. | 03-05-2009 |
20090089574 | SYSTEM, METHOD AND PROGRAM FOR PROTECTING COMMUNICATION - A system, method and program product for transferring data between a first computer and a second computer. A first request to start a session is received. An encrypted hash value in the first request is decrypted and a hash value for the information in the first request is independently determined. The independently determined hash value is compared to the decrypted hash value, and if there is match, a session with the first computer is started. Subsequently, a second request is received and the encrypted hash value in the second request is decrypted. A hash value for the information in the second request is independently determined. The independently determined hash value is compared to the decrypted hash value, and if there is match, the second computer processes a request to at least partially download or upload a file. | 04-02-2009 |
20090113200 | STEGANOGRAPHIC TECHNIQUES FOR SECURELY DELIVERING ELECTRONIC DIGITAL RIGHTS MANAGEMENT CONTROL INFORMATION OVER INSECURE COMMUNICATION CHANNELS - Electronic steganographic techniques can be used to encode a rights management control signal onto an information signal carried over an insecure communications channel. Steganographic techniques ensure that the digital control information is substantially invisibly and substantially indelibly carried by the information signal. These techniques can provide end-to-end rights management protection of an information signal irrespective of transformations between analog and digital. An electronic appliance can recover the control information and use it for electronic rights management to provide compatibility with a Virtual Distribution Environment. In one example, the system encodes low data rate pointers within high bandwidth time periods of the content signal to improve overall control information read/seek times. | 04-30-2009 |
20090119502 | Apparatus and Method for Securing Data on a Portable Storage Device - A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided. | 05-07-2009 |
20090132802 | Encryption Data Integrity Check With Dual Parallel Encryption Engines - An encryption method encrypts a clear text twice using a first encryption engine to produce a first cipher text and a second encryption engine to produce a second cipher text. The method compares the first cipher text with the second cipher text, or compares a checksum of the first cipher text with a checksum of the second cipher text. If the comparison succeeds, the method transmits the data. In some embodiments, the method uses a first instance of an encryption key to produce the first cipher text and a second instance of the encryption key to produce the second cipher text. | 05-21-2009 |
20090132803 | Secure Delivery System - Aspects of the present invention provide systems and methods relating to storing and forwarding electronic files securely throughout the lifecycle of the file. One aspect of the invention relates to providing encrypted copies of electronic files that can only be unencrypted by the intended recipient. | 05-21-2009 |
20090132804 | SECURED LIVE SOFTWARE MIGRATION - A novel approach is introduced for secured live migration of a software component currently running on one hosting device to another hosting device. One or more pages of the software component are encrypted before migration of the software component, and are later decrypted after the migration is complete. The software component is kept operational during the encryption, migration, and decryption of the software component. The one or more pages to be encrypted and decrypted can be selected based on data sensitivity and/or other criteria. | 05-21-2009 |
20090132805 | Systems and methods for secure transaction management and electronic rights protection - The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.” | 05-21-2009 |
20090138697 | USER AGENT PROVIDING SECURE VoIP COMMUNICATION AND SECURE COMMUNICATION METHOD USING THE SAME - Disclosed are a user agent providing secure VoIP communication and a secure communication method using the same. A user agent of the invention has an additional module for providing a secure function as well as a module for providing general communication, thereby supporting the secure communication. In addition, as a secure communication method using the user agent, a signaling security mechanism negotiation method and a media encryption algorithm negotiation method are provided. Hence, it is possible to provide internet telephone users with a secure VoIP communication service. | 05-28-2009 |
20090138698 | METHOD OF SEARCHING ENCRYPTED DATA USING INNER PRODUCT OPERATION AND TERMINAL AND SERVER THEREFOR - The present invention relates to a method of searching data for a plurality of keywords when a user encrypts the data and stores the encrypted data in an unsecured server. The user transmits the inner product value of a search keyword set to a sever, and the server compares the received inner product value to an inner product value of a stored index set. When a document for which the two inner product values are matched with each other, the server returns the document. | 05-28-2009 |
20090138699 | SOFTWARE MODULE MANAGEMENT DEVICE AND PROGRAM - A cryptographic client device acquires a cryptographic key from a storage device son the basis of the accepted demand information, acquires a cryptographic evaluation description file from the storage device, acquires a cryptographic module corresponding to this cryptographic evaluation description file, executes a cryptographic process on the subject data to be performed the cryptographic process, and issues the encrypted subject data. | 05-28-2009 |
20090138700 | CRYPTOGRAPHIC MANAGEMENT APPARATUS, DECRYPTION MANAGEMENT APPARATUS AND PROGRAM - A cryptographic management apparatus includes a storage unit which stores cryptographic key information containing a cryptographic key and cryptographic process condition information containing the cryptographic key information, a cryptographic process information input unit which receives an input of the object information and cryptographic key search request information, a cryptographic key information acquisition unit which acquires the cryptographic key information from the storage unit based on the search request information, a cryptographic module evaluation description information acquisition unit which acquires evaluation description information of the cryptographic module corresponding to the cryptographic key information, a cryptographic process ID creation unit which attaches an identifier of the cryptographic process condition information to the object information based on the cryptographic key information and the cryptographic module corresponding to the evaluation description information, and an output which outputs the identifier and the result of the cryptographic process executed on the object information. | 05-28-2009 |
20090138701 | METHOD FOR RECORDING AND RESTORING A CIPHERED CONTENT BY A PROCESSING UNIT - A method of operating by a second processing unit a content recorded by a first processing unit, said first and second processing units having a specific key being managed by a central server. The processing units have access to a removable storage memory intended to record a content ciphered by a content key accompanied by a file associated to the content. The content key is produced by means of a cascaded deciphering starting from the specific key of the first unit of at least two constants provided by the central server and a variable. The content is restored by the second processing unit by means of a cascaded deciphering starting from the specific key of the second unit by using the constants and the variable stored in the file accompanying the content and a transcoding key calculated by the central server. | 05-28-2009 |
20090150663 | Method And System For Monitoring A Supply-Chain - A method of monitoring supply chain activity throughout a plurality of supply chain sites includes extracting, at each supply chain site, supply-related data to be monitored. The data is maintained in plural formats at the supply chain sites, and translated the data to a common format. The extracted data is then uploaded to and collected, from each supply chain site, to a data collection center or site. Upon a user request, a portion of the collected data is formatted, at the data collection site, into one of a plurality of views, responsive to criteria selected by the user, for presentation to the user, the portion of formatted data being dependent on access rights granted to the user's supply chain site. Finally, the formatted data view is published to the user's supply chain site. The data collection center comprises a data collector in which the uploaded data is stored, and a publisher for publishing data from the data collector upon request. Each supply chain site has a data storage device for maintaining its own supply-chain data, a data transfer engine (DTE), for transferring the supply-chain data to the data collection center, input means for allowing a user to query the data collector, and a display for displaying data published by the publisher in response to a query. The inbound data received from the multiple supply chain sites is monitored at the data collection site. If a problem condition is detected, such as a forecasted or present shortage or surplus, an alert is asserted, for example, by highlighting an Alert indicator, such as an Alert tab, on a user screen. Upon selection of the highlighted Alert indicator by a user, details of the detected problem condition are displayed. | 06-11-2009 |
20090172388 | PERSONAL GUARD - In some embodiments data input to an input device is encrypted before it is received by any software. Other embodiments are described and claimed. | 07-02-2009 |
20090172389 | SECURE CLIENT/SERVER TRANSACTIONS - In some embodiments a controller establishes a secured connection between a remote computer and a user input device and/or a user output device of a computer. Information is securely transmitted in both directions between the remote computer and the user input device and/or user output device in a manner such that a user of the user input device and/or the user output device securely interacts with the remote computer in a manner that cannot be maliciously interfered with by software running on the computer. Other embodiments are described and claimed. | 07-02-2009 |
20090198993 | METHOD FOR JOINING USER DOMAIN AND METHOD FOR EXCHANGING INFORMATION IN USER DOMAIN - A method for joining a user domain based on digital right management (DRM), a method for exchanging information between a user device and a domain enforcement agent, and a method for exchanging information between user devices belonging to the same user domain include sharing a domain session key between the user device and the domain enforcement agent or between the user devices belonging to the same user domain. Information is exchanged through a secure session set up between the user device and domain enforcement agent or between the user devices, and information exchange occurs through encryption/decryption using the domain session key. | 08-06-2009 |
20090198994 | UPDATED SECURITY SYSTEM - A method is provided for improving computer security. A computer executes instructions for protecting a processing component on itself. Software generates a second processing module attacher responsive to an execution of the processing component. The computer stores data indicative of at least one second processing module thereby to define a processing module library. The attacher is adapted to retrieve a second processing module from the processing module library and to attach the retrieved second processing module to the processing component. This enables a security restriction on data processed by the processing component. | 08-06-2009 |
20090210692 | Method for encoding data in a network used in process automation systems - In a method for encrypting data in a network of process automation technology, the data are encrypted in a control unit, which is connected with the network, in a separate, exchangeable software module. | 08-20-2009 |
20090210693 | METHOD OF DISTRIBUTING MULTIMEDIA CONTENT - The present invention relates to a system for distributing multimedia content to at least one client device over a network. Said system comprises: a slicer (SLI) for slicing the multimedia content into a set of slices; a coder (ALC) for coding a slice according to an asynchronous layer coding technique such that N coded symbols including K source symbols and N−K error symbols are generated; -a content server (SER) for storing and transmitting said coded slices upon request of the client device; a client device (CLD) comprising means for receiving said coded slices and a decoder (DEC) for decoding a coded slice as soon as K coded symbols of said slice have been received. | 08-20-2009 |
20090210694 | INFORMATION TRANSMISSION APPARATUS AND METHOD, INFORMATION RECEPTION APPARATUS AND METHOD, AND INFORMATION-PROVIDING SYSTEM - Described herein is an information transmission apparatus for encrypting and transmitting first data and second data, the information transmission apparatus including: encryption element for deriving a second key from a first key by using an irreversible function, encrypting the first data by using the first key to generate encrypted first data and encrypting the second data by using the second key to generate encrypted second data; and transmission element for transmitting the encrypted first data, the encrypted second data and the first key. | 08-20-2009 |
20090210695 | SYSTEM AND METHOD FOR SECURELY COMMUNICATING ELECTRONIC DOCUMENTS TO AN ASSOCIATED DOCUMENT PROCESSING DEVICE - The subject application is directed to securely communicating electronic documents to an associated document processing device. User identification data inclusive of a user credential is received from a user with a document processing request having one or more electronic documents. Page job language information is generated for output of the request by a document processing device. A seed value is received in accordance with the user credential and used to generate a random number. Each document is encrypted using the random number. The encrypted data and page language information are communicated to the document processing device and stored in association with user identification. Upon receipt of user login data a listing of requests is displayed. The seed value is retrieved from user credentials for generation of a random number. Selected electronic documents are decrypted via the random number and output in accordance with the associated page job language information. | 08-20-2009 |
20090217027 | Safe e-mail for everybody - Like wearing seatbelts. Like using condoms. Security measures only work if done correctly and done all the time, but we don't use security measures when burden weighs more heavily than risk. That's why e-mail is rarely encrypted. Too difficult. Too costly. Balanced against little perceived risk in sending e-mails in the clear. Our simple, yet secure, e-mail encryption system changes that. It's easy to use—anyone who can use e-mail can use our encryption system. Users pay no charge for basic service—it's free. We make money in other ways. Other e-mail encryption systems cost too much, are too complex, need special hardware, and are not compatible. Ours is safe, easy, and free, and viral adoption can make our system the global standard for sending secure e-mails. With the privacy people get from our invisible, easy-to-use system, e-mail will be safe for everybody. | 08-27-2009 |
20090217028 | METHOD OF ADDING A POSTSCRIPT MESSAGE TO AN EMAIL - A system and method providing for appending of a note or instruction to the contents of an email such that the note or instructions is only appended to emails of selected recipients of a group of recipients, with only the email going to the other recipients of the group of recipients is provided. | 08-27-2009 |
20090222655 | REMOTE ACCESS TO A MASS MEMORY AND A SECURITY MEMORY IN A PORTABLE COMMUNICATING OBJECT - The invention relates to a system for remotely accessing a mass storage unit and a security storage unit in a portable communicating object. According to the invention, a terminal, such as a mobile device, which is associated with a portable communicating object, such as a multimedia smart card, includes an agent for facilitating access from a server to a mass storage unit capable of storing multimedia data and a security storage unit in the portable communicating object via a communication network. The agent establishes a single communication channel between the remote server and the terminal and processes data transmitted from one of the two elements including the server and one of the storage units of the portable communicating object to the agent so that the agent can transmit the data to the other of the two elements. | 09-03-2009 |
20090249059 | PACKET ENCRYPTION METHOD, PACKET DECRYPTION METHOD AND DECRYPTION DEVICE - A packet encryption method for encrypting an IP packet communicated based on an internet protocol is provided. The packet encryption saves fragment information included in an IP header in an area other than the IP header, clears the fragment information included in the IP header, encrypts the IP packet in which the fragment information included in the IP header is cleared, and outputs the encrypted IP packet. | 10-01-2009 |
20090254743 | FLEXABLE AUDIO DATA TRANSMISSION METHOD FOR TRANSMITTING ENCRYPTED AUDIO DATA, AUDIO PROCESSING SYSTEM AND COMPUTER SYSTEM THEREOF - The present invention provides an audio data transmission method for transmitting encrypted audio data, an audio processing system and computer system thereof. The audio data transmission method includes providing an audio data, performing an encryption process upon the audio data according to an encryption standard and a format of the audio data, transmitting the encrypted audio data to an audio device according to a link standard, and utilizing the audio device to perform a decryption process upon the encrypted audio data. | 10-08-2009 |
20090254744 | SYSTEM AND METHOD FOR THE CONCEALMENT OF DEVICE INPUT PARAMETERS - A system and method for concealing input parameters that are being loaded into a device. In one embodiment, the system provides a transformed interface, in which a device into which the parameters are loaded contains a series of inverse transformation keys. The parameters to be concealed are transformed using a particular key, along with a transformed index value to indicate the particular key that must be used to inversely transform the parameter. | 10-08-2009 |
20090259838 | Hardware-Bonded Credential Manager Method and System - An internet data exchange authentication method that can provide much of the user authentication assurance and capability of dedicated computer security cryptographic hardware, without requiring that the user actually have such hardware. This method allows users with computerized devices to communicate securely with secure servers by creating customized challenge-response authentication objects (pockets) where both the challenge and the response is based partially on the hardware identity of the user's computerized device, and partially on a secret (such as a random number) known only by the secure server. The secure server receives the device's hardware identity, generates the secret, creates the pocket, encrypts the pocket, and sends the encrypted pocket back to the user's device. The secure server, or a third trusted credential server, then sends the decryption key for the encrypted pocket back to the user using a different, “out of band” communications modality, thus reducing the chances of interception. | 10-15-2009 |
20090265539 | Content Distribution system, Terminal, and Server - A terminal writes first encrypted data in which a communication key and an owner ID are encrypted by using a public key into a second recording medium, and this medium is mounted to a communication apparatus so that the first encrypted data are transmitted to a server. The server sends second encrypted data which it acquires by encrypting a content decryption key by using the communication key which the server acquires by decrypting the received first encrypted data by using a secret key to the communication apparatus, and causes the communication apparatus to record them into the second recording medium. The terminal decrypts a content stored in a first recording medium by using the content decryption key which it acquires by decrypting the second encrypted data read from the second recording medium by using the communication key. | 10-22-2009 |
20090265540 | HOME NETWORK CONTROLLING APPARATUS AND METHOD TO OBTAIN ENCRYPTED CONTROL INFORMATION - A network control apparatus and method is provided. The method includes operations of informing a server of capability information including an encryption/decryption method, wherein the server provides the network control apparatus with control information used to control a network device using a general-purpose control web application, transmitting to the server a control information requesting message that requests the control information, receiving from the server the control information which has been encrypted using the encryption/decryption method, decrypting the encrypted control information according to the encryption/decryption method, and transmitting a control command for controlling the network device according to the decrypted control information. | 10-22-2009 |
20090271611 | SYSTEM AND METHOD OF MANAGED CONTENT DISTRIBUTION - A system and method of managing content distribution is disclosed. The system and method comprise at least one first user interface for publishing content to one or more web servers, at least one application server for generating a set of instructions describing one or more parameters for downloading said content, and at least one second user interface for receiving said set of instructions from the application server and downloading said content, wherein the at least one second user interface uses said set of instructions to determine which of the one or more web servers the content should be downloaded from. | 10-29-2009 |
20090292913 | APPARATUS AND METHOD FOR COUNTER-BASED COMMUNICATIONS IN WIRELESS SENSOR NETWORKS AND OTHER NETWORKS - A method includes wirelessly receiving a message at a receiving node. The method also includes extracting a partial counter value from the message, where the partial counter value represents a subset of bits from a complete counter value of a transmitting node. The method further includes decrypting and authenticating the message based on the partial counter value. Decrypting and authenticating the message could include examining a bitmap to identify a bit value associated with the partial counter value, decrypting and authenticating the message if the identified bit value has a first value, and discarding the message if the identified bit value has a second value. Decrypting and authenticating the message could also include identifying at least one complete counter value at the receiving node based on the partial counter value and attempting to decrypt and authenticate the message using the at least one complete counter value. | 11-26-2009 |
20090300344 | Device and Method for Identifying a Certificate for Multiple Identifies of a User - A device and method associates a certificate with a first recipient identity. The method comprises receiving the first recipient identity of a user. The method comprises associating the first recipient identity of the user with a second recipient identity of the user. The second recipient identity is associated with a certificate so that subsequent transmissions of data to the first recipient identity encrypts the data according to specifications of the certificate. | 12-03-2009 |
20090313463 | DATA MATCHING USING DATA CLUSTERS - An aspect of the present invention provides a method for matching data records held by a plurality of data custodians that relate to a particular entity. One such method comprises the steps of receiving a plurality of clusters of data records from each of the plurality of data custodians ( | 12-17-2009 |
20090319769 | DISCRETE KEY GENERATION METHOD AND APPARATUS - A computer enabled secure method and apparatus for generating a cryptographic key, to be used in a subsequent cryptographic process, where the key is to be valid only for example during a specified time period. The method uses a polynomial function which is a function of an input variable such as time, and dynamically computes the key from the polynomial. This is useful for generating decryption keys used for distribution of encrypted content, where the decryption is to be allowed only during a specified time period. | 12-24-2009 |
20090319770 | METHOD, DEVICES AND COMPUTER PROGRAM PRODUCT FOR ENCODING AND DECODING MEDIA DATA - The invention relates to methods for encoding and decoding media data (MD, CMD). One of the methods comprises the following steps: A request is transmitted by a subscriber terminal ( | 12-24-2009 |
20090327690 | Methods and Systems for Facilitaing Secure Communication - A method of facilitating secure communication, the method comprising the steps of obtaining a cryptographic key, identifying at least one trusted computing device and sending the cryptographic key to the trusted computing device. | 12-31-2009 |
20090327691 | METHOD AND APPARATUS OF ENCRYPTING CONTENT DELIVERY - The invention relates to a method and apparatus for delivering a data stream to a plurality of clients in a network. The method involves receiving the data stream from a media server, where the data stream includes a plurality of data packets and a data stream identifier associated with at least one of the plurality of data packets, securing the data stream received from the media server by applying a filter to the data stream to obtain a filtered data packet from the plurality of data packets based on the data stream identifier, encrypting the filtered data packet using an encryption scheme to obtain a encrypted media content, and distributing the encrypted media content to at least one of the plurality of clients in the network. | 12-31-2009 |
20090327692 | METHOD AND DEVICE FOR DISTRIBUTING SECURE DIGITAL AUDIOVISUAL CONTENTS BY INTEROPERABLE SOLUTIONS - A method for distributing a nominal audiovisual stream to a recipient device including modifying, in the nominal audiovisual stream, at least one nominal coefficient among the nominal coefficients to generate a modified main stream; generating complementary information such that the nominal audio-visual stream may be implemented based from the complementary information and on the modified main stream, applying a plurality of methods for protecting the complementary information to generate multiple protected complementary information, each of the protected complementary information enabling the nominal stream of the main stream to be implemented upon application of an access method compatible with the protection method which has been used to protect it; and transmitting to the recipient device the modified main stream and the multiple protected complementary information. | 12-31-2009 |
20090327693 | NETWORK TASK OFFLOAD APPARATUS AND METHOD THEREOF - A network task offload apparatus includes an offload circuit and a buffer scheduler. The offload circuit performs corresponding network task processing on a plurality of packets in parallel according to an offload command. The buffer scheduler includes a buffer control unit and a plurality of buffer units. The plurality of buffer units are controlled by the buffer control unit and are scheduled to store the processed packets. | 12-31-2009 |
20090327694 | Methods and apparatus for providing integrity protection for management and control traffic of wireless communication networks - Embodiments of the present invention provide a method comprising transmitting, by a communication node, an information element (IE), the IE including a feature field indicating whether the communication node operates in accordance with an integrity protection protocol specifically for management frames, and the IE further including an enforcement field that advertises whether the integrity protection protocol for management and control frames is mandatory, and generating, by the communication node, a pairwise transient key (PTK), the PTK including a first plurality of keys and a pairwise integrity key (PIK), wherein the first plurality of keys are configured to protect an integrity of data frames transmitted by the communication node and the PIK is configured to protect an integrity of management frames transmitted by the communication node, wherein management frames are dedicated to management traffic and wherein the first plurality of keys and the PIK are different keys. Other embodiments may be described and claimed. | 12-31-2009 |
20100005287 | DATA SECURITY FOR DIGITAL DATA STORAGE - A computing system includes data encryption in the data path between a data source and data storage devices. The data storage devices may be local or they may be network resident. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer. In a LAN embodiment, public encryption keys may be automatically transferred to a network server for file encryption prior to file transfer to a client system. | 01-07-2010 |
20100011205 | SECURE DATA EXCHANGE TECHNIQUE - Techniques utilizing common encryption approaches for data from multiple parties enable those parties to discover information that is held in common by the parties without disclosing to any party information that is not held in common by the parties. Encrypted information for each party can be compared to determine which encrypted values match, and those encrypted values can be returned to any of the parties such that a party can determine which corresponding data the parties have in common, without having access to any other data of any other parties. | 01-14-2010 |
20100017593 | IDENTITY-BASED-ENCRYPTION SYSTEM - A system is provided that uses identity-based encryption (IBE) to allow a sender to securely convey information in a message to a recipient. A service name such as a universal resource locator based at least partly on the name of an organization may be associated with a local key server at the organization and a public key server external to the organization. Users at the organization may use the service name to access the local key server to obtain IBE public parameter information for performing message encryption and to obtain IBE private keys for message decryption. External to the organization, users may obtain IBE public parameter information and IBE private keys from the public key server using the same service name. The local key generator and the public key generator may maintain identical copies of the same IBE master secret. | 01-21-2010 |
20100017594 | TRANSMITTING METHOD AND TRANSMITTING DEVICE, RECEIVING METHOD AND RECEIVING DEVICE, AND TRANSFER METHOD AND TRANSFER SYSTEM - Data broadcast data, which is broadcast in data broadcasts, is constructed by disposing, for example, EMD (Electric Music Distribution) links required to acquire song data as actual broadcast data, which is broadcast in actual broadcasts by a transmitting device, the actual broadcast data is transmitted, and the data broadcast data wherein the EMD links for the song data in the actual broadcasts are disposed, is transmitted periodically during the transmission of the actual broadcast data. The actual broadcast data and the data broadcast data are received by a user terminal, and the EMD links disposed in the data broadcast data are stored whenever there is an input of an operation to attach a “bookmark”. Thus, audio data such as songs in programs broadcast can easily be acquired by radio. | 01-21-2010 |
20100023746 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, AND INFORMATION PROCESSING METHOD - This invention prevents confidential information included in information contents from leaking from an external apparatus when the external apparatus executes a layout process and print process of the information contents. An information processing system of this invention includes an information contents converter ( | 01-28-2010 |
20100023747 | Critical Security Parameter Generation and Exchange System and Method for Smart-Card Memory Modules - A storage device contains a smart-card device and a memory device, which is connected to a controller. The storage device may be used in the same manner as a conventional smart-card device, or it may be used to store a relatively large amount of data. The memory device may also be used to store data or instructions for use by the smart-card device. The controller includes a security engine that uses critical security parameters stored in, and received from, the smart-card device. The critical security parameters may be sent to the controller in a manner that protects them from being discovered. The critical security parameters may be encryption and/or decryption keys that may encrypt data written to the memory device and/or decrypt data read from the memory device, respectively. Data and instructions used by the smart-card device may therefore stored in the memory device in encrypted form. | 01-28-2010 |
20100023748 | SELF CHECKING ENCRYPTION AND DECRYPTION BASED ON STATISTICAL SAMPLING - The present invention is related to the checking of encryption. Embodiments of the present invention are based on the discovery that sufficiently high reliability may be established without checking every encryption block. Instead, embodiments of the present invention provide that data being encrypted may be sampled at certain rate (which may be constant or varying) and only the sampled data may be checked. In general, embodiments of the present inventions are applicable to a fast encryption circuit that may encrypt an entire stream of incoming data into a stream of encrypted data and one or more slower (or slow) encryption circuit and/or one or more slow decryption circuit that operate(s) only on selected samples of the incoming or encrypted data in order to check the encryption of the fast circuit. Thus, encryption can be verified without incurring the costs of exhaustively checking all encrypted data. | 01-28-2010 |
20100023749 | Harvesting Entropy from Trusted Cryptographic Sources - Extending entropy in a random number generation utility. Where a device has access to trusted sources of encrypted data, such as encrypted network traffic, such encrypted network traffic may be sampled and the bits fed into the entropy seeding routines of the random number generation utility. | 01-28-2010 |
20100023750 | System and Method for Controllably Concealing Data from Spying Application - A method for use in controllably concealing an input data that has been entered into a computer system via an input device, from being comprehended by a spying application during transportation of the input data across a communication link of the computer system, the method including the steps of: (i) encrypting the input data when the input data is being processed at a relatively low level within the computer system so as to form an encrypted input data; (ii) thereafter, transporting the encrypted input data across the communication link; (iii) thereafter, providing a device for decrypting the encrypted input data so as to obtain a decrypted input data; (iv) selectively providing access to the decrypted input data by at least one authorised software application operably connected to the computer system. | 01-28-2010 |
20100023751 | System and method for preventing web crawler access - Preventing web crawler access includes receiving a request for a webpage that includes web content that should be protected from a web crawler, encrypting the web content to be protected to generate encrypted content and responding to the request, including sending the encrypted content and a decryption instruction. The decryption instruction is configured to allow a web browser to decrypt the encrypted content. | 01-28-2010 |
20100031014 | INFORMATION CONCEALING DEVICE, METHOD, AND PROGRAM - An information concealing device comprises a mask means for prompting the user to specify a secret area in an input image, a secret area specifying means for generating image data describing the image of the specified area in the input image and describing an area other than the specified area in a single color, an encoding means for converting the image data, which describes the image of the specified area in the input image and describes an area other than the specified area in a single color, to image data describing a code, and an embedding means for generating the image data of an image describing the specified area in the input image in a single color and embedding the code into the image. | 02-04-2010 |
20100031015 | IP Network Communication Method Having Security Function, And Communication System - An IP network communication system which applies encryption with a reduced processing delay caused by a CPU load which is increased by the application of IPsec etc., and with reduced degradation of data transmission efficiency in a network, is provided. The IP network communication system having a security function includes an encryption processing part to encrypt a predetermined area range of one packet to be transmitted, and not to encrypt a residual area of the one packet; and a transmission part to transmit the packet encrypted by the encryption processing part through a tunnel for encryption. | 02-04-2010 |
20100037045 | METHOD AND APPARATUS FOR CREATING AN INSTANCE ID BASED ON A UNIQUE DEVICE IDENTIFIER - A method and apparatus for signaling between a device and network. The method comprises the step of generating, by a device, an Instance Identification (ID) that matches an Instance ID used by a network. The apparatus of the present invention includes a means of generating an ID that matches the Instance ID used by the network. | 02-11-2010 |
20100049964 | Method and Apparatus for Integrating Precise Time Protocol and Media Access Control Security in Network Elements - A system includes a medium access control (MAC) module and a precise time protocol (PTP) module. The MAC module is configured to generate an identifier for a PTP frame, generate an encrypted PTP frame by encrypting the PTP frame, and output the identifier. The PTP module is configured to receive the identifier, identify the encrypted PTP frame based on the identifier in response to the encrypted PTP frame being output from the MAC module, and time stamp the encrypted PTP frame prior to the encrypted PTP frame being transmitted. | 02-25-2010 |
20100058049 | SECURE DATA COMMUNICATION SYSTEM - The description relates to a system designed to protect data exchange involved with the use of cloud computing infrastructures by services and individuals. The system is designed so that a cloud resource and its middleware access points are protected in transferring data among themselves and end users using a system designed to spread the data and then reassemble the data. | 03-04-2010 |
20100058050 | DATA KEEPING METHOD, CLIENT APPARATUS, STORAGE DEVICE, AND PROGRAM - A storage device sends its storage-device-specific information A to a client apparatus. The client apparatus generates an encryption key P | 03-04-2010 |
20100064129 | Network adapter and communication device - A network adapter includes: a network connection unit which is connected to a network, transmitting and receiving packet data; a bus connection unit which is connected to a bus, transmitting and receiving data and control information to a host device; an encryption/decryption processing unit executing an encryption/decryption application which encrypts contents or decrypts the encrypted contents; and a control unit executing software including respective hierarchies of a socket interface, a protocol stack and a device driver, and wherein the encryption/decryption application performs communication with the network connection unit or the bus connection unit through the socket interface, and wherein the control unit controls transmission and reception of data and control information of the bus connection unit by using a network device driver as the device driver. | 03-11-2010 |
20100070753 | ENHANCED DISTRIBUTION OF DIGITAL CONTENT - The enhanced distribution of digital content, in which a digital content distribution process is dynamically modeled, the digital content distribution process is invoked, and a serviced digital copy is provided to a recipient. Invoking the digital content distribution process further includes ingesting digital content, further including storing a digital master of the digital content in a digital vault, and servicing the digital copy of the stored digital master based on a servicing request received from the recipient. | 03-18-2010 |
20100077201 | INFORMATION PROCESSING UNIT, TERMINAL UNIT, INFORMATION PROCESSING METHOD, KEY GENERATION METHOD AND PROGRAM - There is provided an information processing unit enabling reduction of the number of keys to be held by a terminal unit and the amount of calculations necessary for decryption of encrypted data. The information processing unit configures an entire binary tree made up of n-number of leaf nodes, a root node and a plurality of intermediate nodes different from the root node and the leaf nodes and divides the entire tree into a plurality of base subtrees including n | 03-25-2010 |
20100077202 | DIGITAL RIGHTS MANAGEMENT PROVISION APPARATUS, SYSTEM, AND METHOD - Provided is digital rights management (DRM) provision technology, and more particularly, are an apparatus, system, and method which can easily provide content using one or more DRM systems. A DRM provision apparatus includes a content download unit which downloads encrypted real content and dummy content from a download server and which manages the downloaded real content and dummy content; a license management unit which manages a license issued by a license server; and a processing unit which manages the downloaded real content and dummy content and the issued license. | 03-25-2010 |
20100082970 | Method and System for Ensuring Sequential Playback of Digital Media - Techniques for ensuring that media playback proceeds sequentially through media content of a digital media asset are disclosed. In one embodiment, distinct portions (e.g., segments) of a digital media asset can be separately encrypted such that on playback decoded data being output from at least one prior portion can be used to derive a cryptographic key that is used in decrypting a subsequent portion of the digital media asset. | 04-01-2010 |
20100095107 | METHOD AND APPARATUS FOR DEVICE DETECTION AND MULTI-MODE SECURITY IN A CONTROL NETWORK - A method and apparatus for device discovery and multi-mode security in a wired and/or wireless control network are described. A controlled device is configured with discovery-level instructions and application-level control instructions. The controlled device includes a user-configurable parameter for selecting between multiple security modes. In one or more security modes, the controlled device may ignore application-level messages until encrypted communications are established with a controller. In one mode, the encrypted communication is established with an encryption key exchange using a predetermined security key. In another mode, a specific key is manually entered into the controller by the user/administrator to facilitate the encryption key exchange. Additionally, for control applications where security is not important, an unencrypted security mode may be implemented. A driver ID provided by the controlled device facilitates loading of a preferred device driver by the controller. | 04-15-2010 |
20100095108 | DATA TRANSFER DEVICE AND DATA TRANSFER METHOD - A data transfer device and method include obtaining a compression ratio and a compression speed of data for each of a plurality of compression levels, obtaining a compression ratio of data for each of the compression levels, adding a predicted time required for the compression and a predicted time required for the transfer of the data for each of the compression levels to determine a compression level for which the added predicted time is shortest, compressing the data to be transferred at the determined compression level and transferring the compressed to a transfer destination. | 04-15-2010 |
20100100721 | METHOD AND SYSTEM OF SECURED DATA STORAGE AND RECOVERY - A method and a system of secured data storage and recovery are provided. First, a secured key and an encrypted user password of a storage device are obtained by using a controller of a storage device. Then, the secured key is encrypted by using the encrypted user password to generate a first private key, the encrypted user password is encrypted by using the secured key to generate a second private key, and data to be stored is encrypted by using the secured key. Finally, the encrypted data, the first private key, and the second private key are transmitted to a remote device for storage through a host. Thereby, the security of data storage is enhanced and data recovery mechanism is provided when the storage device is damaged or lost. | 04-22-2010 |
20100100722 | CONFIGURATION METHOD, SYSTEM AND DEVICE OF CRYPTOGRAPHICALLY GENERATED ADDRESS - A configuration method of a cryptographically generated address (CGA) is disclosed. The configuration method is used to enable a generated CGA to satisfy requirements of a network configuration, and includes the following steps. A Dynamic Host Configuration Protocol (DHCP) server receives a client configuration information sent from a client. The DHCP server generates a CGA according to the client configuration and the network configuration from the DHCP server. The DHCP server delivers the CGA to the client. The network configuration is made as a reference when the CGA is generated, which overcomes a disadvantage that the CGA generated by the client cannot satisfy the requirements of the network configuration in the prior art. Thus, the generation of CGA can be intervened at a network management level, and a management capability of the network is improved. | 04-22-2010 |
20100100723 | SERVICE APPLICATION PLATFORM AND METHOD FOR ACCESSING SERVICE APPLICATION PLATFORM - This invention provides a service application platform and a method for accessing a service application platform. The service application platform includes: a processing interface, adapted to send a service request to a service application client; the service application client, adapted to receive the service request sent from the processing interface, and to send the service request to a server; and the server, adapted to process the service request, and to provide a user with requested information. | 04-22-2010 |
20100106959 | Triple and quadruple churning security for 1G and 10G PON - A data encryption-decryption method for enhancing the confidentiality of data transmitted between two, first and second communication network entities including the steps of: at the first network entity, performing a quadruple-churning operation on a byte N to obtain an encrypted byte N, the quadruple-churning operation including: performing a first churning operation to obtain a first churned output; bit-wise XORing the first churned output with two values to obtain a first XOR result; bit-swapping the first XOR result; performing a second churning and XORing stages to obtain a second XOR result; performing a third churning and XORing stages to obtain a third XOR result; bit swapping the third XOR result; and performing a fourth churning operation on the third bit-swapped XOR result to obtain encrypted byte N; and transmitting the encrypted byte N to the second network entity. | 04-29-2010 |
20100106960 | CONTENT TRANSMITTING DEVICE, CONTENT RECEIVING DEVICE AND CONTENT TRANSMITTING METHOD - Before content transmission, the content transmitting device and the content receiving device mutually authenticate each other to verify that the other device respects copyright and rightfully handles content, and then content is encrypted by shared key data and transmitted. It is arranged that in an authentication process, a time from transmission of an authentication request or a time from transmission of an authentication response until arrival of receipt acknowledgement data is measured and only when a measured time is less than a fixed upper-limit value, content is transmitted. | 04-29-2010 |
20100115260 | UNIVERSAL SECURE TOKEN FOR OBFUSCATION AND TAMPER RESISTANCE - Program obfuscation is accomplished with tamper proof token including an embedded oracle. A public obfuscation function can be applied to any program/circuit to produce a new obfuscated program/circuit that makes calls to the corresponding oracle to facilitate program execution. A universal circuit representation can be employ with respect to obfuscation to hide circuit wiring and allow the whole circuit to be public. Furthermore, the token or embedded oracle can be universal and stateless to enable a single token to be employed with respect to many programs. | 05-06-2010 |
20100115261 | EXTENSIBLE SEAL MANAGEMENT FOR ENCRYPTED DATA - Embodiments of the present invention address deficiencies of the art in respect to seal list management in decrypting encrypted data and provide a method, system and computer program product for extensible seal management for encrypted data. In an embodiment of the invention, a method for extensible seal management for encrypted data can include identifying multiple different seal hints of different seal hint formats for different seals in a seal list associated with encrypted data and selecting from amongst the multiple different seal hints, seal hints of a recognizable seal hint format. The method also can include filtering the seals in the seal list according to the selected seal hints and attempting decryption of the filtered seals with a decryption key specified by the selected seal hints to decrypt one of the filtered seals in order to reveal a bulk key. Finally, the method can include decrypting the encrypted data with the bulk key. | 05-06-2010 |
20100115262 | Wireless Network System and Wireless Communicaton Method - A wireless network system includes a user device, a client and an access point. In the wireless network system, a wireless network mode of the client is started in an AdHoc mode in response to specific operation, a wireless network mode of the user device is switched to an AdHoc mode when it is detected that the wireless network mode of the client is started in the AdHoc mode. Then, infrastructure network information including a network name and an encryption key for setting the wireless network communication in the infrastructure mode is transmitted from the user device to the client, and the wireless network mode of the client is switched to the infrastructure mode on the basis of the infrastructure network information. | 05-06-2010 |
20100115263 | TRACKING ELECTRONIC CONTENT - A method of tracking electronic content includes producing a file of electronic content and executable instructions that collect notification information and attempt to transmit the notification information to an address when triggered by an event. The executable instructions deny access to the electronic content until the notification information is transmitted successfully. | 05-06-2010 |
20100125728 | METHOD OF IMPLEMENTING ONE WAY HASH FUNCTIONS AND APPARATUS THEREFOR - A cryptographic system for encrypting a data stream to be transported over a network by using a one way hash function constructed according to Merkle-Damgard construction includes a plurality of Davies-Mayer structure modules. A Davies-Mayer module modifies two variables A and B according to at least four words by no more than three Advanced Encryption Standard (AES) block cipher rounds. | 05-20-2010 |
20100138644 | SYSTEM AND METHOD FOR DYNAMIC DATA MINING AND DISTRIBUTION OF MARITIME DATA - A system for dynamically collecting and distributing maritime data includes a vessel configured to transmit at a predetermined time, or upon electronic inquiry, a signal representative of a current location of the vessel or an expected location of the vessel; a computer network including one or more databases, each of which includes one or more zone of concern data, wherein the zone of concern data corresponds to a zone of concern; and a service provider configured to receive the signal, retrieve the one or more zone of concern data from the computer network based upon the signal and transmit the one or more zone of concern data to the vessel. The zone of concern data, which may he continually changing, may be sent from the service provider to the vessel on a continuous basis with respect to the changing location and heading of the vessel. | 06-03-2010 |
20100138645 | METHOD FOR MOVING RIGHTS OBJECTS INTO OTHER DEVICE IN DIGITAL RIGHTS MANAGEMENT - A method, device and system for moving a rights object. The method includes receiving a first move request message including a reqID element indicating a first device ID and a nonce element indicating a random value generated by the first device; receiving a second move request message including a reqID element indicating a first device ID and a nonce element indicating a random value generated by the first device; comparing the reqID element and nonce element of the first move request message with the reqID element and nonce element of the second move request message; and determining whether or not a rights object is moved from the first device to a second device based upon the comparison. | 06-03-2010 |
20100138646 | EDGE OPTIMIZED TRANSRATING SYSTEM - A system and method for bandwidth management by controlling the bit rate of a signal stream in real time according to available link bandwidth. Applications include multiple-channel video data streams over a limited-bandwidth link such as a Digital Subscriber Line. A video signal is transrated at the head end to multiple streams having different bit rates, by a multirating device which sends the multiple streams over a network, along with metadata containing information about the data structure and parameters of the streams. At the network access edge, a demultirating device uses the metadata to select the stream with the highest video quality whose bit rate does not exceed the available bandwidth of the end-user's access link. This scheme provides multiple unicast signals to different end-users in place of a single multicast signal, supports multiple high-definition channels over a limited bandwidth link, and is compatible with standard encryption methods. | 06-03-2010 |
20100138647 | ENCRYPTION SCHEME FOR STREAMED MULTIMEDIA CONTENT PROTECTED BY RIGHTS MANAGEMENT SYSTEM - A stream of content has multiple sub-streams, where each sub-stream comprises a part of the content and is divisible into logical blocks bounded by intrinsic partitions. For each sub-stream, a specification of the logical blocks bounded by the intrinsic partitions is defined and the sub-stream is divided into the logical blocks bounded by the intrinsic partitions. Each divided logical block is encrypted and then divided into one or more portions to produce corresponding pieces of data, and each piece of data is placed into a data packet as a payload thereof. Each data packet is transmitted to a recipient thereof, and the recipient can retrieve the pieces of data from the payloads of the packets, reconstruct the encrypted logical blocks, and manipulate the sub-stream on a per-logical block basis without necessarily decrypting each encrypted logical block. | 06-03-2010 |
20100146258 | DATA TRANSMISSION SYSTEMS - A data tracking system comprises a hub ( | 06-10-2010 |
20100161956 | Method and Apparatus for Protected Code Execution on Clients - In one embodiment of the invention, a server may send encrypted material to a client. The client processor may decrypt and process the material, encrypt the results, and send the results back to the server. This sequence of events may occur while the execution or processing of the material is restricted to the client processor. Any material outside the client processor, such as material located in system memory, will be encrypted. | 06-24-2010 |
20100161957 | METHODS OF STORING AND RETRIEVING DATA IN/FROM EXTERNAL SERVER - Provided are methods of storing and searching for data in encrypted form. The method of storing data in encrypted form includes: encrypting desired data from among data stored in a database; dividing an entire region of the stored data into a plurality of bucket regions and allocating an index to each of the bucket regions; identifying order information in a bucket region to which the encrypted data belongs; and storing the encrypted data, index information of the bucket region to which the encrypted data belongs, and the identified order information in an external server. When a database containing important data of at least one user is stored in an external server using the above storing method, the security and efficiency of the database can be increased. | 06-24-2010 |
20100169637 | PALETTE FOR REAL-TIME DISPLAY OF PREVIOUSLY ACCESSED DOCUMENTS - Palette for real-time display of previously accessed documents. At some of the illustrative embodiments are methods comprising rendering on a display a palette proximate to a window of a Web-Browser, the rendering by executing a software application by a processor, enabling a first mode of the palette, obtaining information pertaining to each of a series of Webpages previously accessed by the Web-Browser; and displaying within the palette at least some of the information pertaining to the Webpages and a reduced resolution image of one of the Webpages previously accessed. | 07-01-2010 |
20100174897 | ENCRYPTION METHOD FOR HIGHEST SECURITY APPLICATIONS - A method for encrypting a message M of I | 07-08-2010 |
20100174898 | Communication between Call Controllers by Amending Call Processing Messages - Call Control entities in a network communicate between themselves by amending call processing messages to include encrypted network information. As such, a call may be established whose path through the network is dependent on the paths of other calls. Information of a scope larger than a Call Controller normally possesses can, as a result of this communication, be made available to Call Controllers for constraining call establishment. This information could relate to other calls and connections associated with those other calls. The information may also relate to gateways in and to adjacent networks and the Call Controllers in the adjacent networks that are related to the current Call Controller. | 07-08-2010 |
20100180111 | METHOD OF ESTABLISHING FAST SECURITY ASSOCIATION FOR HANDOVER BETWEEN HETEROGENEOUS RADIO ACCESS NETWORKS - A method of establishing security association between heterogeneous networks is disclosed. The method comprises a first step of receiving information of heterogeneous networks near a mobile station; a second step of transmitting a request message requesting authentication related information transfer to a target heterogeneous network where the mobile station intends to perform handover, among the heterogeneous networks near the mobile station; and a third step of receiving authentication related information and key related information of the target heterogeneous network. At this time, the first step, the second step, and the third step are preferable performed before handover is performed between heterogeneous networks. | 07-15-2010 |
20100180112 | Secure Node Admission in a Communication Network - A system and method for key determination in a communication network having a network control node and a plurality of associated network nodes. According to various embodiments of the disclosed method and apparatus, an entry node sends to the network control node a submission requesting a salt; the entry node receives the salt from the network control node, wherein the salt is a random number generated by the network control node; the entry node combines the salt with its network password to calculate a network admission key; and the entry node submits an admission request to the network controller requesting admission to the network, wherein the admission request is encrypted by the entry node using the admission key. | 07-15-2010 |
20100185847 | Database outsourcing with access privacy - This invention introduces a new paradigm for outsourcing the transaction processing backend of a multi-client database application to an untrusted service provider. Specifically, the invention enables untrusted service providers to support transaction serialization, backup and recovery for clients, with full data confidentiality and correctness. Moreover, providers learn nothing about transactions (except their size and timing), thus achieving read and write access pattern privacy. | 07-22-2010 |
20100191954 | METHOD AND APPARATUS FOR TRANSMITTING MESSAGE IN HETEROGENEOUS FEDERATED ENVIRONMENT, AND METHOD AND APPARATUS FOR PROVIDING SERVICE USING THE MESSAGE - Provided are a method and apparatus for transmitting a message in a heterogeneous federated environment, and a method and apparatus for providing a service according to the message. In the method of transmitting a message to an external domain in the heterogeneous federated environment, a service server of a domain creates a transmission message to be transmitted to the external domain and supplies it to a protocol interpretation unit of the domain. The protocol interpretation unit detects protocol information of the external domain, interprets the created transmission message based on the detected protocol information, and supplies the interpreted transmission message to the service server. The service server then supplies the interpreted transmission message to the external domain. Accordingly, two service servers in different domains with different protocol information can exchange messages with each other while guaranteeing security. | 07-29-2010 |
20100191955 | SYSTEM AND METHOD FOR DISTRIBUTING DIGITAL CONTENT - A method for distributing digital content is disclosed. The method includes receiving, at an operator of a wireless communications network, a request for digital content from a first mobile device. The method further includes determining, at the operator, that a second mobile device has the digital content. The method further includes receiving the digital content from the second mobile device at the operator of the wireless communications network and sending a message including a pointer related to the digital content to the first mobile device | 07-29-2010 |
20100199083 | ONBOARD ACCESS CONTROL SYSTEM FOR COMMUNICATION FROM THE OPEN DOMAIN TO THE AVIONICS DOMAIN - An onboard access control system to an information system onboard an aircraft, for communication from the open domain to the avionics domain, the open end avionics domains being connected to each other through a single-directional link from the avionics domain to the open domain. The system includes: a security device including: access switches controlling access to the avionics and open domains, a controller, a module for acquisition putting data into buffer memory and transmission to the avionics domain, a data control module, an acquisition module from the open domain and putting into buffer memory, and an operator's authentication mechanism. | 08-05-2010 |
20100199084 | SECURE CONTENT DISTRIBUTION SYSTEM - A secure system for online media content distribution is described, which system utilizes a proprietary, controlled environment media player. This player is specifically registered to a particular machine, directly downloads encrypted files from a media distributing server via a secure nugget browser, and retrieves secure decryption keys from a key distributing server via the registered player or the secure nugget browser. | 08-05-2010 |
20100211770 | METHOD AND APPARATUS FOR PROTECTING PRIVATE DATA ON A VEHICLE - Methods and apparatus are provided for protecting private data on a vehicle. The method comprises receiving a first signal generated by a user of the vehicle and, in response to the first signal, deleting predetermined data stored on the vehicle to prevent the private data from being accessed. | 08-19-2010 |
20100217969 | SYSTEM FOR, AND METHOD OF, PROVIDING THE TRANSMISSION, RECEIPT AND CONTENT OF AN E-MAIL MESSAGE TO A RECIPIENT - A server transmits a message and attachments from a sender to a recipient. A hash is provided of (a) the message, (b) an identification of the sender and (c) a hash of the attachments to form a data string. Instructions may be included for the recipient to send a hashed encryption of the string to a website at the server by registered electronic mail which provides options to obtain other electronic advantages. To authenticate the message, the recipient transmits the message, the attachments and the hashed encryption of the string to the server website. The server decrypts and detaches the hashed encryption of the string to provide a first string and hashes the message, the sender identification and the hashed attachments in the first string to form a second string. The server also detaches and hashes the attachments from the message received at the server website to form first hashed attachments and detaches the hashed attachments from the string to form second hashed attachments. When the first and second hashed attachments match and the first and second strings match, the server authenticates the message to the recipient. | 08-26-2010 |
20100217970 | ENCRYPTING OPERATING SYSTEM - A method of and system for encrypting and decrypting data on a computer system is disclosed. In one embodiment, the system comprises an encrypting operating system (EOS), which is a modified UNIX operating system. The EOS is configured to use a symmetric encryption algorithm and an encryption key to encrypt data transferred from physical memory to secondary devices, such as disks, swap devices, network file systems, network buffers, pseudo file systems, or any other structures external to the physical memory and on which can data can be stored. The EOS further uses the symmetric encryption algorithm and the encryption key to decrypt data transferred from the secondary devices back to physical memory. In other embodiments, the EOS adds an extra layer of security by also encrypting the directory structure used to locate the encrypted data. In a further embodiment a user or process is authenticated and its credentials checked before a file can be accessed, using a key management facility that controls access to one or more keys for encrypting and decrypting data. | 08-26-2010 |
20100223455 | Encrypted-traffic discrimination device and encrypted-traffic discrimination system - An encrypted-traffic discrimination device includes an input interface, a flow discrimination section, a data accumulation section, a selective data calculation section, a calculation result determination section, and an output interface. The flow discrimination section discriminates the input traffic into separate flows based on at least a transmission origin address and a transmission destination address. The data accumulation section accumulates characteristic amount data of the traffic for each of the separate flows. The selective data calculation section executes an evaluation computation utilizing specific data from the characteristic amount data. The calculation result determination section that, based on a calculated evaluation computation value, executes threshold value determination to determine whether or not the traffic is encrypted, and, if the traffic is determined to be encrypted, which encryption format the traffic is encrypted with. | 09-02-2010 |
20100228961 | HIERARCHICAL SECURE NETWORKS - Systems and methods for creating hierarchical network communications between trusted domains are described herein. An illustrative system includes a first, second, and third network. The first and second networks each include a plurality of routers, each router capable of establishing a secure data path with another router in the respective network. The third network includes a first router and a second router, each router capable of establishing a secure data path with the other router. The definition of each secure data path is provided by an external storage device that detachably couples to a router. The storage devices defining the secure data paths are unique to each router. The first and second networks communicate through the third network. | 09-09-2010 |
20100228962 | OFFLOADING CRYPTOGRAPHIC PROTECTION PROCESSING - Some embodiments are directed to processing packet data sent according to a security protocol between a first computer and a second computer via a forwarding device. The forwarding device performs a portion of the processing, and forwards the packet data to a third computer, connected to the forwarding device, for other processing. The third computer may support non-standard extensions to the security protocol, such as extensions used in authorizing and establishing a connection over the secure protocol. The packet data may be subject to policies, such as firewall policies or security policies, that may be detected by the third computer. The third computer sends the results of its processing, such as a cryptographic key, or a detected access control policy, to the forwarding device. | 09-09-2010 |
20100228963 | METHODS OF PLACING ADVERTISMENTS, INTERSTITIALS AND TOOLBARS IN A WEB BROWSER - The present invention provides methods and systems that can render INE content to a web browser. Various methods and approaches are disclosed that when implemented would enable an INE to place some of INE's contents in a web browser of a user. The INE content can be in the form of a tool bar or interstitial content. The invention can provide one or more of the following advantages: a) provide an opportunity for INE to conduct e-commerce, b) enable an INE to develop alternate revenue generation model, and c) enable an INE or it's related entities to participate in e-commerce and advertising. | 09-09-2010 |
20100241844 | METHOD, SYSTEM AND APPARATUS FOR PROVIDING STATEFUL INFORMATION REDACTION | 09-23-2010 |
20100241845 | METHOD AND SYSTEM FOR THE CONFIDENTIAL RECORDING, MANAGEMENT AND DISTRIBUTION OF MEETINGS BY MEANS OF MULTIPLE ELECTRONIC DEVICES WITH REMOTE STORAGE - A specific method is provided for recording, management and confidential distribution of meetings by means of multiple electronic devices, fitted with at least one microphone, mainly a mobile phone, an electronic agenda, or laptop. The method includes recording the meeting, sending this recorded data to the remote server, audio track synchronization, selecting optimum track sections to produce an optimum final track, store this ciphered, coded track in the database, and, finally, publish this track in a confidential manner. | 09-23-2010 |
20100250917 | DISTRIBUTION SYSTEM AND METHOD OF DISTRIBUTING CONTENT FILES - A distribution system including, for connection over a network a plurality of client upload devices, each client upload device storing one or more chunks of a content file, a client download device configured to download from the client upload devices chunks of the content file stored by the respective client upload devices and an incentive device configured to generate token data packets exchangeable for chunks of the content file. The client download device is configured to acquire a plurality of token data packets from the incentive device and to communicate with individual respective client upload devices and thereby download, in exchange for respective token data packets, stored chunks of the content file. Each client upload device is configured to communicate with the client download device and, thereby, upload to the client download device stored chunks of the content file in exchange for token data packets acquired by the client download device from the incentive device and is configured to transmit to the incentive device token data packets received from the client download device. | 09-30-2010 |
20100250918 | METHOD AND SYSTEM FOR IDENTIFYING AN APPLICATION TYPE OF ENCRYPTED TRAFFIC - The present relates to a method and a system for identifying an application type from encrypted traffic transported over an IP network. The method and system extract at least a portion of IP flow parameters from the encrypted traffic using at least one of specific target encryption types. Then, the method and system transmit the extracted IP flow parameters to a learning-based classification engine. The learning-based classification engine has been trained with unencrypted traffic. Then, the method and system infer at least one corresponding application type for the extracted IP flow parameters. | 09-30-2010 |
20100250919 | METHODS AND SYSTEMS FOR SECURE DISTRIBUTION OF SUBSCRIPTION-BASED GAME SOFTWARE - A method for secure communications. At least one encryption key can be generated based on a pass-phrase that associates a unique identifier of a client system with a customer. Customer data encrypted with the at least one encryption key can be received such that the customer data is uniquely associated with both the client system and with the customer. The client system cannot decrypt the customer data if the unique identifier of the client system is changed. The client system cannot decrypt the customer data if the customer is changed. | 09-30-2010 |
20100262821 | SECURE IDENTIFICATION SYSTEM - Methods and apparatus are described which provide secure interactive communication of text and image information between a central server computer and one or more client computers located at remote sites for the purpose of storing and retrieving files describing and identifying unique products, services, or individuals. Textual information and image data from one or more of the remote sites are stored separately at the location of the central server computer, with the image data being in compressed form, and with the textual information being included in a relational database with identifiers associated with any related image data. Means are provided at the central computer for management of all textural information and image data received to ensure that all information may be independently retrieved. Requests are entered from remote terminals specifying particular subject matter, and the system is capable of responding to multiple simultaneous requests. Textural information is recalled and downloaded for review, along with any subsequently requested image data, to be displayed at a remote site. Various modes of data and image formatting are also disclosed, including encryption techniques to fortify data integrity. The server computers may be interfaced with other computers to effect financial transactions, and images representing the subjects of transactions may be uploaded to the server computer to create temporary or permanent records of financial or legal transactions. A further feature of the system is the ability to associate an identification image with a plurality of accounts, transactions, or records. | 10-14-2010 |
20100275005 | Secure Data Storage System And Method - A system and method for the secure storage of data in a network. Data stored on a primary server connected to the network is initially encrypted. The IP address of the primary server is sent to a second server, via the network, and a communication is received from the second server indicating pending instructions. If the instructions indicate that theft of the primary server has occurred, then the data stored on the primary server is re-encrypted and the IP address of the primary server is sent to the second server. if attempted unauthorized access of the primary server is determined, and a predetermined number of consecutive unauthorized attempts to access the primary server are made, then the data stored on the primary server is erased. | 10-28-2010 |
20100275006 | RECEIVER AND RECEIVING METHOD - By deciding procedures for downloading content data and downloading key information, a safe service is provided for a content distributor and a method which can start playback before completion of the downloading of the content data is provided, thereby providing a technique easy for a user. A receiver has: an interface unit being adapted to download encoded content data and key information for decoding the content data from a communication line; a storage unit being adapted to store the downloaded content data and key information from the interface unit; and a control unit which decodes the content data outputted from the storage unit using the key information. The control unit downloads the key information after the content data is downloaded entirely. | 10-28-2010 |
20100275007 | Secure Transmission System and Method - A method is provided for transmitting information from a user to a first network entity over a communications network. The user enters information into a browser executed at a user terminal. The browser generates a first message comprising the information using a first communication protocol for despatch over the network via a network port, the first message including an identifier of the first network entity. A client executed at the user terminal receives the first message before the first message reaches the network port. The first message is wrapped in a second message of a second communication protocol used for transmitting messages between the client and a second network entity. The second message is transmitted to the second network entity over the communications network. The first message is unwrapped from the second message at the second network entity, the identifier of the first network entity translated to a network address of the first network entity and the first message is transmitted to the first network entity over the communications network. | 10-28-2010 |
20100281247 | SECURING BACKING STORAGE DATA PASSED THROUGH A NETWORK - Techniques described herein generally relate to methods, data processing devices and computer readable media to ensure that data stored in a remote backing storage device are in encrypted form before that data is transferred to another device or over a network. In some examples, the methods, data processing devices and computer readable media may be arranged to encrypt the data passed to the network when the data stored in the backing storage device is in unencrypted form. Also disclosed are methods, data processing devices and computer readable media that identify when the data stored in the backing storage device is in unencrypted form, including methods that may detect that the data may appear to be in encrypted form as a result of the data being compressed. | 11-04-2010 |
20100281248 | ASSESSMENT AND ANALYSIS OF SOFTWARE SECURITY FLAWS - Security assessment and vulnerability testing of software applications is performed based at least in part on application metadata in order to determine an appropriate assurance level and associated test plan that includes multiple types of analysis. Steps from each test are combined into a “custom” or “application-specific” workflow, and the results of each test may then be correlated with other results to identify potential vulnerabilities and/or faults. | 11-04-2010 |
20100287366 | DISTRIBUTED INFORMATION GENERATION APPARATUS, RECONSTRUCTION APPARATUS, RECONSTRUCTION RESULT VERIFICATION APPARATUS, AND SECRET INFORMATION DISTRIBUTION SYSTEM, METHOD, AND PROGRAM - A shared information creating device capable of detecting false alteration of shared information with high probability even if a traitor has shares the number of which is above a threshold and creating shared information whose data size is smaller than that of secret information. A recovering device, a recovery result verifying device, and a secret information sharing system, program, and method are also provided. The shared information creating device generates a polynomial F in which secret information s is embedded, outputs a shared secret information, generates a polynomial G in which the output of when a fixed value t is substituted in the polynomial F is embedded as secret information, and creates shared secret information. A recovering device receives k sets of shared secret information to generate a polynomial F′, and receives k sets of shared shared secret information to generate a polynomial G′. When the value embedded as secret information in the polynomial G′ is equal to the output of when the fixed value t is substituted in the polynomial F′, the embedded value is outputted. When they are not equal, information indicating falsification detection is outputted. | 11-11-2010 |
20100287367 | SYSTEM AND METHOD FOR DATA TRANSMISSION - A method for transmission data in a system is provided. The system includes a first device, plurality of second devices, and plurality of third devices, the method includes steps of encrypting the data with a first key and encrypting the first key with a second key at the first device, sending the encrypted data from the first device to the second device, decrypting the second key and encrypting the first key with a third key by the second device, sending the encrypted data from the second device to the third device, and decrypting the third key and the first key by the third device. | 11-11-2010 |
20100287368 | METHOD, APPARATUS AND SYSTEM FOR HOSTING INFORMATION EXCHANGE GROUPS ON A WIDE AREA NETWORK - A method and system for hosting information exchange groups on a wide area network is disclosed, using various tools for promoting topical organization and self-evolution of the information exchange groups, and of a system of information exchange groups. These tools include methods for providing user rating of posts within the exchange group, for rating and ranking users of the exchange group, for rating and ranking links to related information pages and especially to related exchange groups operating according to the methods of the invention, and for continuously updating rating and ranking information. Additionally, methods are provided for users to found exchange groups, to filter information in exchange groups according to specified user preferences, and to protect private information from inadvertent disclosure to other users of the exchange group. | 11-11-2010 |
20100293368 | Signaling System for Telecommunications - A pair of devices ( | 11-18-2010 |
20100299515 | TRACING COPIES OF AN IMPLEMENTATION | 11-25-2010 |
20100299516 | CONTENTS PROTECTION PROVIDING METHOD AND PROTECTED CONTENTS CONSUMING METHOD AND APPARATUS THEREOF - The contents protection providing method includes: creating an encrypted stream with encrypted data; creating a key stream including key information for decrypting the encrypted data; creating reference information for connecting the key information to the encrypted data corresponding to the key information; and transmitting the encrypted stream, key stream, and reference information to a terminal. | 11-25-2010 |
20100299517 | Network System with a Plurality of Networked Devices with Various Connection Protocols - Methods and devices for retrieving data from a variety of devices, such as biomedical devices, are disclosed. In an embodiment, a communications path is established between a device manager and a device configured to collect data from a patient. A device type associated with the device is detected. Based on the device type, connections settings required to exchange data between the device manager and the device are requested from a first server. A patient identifier is also obtained. The patient identifier is sent to a second server, which may be the same as the first server. Verification of the patient identifier is received at the device manager from the second server. Data is then received at the device manager from the device. Upon receipt, the data is either stored in a storage or the data is sent via an encrypted communication channel to a server for data format conversion. | 11-25-2010 |
20100306524 | SECURE STORAGE AND ACCELERATED TRANSMISSION OF INFORMATION OVER COMMUNICATION NETWORKS - A system and method for securely storing and transmitting digital information includes a computing device connected to at least one of a network device or a storage device or both. The system and method also includes a communication network connected to the at least one of a network device or the at least one of a storage device, or both. The system and method may include the computing device being configured to receive and receiving at least a portion of one or more first bit streams from an input device, being configured to parse and parsing the at least a portion of the one or more bit streams to form one or more first datasets, being configured to compress and compressing the one or more first datasets to form one or more second datasets, being configured to encrypt and cryptographically modifying the one or more second data sets to form one or more third datasets, being configured to assemble and assembling the one or more third datasets to form at least one second bit stream; and being configured to disperse and dispersing the at least one second bit stream into multiple portions in such a manner that any minimum number of the total number of dispersed portions contains a complete second bit stream, and being configured to output and outputting the total number of dispersed portions to one or more of local and remote data storage devices. | 12-02-2010 |
20100313009 | SYSTEM AND METHOD TO ENABLE TRACKING OF CONSUMER BEHAVIOR AND ACTIVITY - A method for collecting, processing and analyzing Internet and e-commerce data accessed by users of messaging devices such, for example, as mobile terminal users includes receiving network access data extracted from packetized traffic of a communication system. A portion of the extracted network access data is encrypted to anonymize the received network access data, obscuring information from which messaging device users' identities might otherwise be determined. The encrypted portion constitutes a unique, anonymized identifier that can be correlated to the messaging device user associated with the traffic. Network access data anonymized in this manner, once received, is processed for analysis. By referencing the identifier, anonymized network access data associated with any messaging device user is distinguishuable from anonymized network access data associated with all other messaging device user—allowing patterns of internet access activity of the users to be tracked and reported anonymously. By correlating the identifier to a socio-demographic profile, it is further possible to monitor a sample of users sufficiently large to represent an entire population sharing the same socio-demographic characteristic(s). | 12-09-2010 |
20100313010 | DIGITAL DATA RECORDING APPARATUS, DIGITAL DATA RECORDING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM - A data communication unit receives encrypted digital data via a network and records the digital data on a primary recording medium. The digital data, having been encrypted indifferent encryption methods according to the distributors, include attribute information indicating the encryption methods The encryption method of the digital data is determined and the encrypted data is decrypted by an appropriate decryption unit. Identification information of a secondary recording medium or a playback apparatus is obtained according to whether the secondary recording medium is removable from the playback apparatus. A controller selects an encryption unit among a plurality of encryption units according to the obtained identification information. The selected encryption unit creates an encryption key according to the identification information and re-encrypts the digital data. A recording unit records the digital data on the secondary recording medium. An accounting unit charges according to accounting information in the attribute information. | 12-09-2010 |
20100318782 | SECURE AND PRIVATE BACKUP STORAGE AND PROCESSING FOR TRUSTED COMPUTING AND DATA SERVICES - A digital escrow pattern is provided for backup data services including searchable encryption techniques for backup data, such as synthetic full backup data, stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, an operational synthetic full is maintained with encrypted data as a data service in a cryptographically secure manner that addresses integrity and privacy requirements for external or remote storage of potentially sensitive data. The storage techniques supported include backup, data protection, disaster recovery, and analytics on second copies of primary device data. Some examples of cost-effective cryptographic techniques that can be applied to facilitate establishing a high level of trust over security and privacy of backup data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof of Application, blind fingerprints, Proof of Retrievability, and others. | 12-16-2010 |
20100318783 | SERVICE ACTIVATION USING ALGORITHMICALLY DEFINED KEY - Systems and methods for service activation using algorithmically defined keys are disclosed. A consumer who has a relationship with a first party may wish to enroll in a service provided by a third party. The first party can maintain control of such enrollments through the use of algorithmically defined keys. The algorithmically defined keys also allow the third party service provider to verify data provided by the consumer as matching data stored by the first party. The verification provides for data synchronization without requiring the third party to have access to the first parties data systems. | 12-16-2010 |
20100325413 | DATA HIDING BASED MESSAGES AND ADVERTISEMENTS - A steganographic message/advertisement embedding method is presented that can be used for contextual and targeted advertising supporting unobtrusive and on-demand message/advertisement delivery. The present invention presents over two client devices, the method includes receiving, on a first client device, a primary multimedia presentation with a plurality of steganographic codes embedded therein; whereby the steganographic code is not perceivable during a rendering of the multimedia presentation and the steganographic code is associated with at least one secondary multimedia presentation. Next; the primary multimedia presentation is rendered on the first client device. The first client device receives a user selection to select at least one of the steganographic codes. In response to the user selection, a secondary multimedia presentation is presented to the user in response to receiving the user selection, wherein the second multimedia presentation is presented over a second client device which is distinct from the first client device. | 12-23-2010 |
20100325414 | Method and transmitting device for securely creating and sending an electronic message and method and receiving device for securely receiving and processing an electronic message - The subject matter relates to a method for securely creating and sending an electronic message, whereby the message is created using a first application running in a secure operating system, the created message is stored in a storage that can only be accessed by the secure operating system and a virtualizing unit. In a second application executed by the virtualizing unit, the internal storage is analyzed for the presence of a message and, if the message is present, the message is transmitted to a receiver. The subject matter also relates to a method for securely receiving and processing an electronic message, whereby an external storage is analyzed for the presence of a message using a second application and, if the message is present, the message is transmitted to the internal storage. The presence of the message is polled using the first application and, if the message is present, the message is transmitted from the internal storage to the first application for processing. The subject matter further relates to a transmitting device for carrying out the method for securely creating and sending the electronic message and a receiving device for carrying out the method for securely receiving and processing the electronic message. | 12-23-2010 |
20100325415 | Controlling Media Distribution - A method and apparatus for distributing time-controlled media. A media chunk is encrypted using cryptographic materials and sending the encrypted media chunk over a media channel. The cryptographic materials are distributed over a time-guaranteed control channel such that the cryptographic materials are received by a remote receiver node after the remote receiver receives the encrypted media chunk. The receiver node receives the encrypted media chunk over the media channel and stores the encrypted media chunk in a memory at the receiver node. The receiver node also receives the cryptographic materials over the time guaranteed channel, and uses the cryptographic materials to decrypt the encrypted media chunk. In this way, the receiver node cannot render the media chunk until it has received the cryptographic materials. | 12-23-2010 |
20100325416 | Method and Apparatus for Use in a Communications Network - A method is provided for use in a Mobile IP network in which it is determined whether a Mobile Node ( | 12-23-2010 |
20100325417 | RENDERING RIGHTS DELEGATION SYSTEM AND METHOD - Methods and systems for controlling the distribution of digital content are provided. A license holder acquires protected content and an original digital license to the protected content from a content provider system. The license holder in turn delegates all or part of the grants in that original license to other qualified devices or clients. The content remains in its original, protected or encrypted form while it is delivered from the license holder to the client along with a digital sublicense that the client receives from the original license holder, whereupon the content can then be rendered. The original digital license defines or governs the conditions under which such delegation occurs, and includes terms under which such delegation is permitted to continue in order to enforce the intent of the content provider. | 12-23-2010 |
20100332817 | CONTENT RECORDING SYSTEM, CONTENT RECORDING METHOD, CONTENT RECORDING DEVICE, AND CONTENT RECEVING DEVICE - Provided is a content receiving device, connected to a content recording device that records content data, including a receiving section that receives the content data, a recording folder specifying section that specifies a dedicated folder as a recording destination of the content data when a parental level is set on the content data and an normal folder as the recording destination of the content data when no parental level is set on the content data, and a transmitting section that transmits the content data so that the content data is recorded in a folder specified by the recording folder specifying section of a storage medium contained in the content recording device. | 12-30-2010 |
20100332818 | CLOUD STORAGE AND NETWORKING AGENTS, INCLUDING AGENTS FOR UTILIZING MULTIPLE, DIFFERENT CLOUD STORAGE SITES - Systems and methods are disclosed for performing data storage operations, including content-indexing, containerized deduplication, and policy-driven storage, within a cloud environment. The systems support a variety of clients and cloud storage sites that may connect to the system in a cloud environment that requires data transfer over wide area networks, such as the Internet, which may have appreciable latency and/or packet loss, using various network protocols, including HTTP and FTP. Methods are disclosed for content indexing data stored within a cloud environment to facilitate later searching, including collaborative searching. Methods are also disclosed for performing containerized deduplication to reduce the strain on a system namespace, effectuate cost savings, etc. Methods are disclosed for identifying suitable storage locations, including suitable cloud storage sites, for data files subject to a storage policy. Further, systems and methods for providing a cloud gateway and a scalable data object store within a cloud environment are disclosed, along with other features. | 12-30-2010 |
20100332819 | DIGITAL CONTENT ACCESS CONTROL - Control of access to at least one digital content is managed as a function of at least one access criterion. The digital content is transmitted to at least one terminal in the form a data stream. The access criterion is stored in the terminal as a function of an identifier. The terminal receives the data stream in association with a control message indicating the identifier. It then retrieves the stored access criterion as a function of the identifier received in the control message. Finally, it verifies whether the stored access criterion is satisfied in order, where appropriate, to authorize access to the content. | 12-30-2010 |
20100332820 | INFORMATION SECURITY DEVICE AND INFORMATION SECURITY SYSTEM - The present invention provides a migration apparatus that realizes safe migration of data between devise that use different encryption algorithms and different security authentication levels. The fourth electronic terminal device | 12-30-2010 |
20100332821 | Mobile IP Over VPN Communication Protocol - The present invention supports a communication protocol for transmission of information packets between a mobile node and a virtual private network. Information packets are encapsulated and decapsulated along the route as the information packet is forwarded among the various networks on its path to the destination address; either the mobile node on a foreign network or a correspondence node on a virtual private network. A home agent on the virtual private network supports transmitting the information packets, and the information packets are transmitted from the virtual private network from the home agent or a virtual private network gateway. | 12-30-2010 |
20110004750 | Hierarchical skipping method for optimizing data transfer through retrieval and identification of non-redundant components - A method for optimizing data transfer through retrieval and identification of non-redundant components. Efficiently packing each network transmission block using sequence search criteria. A hierarchical skipping method. Avoidance of sending undesired pieces. Segmentation of each file and object into a hierarchy of pieces in a plurality of types. | 01-06-2011 |
20110004751 | SYSTEMS AND METHODS FOR PROVIDING PRODUCT INFORMATION OVER A CARRIER WAVE - A customer relationship management (CRM) method using IBOC-radio signals is provided. A message in the radio signal is parsed to obtain a key. The key is compared to a plurality of stored keys. When the received key matches a stored key, a data structure associated with the message is outputted. A device comprising a lookup table with a plurality of stored keys, a tuner unit that receives a CRM in an IBOC signal, and a controller in electrical communication with the lookup table and tuner is provided. The controller comprises (i) instructions for comparing a key in the CRM to one or more stored keys in the plurality of stored keys and (ii) instructions for permitting the display of a display text associated with the received key when there is a match between the received key and a key in the plurality of stored keys. | 01-06-2011 |
20110010533 | System and Method for Component Trust Model in Peer-to-Peer Service Composition - A system is provided for composition trust binding in a peer-to-peer network environment. The system includes: a service requestor ( | 01-13-2011 |
20110010534 | SYSTEM AND METHOD OF SHARING WEB PAGE THAT REPRESENTS HEALTH INFORMATION - A method of displaying health information of a user, the method including: monitoring if a sharing request for a health information of a user is made by an external device, which provides a web page representing the health information of the user in the form of an image; downloading a captured image of the web page from the external device if the sharing request for the health information of the user is made; and displaying the downloaded captured image. | 01-13-2011 |
20110010535 | MULTI-MEDIA DIGITAL CARTRIDGE STORAGE AND PLAYBACK UNITS BACKGROUND OF THE INVENTION - A method and apparatus for playing back a digital media file. The invention comprises defining a plurality of predetermined media types based upon an advertising scheme associated therewith, and valuing each of the plurality of predetermined media types in accordance with the advertising scheme. Then, one of the plurality of media types is selected and played back, thus invoking the associated advertising scheme. | 01-13-2011 |
20110010536 | OPTIMIZING ENCRYPTED WIDE AREA NETWORK TRAFFIC - Optimization of encrypted traffic flowing over a WAN is provided by an arrangement in which WAN compression is distributed between endpoints (i.e., client machines or servers) in a subnet of a hub and branch network and a WAN compression server in the subnet. A client portion of the WAN compression running on each of one or more endpoints interfaces with a disposable local cache of data seen by endpoints in the subnet that is used for compressing and decompressing traffic using dictionary-based compression techniques. The local WAN compression server in a subnet stores a shared central database of all the WAN traffic in the subnet which is used to populate local disposable caches in the endpoints. | 01-13-2011 |
20110010537 | DATA RECORDING DEVICE, DATA RECORDING METHOD USING SAME, AND DATA RECORD CONTROLLING COMPUTER PROGRAM - A data recording device is provided to record and redistribute stream data such as TV programs without imposing loads proportional to the number of users. Stream data of a distributed program is collated by a recording range judging section | 01-13-2011 |
20110016305 | SYSTEM AND METHOD FOR TRANSFORMING INFORMATION - A method for transforming information, comprising the steps of encoding two or more original messages into a single encoded information and decoding the single encoded information using multiple different decoding schemes to recover the two or more original messages. | 01-20-2011 |
20110016306 | MEDICAL IMAGE DISPLAY SYSTEM AND MEDICAL IMAGE COMMUNICATION METHOD - A medical image display system according to an embodiment including a server that provides medical image display data and display/clinical applications and a terminal device that can access the server by way of a network, the system, configuring the medical image display data so that pieces of image display information of a plurality of types including medical image information and interface information for user operation are arranged in a multilayered manner; transmitting the pieces of image display information of a plurality of types to the terminal device from the server, assigning them to communication protocols of different types; synthetically combining and displaying the pieces of image display information of a plurality of types transmitted from the server with use of the terminal device; and generating operator information by utilizing the interface information for user operation displayed on the terminal device, and transmitting the operator information to the server by way of the network. | 01-20-2011 |
20110022834 | SYSTEMS AND METHODS FOR SHARED SECRET DATA GENERATION - Disclosed examples of secure communications involve generating, by a mobile communication network device, a shared secret data having a length of M units. A first operation on groups of one of N units of a randomly generated base shared secret data and one of a plurality of secret values thereby generates a plurality of first operation results. A second operation on a select plurality of the first operation results generates a plurality of second operation results. The randomly generated base shared secret data can have a length of N units, where N is less than M. The shared secret data is constructed from at least one of the first operation results and the plurality of second operation results. | 01-27-2011 |
20110029768 | METHOD FOR TRANSMITTING CONTENTS FOR CONTENTS MANAGEMENT TECHNOLOGY INTERWORKING, AND RECORDING MEDIUM FOR STORING PROGRAM THEREOF - A DRM technique interoperability system includes an exporter and an importer. The exporter cancels the DRM technique from the contents to which the DRM technique of a DRM device is applied to generate a contents stream, generates a plurality of packets from the contents stream, and transmits the packets to the importer. The importer receives a plurality of packets from the exporter, generates a contents stream from the plurality of packets, applies a DRM technique of a second DRM device to the contents stream, and provides it to the second DRM device. | 02-03-2011 |
20110035577 | ENHANCED DIGITAL RIGHT MANAGEMENT FRAMEWORK - Machine-readable media, methods, apparatus and system for enhanced digital right management framework are described. A server platform may receive a request of downloading content and first attestation information from a client platform. The server platform may examine if the client platform attests to a client platform characteristic that affects integrity of the client platform by using the attestation information, and then encrypt and download the content to the client platform if the client platform attests to the client platform characteristic. The server platform may further receive a request of viewing the content and second attestation information from the client platform. The server platform may then examine if the client platform attests to its integrity by using the second attestation information; and then send a content key to the client platform if the client platform attests to its integrity, so that the client platform can decrypt and view the content. | 02-10-2011 |
20110035578 | SECURE COMMUNICATION SYSTEM - A communications system ( | 02-10-2011 |
20110035579 | CONTENT DISTRIBUTION METHOD AND CONTENT DISTRIBUTION PACKAGE - A content distribution method distributes a package containing a content from a content distribution apparatus to a terminal of a content distribution destination and causes the terminal to expand and display the content contained in the distributed package by using expansion software provided in the terminal. Update data of the expansion software is inserted in the package in addition to the content. When the terminal cannot expand the content by using the expansion software provided in it, the terminal updates the expansion software provided in it by using the update data contained in the distributed package and expands the content by using the updated expansion software. | 02-10-2011 |
20110040963 | SECURE COMPUTING SYSTEM, SECURE COMPUTING METHOD, SECURE COMPUTING APPARATUS, AND PROGRAM THEREFOR - A third secure computing apparatus generates data Wb associated with each bit b of a segment t that satisfies a relation m | 02-17-2011 |
20110047370 | SYSTEMS AND METHODS FOR RE-COMMISSIONING A CONTROLLED DEVICE IN A HOME AREA NETWORK - Systems and methods for preparing and re-commissioning a controlled device in a home area network are described. A utility meter is communicated with. An authentication key and encryption data for communicating with the utility meter may be determined. The authentication key and encryption data are sent to a controlled device. A set of translation rules for a message are determined. The translation rules are sent to the controlled device. The controlled device establishes a secure communication link with the utility meter using the authentication key and the encryption data. The controlled device receives a request to change power usage from the utility meter over the secure communication link. The controlled device translates the request to change power usage into control instructions using the translation rules. | 02-24-2011 |
20110055545 | METHOD AND APPARATUS FOR ENCODING DECISION DIAGRAMS - An approach is provided for reducing decision diagram related communication traffic and cost by encoding decision diagrams. A hash identifier application constructs a reduced ordered binary decision diagram from a resource description framework graph, computes a hash identifier corresponding to the decision diagram, and stores the hash identifier with the decision diagram. | 03-03-2011 |
20110055546 | MOBILE DEVICE MANAGEMENT - A device management method, is disclosed in which available features on a slave mobile device are managed (monitored or controlled) by a slave manager module commanded by a master device through secure messages exchanged between the two devices using respective electronic messaging capabilities on the two devices. Selection of the features of the slave mobile device to be controlled or monitored is facilitated on the master device through a master manager module resident thereon. The features that are controlled or monitored may comprise any user-accessible feature incorporated or installed on the slave mobile device and user access to the feature may be prevented according to at least one criterion, such as: date of use, time of day of use, number of times of use, originator and recipient. User access to the feature may be prevented access to the user-accessible feature when usage limitations for the feature have been reached. | 03-03-2011 |
20110055547 | PERSONAL INFORMATION MANAGEMENT AND DELIVERY MECHANISM - Some general aspects relate to secured means for managing and delivering personal information, for example, in the context of electronic commerce. A request from a first entity to encrypt personal information includes a first specification of the personal information to be encrypted. An encrypted specification of the personal information is then generated according to an encoding strategy. The encrypted specification of the personal information is provided to the first entity for subsequent use by a personal information user. A second entity sends a request to decrypt the encrypting specification of the personal information. Upon determining that the second entity is an authorized personal information receiver, a decrypted specification of the personal information is formed according to a decoding strategy determined based on an analysis of the encrypted specification. This decrypted specification of the personal information is then provided to the second entity. | 03-03-2011 |
20110055548 | ONLINE DATA ENCRYPTION AND DECRYPTION - Systems and methods for providing encryption and decryption of data transmitted on a computer implemented network, preferably user authentication identifier data, such as a password, at the point of entry into the user's computer. The systems and methods enable an end user to mentally select a marker from one of the randomly arranged elements on a first portion of a graphical image. A second portion of the graphical image includes an arrangement of possible elements of any individual authentication identifier sequence, and is positioned adjacent to the first portion. The systems and methods prompt a user to enter each element of the identifier by moving the selected marker and the first portion as necessary to substantially align the selected marker with a chosen element of the authentication identifier appearing on the outer portion. According to one embodiment, the image portions are concentric wheels. According to another embodiment, the image portions are arranged in adjacent rows. | 03-03-2011 |
20110055549 | Method and System for Providing Trustworthiness of Communication - A method and system of providing trustworthiness of communication among a plurality of communication nodes is described. This comprises arranging each of said communication nodes to perform a trustworthiness judging operation on received data elements for judging a received packet to be trustworthy or not, grouping said plurality of communication nodes into a plurality of distinguishable clusters, each cluster comprising at least two of said communication nodes, implementing in each respective cluster an intro-cluster trust mechanism such that trustworthiness of data elements sent by any member node of said respective cluster is judgable within said respective cluster, arranging said clusters such that each of said clusters comprises one or more multi-cluster-member nodes that belong to at least two different of said clusters, and muting inter-cluster traffic through said multi-cluster-member nodes. | 03-03-2011 |
20110060901 | Cryptographic System for Performing Secure Iterative Matrix Inversions and Solving Systems of Linear Equations - Disclosed embodiments include a cryptographic system implemented in at least one digital computer with one or more processors or hardware such as FPGAs for performing iterative secure computations, analysis, and signal processing directly on encrypted data in untrusted environments. According to a basic embodiment, the proposed cryptographic system comprises: (a) at least one secure protocol for performing matrix multiplications in the encrypted domain, and (b) at least one secure iterative protocol for performing matrix inversions and solving systems of equations based on an iterative secure protocol substantially equivalent to a Newton secure protocol. According to a particular embodiment, the system comprises a plurality of privacy-preserving protocols for solving systems of linear equations (SLE) directly based on homomorphic computation and secret sharing. More specifically, according to a particular embodiment the system uses a secure iterative protocol whereby systems of linear equations and matrix inversions are solved securely and iteratively without imposing any restrictions on the matrix coefficients based on an iterative protocol substantially equivalent to a Newton secure protocol. | 03-10-2011 |
20110066841 | PLATFORM FOR POLICY-DRIVEN COMMUNICATION AND MANAGEMENT INFRASTRUCTURE - A policy-driven communication and management infrastructure may include components such as Agent, Server and Console, policy messages, and Relays to deliver security and system management to networked devices. An Agent resides on a Client, acting as a universal policy engine for delivering multiple management services. Relays, Clients additionally configured to each behave as though they were a root Server, Relaying information to and from other Clients, permit Clients to interact with the root Server through the Relay, enabling information exchange between Client and Server. Such information exchange allows Clients to gather information, such as new policy messages, from the Server, to pass status messages to the Server and to register their network address so that they can be readily located. Automatic Relay selection enables Clients and Relays to select their own parent Relays, thus allowing Clients and Relays to discover new routing paths through the network without administrator input. | 03-17-2011 |
20110066842 | SYSTEM AND METHOD FOR PLATFORM ACTIVATION - A platform discrimination indication register is stored in a wireless network card. This register holds a platform discrimination indication that indicates whether the wireless network card can be used to transfer data with notebook computers or whether the wireless network card is restricted to transferring data from a personal digital assistant or defined set of restricted devices. The platform discrimination indication can be upgraded using a key value obtained from an Internet site. This key value is limited to a specific wireless network card because of the use of a unique electronic I.D. An Internet site encrypts the electronic I.D. to produce the first key, such as a platform activation key (PAK). This first key is then decrypted at the personal data device in order to obtain a unique calculated I.D. value. If the calculated I.D. value matches the electronic I.D. value on the wireless network card, then the platform discrimination indication is altered (upgraded), allowing the operation of the wireless network card with notebook computers. | 03-17-2011 |
20110072258 | Modular Secure Data Transfer - A method and system that modularizes a message by separating the message definition data from the message data. The message definition data and message data are transmitted over a secure channel to a target computing device. The message definition data and message data are recombined to form the original message at the target computer using a process corresponding to the modularization process. A key is used to track the associated definitions and message data and determine the corresponding combination process. Separate transmission of the data definitions and message data provides an added level of security. If message data is intercepted and decrypted by a third party, then the data is not easily utilized, because the definition data is absent. Similarly, interception of the message definition is not useful without the message data. | 03-24-2011 |
20110072259 | VIRTUAL PAD - A system and method for communicating information over an insecure communications network include one or more computing devices that may access a first server via the communication network. In operation the first server displays an authentication Web page having a virtual pad with a plurality of characters that may be selected directly from a display of the computing device. | 03-24-2011 |
20110083009 | Methods and Apparatus for Persistent Control and Protection of Content - A novel method and apparatus for protection of streamed media content is disclosed. In one aspect, the apparatus includes control means for governance of content streams or content objects, decryption means for decrypting content streams or content objects under control of the control means, and feedback means for tracking actual use of content streams or content objects. The control means may operate in accordance with rules received as part of the streamed content, or through a side-band channel. The rules may specify allowed uses of the content, including whether or not the content can be copied or transferred, and whether and under what circumstances received content may be “checked out” of one device and used in a second device. The rules may also include or specify budgets, and a requirement that audit information be collected and/or transmitted to an external server. In a different aspect, the apparatus may include a media player designed to call plugins to assist in rendering content. A “trust plugin” is disclosed, along with a method of using the trust plugin so that a media player designed for use with unprotected content may render protected content without the necessity of requiring any changes to the media player. In one aspect, the streamed content may be in a number of different formats, including MPEG-4, MP3, and the RMFF format. | 04-07-2011 |
20110087876 | Dynamic Analytical Differentiator For Obfuscated Functions In Complex Models - Systems and methods are provided for providing secure transmission of software code, which includes a mathematical function, from a first computer to a second computer so that the mathematical function's content cannot be determined at the second computer. A method includes generating a secure container, where the secure container includes an encrypted representation of the mathematical function and metadata identifying the mathematical function encrypted in the secure container. The method further includes providing the secure container from the first computer to the second computer over a communication transmission medium, where the secure container is accessed at the second computer using the metadata to identify the mathematical function, and where the mathematical function contained within the secure container is decrypted and incorporated into program code in a compiled form so that the mathematical function can be used but the mathematical function's content cannot be determined at the second computer. | 04-14-2011 |
20110087877 | SYSTEM, DEVICE AND METHOD FOR SECURELY TRANSFERRING DATA ACROSS A NETWORK - A method, system, server device and computer program product for securely transferring data from one or more non-subscribers to a subscriber or subscriber-defined destination, via a network, are provided. Access is provided, to one or more non-subscriber, to a network location indicator (NLI) and a private data transfer conduit is established, accessible via the NLI and configured to accept data from the non-subscribers. Data received at the conduit is transformed into secured data and transferred to the subscriber or subscriber-defined destination. In some embodiments, access to the NLI may be provided by accepting a request from a subscriber and sending, upon receipt of the request, a notification to at least one non-subscriber. | 04-14-2011 |
20110093694 | Pattern Recognition Using Transition Table Templates - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for using transition table templates. In one aspect, a method includes receiving a transition table for a current state of a finite automaton and determining whether the transition table for the current state is similar to a transition table template in a set of transition table templates. The method further includes generating a condensed representation of the transition table if the transition table is similar to a transition table template and otherwise adding the transition table to the set of transition table templates. In another aspect, a method includes receiving an input element and determining whether a next state corresponding to the input element is in the difference region of a condensed transition table. The method further includes retrieving the next state from the difference region, or a transition table template, based on the determination. | 04-21-2011 |
20110093695 | SECURE OFFLINE RELOCATION OF PORTABLE SOFTWARE LICENSES - A method for the secure offline relocation of portable software licenses. The portable software license has an associated time limit. A license relocation record can be generated including the portable software license and limit information for the time limit for relocation to a second computing device operating in an offline state. The license relocation record is temporarily securely stored on a removable security device attached to a first computing device that is connected to a licensing network. The removable security device can be disconnected from the first computing device and subsequently connected to the second computing device. Provided the time limit is not exceeded, the portable software license can then be installed upon the second computing device. Upon successful installation of the portable software licenses, the license relocation record can be removed from the removable security device. | 04-21-2011 |
20110099363 | SECURE END-TO-END TRANSPORT THROUGH INTERMEDIARY NODES - A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key. | 04-28-2011 |
20110099364 | Method for accessing services by a user unit - The invention concerns a method for accessing services by a user unit, said services being a subset of all services broadcast by a management center and comprising at least two services, said subset of services defining a package, each service being simultaneously broadcast and containing audio/video data, the data of a service being encrypted by at least one control word, the method comprising the steps of:
| 04-28-2011 |
20110099365 | METHODS AND APPARATUS FOR MULTI-LEVEL DYNAMIC SECURITY SYSTEM - Methods and apparatus for converting original data into a plurality of sub-bands using wavelet decomposition; encrypting at least one of the sub-bands using a key to produce encrypted sub-band data; and transmitting the encrypted sub-band data to a recipient separately from the other sub-bands. | 04-28-2011 |
20110107077 | OBSCURING FORM DATA THROUGH OBFUSCATION - Obscuring form data to be passed in forms that are sent in messages over a communications network. The form data to be obscured is removed from a form and inserted as a portion of a Uniform Resource Location (“URL”) string. The obscured form data may comprise hidden fields and/or links. An obfuscation is then applied to the portion of the URL string, thereby obscuring the information for sending on an outbound message. The original information is recovered from an inbound message which contains the obscured information by reversing the processing used for the obscuring. In one aspect, the obfuscation comprises encryption. In another aspect, the obfuscation comprises creating a tiny URL that replaces the portion of the URL string. | 05-05-2011 |
20110107078 | ENCODED DATA SLICE CACHING IN A DISTRIBUTED STORAGE NETWORK - A distributed storage processing unit encodes data objects into multiple encoded data slices to prevent reconstruction of the original data object using a single encoded data slice, but to allow reconstruction using at least a threshold number of encoded data slices. The distributed storage processing unit can decide to whether and where to cache frequently requested data slices. When retrieving data slices related to a particular data object, a check can be made to determine if the data slices are cached in a temporary memory associated with the distributed storage processing unit, or elsewhere in the distributed storage network. This check can be facilitated by storing data slices and a hash table identifying the location of stored data slices in the same temporary memory. | 05-05-2011 |
20110107079 | TARGET DEVICE, METHOD AND SYSTEM FOR MANAGING DEVICE, AND EXTERNAL DEVICE - A device management system is configured with a target device including at least one unit that includes a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus including a database for authentication, connected via a network in a communicable manner. In the target device, each unit is equipped with the tamper-resistant chip that collects device information specific to a unit, stores collected device information, and stores a confidential-key. | 05-05-2011 |
20110107080 | Data broadcasting system, server and program storage medium - A data broadcasting system includes a user device and a data broadcasting server. The device includes: a transmission requesting section transmitting the own model information and a request to transmit a content; and a content reproduction section reproducing the requested encoded content by decoding the content using key information for decoding the content. The server includes: a qualification storage section storing correspondence information where model information and reproduction qualification information are associated with each other; a reproduction qualification determination section referring to the correspondence information upon receiving the model information and the request from the user device, obtaining the reproduction qualification information corresponding to the model information, and determining whether the user device is qualified to reproduce the content; and a content transmission section transmitting, to the user device, the content and the key information when the user device is determined as being qualified by the reproduction qualification determination section. | 05-05-2011 |
20110107081 | METHOD AND APPARATUS FOR PROCESSING OF BROADCAST DATA - A plurality of conditional access (CA) clients are needed to receive services from a plurality of service, where the CA clients respectively correspond to the service providers. Thus, the CA clients should be installed into a broadcast receiver, and in this case, a method of managing the CA clients is needed. Provided are a method and apparatus for processing broadcast data by using a security client. The method includes determining a first security client based on a security client list, where the first security client is used to decrypt encrypted broadcast data and the security client list comprises information regarding each of security clients available which provide information necessary to decrypt the encrypted broadcast data; and decrypting the encrypted broadcast data by using the first security client. Accordingly, it is possible to allow a user to receive various services. | 05-05-2011 |
20110107082 | Storing and Forwarding Media Data - A method apparatus for storing and forwarding media data in a communication network. An intermediate node disposed between a media data source node and a client node receives encrypted media data packets from the media data source node. The intermediate node stores the received media data packets in a memory for later sending to the client node, and adjusts fields in the original header of each stored media data packet to create modified media data packets having a modified header, and sends adjustment information to the client node. The adjustment information allows the client node to recreate the original headers from the modified headesr, before decrypting the encrypted media packets with keying materials already sent between the media data source node and the client node. The modified media data packets are then sent to the client node for decryption. This allows the intermediate node to “store and forward” SRTP data without being able to access the encrypted data content. | 05-05-2011 |
20110107083 | CONTENT TRANSMISSION DEVICE AND CONTENT TRANSMISSION METHOD - Provided is a content transmission device | 05-05-2011 |
20110113233 | SYSTEM, SERVER, METHOD, AND COMPUTER PROGRAM FOR RELAYING ELECTRONIC MAIL - A system, a server, a method, and a computer program are described for relaying an electronic mail without a leak of secret information included in a quoted electronic mail to an unintended recipient without impairing the usability of the electronic mail system. The server receives an electronic mail that is newly created by one of the clients with quotation from one or a plurality of electronic mails received in the past. The server determines, for each quoted electronic mail quoted in the received electronic mail, whether a destination designated in the received electronic mail is included in an originator and a destination set in each quoted electronic mail. The server edits the content of each quoted electronic mail that is determined not to include the destination designated in the received electronic mail. The server transfers the electronic mail including the edited quoted electronic mail to the designated destination. The server stores edition information for returning the edited quoted electronic mail to a state before the editing in association with information that identifies the received electronic mail. | 05-12-2011 |
20110113234 | User Device, Computer Program Product and Computer System for Secure Network Storage - A technique for providing secure network storage by a user device that includes one or multiple network interfaces, a driver configuration component comprising a volume mapping schema and a connection mapping schema, and a driver operable to map I/O requests for logical data blocks to one or multiple network storage volumes as specified by the volume mapping schema, the data transfer between the user device and the one or multiple network storage volumes being mapped to one or multiple network connections as specified by the connection mapping schema, the driver thereby being operable to provide the user device with a logical storage volume. | 05-12-2011 |
20110119480 | METHODS AND APPARATUSES FOR SELECTIVE DATA ENCRYPTION - A method of encryption, using an encryption key K with key length k, of at least one message M comprising uniformly distributed symbols, k bits are encrypted of messages at least k bits long, while shorter messages are lengthened, e.g. by padding or concatenation, to obtain a lengthened message at least k bits long before encryption. The encryption efficiency is thus optimized while the encryption security is retained. The encryption method is particularly suitable for JPEG2000 encoded packets comprising a message M. Also provided are an encryption apparatus, a decryption method and a decryption apparatus. | 05-19-2011 |
20110119481 | CONTAINERLESS DATA FOR TRUSTWORTHY COMPUTING AND DATA SERVICES - A digital escrow pattern and trustworthy platform is provided for data services including mathematical transformation techniques, such as searchable encryption techniques, for obscuring data stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Using the techniques of a trustworthy platform, data (and associated metadata) is decoupled from the containers that hold the data (e.g., file systems, databases, etc.) enabling the data to act as its own custodian through imposition of a shroud of mathematical complexity that is pierced with presented capabilities, such as keys granted by a cryptographic key generator of a trust platform. Sharing of, or access to, the data or a subset of that data is facilitated in a manner that preserves and extends trust without the need for particular containers for enforcement. | 05-19-2011 |
20110119482 | Method and system for establishing a communications pipe between a personal security device and a remote computer system - A method and a system is provided for establishing a communications path over a communications network between a personal security device (PSD) and a remote computer system without requiring the converting of high-level messages such as API-level messages to PSD-formatted messages such as APDU-formatted messages (and inversely) to be installed on a local client device in which the PSD is connected. | 05-19-2011 |
20110119483 | Computing System With Off-Load Processing For Networking Related Tasks - A method is described that comprises executing a service selection method on an off load processor of a computing system to select an available network service for handling traffic sent to/from a handheld device. The execution of the service selection method is performed while a main CPU of said computing system is in a low power state. | 05-19-2011 |
20110125998 | NETWORK PHOTOGRAPHING APPARATUS HAVING A PARTIAL ENCRYPTION FUNCTION - Disclosed is a network photographing apparatus including a partial encryption function capable of encrypting only a portion of objects included in images. A network photographing apparatus including a partial encryption function, includes an object information extracting unit that receives digital image data from a photographing unit, analyzes a plurality of objects included in the digital image data, and generates object information data; an image compressing unit that processes the digital image data with compression data; and an encryption unit that searches encryption target object information data among the object information data received from the object information extracting unit and generates and sends out the encrypted compression data by encrypting only a part of the compression data, the part corresponding to the encryption target object information data. | 05-26-2011 |
20110125999 | PROXY ACCESS TO A DISPERSED STORAGE NETWORK - A method begins with a processing module selecting one of a plurality of dispersed storage (DS) processing modules for facilitating access to a dispersed storage network (DSN) memory. The method continues with the processing module sending a DSN memory access request to the one of the plurality of DS processing modules. The method continues with the processing module selecting another one of the plurality of DS processing modules when no response is received within a given time frame or when the response to the access request does not include an access indication. The method continues with the processing module sending the DSN memory access request to the another one of the plurality of DS processing modules. | 05-26-2011 |
20110131404 | APPARATUS AND METHOD FOR VISUALIZING GAME PACKET DATA - An apparatus for visualizing game packet data, includes a packet capturing unit for capturing game packet data transmitted and received during a game service; a decryption unit for decrypting the captured game packet data; and a packet filtering unit for extracting packet data having a valid protocol ID from the game packet data and extracting visualization data from the extracted packet data. Further, the apparatus for visualizing game packet data includes a virtual map creation unit for creating a virtual map using the extracted visualization data; and a visualization unit for displaying the visualization data in the created virtual map. | 06-02-2011 |
20110131405 | INFORMATION PROCESSING APPARATUS - An information processing apparatus includes a monitoring unit configured to monitor transition of Web pages displayed by a browser, a determination unit configured to determine whether a current Web page is a page of a particular type when the transition of the Web pages displayed by the browser has occurred, an extraction unit configured to extract a feature quantity from the current Web page when the current Web page is not the page of the particular type, and a providing unit configured to provide a supplementary service related to the current Web page, using the extracted feature quantity. | 06-02-2011 |
20110131406 | Secure Communication System For Mobile Devices - A comprehensive solution for providing secure mobile communication is provided. The system includes techniques for authentication and control of communication end-points; chain of trust to ensure devices are certified as authentic; contact list management; peer-to-peer encrypted voice, email, and texting communication; and a technique for bypassing an IP PBX to ensure high levels of security. The system is able to support use of commodity mobile communication devices (e.g., smart phones, laptops) over public carrier networks. | 06-02-2011 |
20110138168 | METHOD, APPARATUS AND COMPUTER PROGRAM TO PERFORM DYNAMIC SELECTION OF SERIALIZATION PROCESSING SCHEMES - The present application is directed to a method, apparatus a computer program product configured to perform certain operations of dynamic serialization. In one example, a message is received which includes at least one message element requiring serialization. A first message element of the message is examined. A serialization scheme from a serialization scheme library is selected based on the at least one examined attribute of the first message element. Then, at least the first message element is encoded using the serialization scheme selected. | 06-09-2011 |
20110138169 | Methods and Systems for Using In-Stream Data Within an On Demand Content Delivery Path - An on demand content delivery platform for delivering on demand digital assets includes a network transport composed of network elements. A content delivery path extends from an application server, through the network transport, to a client. During content delivery, at a network element, data is inserted into the content delivery path to produce a content stream containing inserted in-stream data. In one implementation, the content is conditioned in accordance with instructions present in the in-stream data. In another implementation, the in-stream data represents session information and is utilized for stateless recovery of session information. | 06-09-2011 |
20110138170 | SYSTEM AND METHOD OF PER-PACKET KEYING - A method of per-packet keying for encrypting and decrypting data transferred between two or more parties, each party having knowledge of a shared key that allows a per-packet key to differ for each packet is provided. Avoiding the use of a static session key during encryption offers several advantages over existing encryption methods. For example, rejecting packets received with duplicate sequence numbers, or sequence numbers that are beyond a specified deviation range mitigates Replay Attacks. | 06-09-2011 |
20110145560 | ADAPTIVE SECURITY POLICY BASED SCALABLE VIDEO SERVICE APPARATUS AND METHOD - An adaptive security policy based scalable video service apparatus includes a video streaming server, an adaptive security policy server and a terminal. The video streaming server receives a service demand via a network and generates an encrypted streaming data. The adaptive security policy server analyzes a media structure and the service demand, by using a service profile received from the video streaming server, so as to generate a security policy description. The terminal generates and transmits the service demand to the video streaming server or the adaptive security server, obtains the encrypted streaming data from the video streaming server and decrypts the encrypted streaming data for playback, storing and retransmission. | 06-16-2011 |
20110145561 | SYSTEM AND METHOD OF REDUCING ENCRYPTION OVERHEAD BY CONCATENATING MULTIPLE CONNECTION PACKETS ASSOCIATED WITH A SECURITY ASSOCIATION - A method and system for encryption is provided. The method includes detecting one or more security associations corresponding to data payloads in response to receipt of the data payloads from multiple source connections. Each data payload includes one or more data packets from each source connection. The method also includes concatenating the data payloads corresponding to each security association. Further, the method includes encrypting the concatenated data payloads for each security association. The system includes a determination module that detects one or more security associations corresponding to data payloads in response to receipt of the data payloads from multiple source connections and concatenates the data payloads corresponding to each security association. The system also includes an encryption module that encrypts the concatenated data payloads for each security association. | 06-16-2011 |
20110154014 | DATA EXCHANGE FOR MOBILE DEVICES - A method may include identifying a selected file recipient device based on a location of the file recipient device, a location of a file transmitting device, and an orientation of a file transmitting device. A file transfer request may be transmitted to the selected file recipient device. An acknowledgement may be received from the selected file recipient device based on the orientation of the selected file recipient device being approximately 180 degrees offset from the orientation of the file transmitting device. A selected file may be transmitted to the file recipient device following receipt of the acknowledgement. | 06-23-2011 |
20110154015 | Method For Segmenting A Data File, Storing The File In A Separate Location, And Recreating The File - A method includes transmitting file identifying information to a dispatch server; receiving from the dispatch server a storage location identifier and a distribution algorithm identifier; performing the distribution algorithm to generate a distribution map for segments of the file; and transmitting the file segments to storage locations in accordance with the distribution map. The distribution map indicates for each file segment a segment size and a storage destination for that segment. The storage location identifier may identify a server cluster; the dispatch server and the server cluster may be located at a third-party facility physically and/or logically remote from the client. A plurality of distribution algorithms may be provided, so that the distribution algorithm and the distribution map for one stored file are distinct from the distribution algorithm and the distribution map for another stored file. | 06-23-2011 |
20110154016 | METHOD FOR AGGREGATING INFORMATION VALUES IN A NETWORK - A method for aggregating information values in a network, the network including trusted network nodes and untrusted network nodes, wherein a communication session is established by directing messages through the network along a network path from an originating network node ( | 06-23-2011 |
20110161653 | Logical Partition Media Access Control Impostor Detector - Provided are techniques for to enable a virtual input/output server (VIOS) to establish cryptographically secure signals with target LPARs to detect an imposter or spoofing LPAR. The secure signal, or “heartbeat,” may be configured as an Internet Key Exchange/Internet Protocol Security (IKE/IPSec) encapsulated packet (ESP) connection or tunnel. Within the tunnel, the VIOS pings each target LPAR and, if a heartbeat is interrupted, the VIOS makes a determination as to whether the tunnel is broken, the corresponding LPAR is down or a media access control (MAC) spoofing attach is occurring. The determination is made by sending a heartbeat that is designed to fail unless the heartbeat is received by a spoofing device. | 06-30-2011 |
20110161654 | PEER-TO-PEER TELEPHONY RECORDING - System and method for recording communication sessions in a peer-to-peer communication networks. End-devices of the peer to peer communication network may register with a selected super-node that may fork media to a recording system for recording. Communication sessions arriving at a call center may be transferred between the external end-device and the target agent end-device via a recorder and the communication session media may be recorded. Alternatively, a conference call may be established between an external end-device, a target agent end-device of a call center and a recorder over a peer-to-peer communication network. After the conference call is established, the recorder may receive media transferred between the external end-device and the target agent end-device and record that media. | 06-30-2011 |
20110161655 | DATA ENCRYPTION PARAMETER DISPERSAL - A method begins with a processing module obtaining encoded key slices from a plurality of user devices and decoding a threshold number of the encoded key slices utilizing a first error coding dispersal storage function to produce a key when the threshold number of the encoded key slices has been obtained. The method continues with the processing module receiving encoded data slices and decoding a threshold number of encoded data slices utilizing a second error coding dispersal storage function to produce encrypted data when the threshold number of the encoded data slices has been received. The method continues with the processing module decrypting the encrypted data utilizing the key and an encryption function to produce data. | 06-30-2011 |
20110167254 | SYSTEM AND METHOD FOR ENSURING CONFORMANCE OF ONLINE MEDIA DISTRIBUTION TO COPYRIGHT RULES - A system and a method are described for presenting media content for users to view over the internet. Rights pertaining to said media to be viewed are uploaded to servers by users holding such rights to rent or resell such media content. Servers restrict the viewing of the content in accordance with the limitations of the uploaded rights such that copyright rules are respected at all times. | 07-07-2011 |
20110173434 | SYSTEM AND METHOD FOR REDUCING MESSAGE SIGNALING - A system for communicating a message using a second signaling protocol is disclosed. The second signaling protocol provides a session control channel between a user agent (UA) and a network node and may include, for example the I1 protocol. The system identifies a first string to be transmitted within a first message. The first message is encoded in accordance with a first signaling protocol. The system associates the first string with a first key, and stores the first string and the first key in a database. The database associates the first string and the first key. The system encodes the first key within a second message, and transmits the second message using the second signaling protocol. The first string may include a plurality of data values. The system sorts the plurality of data values into an ordering, and associates each of the plurality of data values with a key. | 07-14-2011 |
20110173435 | Secure Node Admission in a Communication Network - A system and method for node admission in a communication network having a NC and a plurality of associated network nodes. According to various embodiments of the disclosed method and apparatus, key determination in a communication network includes an NN sending to the NC a request for a SALT; the NN receiving the SALT from the NC, combining the SALT with its network password to calculate a static key, and submitting an admission request to the network coordinator to request a dynamic key. The SALT can be a random number generated by the NC, and the admission request can be encrypted by the NN using the static key. | 07-14-2011 |
20110173436 | Method and apparatus for providing secure streaming data transmission facilities using unreliable protocols - The invention provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the invention retains compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. In contrast to conventional SSL processing, which relies on a guaranteed delivery service such as TCP and encrypts successive data records with reference to a previously-transmitted data record, encryption is performed using a nonce that is embedded in each transmitted data record. This nonce acts both as an initialization vector for encryption/decryption of the record, and as a unique identifier to authenticate the record. Because decryption of any particular record does not rely on receipt of a previously received data record, the scheme will operate over an unreliable communication protocol. The system and method allows secure packet transmission to be provided with a minimum amount of overhead. Further, the invention provides a network arrangement that employs a cache having copies distributed among a plurality of different locations. SSL/TLS session information for a session with each of the proxy servers is stored in the cache so that it is accessible to at least one other proxy server. Using this arrangement, when a client computer switches from a connection with a first proxy server to a connection with a second proxy server, the second proxy server can retrieve SSL/TLS session information from the cache corresponding to the SSL/TLS communication session between the client device and the first proxy server. The second proxy server can then use the retrieved SSL/TLS session information to accept a session with the client device. | 07-14-2011 |
20110173437 | INTERFACE FOR PDA AND COMPUTING DEVICE - A method of reviewing an email attachment receives at an email server an email message including at least one attachment. A preview portion of the email message is transmitted to a mobile communication device. The preview portion does not include the at least one attachment, and the preview portion is viewable on a computing device in communication with the mobile communications device. An attachment download instruction based on the preview portion is received from the computing device via the mobile communication device. The at least one attachment is transmitted to the computing device based on the attachment download instruction. The attachment is not transmitted to the computing device until the attachment download instruction is received. | 07-14-2011 |
20110173438 | METHOD AND SYSTEM FOR SECURE USE OF SERVICES BY UNTRUSTED STORAGE PROVIDERS - A method for encrypting data. The method comprises receiving, from a user, via a client terminal, digital content including at least one textual string for filling in at least one field in a document managed by a network node via a computer network, encrypting the at least one textual string, and sending the at least one encrypted textual string to the network node via the computer network so as to allow filling in the at least one field with the at least one encrypted textual string. The network node is configured for storing and retrieving the at least one textual encrypted string without decrypting. | 07-14-2011 |
20110185168 | Method and Apparatus for File Sharing Between a Group of User Devices with Separately Sent Crucial Portions and Non-Crucial Portions - A communication system and method for operating the same includes a group of user devices and a content delivery network in communication with the group of user devices. The content delivery network selects a plurality user devices from the group of user devices, divides the content into a crucial portion and a non-crucial portions, and encrypts the crucial portions differently for each of the user devices in the group using conditional access encryption. The content delivery network communicates the non-crucial portions to the plurality of user devices, communicates the encrypted crucial portion to the plurality of user devices separately from the non-crucial. The plurality of user devices assembles the crucial portion and the non-crucial portions to form the content. | 07-28-2011 |
20110191576 | INTEGRATION OF PRE REL-8 HOME LOCATION REGISTERS IN EVOLVED PACKET SYSTEM - Cryptographic network separation functionality is provided on a user device. An option to store information about a type of database where a user is homed is provided in an indicator on a storage medium. An interface is provided between the user device and the storage medium for accessing the indicator. In case the information about the type of database cannot be obtained from the storage medium, it is determined not to enforce the cryptographic network separation functionality on the user device. | 08-04-2011 |
20110191577 | Media Processing Devices For Adaptive Delivery Of On-Demand Media, And Methods Thereof - In one embodiment, a method of streaming media includes partitioning a media stream to be transmitted into a first stream of media segments at a media server. The first stream of the media segments has a first sequence. An index table is generated to identify the first sequence of the first stream of the media segments. The index table is encrypted using a key. A second stream of the media segments is generated. The second stream has a second sequence, which is random relative to the first sequence. The encrypted index table and a transcoded media stream having the second stream of the media segments are transmitted. | 08-04-2011 |
20110197056 | SECURE DISTRIBUTED STORAGE SYSTEM AND METHOD - Moving from server-attached storage to distributed storage brings new vulnerabilities in creating a secure data storage and access facility. The Data Division and Out-of-order keystream Generation technique provides a cryptographic method to protect data in the distributed storage environments. In the technique, the Treating the data as a binary bit stream, our self-encryption (SE) scheme generates a keystream by randomly extracting bits from the stream. The length of the keystream depends on the user's security requirements. The bit stream is encrypted and the ciphertext is stored on the mobile device, whereas the keystream is stored separately. This makes it computationally not feasible to recover the original data stream from the ciphertext alone. | 08-11-2011 |
20110197057 | SYSTEM AND METHOD FOR STORING AND ACCESSING DIGITAL MEDIA CONTENT USING SMART CARD TECHNOLOGY - A system and method for delivering digital media content to a user over a network is disclosed. The illustrative embodiment of the present invention enables multiple types of electronic devices to access the same digital media content for the same end user through the use of a smart card equipped with a license for the digital media content. Depending on the format of the digital media content, devices such as phones, pagers, internet appliances or PDAs can be used to present the digital media content to a user, as can traditional consumer electronic devices such as DVD players and VCRs. The encrypted content may be freely transferred and stored without copyright concerns since the decryption key is generated by the smart card containing the license. | 08-11-2011 |
20110197058 | HIDING A DEVICE IDENTITY - The present invention relates to hiding a device identifier (IMEI) in a communication system. Identifying a device is done by indicating an international mobile equipment identity (IMEI) as an instance identifier of the device of a user. Generating aglobally routable user agent uniform resource identifier (GRUU) for the user is done by encrypting the instance identifier so that the GRUU comprises an identity of the user and the encrypted instance identifier. | 08-11-2011 |
20110208958 | COMMUNICATING USING A CLOUD INFRASTRUCTURE - A cloud infrastructure that communicates with computing devices is provided. The computing devices install filters on other computing devices that they wish to receive items from including pictures, messages, and documents. The filters include criteria that are evaluated on the computing devices, rather than at a server, to determine if an item may be sent to another computing device. The computing devices may then send items that match the criteria to the cloud infrastructure, and the items may be stored and queued for delivery to other computing devices. The items may be encrypted before being provided to the cloud infrastructure, and decrypted when received by the computing devices. | 08-25-2011 |
20110219226 | Method of Triggering Location Based Events in a User Equipment - Methods, a user equipment, a server host, a client application, computer program products, and a server computer program. These methods and components can be utilized by a location based service. One method regards triggering of events in the user equipment based on a position of the user equipment, comprising the steps of:—looking up, in a server database at least one network cell-identity associated with a predefined geographical area,—sending the network cell-identity to the user equipment,—storing the network cell-identity in a database in the user equipment,—obtaining a current network cell-identity to which the user equipment currently is connected,—comparing in the user equipment the current network cell-identity with network cell-identities stored in the database, and—retrieving content associated with the current network cell-identity if the current network cell identity is among the network cell-identities in the database. | 09-08-2011 |
20110225417 | DIGITAL RIGHTS MANAGEMENT IN A MOBILE ENVIRONMENT - Embodiments provide a method that causes a plurality of virtual machine instructions to be interpreted for indications of a mobile device's hardware identification information, thus forming a plurality of hardware instruction interpretations. The embodiment also combines each of the plurality of hardware instruction interpretations and hashes the combination to form a quasi-hardware device identifier. An encryption process is based on the quasi-hardware encryption device identifier and the media is then encrypted using the encryption process. The encrypted media is transferred to the mobile device wherein the mobile device decrypts the media based at least in part on the mobile device's internal knowledge of the quasi-hardware device identification. | 09-15-2011 |
20110231645 | SYSTEM AND METHOD TO VALIDATE AND AUTHENTICATE DIGITAL DATA - A system and method combining registration with a trusted third party, certificate generation, hashing, encryption, customizable file identification fields, and time-stamping technology with recognized “best practice” procedures to achieve the legal admissibility and evidential weight of any form of digital file or collection of digital files. Generally, the originator of the file (the first party) and the originator's employing organization are registered with a Trusted Third Party. The originator reduces the file, by means of a hashing algorithm, to a fixed bit length binary pattern. This provides a unique digital fingerprint of the file. The resultant hash value, the originator's identity details, the employing organization details associated and securely linked to the digital certificate, the title of the file, customizable file identification fields, and other relevant data are forwarded to a Trusted Third Party where the date and time from a known and trusted time source are added. The customizable file identification fields can provide the originator with a mechanism for configuring the seal to incorporate as much additional information as deemed necessary to prove the authenticity of the digital content and/or provide data for the purposes of adding value in functions such as source identification, sorting, analysis, investigation, and compliance. Such information could include, but would not be limited to, location/GPS coordinates, machine id, biometric information, smart-card data, reason for sealing. The original file does not leave the control of the originating party. When combined, the forwarded details and date and time create a Seal Record. The Seal Record is encrypted and hashed. The Seal Record along with all other relevant information are retained on a central secure server. The recipient of the file (the second party) can confirm the file has been received in an unaltered state with integrity retained and it is the authentic version by validating the file. | 09-22-2011 |
20110231646 | SYSTEM AND METHOD FOR PROCESSING ENCODED MESSAGES FOR EXCHANGE WITH A MOBILE DATA COMMUNICATION DEVICE - A system and method are provided for pre-processing encrypted and/or signed messages at a host system before the message is transmitted to a wireless mobile communication device. The message is received at the host system from a message sender. There is a determination as to whether any of the message receivers has a corresponding wireless mobile communication device. For each message receiver that has a corresponding wireless mobile communication device, the message is processed so as to modify the message with respect to one or more encryption and/or authentication aspects. The processed message is transmitted to a wireless mobile communication device that corresponds to the first message receiver. The system and method may include post-processing messages sent from a wireless mobile communications device to a host system. Authentication and/or encryption message processing is performed upon the message. The processed message may then be sent through the host system to one or more receivers. | 09-22-2011 |
20110231647 | ACCESSING DATA IN A CONTENT-ADDRESSABLE DATA PROCESSING SYSTEM - A computer-implemented method operable in a computer system comprising a plurality of computers including at least a first computer and at least two second computers, the method includes: obtaining a first identifier from the first computer at the at least two second computers, said first identifier having been determined, at least in part, by applying a first function to the content of the data item, wherein the first function comprises a hash function; and at least one of the at least two second computers using the first identifier to ascertain a storage location for the data item on the computer system. At least one of the at least two second computers may use the first identifier to access the data item on the computer system. The method may include verifying that the content of the data item has not changed since creation of the first identifier. | 09-22-2011 |
20110231648 | SYSTEM AND METHOD FOR SELECTIVE ENCRYPTION OF INPUT DATA DURING A RETAIL TRANSACTION - A retail environment having retail terminals with data entry point devices selectively encrypts input received by the data entry point devices and passes the encrypted data to a security module. The selective encryption is based on whether or not sensitive or confidential information, such as a personal identification number (PIN) associated with a debit card, is being input. To prevent hacking of the software of the retail terminal, content destined for display on the retail terminal is authenticated prior to display. In this manner, the retail terminal may be assured that confidential information is input only when desired, and thus may be encrypted only as needed. | 09-22-2011 |
20110238975 | INFORMATION PROCESSING DEVICE, ROUTE CONTROL DEVICE, AND DATA RELAY METHOD - A server notifies a route control device of a session ID indicating a session and generated for a user of a terminal device together with its own IP address. The terminal device notifies a route control device of data for a connection to a relay device together with a session ID. The route control device associates the data for the connection with the IP address of the server using the session ID, and sets the associated combination as relay setting information in the relay device. Thus, the relay device refers to the relay setting information using data for a connection extracted from a message when the message is received from the terminal device, and determines a destination of the message. | 09-29-2011 |
20110238976 | WIRELESS LAN RELAY DEVICE, WIRELESS COMMUNICATION SYSTEM, AND METHOD FOR CONTROLLING WIRELESS LAN RELAY DEVICE - A wireless LAN relay device connecting an outer device to a network includes a communication section for controlling wired communication and wireless communication performed between the wireless LAN relay device and the outer device using a packet. The communication section performs, in an initial state, wireless communication without encrypting the packet, and encrypts, upon reception of a setting instruction from the outer device, the packet by using a predetermined encryption key and a predetermined encryption method which are preliminarily defined in the wireless LAN relay device. | 09-29-2011 |
20110238977 | SYSTEM AND METHOD FOR PROVIDING A SINGLE USE IMAGING DEVICE FOR MEDICAL APPLICATIONS - A system and methods for providing and reclaiming a single use imaging device for sterile environments is disclosed and described. The system may include a single use high definition camera used for general purpose surgical procedures including, but not limited to: arthroscopic, laparoscopic, gynecologic, and urologic procedures, may comprise an imaging device that is a sterile and designed to ensure single use. The imaging device may have a single imaging sensor, either CCD or CMOS, encased in a housing. | 09-29-2011 |
20110246761 | Systems and methods for distributed media stream transcoding and sharing - A new approach is proposed that contemplates systems and methods to support distributed stream media transcoding and sharing in real time. Under the approach, a host associated with a sender generates a high quality stream of media content that is to be shared with a plurality of viewers over a communication network. The hosting devices associated with the plurality of viewers are evaluated for their capability to process and/or transcode the high quality media stream. Based on the evaluation, the host of the sender encodes and transmits the high quality media stream to at least one selected host associated a viewer. Besides decoding the received high quality media stream and displaying it for its own consumption, the selected host of the sender further transcodes the media stream by re-encoding the high quality media steam into a different, probably lower quality media stream, and transmits the re-encoded media stream to a mobile device associated with another viewer, which then decodes and displays the lower quality media stream on the mobile device. | 10-06-2011 |
20110246762 | System and Method for Exchanging Cryptographic Protocol Capabilities - In some data communication configurations, data received from a sender may need to be viewed or otherwise processed by more than one entity with a corresponding client. For example, a message sent to a corporate email address may be viewed by either or both a mobile device and a desktop device. For the sender to utilize the strongest algorithm or protocol used by the recipient, it would therefore need to know which algorithms or protocols are supported by both the mobile and desktop mail clients. A system and method are provided to enable the mobile device to know about the capabilities of related mail clients associated with the communication address (e.g. email address) and vice versa such that the intersection of the capabilities (i.e. the strongest algorithm or protocol supported by all parties involved) can be chosen and the messages or data cryptographically processed accordingly. | 10-06-2011 |
20110246763 | Parallel method, machine, and computer program product for data transmission and reception over a network - A method, machine, and computer program product for high speed data transmission over networks by multiple data connections transmitting data in parallel having read from a data source sequentially a fixed number of blocks equal to the number of data connections in use to transmit the data. A method, machine, and computer program product for high speed data receipt from networks by multiple data connections receiving data in parallel and writing to a data target sequentially a fixed number of blocks equal to the number of data connections in use to receive the data. The purpose is to provide high speed data transfers over a network while maintaining: the same sequential order of data which was read from the data source and subsequently written to the data target, a stable and uniform transmission speed, and limited data loss in the event of a network failure. | 10-06-2011 |
20110252226 | PRESERVING USER PRIVACY IN RESPONSE TO USER INTERACTIONS - User privacy is preserved in response to user interactions with information items, such as advertisements, by controlling the behavior of a user's computer. Information items are associated with item response specifiers. Item response specifiers control the behaviors of the user's computer in response to user interactions with information items. Item response specifiers may be communicated to the user's computer with the associated information items or be retrieved separately by the user's computer from an information item broker or trusted third party. Item response specifiers may be cryptographically signed to ensure their integrity. Following a user interaction with an information item, the user's computer refers to the item response specifier to determine an appropriate privacy-preserving post-interaction behavior. Examples of privacy-preserving behavior include a silent privacy-preserving behavior, a proxied interaction privacy-preserving behavior, a partial proxied interaction privacy-preserving behavior, a delayed handoff privacy-preserving behavior, and a direct to provider privacy-preserving behavior. | 10-13-2011 |
20110258430 | METHOD AND APPARATUS FOR APPLYING EXECUTION CONTEXT CRITERIA FOR EXECUTION CONTEXT SHARING - An approach is provided for applying execution context criteria for secure execution context sharing. A criterion application retrieves an execution context of a device. The criterion application determines one or more context criteria associated with the execution context. The context criteria include state information associated with the execution context. The criterion application encrypts the execution context using the one or more context criteria as a public key of an identity-based encryption. | 10-20-2011 |
20110258431 | SYSTEM AND METHOD FOR PROVIDING PREFIXES INDICATIVE OF MOBILITY PROPERTIES IN A NETWORK ENVIRONMENT - An example method includes receiving an Internet protocol (IP) address request in a network and selecting an IP address associated with a prefix that represents an IP subnet. The prefix includes a color attribute to be provided as part of a communication session that includes a plurality of packets. The prefix defines one or more properties associated with an application for the session. The prefix is communicated to a network element in a signaling plane, the prefix is configured to be used to make a routing decision for at least some of the plurality of packets. In more specific embodiments, the method can include applying one or more network policies based on the prefix associated with the IP address. The method could also include decrypting an encryption protocol in order to identify the prefix of a subsequent communication flow, and executing a routing decision based on the prefix. | 10-20-2011 |
20110258432 | METHOD AND SYSTEM FOR RELIABLE PROTOCOL TUNNELING OVER HTTP - The embodiments described herein generally relate to methods and systems for tunneling arbitrary binary data between an HTTP endpoint and an arbitrary destination. Such tunneling of data is valuable in an environment, for example, in which a browser-based client communicates in the HTTP protocol and desires to exchange data with a remote endpoint understanding non-HTTP communications. A relay server is used as a “middle man” to connect the client to the destination, and components supporting the necessary protocols for data exchange are plugged into the relay server. To achieve reliable and ordered transmission of data, the relay server groups sessions through the assignment of session identifiers and tracks the exchange of messages through the assignment of sequence and acknowledgment numbers. Further, the relay server provides for authenticating the HTTP endpoint with the destination and for handling other operations not available in the constrained environment of the Web-based client. | 10-20-2011 |
20110264904 | Wireless Connection Method and Device - A wireless connection method is applicable to establishing a wireless connection device between an uplink device and a downlink device, and includes obtaining uplink wireless configuration information, and configuring a downlink with the obtained uplink wireless configuration information. A wireless connection is established with the uplink device based on the uplink wireless configuration information and, after successful connection establishment, a wireless connection is established with the downlink device based on the uplink wireless configuration information. | 10-27-2011 |
20110271092 | METHODS & APPARATUSES FOR A PROJECTED PVR EXPERIENCE - Exemplary embodiments of methods and apparatuses to project personal video recorder (“PVR”) trick mode operations over a network are described. A first content stream may be at a first speed. A request to access the first content stream at a second speed can be received. A second content stream can be generated based on a second speed. The second content stream can be send over a network to be rendered at the first speed by a client device. One or more anchor frames in the first content stream are selected. The second content stream is generated based on the one or more anchor frames. One or more dummy frames can be inserted into the second content stream. Indexing information can be generated to create a second content stream to send over the network. | 11-03-2011 |
20110271093 | SECURE DATA EXCHANGE TECHNIQUE - Techniques utilizing common encryption approaches for data from multiple parties enable those parties to discover information that is held in common by the parties without disclosing to any party information that is not held in common by the parties. Encrypted information for each party can be compared to determine which encrypted values match, and those encrypted values can be returned to any of the parties such that a party can determine which corresponding data the parties have in common without having access to any other data of any other parties. | 11-03-2011 |
20110271094 | PEER-TO-PEER IDENTITY MANAGEMENT INTERFACES AND METHODS - Peer-to-peer (P2P) application programming interfaces (APIs) that allow an application to create, import, export, manage, enumerate, and delete P2P identities are presented. Further, the management of group identity information is provided. APIs abstract away from low level credential and cryptographic functions required to create and manage P2P identities. This management includes retrieval and setting of a friendly name, generation of a cryptographic public/private key pair, retrieval of security information in the form of an XML fragment, and creation of a new name based on an existing identity. | 11-03-2011 |
20110271095 | Embedded Communication of Link Information - A method of processing documents is described. The method includes the operation of receiving a document in a search engine crawler. The document includes an embedded first link tag. The first link tag includes one or more information pairs. A respective information pair includes a respective parameter and a corresponding value. The parameters in the one or more information pairs may correspond to content at one or more content locations or one or more document locations. The method also includes selecting a method of processing content associated with the first link tag in accordance with one or more of the information pairs. | 11-03-2011 |
20110283099 | Private Aggregation of Distributed Time-Series Data - Techniques are described herein for privately aggregating distributed time-series data. A requestor provides a query sequence to users. Each user evaluates the query sequence on the user's time-series data to determine an answer sequence. Each user transforms its answer sequence to another domain, adds noise, and encrypts it for further processing by the requestor. The requestor combines these encrypted sequences in accordance with a homomorphic encryption technique to provide an encrypted summation sequence. The requestor provides the encrypted summation sequence to at least some of the users, who may in turn provide respective decryption shares to the requestor. The requestor combines the decryption shares in an effort to decrypt the encrypted summation sequence. Decrypting the encrypted summation sequence provides a summation of the encrypted sequences from the users, which may be transformed back to the original domain to estimate a summation of the answer sequences of the users. | 11-17-2011 |
20110283100 | Determination and Display of LUN Encryption Paths - A management station which manages the encryption devices in a SAN to set up encrypted LUNs. In setting up the encryption, the source and target ports are identified, along with the target LUN. LUN serial numbers used to identify unique LUNs. As paths to a given LUN are defined, the management station compares the path to existing paths and provides an indication if there is a mismatch in the encryption policies or keys being applied to the LUN over the various paths. This allows the administrator to readily identify when there is a problem with the paths to an encrypted LUN and then take steps to cure the problem. By determining the paths and then comparing them, the management station greatly simplifies setting up multipath I/O to an encrypted LUN or access by multiple hosts to an encrypted LUN. | 11-17-2011 |
20110289309 | METHOD AND APPARATUS FOR PROVIDING CONTENT - Methods and systems for enabling content to be securely and conveniently distributed to authorized users are provided. More particularly, content is maintained in encrypted form on sending and receiving devices, and during transport. In addition, policies related to the use of, access to, and distribution of content can be enforced. Features are also provided for controlling the release of information related to users. The distribution and control of contents can be performed in association with a client application that presents content and that manages keys. | 11-24-2011 |
20110289310 | Cloud computing appliance - A cloud computing appliance is provided in exemplary embodiment. The cloud computing device includes a computer server. The computer server is configured to receive a user file having a user filename and a user data content. The computer server is further configured to record an index record for the user file including the user filename and a dynamically generated storage name. The computer server is further configured to encipher the user data content with a symmetric key, encipher the symmetric key with an asymmetric key, and transmit a cloud file having a filename of the dynamically generated storage name and a data content of the enciphered user data content and the enciphered symmetric key. | 11-24-2011 |
20110296164 | SYSTEM AND METHOD FOR PROVIDING SECURE NETWORK SERVICES - A system and method for providing secure network services. A secure computer including a processor, a memory, and a secure operating system is discussed. The secure operating system includes an operational kernel and an administrative kernel. The operational kernel includes a Type Enforcement security mechanism for restricting execution of files stored in the memory by the processor. The execution restrictions placed on files in the memory of the secure computer can only be modified from within the administrative kernel. | 12-01-2011 |
20110296165 | INFORMATION PROCESSING APPARATUS, TRANSMISSION INFORMATION ENCRYPTION METHOD, AND TRANSMISSION INFORMATION ENCRYPTION PROGRAM - An information processing apparatus of the invention includes a virtual geometric structure ( | 12-01-2011 |
20110296166 | COMPUTER-BASED, AUTOMATED WORKFLOW SYSTEM FOR SENDING SECURE REPORTS - Computer-based systems and method for automating the workflow for generating and sending e-mails with attached reports to external recipients in order to reduce security breaches in certain business reporting processes. The system may utilize a first computer system that may import data eligible for attachment to be sent with the e-mail based on user-entered search criteria. The attachments may be strongly encrypted using an encryption program on the user's computer. In some embodiments, a password for decrypting the attachment may be unique to combination of third party (e.g., trading name) and the role of the external recipient with respect to the attachment. | 12-01-2011 |
20110302404 | System for secure variable data rate transmission - Secure Variable Data Rate Transceivers and methods for implementing Secure Variable Data Rate are presented. An efficient and systematic method and circuit for implementing secure variable data rate transceivers are presented. The SVDR method is based on block ciphers. An index method is presented for minimizing transmission overhead. This allows SVDR to achieve higher security by using the full ciphermode stream. | 12-08-2011 |
20110302405 | MOBILE WORKFORCE APPLICATIONS WHICH ARE HIGHLY SECURE AND TRUSTED FOR THE US GOVERNMENT AND OTHER INDUSTRIES - A convenient, easy to use ubiquitous secure communications capability can automatically encrypt and decrypt messages without requiring any special intermediating security component such as gateways, proxy servers or the like. Trusted/secure applications for the mobile workforce can significantly improve productivity and effectiveness while enhancing personal and organizational security and safety. | 12-08-2011 |
20110302406 | METHOD AND SYSTEM FOR RECOVERING A SECURITY CREDENTIAL - A system and method for recovering a security credential is provided. A security credential stored in the storage of a computing device is encrypted using a first encryption key generated by a server. A first decryption key for decrypting the security credential and a second encryption key for re-encrypting the security credential are received. The first decryption key and the second encryption key are generated by the server. The security credential is decrypted using the first decryption key. The security credential is communicated to a user of the computing device. The security credential is re-encrypted in the storage of the computing device using the second encryption key. | 12-08-2011 |
20110302407 | SYSTEM AND METHOD FOR SENDING ENCRYPTED MESSAGES TO A DISTRIBUTION LIST - A system and method for sending encrypted messages to a distribution list that facilitates the sending of such messages only to individuals or other entities associated with the distribution list that will be able to read the message. In one embodiment, the method comprises the steps of: identifying a distribution list address in a message; determining one or more member addresses associated with the distribution list address; for each member address, determining if a public key for a member identified by the respective member address is available on the computing device; encrypting the message to each member identified by the one or more member addresses for which a public key for the respective member is available on the computing device; sending the encrypted message to the distribution list address if each of the one or more member addresses associated with the distribution list identifies a member for which a public key is available on the computing device; and sending the message to each of the one or more member addresses that identifies a member for which a public key is available on the computing device otherwise. | 12-08-2011 |
20110307691 | METHOD OF TRACING AND OF RESURGENCE OF PSEUDONYMIZED STREAMS ON COMMUNICATION NETWORKS, AND METHOD OF SENDING INFORMATIVE STREAMS ABLE TO SECURE THE DATA TRAFFIC AND ITS ADDRESSEES - A network includes communication media transmitting streams to addressees, and a method includes: step of allocation of a cryptonymic identity to communication media by a first instance, the streams transmitted by a medium bearing a mark, as a function of its cryptonym, the cryptonymic identity of a medium being distinct from its real identity; step of reading and of analyzing the streams by a second instance, the analysis including a phase of identifying streams to their communication media by searching for similarity between the mark of the streams and the cryptonymic identity of the media, with the aid of a table listing the cryptonyms, and a phase of logging observable characteristics of the streams through the network. A behavior defined by a set of characteristics is declared typical or atypical by comparison with a given set of criteria, the table of cryptonymic identities having no link with the real identities. The invention is applied notably for combating illegal downloads, the sending of material that is unsolicited or likely to cover up identifiable malicious intentions. | 12-15-2011 |
20110314269 | Website Detection - A website fingerprint is generated that characterizes network traffic associated with a website as a website traffic fingerprint that includes size description(s), order description(s), and timing description(s) of packet traffic for the website. A website monitor generates website trace(s) of packet statistics. A correlation processor correlates a sequence of packet statistics from the website trace(s) with the size description, the order description, and timing description found in the website traffic fingerprint(s). | 12-22-2011 |
20110320803 | Light-weight security solution for host-based mobility & multihoming protocols - A transport connection system is set forth. The system includes a first device adapted to send and receive messages. A second device, adapted to send and receive message, is also provided. A message i generated by the first device includes a secret Ri- | 12-29-2011 |
20110320804 | DATA ACCESS MANAGEMENT IN A HYBRID MEMORY SERVER - A method, accelerator system, and computer program access data in an out-of-core processing environment. A data access configuration is received from a server system managing a plurality of data sets. A determination is made that data sets retrieved from the server system are to be stored locally based on the data access configuration. A request to interact with a given data set is received from a user client. At least a portion of the given data set is retrieved from the server system. The at least a portion of the given data set is stored locally a memory based on the data access configuration that has been received. | 12-29-2011 |
20110320805 | SECURE SHARING OF DATA ALONG SUPPLY CHAINS - Implementations of methods of sharing data in a supply chain, the data corresponding to an item having a tag associated therewith, include generating data corresponding to the item, generating a data reference, encrypting the data using an encryption key to provide encrypted data, transmitting the encrypted data over a network for storage in a database based on the data reference, writing the data reference and the encryption key to the tag, and transferring the item to a successor in the supply chain. Implementations include retrieving information electronically stored on the tag, the information comprising a data reference and an encryption key, transmitting a data request over a network for retrieving encrypted data from a database, the data request comprising the data reference, receiving the encrypted data from the database, and decrypting the encrypted data using the encryption key to provide decrypted data. | 12-29-2011 |
20110320806 | SYSTEM AND METHOD FOR MODULUS OBFUSCATION - Disclosed herein are methods for obfuscating data via a modulus operation. A client device receives input data, stores an operation value, performs a modulus obfuscation on the operation value, performs a modulus operation on the operation value and the input data, performs a modulus transformation on the operation value and the input data to obtain client output data, and checks if the client output data matches corresponding server output data. A corresponding server device receives input data, performs a modulus transformation on the input data to obtain a result, performs a plain operation on the result and an operation value to obtain server output data, and checks if the server output data matches corresponding client output data from the client device. The client and/or server can optionally authenticate the client input data and the server input data if the server output data matches the client output data. | 12-29-2011 |
20120005474 | INFORMATION SYSTEM AND METHOD OF IDENTIFYING A USER BY AN APPLICATION SERVER - The present invention relates to an information system and a method for the identification, by an application server ( | 01-05-2012 |
20120005475 | Terminal Device, Computer Program Product, and Communication Control Method - A terminal device capable of communication with a plurality of other terminal devices via a network includes a decryption information acquisition portion that acquires decryption information including a decryption level, an encryption information acquisition portion that acquires encryption information including an encryption level in a case where a pointer position is located within a confidential area, a first transmission portion that transmits the encryption information to the plurality of other terminal devices in a case where the decryption level is equal to or higher than the encryption level, an encryption portion that, based on the encryption level, encrypts audio data and video data that have been input in a case where the pointer position is located within the confidential area, and a second transmission portion that transmits, as encrypted data, the audio data and the video data that have been encrypted to the plurality of other terminal devices. | 01-05-2012 |
20120023323 | Instant Messaging Private Tags - Systems for instant messaging private tags preferably comprise a parser for parsing an instant message for sensitive data and an encryption engine for encrypting the sensitive data. A modified uuencoder is also preferably included for converting the encrypted sensitive data into a data stream that complies with an XML format. Other systems and methods are also provided. | 01-26-2012 |
20120036348 | DECRYPTION AND PRINT FLOW CONTROL SYSTEM AND METHOD - A method and system for determining a data file's security classification, special handling instructions, and disposition, with the additional option of subsequently adding material to the print image contained within the document, is disclosed. The method and system provide control of sensitive information contained in print documents, wherein a first file is encrypted. A second document accompanies the first document containing information for decrypting the first document, control redaction, and/or provide for addition of content or restrictions as to which rendering device the first document may print on. The rendering device, upon receipt of both first and second documents, communicates with a host computer that determines the first document's classification and disposition. The host computer then processes the second document, sending decryption information over a secure line from the second document to the rendering device to enable decryption and modification of the first document, followed by rendering. | 02-09-2012 |
20120036349 | DATEBASE SERVER, CUSTOMER TERMINAL AND PROTECTION METHOD FOR DIGITAL CONTENTS - A customer terminal is provided. The customer terminal includes a receiving module and a decryption module. The receiving module receives an encrypted digital content from a database server connected thereto. A predetermined encryption key encrypts the encrypted digital content. The decryption module decrypts the encrypted digital content utilizing hardware information from the customer terminal. A database server and a protection method are also provided to prevent an unauthorized customer terminal from copying digital contents. | 02-09-2012 |
20120036350 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing apparatus includes a data processing unit which generates content to be distributed to a client; and a communication unit which sends the content generated by the data processing unit, wherein the data processing unit combines a plurality of watermarking record blocks, each of which is obtained by embedding watermarking data into a block as section data of the content, generates content in which different watermarking data sequences are set in units of distribution processing with respect to the clients, and sends the generated content to the clients through the communication unit. | 02-09-2012 |
20120036351 | CONFIGURABLE MEMORY ENCRYPTION WITH CONSTANT PIPELINE DELAY IN A MULTI-CORE PROCESSOR - Described embodiments provide a method of coordinating debugging operations in a network processor. The network processor has one or more processing modules. A system cache of the network processor requests a data transfer between the system cache and at least one external memory. A memory interface of the network processor selects an encrypted data pipeline or a non-encrypted data pipeline based on whether the processed data transfer request includes an encrypted operation. If the data transfer request includes an encrypted operation, the memory interface provides the data transfer to the encrypted data pipeline and checks whether a debug indicator is set for the data transfer request. If the debug indicator is set, the memory interface disables encryption/decryption of the encrypted data pipeline. The data transfer request is performed by the encrypted data pipeline to the at least one external memory. | 02-09-2012 |
20120047360 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing device including: a data processing unit that generates content for transmitting to a client; and a communication unit that transmits the generated content of the data processing unit, wherein the data processing unit generates, based on basic encrypted content having a plurality of units that each includes a SEED that is data for encryption key generation and a block that is encrypted data that is encrypted by an encryption key generated using the SEED, each data of (a) converted encrypted content on which conversion processing to replace the SEED with dummy data or to delete the SEED is performed, and (b) encrypted SEED that is the SEED encrypted by content transmission processing or by individual keys that are different by units of users at a transmission destination, and transmits the generated converted encrypted content and encrypted SEED as data provided to the client via the communication unit. | 02-23-2012 |
20120047361 | METHOD FOR SECURING COMMUNICATIONS IN A WIRELESS NETWORK, AND RESOURCE-RESTRICTED DEVICE THEREFOR - The present invention relates to a method for securing communications between a resource-restricted device ( | 02-23-2012 |
20120066487 | SYSTEM AND METHOD FOR PROVIDING LOAD BALANCER VISIBILITY IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM - The system and method for providing load balancer visibility in an intelligent workload management system described herein may expand a role or function associated with a load balancer beyond handling incoming and outgoing data center traffic into supporting governance, risk, and compliance concerns that may be managed in an intelligent workload management system. In particular, the load balancer may establish external connections with destination resources in response to client devices establishing internal connections with the load balancer and then attach connection tracers to monitor the internal connections and the external connections. The connection tracers may then detect incoming traffic and outgoing traffic that the internal and external connections pass through the load balancer, and traffic tracers may collect data from the incoming traffic and the outgoing traffic, which the workload management system may use to manage the data center. | 03-15-2012 |
20120066488 | PROTECTED DISTRIBUTION AND LOCATION BASED AGGREGATION SERVICE - A system for and method of per access-point streaming media customization and privacy protected feedback in a wireless network. The system is operative to: encrypt real time streamed media content from a streaming media source; multicast the streamed encrypted media content for availability to a user device for playback, the user device sending out unicast responses at the time of joining or dropping the multicast; aggregate the unicast responses in the form of a connect multicast state or a disconnect multicast state of the user device based on the joining or dropping of the multicast; and provide information back to the streaming media source based on the aggregated unicast responses. | 03-15-2012 |
20120079266 | COMMUNICATION SYSTEM, COMMUNICATION DEVICE, AND COMMUNICATION METHOD - A first communication device includes a security policy storing unit that store a security policy and a default policy applied to communication to which the security policy is not applied, a communication unit that performs communication, and a communication control unit that performs an encryption process and a decryption process according to the default policy when the communication does not correspond to the target of the policy. A second communication device includes an input and output receiving processing unit that receives an input of an encryption key of the default policy of the first communication device, a communication control unit that generates a policy including an encryption method of the default policy and the input encryption key and performs an encryption process and a decryption process in communication with the first communication device according to the policy, and a communication unit that performs communication of a communication packet. | 03-29-2012 |
20120084554 | SYSTEM AND METHOD FOR HOSTING ENCRYPTED MONITORING DATA - A monitoring system includes at least one monitoring devices coupled to the electrical power distribution system at selected locations for collecting data related to the operation of the monitored system. The monitoring device(s) includes a communication port and processors programmed to segment the collected data into blocks optimized for user analysis operations, encrypt the segmented blocks of data, bundle the encrypted blocks of data with unencrypted metadata that identifies the data blocks by at least the monitoring location at which the encrypted blocks of data were obtained and the type of data, and transmit the encrypted blocks of data with the unencrypted metadata. The system includes at least one client device that has a communication port that is coupled to the monitoring device(s) and the client device and that has a processor programmed to generate and transmit queries regarding selected ones of the encrypted blocks of data. A monitoring service is coupled to the monitoring device(s) and includes a processor programmed to receive and store the encrypted blocks of data with the unencrypted metadata from the monitoring device(s), process the unencrypted metadata, and retrieve and transmit the selected ones of the encrypted blocks of data in response to the queries from the client device. | 04-05-2012 |
20120084555 | ENFORCING USE OF CHIPSET KEY MANAGEMENT SERVICES FOR ENCRYPTED STORAGE DEVICES - A method, system, and computer-readable storage medium containing instructions for controlling access to data stored on a plurality of storage devices associated with a first platform. The method includes authenticating a user to access the first platform, wherein the first platform includes first and second storage devices, chipset encryption hardware, and a memory. Data stored on the storage devices are encrypted, with first data on the first storage device being encrypted by the chipset encryption hardware and second data stored on the second storage device being encrypted by another encryption mechanism. The data are decrypted and the user is allowed to access the first data and the second data. | 04-05-2012 |
20120096257 | Apparatus and Method for Protecting Storage Data of a Computing Apparatus in an Enterprise Network System - The present invention relates to data security, in particular relates to data protection for storage data, and more particularly relates to encrypting and decrypting process to data on a removable non-volatile storage in an enterprise network. There is provided an apparatus and a method for protecting storage data of a computing apparatus within an enterprise network system, the method comprising: intercepting data transferred between an application of the computing apparatus and a storage; determining whether the data intercepted at the data transfer interception step is confidential data; obtaining a key automatically generated for the confidential data; and encrypting and decrypting the confidential data with the obtained key. | 04-19-2012 |
20120102315 | VERIFICATION OF PEER-TO-PEER MULTIMEDIA CONTENT - A method including receiving, at a first entity, from a second entity, the content and an identification of the second entity, over a peer-to-peer communication link. The received content is rendered and verification information containing the identification of the second entity and an identification of the received content is generated. The verification information is encrypted using an encryption key. | 04-26-2012 |
20120102316 | STORING ENCODED DATA SLICES IN A DISPERSED STORAGE NETWORK - A method begins by a dispersed storage network (DSN) access module encoding a data segment to produce slices and sending temporary write requests to DSN storage modules, wherein the temporary write requests includes slices. In response to one of the temporary write requests, the method continues with a DSN storage module temporarily storing a slice to produce a temporarily stored slice and sending an indication of temporary storage of the slice. When a write threshold number of indications of temporary storage has been received by the DSN access module, the method continues with the DSN access module sending permanent write requests to DSN storage modules. In response to one of the permanent write requests, the method continues with the DSN storage module storing the temporarily stored slice in permanent memory and sending an indication of permanent storage of the slice. | 04-26-2012 |
20120110317 | CONTENT DOWNLOAD MANAGER - A system is configured to receive input to define one or more download policies from a group of available download policies, including one or more network restriction policies, one or more time restriction policies, one or more event restriction policies, and one or more location restriction policies. The system is further configured to receive an instruction to download particular content, determine that the one or more download policies permit the particular content to be downloaded, download the particular content when the one or more download policies permit the particular content to be downloaded, and generate a notification that the particular content is available to be accessed. | 05-03-2012 |
20120110318 | SYSTEM AND METHOD FOR CONTROLLING STATE TOKENS - The system and method for controlling state tokens described herein may secure sensitive application state tokens, link one application state token to other state tokens that represent certain identities or communication sessions, and maintain application state tokens to integrate various different systems or applications. In particular, the system and method described herein may provide a mechanism to override scheme that applications use to manage state information and thereby enforce policies that provide fine-grained control over any semantics the applications otherwise use to manage state information. Furthermore, a first application state token may be linked to another state token representing a session or identity to validate whether the session or identity represented therein created the first application state token, and state tokens that represent active communication sessions may be copied from browser processes to various external clients to integrate or otherwise share state information across the various external clients. | 05-03-2012 |
20120110319 | FAILURE RECOGNITION - A system and method for failure recognition is disclosed. The technology initially establishes a security association (SA) between a client and a first server on a network. In addition, an active reference count of a number of connections in the SA between the client and the first server is maintained. The SA is evaluated when the active reference count returns less than two connections within the SA between the client and the first server. | 05-03-2012 |
20120124365 | ACCESSING A SECURE TERMINAL - A method of accessing content on a secure terminal is described. The method comprises: capturing an image of a visual code presented on a display of a secure terminal. The method then involves decoding the visual code to ascertain (i) a set of connection parameters and (ii) a unique identifier. The set of connection parameters are used to establish a connection with the secure terminal. The method also comprises receiving the content from the secure terminal via the established connection in response to transmission of the unique identifier. | 05-17-2012 |
20120124366 | SYSTEM AND METHOD FOR A DERIVATION FUNCTION FOR KEY PER PAGE - Disclosed herein are systems, methods and computer-readable media to perform data encryption and decryption using a derivation function to obtain a key per page of data in a white-box environment. The method includes sharing a master key with the sender and receiver, splitting the input data into blocks and sub-blocks, and utilizing a set of keys and a master key to derive a page key. In another aspect of this disclosure, the key validation and shuffling operations are included. This method allows for the derivation of a key instead of storing a predetermined key, thus maintaining system security in a white-box environment. | 05-17-2012 |
20120131326 | SECURING PARTNER-ENABLED WEB SERVICE - The claimed subject matter provides a method for securing a partner-enabled web service. The method includes receiving a request to access the partner-enabled web service. The request is received from a browser client for a partner application. The browser client is associated with a user. Additionally, the method includes determining that the user is authorized to access the partner application. The method further includes generating a token that associates the user with the partner application. Also, the method includes sending the token to the browser client. | 05-24-2012 |
20120131327 | METHOD OF AND APPARATUS FOR DISTRIBUTING SOFTWARE OBJECTS - A method of distributing software objects from a first entity to at least one second entity, the method comprising: using a distribution entity to accept a software object from the first entity, the software object including an identifier for a specific second entity, and wherein the at least one second entity is operable to contact the distribution entity and to enquire if a software object has been deposited for it, and if a software object has been deposited, to accept it from the distribution entity. | 05-24-2012 |
20120131328 | SYSTEM AND METHOD FOR SECURE COMMERCIAL MULTIMEDIA RENTAL AND DISTRIBUTION OVER SECURE CONNECTIONS - A method for securing intellectual property includes establishing contact between an IP server and a client. At least two component codes are shared and pre-stored in both the player and the server prior to ordering the intellectual property. The IP server accepts an order for an intellectual property product from the client. The IP server creates a shared private key based on the pre-stored shared component codes and an additional shared component code at the time the intellectual property product is ordered. The shared private key is not distributed to the player software. The IP server encrypts the intellectual property product with the created shared private key prior to distribution to the client. The intellectual property product further comprises content data and rights data in digital form. The IP server electronically distributes the intellectual property product to the client in encrypted form without the shared private key. | 05-24-2012 |
20120137121 | METHOD AND DEVICE FOR STORING SECURED SENT MESSAGE DATA - Methods and devices for storing sent message data are described. The sent message data corresponds to a message sent to a destination by a communication device via a server. The method includes compiling a first portion of the message which has a plurality of components; applying security encoding to the first portion; and storing the first portion. The first portion includes at least one but not all of the plurality of components in the message, and pointers to the components not included in the first portion. | 05-31-2012 |
20120137122 | Data File Decryption Method, Decryption Device and Data Broadcasting System - A data file decryption method, a decryption device and a data broadcasting system are disclosed, which are applied to a data broadcasting service. Among them, the data file decryption method includes the steps of: receiving the file delivery information which includes a data file identification and a key file identification corresponding to the data file; receiving the corresponding data file and key file according to the data file identification and the key file identification; and decrypting the data file according to the key file. According to the data file decryption method, decryption device and the data broadcasting system of the present invention, by setting the data file identification and the corresponding key file identification in the file delivery information and receiving the corresponding file according to the data file identification and the key file identification, the resource dissipation due to a large quantity of useless information received at a terminal is avoided, and the file to be received can be quickly located by the terminal, so that the time delay due to the decryption of a data file is avoided, and the service experience for users is improved. | 05-31-2012 |
20120137123 | ENCRYPTION/DECRYPTION COMMUNICATION SYSTEM - The present disclosure relates to an encryption/decryption device and method and a communication system including the encryption/decryption device. The device includes a receiving part; an address analyzing part; a judging part; an encrypting/decrypting part and a sending part. The judging part is adapted to judge whether an encryption/decryption process needs to be performed in accordance with the source address and/or the destination address of the data package. Thus, a safe network transmission of the user data is achieved without the need of installing and configuring software and the user is easy to realize the security of data transmission. | 05-31-2012 |
20120137124 | MULTI-VERSION MESSAGE CONDITION BASED DELIVERY - A method for condition-based message delivery may be provided. The method may comprise receiving a first message, a second message and a condition on a sending message server at a first time instance. The method may also comprise encrypting the first message with a first encryption key and encrypting the second message with a second encryption key, as well as sending the first and the second message to a recipient message system. Moreover, the method may comprise receiving a request from the recipient message system at a second time instance for sending one of the decryption keys corresponding to either the first or the second encryption key, and sending the first decryption key or the second decryption key depending on the condition to the recipient message system. | 05-31-2012 |
20120144185 | COUNTING DELEGATION USING HIDDEN VECTOR ENCRYPTION - Counting values can be encrypted as a set of counting value cyphertexts according to a hidden vector encryption scheme using sample values of a set of samples, where each of the samples can include multiple sample values. Additionally, tokens can be generated. The tokens can be configured according to the hidden vector encryption scheme, such that each of the tokens can enable decryption of matching cyphertexts. Processing of the counting value cyphertexts and the tokens can be delegated to a map-reduce computer cluster. The cluster can run a map-reduce program to produce and return count representations. Each count representation can represent a count of a set of the counting value cyphertext(s) whose decryption was enabled by one or more of the token(s). For example, the counts may be counts that can be used in constructing a data structure such as a decision tree. | 06-07-2012 |
20120144186 | METHOD FOR VERIFICATION OF DECRYPTION PROCESSES - The present invention describes a verification method which allows to ensure that the decryption process has been done honestly by the entity in charge of that. | 06-07-2012 |
20120151204 | Efficient Routing for Reverse Proxies and Content-based Routers - Efficient routing for a client-server session or connection is provided in an application layer of multi-layered systems interconnect stack by caching a plurality of application-specific information at an intermediary network point; using the application specific information to route messages for an application connection; and indexing the application-specific information with a key provided by the application. Optionally, a second key may be used to retrieve the application-specific information if the first key is not provided in an application connection request, where the second key is optionally opaque to the application program. The intermediary network point may be an edge of network Internet Protocol (IP) switch, and the application layer in which the routing is performed may be layer seven of the Open Systems Interconnection model. | 06-14-2012 |
20120151205 | POLYNOMIAL EVALUATION DELEGATION - Shares for one or more data values in a dataset can be computed using evaluation point values and sharing polynomials. Lagrangian coefficients can also be computed for the evaluation point values. The shares and the Lagrangian coefficients may be used to evaluate the polynomials on the data values. The technique can also include encrypting the Lagrangian coefficients according to an encryption scheme that provides for addition operations between encrypted values. An operation on representations of coefficients of the evaluation polynomial, representations of the shares, and the encrypted representations of the Lagrangian coefficients can be delegated to a remote computing environment. The operation can be performed at the remote computing environment, such as by performing a map-reduce operation. Results of the delegated operation can be received from the remote computing environment and processed to produce representation(s) of evaluation(s) of the polynomial on the data value(s). | 06-14-2012 |
20120159146 | System and Method for Transcoding Content - A system is provided for use with secure content in a first format. The system includes a conditional access device, a transcoding device and a media processor. The conditional access device is arranged to receive the secure content and can generate second secure content based on the secure content. The conditional access device is can further provide the second secure content to the transcoding device. The transcoding device can transcode the second secure content into transcoded content of a second format, can secure the transcoded content as secure transcoded content and can provide the secure transcoded content to the media processor. | 06-21-2012 |
20120159147 | SECRET KEY GENERATION - The technology includes a method for generating a secret key. The method includes receiving initialization data, the initialization data includes an initialization packet and a transmission path channel response; generating sample data based on the transmission path channel response; and generating a secret key based on the sample data utilizing a chaotic map. | 06-21-2012 |
20120159148 | LOCAL TRUSTED SERVICES MANAGER FOR A CONTACTLESS SMART CARD - Systems, methods, computer programs, and devices are disclosed herein for deploying a local trusted service manager within a secure element of a contactless smart card device. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. An asymmetric cryptography algorithm is used to generate public-private key pairs. The private keys are stored in the secure element and are accessible by a trusted service manager (TSM) software application or a control software application in the secure element. A non-TSM computer with access to the public key encrypts and then transmits encrypted application data or software applications to the secure element, where the TSM software application decrypts and installs the software application to the secure element for transaction purposes. | 06-21-2012 |
20120166791 | SYSTEM AND METHOD FOR MUTUALLY AUTHENTICATED CRYPTOGRAPHIC KEY EXCHANGE USING MATRICES - Two parties can establish a cryptographic key using a matrix based key exchange protocol, for secure communications without any prior distribution of secret keys or other secret data, and without revealing said key to any third party who may have access to all of the transmissions between them. The two parties use a shared secret to produce a common matrix M. The common matrix M, is multiplied by a random matrix K on the sending side, and a different random matrix N on the receiving side. The matrix product KM is sent from the sending side to the receiving side, and the matrix product MN is sent from the receiving side to the sending side. Both sides produce the common matrix product KMN, and use it for producing a symmetric key for encrypted communications, after mutually authenticating one another over an insecure network. | 06-28-2012 |
20120166792 | EFFICIENT NEMO SECURITY WITH IBE - An apparatus, method and system are provided to use identity based encryption (IBE) in Mobile IP and/or Network Mobility (NEMO) compliant communication networks to secure communications between various entities of the communication networks, as selected entities and their associated apparatus/system roam among the communication networks. Other embodiments may be disclosed or claimed. | 06-28-2012 |
20120166793 | APPARATUS AND METHOD FOR SHARING AND USING COMMENT ON CONTENT IN DISTRIBUTED NETWORK SYSTEM - An apparatus and method for sharing and using content, and a comment on the content, via a distributed network are provided. A comment sharing apparatus for sharing a comment on content may generate the comment on the content, may set an access control policy for the comment, may generate a comment key based on the access control policy, may encrypt the comment using the comment key, and may share the encrypted comment via the distributed network. In response to the access control policy being accessible by only a content sharer sharing the content, the comment sharing apparatus may encrypt the comment key using a public key of the content sharer, and may share the encrypted comment key. Additionally, in response to the access control policy being accessible by only a content sharer sharing the content and a comment sharer sharing the comment, the comment sharing apparatus may encrypt the comment key using a public key of the content sharer and using a public key of the comment sharer, and may share the encrypted comment keys. | 06-28-2012 |
20120166794 | Dual Cryptographic Keying - A dual cryptographic keying system. In particular implementations, a method includes responsive to an initial session key negotiation, storing security association information for a tunnel in a security association memory; responsive to a session key renegotiation, storing security association information for the tunnel in a cache; decrypting received packets associated with the tunnel conditionally using the security association information in the cache or the security association information in the security association memory; and upon an expiration condition, overwriting the security association information, for the tunnel, in the security association memory with the security association information, for the tunnel, copied from the cache. | 06-28-2012 |
20120173865 | System And Method For Generating Multiple Protected Content Formats Without Redundant Encryption Of Content - Embodiments may include generating a first protected version of content, which may include packetizing the content into multiple packets that each includes content information and non-content information and using initialization vectors to perform chained encryption on multiple blocks of the packetized content. At least some of the initialization vectors are generated dependent upon the non-content information. Embodiments may also include using the encrypted blocks to generate a second protected version of the content without re-encrypting the content. The second protected version of the content may include multiple encrypted content samples each including multiple encrypted blocks from the first protected version of the content. For a given encrypted content sample, different sets of encrypted blocks in that sample may form different encryption chains. The second protected version of the content may include decryption information for decrypting the encrypted content samples including initialization vectors used to create the first protected version. | 07-05-2012 |
20120173866 | SYSTEM FOR SECURING VIRTUAL MACHINE DISKS ON A REMOTE SHARED STORAGE SUBSYSTEM - Embodiments of the present invention provide a method, data processing system and computer program product for secure distribution of virtualized storage. In an embodiment of the invention, a method for secure distribution of virtualized storage in a host in a cloud computing can include composing at least one virtual machine (VM) disk in a secure container and configured to deploy VM images into a cloud computing environment, encrypting the composed at least one VM disk, transmitting the encrypted VM disk to a hypervisor in the cloud computing environment receiving a request to activate a VM instance and generating a bootloader in the secure container, transmitting the bootloader to the hypervisor in the cloud computing environment and providing a key to the bootloader to unlock the at least one VM disk. | 07-05-2012 |
20120173867 | METHOD OF AUTHENTICATION AT TIME OF UPDATE OF SOFTWARE EMBEDDED IN INFORMATION TERMINAL, SYSTEM FOR SAME AND PROGRAM FOR SAME - A load on a server or a network is suppressed at a minimum, the authentication server is not necessary, and download of falsified software is prevented. A server creates a time-limited authentication key, computes a hash value of a file included in update software for each file to create a hash table in which hash values of a file are listed, and encrypts the hash table using the authentication key. A unit obtains the encrypted hash table and the authentication key from a server. An information terminal obtains the encrypted hash table from the unit, obtains the authentication key from the unit, determines whether or not a time limit of the authentication key is valid, obtains the encrypted hash table from the server if the time limit is determined to be valid as a result of the determination, decrypts the tables using the authentication key, compares the tables after decryption, and initiates download of the update software if both the tables are identical to each other. | 07-05-2012 |
20120173868 | Communication Across Domains - Communication across domains is described. In at least one implementation, a determination is made that an amount of data to be communicated via an Iframe exceeds a threshold amount. The data is divided into a plurality of portions that do not exceed the threshold amount. A plurality of messages is formed to communicate the divided data across domains. | 07-05-2012 |
20120185691 | GENERAL PURPOSE DISTRIBUTED ENCRYPTED FILE SYSTEM - A general purpose distributed encrypted file system generates a block key on a client machine. The client machine encrypts a file using the block key. Then, the client encrypts the block key on the first client machine with a public key of a keystore associated with a user and associates the encrypted block key with the encrypted data block as crypto metadata. The client machine caches the encrypted data block and the crypto metadata and sends the encrypted data block and the crypto metadata to a network file system server. When the client machine receives a return code from the network file system server indicating successful writes of the encrypted data block and the crypto metadata, the client machine clears the cached encrypted data block and the crypto metadata. | 07-19-2012 |
20120191969 | SYSTEM AND METHOD FOR NETBACKUP DATA DECRYPTION IN A HIGH LATENCY LOW BANDWIDTH ENVIRONMENT - A system and method for efficient transfer of encrypted data over a low-bandwidth network. A backup server and a client computer are coupled to one another via a first network. The backup server is coupled to a remote data storage via another network, such as the Internet, also referred to as a cloud. The backup server encrypts received data for backup from the client computer. Cryptography segment and sub-segment sizes may be chosen that are aligned on a byte boundary with one another and with selected backup segment and sub-segment sizes used by backup software on the remote data storage. A selected cryptography algorithm has a property of allowing a given protected sub-segment with the cryptography sub-segment size to be decrypted by initially decrypting an immediate prior protected sub-segment that has the same cryptography sub-segment size. Therefore, the size of data transmitted via the cloud may be smaller than the cryptography segment size. | 07-26-2012 |
20120198227 | CIPHER KEY GENERATION IN COMMUNICATION SYSTEM - Techniques are disclosed for generating a cipher key such that an encryption algorithm typically usable in accordance with a first security context can be used in accordance with a second security context. In one example, the first security context is a UMTS security context and the second security context is a GSM security context. | 08-02-2012 |
20120204023 | DISTRIBUTION SYSTEM AND METHOD FOR DISTRIBUTING DIGITAL INFORMATION - A distribution system and method for distributing digital information is provided, which has high recoverability from a security breach. The distribution system comprises a server ( | 08-09-2012 |
20120204024 | Deduplication of Encrypted Data - A mechanism is provided which allows to de-duplicate encrypted data such that the de-duplication ratio for encrypted data is similar to the de-duplication ration of the corresponding un-encrypted data and the purpose of encryption is not obfuscated, i.e. only the originator of the data (the client) can decrypt—and hence read—the data. This is achieved by interwoven the de-duplication algorithm with the encryption algorithm in a way that the data are encrypted with a key that is generated from the unencrypted data. Afterwards, that key is itself encrypted with an encryption key being private to a particular client. Due to the fact that the private key is not effecting the encrypted data stream, it can still be de-duplicated efficiently. | 08-09-2012 |
20120210118 | SECURE SHARING OF ITEM LEVEL DATA IN THE CLOUD - Implementations of the present disclosure are directed to sharing data in a supply chain, the data corresponding to an item having a tag associated therewith. Methods include determining a random number from the tag, the random number being unique to the item, selecting a first integer and a second integer, generating a first public key based on the first integer and a semi-public key based on the second integer, generating an identifier based on the first public key and the random number, generating a key based on the semi-public key and the random number, encrypting the data using the key to provide encrypted data, defining a tuple comprising the identifier and the encrypted data, and transmitting the tuple over a network for storage in a persistent storage device. | 08-16-2012 |
20120210119 | Method and Apparatus for Secure Internet Browsing - A method and apparatus for providing users with permission-based secure Internet browsing of sponsored and unsponsored content by connecting a portable storage/secure connection device to a host computer, activating firmware in the device causing the host computer to recognize the device as peripheral hardware, and assuming control of the host computer's Internet browser registry key to re-direct Internet click stream data onto the device or a data server instead of the host computer. Information is encrypted and transmitted via a secure protocol to a proxy server then redirected to a web server that authenticates the device via software on the device, an application server facilitating user authentication via security questions, requests and captures specific information from the user to create a profile, initiates corresponding scripts, applications, encryption and stores user-defined personal information for secure and user-authorized user data transmission and Internet browsing activities based on user-defined consent and access criteria. | 08-16-2012 |
20120210120 | SELF-ENCRYPTION PROCESS - This invention is a network that is defined by its novel approach to privacy, security and freedom for its users. Privacy by allowing access anonymously, security by encrypting and obfuscating resources and freedom by allowing users to anonymously and irrefutably be seen as genuine individuals on the network and to communicate with other users with total security and to securely access resources that are both their own and those that are shared by others with them. The functional mechanisms that this invention provides will restore open communications and worry-free access in a manner that is very difficult to infect with viruses or cripple through denial of service attacks and spam messaging, plus, it will provide a foundation where vendor lock-in need not be an issue. | 08-16-2012 |
20120210121 | SECURE END-TO-END TRANSPORT THROUGH INTERMEDIARY NODES - A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key. | 08-16-2012 |
20120216032 | MULTIPLE-STAGE SYSTEM AND METHOD FOR PROCESSING ENCODED MESSAGES - System and methods for processing encoded messages at a message receiver are described. Encoded message processing is performed in multiple stages. In a first stage, a new received message is at least partially decoded by performing any decoding operations that require no user input and a resulting context object is stored in memory, before a user is notified that the new message has been received. When the user accesses the new message, any further required decoding operations are performed on the stored context object in a second stage of processing. The message can subsequently be displayed or otherwise processed relatively quickly, without repeating the first stage decoding operations. Decoding operations may include signature verification, decryption, other types of decoding, or some combination thereof. | 08-23-2012 |
20120221845 | SYSTEMS AND METHODS FOR MIGRATING DATA AMONG CLOUD-BASED STORAGE NETWORKS VIA A DATA DISTRIBUTION SERVICE - Embodiments relate to systems and methods for migrating data between cloud networks via a data distribution service. In aspects, an administrator of a data payload may wish to migrate the data payload from a host cloud network to a target cloud provider to leverage cost, security, redundancy, consolidation, or other advantages. The data distribution service can identify target cloud providers with sets of resources that are capable of hosting the data payload. Further, the data distribution service can determine that the target cloud providers are connected to or capable of being connected to the data distribution service via a set of dedicated communication channels. According to aspects, the data distribution service can receive the data payload from the host cloud network, and transport the data payload to a selected target cloud provider via the set of dedicated communication channels. | 08-30-2012 |
20120226900 | ENFORCING SOFTWARE UPDATES IN AN ELECTRONIC DEVICE - A Set Top Box (STB) or client computer includes a communication interface operable to receive digital messages and digital content, memory operable, and processing circuitry coupled to the communication interface and to the memory. The STB is operable to receive a digital message, extract a key portion from the digital message, extract a rights portion from the digital message, determine a code version based upon the rights portion, read a stored code version from the memory, and compare the code version to the stored code version to validate the software instructions. Upon an unfavorable comparison of the code version to the stored code version, initiates an error action that may include sending a message to a service provider device for software instruction reloading, rebooting, and/or disable decryption of the digital content. Extracting the rights portion from the digital message may include decrypting the key portion to produce a decrypted result and decrypting the rights portion using the decrypted result to produce the decrypted rights portion. | 09-06-2012 |
20120226901 | System, Method and Apparatus For Secure Telecommunications In A Home Area Network - Secure message transfer is provided in a network including at least a Home Area Network (HAN) having network devices A, B and C. The Home Area Network is capable to connect domains having different transmission formats and includes a secure communication protocol. Device A is capable to communicate at least one message to the device C according to the secure communication protocol, and device B is capable to receive at least one message from device A sent for reception and decryption by device C. A device D controls the secure message transfer and selectively disables device B from decrypting the message received by device B that is sent from device A to device C for decryption. | 09-06-2012 |
20120233453 | Reducing Processing Load in Proxies for Secure Communications - In one embodiment, a method for providing secure communications using a proxy is provided. The proxy negotiates with a client and a server to determine a session key to use with communications between the client and the proxy and between the proxy and the server. Encrypted data may then be received from the client at the proxy. The proxy can decrypt the encrypted data for processing using the session key. In one embodiment, the decrypted data is not altered. The proxy then sends the encrypted data that was received from the client to the server without re-encrypting the data that was decrypted. Because the proxy did not alter the data in its processing of the decrypted data and the same session key is used between communications for the proxy and the server, the encrypted data stream that was received from the client can be forwarded to the server. | 09-13-2012 |
20120233454 | DATA SECURITY FOR DIGITAL DATA STORAGE - A computing system includes data encryption in the data path between a data source and data storage devices. The data storage devices may be local or they may be network resident. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer. In a LAN embodiment, public encryption keys may be automatically transferred to a network server for file encryption prior to file transfer to a client system. | 09-13-2012 |
20120246460 | Encryption device and method for controlling download and access operations performed to a mobile terminal - An encryption device and method for controlling download and access operations performed to a mobile terminal are disclosed. A switch circuit ( | 09-27-2012 |
20120246461 | SYSTEM AND METHOD FOR SECURING WIRELESS DATA - Systems and methods for operation upon a data processing device for handling secure data stored on the device. The device is configurable to communicate over a data channel with an external security information source. User identification information is received from the external security information source which identifies a user of the device. The device, based upon the received user identification information, determines whether the secure data stored on the device is to be accessed by a user of the device. | 09-27-2012 |
20120254605 | Privacy-Preserving Probabilistic Inference Based on Hidden Markov Models - Parameters of a hidden Markov model (HMM) are determined by a server based on an observation sequence stored at a client, wherein the client has a decryption key and an encryption key of an additively homomorphic cryptosystem, and the server has only the encryption key. The server initializes parameters of the HMM and updates the parameters iteratively until a difference between a probability of the observation sequence of a current iteration and a probability of the observation sequence of a previous iteration is above a threshold, wherein, for each iteration, the parameters are updated based on an encrypted conditional joint probability of each pair of states given the observation sequence and the parameters of the HMM, wherein the encrypted conditional probability is determining in an encrypted domain using a secure multiparty computation (SMC) between the server and the client. | 10-04-2012 |
20120254606 | Privacy-Preserving Probabilistic Inference Based on Hidden Markov Models - A most likely sequence of states corresponding to an observation sequence stored at a client is determined securely with respect to a HMM stored at a server. An encryption of a log-probability of the current element of the observation sequence is determined for each state of the HMM. A product of an encryption of the log-probability of the state for the current element, an encryption of a transition probability to the state, and the encryption of a log-probability of the current element of the observation sequence is determined iteratively, for each state of the HMM, to produce an encrypted matrix of indexes of the states; and the encrypted matrix is transmitted to the client. | 10-04-2012 |
20120254607 | System And Method For Security Levels With Cluster Communications - A cluster of computing nodes communicate through an unsecure network by selectively sending information in encrypted and unencrypted formats. Heartbeat packets are sent between the computing nodes to coordinate operation of the computing nodes and using an encrypted format. Messages are selectively sent between the computing nodes with an encrypted or an unencrypted format based upon one or more predetermined factors, such as an end user selection, the type of message or the load at the computing nodes. | 10-04-2012 |
20120260085 | COMPUTER SYSTEMS, METHODS AND PROGRAM PRODUCT FOR MULTI-LEVEL COMMUNICATIONS - Systems, methods and a computer program product for facilitating multi-level communications within a computer system provide for generating while using a first network component a network data packet including a code within a field other than a payload field. The code corresponds with a coded communication within a library of coded communications. The network data packet is transmitted from the first network component to a designated second network component connected to the first network component that reads the code and selects the coded communication from the library of coded communications that corresponds with the code. The selected coded communication is then transmitted from the designated second network component to an intended recipient. The systems, methods and computer program product are applicable within the context of generalized computer systems, as well as restricted access computer systems. | 10-11-2012 |
20120260086 | APPARATUS AND METHODS FOR DISTRIBUTING AND STORING ELECTRONIC ACCESS CLIENTS - Apparatus and methods for efficiently distributing and storing access control clients within a network. In one embodiment, the access clients include electronic Subscriber Identity Modules (eSIMs), and an eSIM distribution network infrastructure is described which enforces eSIM uniqueness and conservation, distributes network traffic to prevent “bottle necking” congestion, and provides reasonable disaster recovery capabilities. In one variant, eSIMs are securely stored at electronic Universal Integrated Circuit Card (eUICC) appliances which ensure eSIM uniqueness and conservation. Access to the eUICC appliances is made via multiple eSIM depots, which ensure that network load is distributed. Persistent storage is additionally described, for among other activities, archiving and backup. | 10-11-2012 |
20120265980 | APPARATUS AND METHOD FOR SECURING USER INPUT DATA - An apparatus and method for securing user input data in an electronic device including an input interface. A touch panel senses touch events in an input interface, a touch integrated circuit receives coordinate data associated with the touch events and encrypts the coordinate data using a secure key. The touch integrated circuit blocks a main processor of the electronic device from being aware that a touch event has been sensed and may directly transmit the coordinate data to a server without the intervention of the main processor. | 10-18-2012 |
20120265981 | ELECTRONIC DEVICE AND METHOD FOR SECURING USER INPUT DATA - An apparatus to secure input data includes a main processor to enter into a secure mode, a touch panel to detect an input, and a touch integrated circuit (IC) to obtain coordinate data of the input, and to encrypt data related to the input using a secure key, in which the data related to the input is encrypted in the secure mode, and the touch IC transmits the encrypted data to the main processor. A method for securing input data in an electronic device includes entering into a secure mode, receiving an input using a touch panel, obtaining coordinate data of the input using a touch integrated circuit (IC), and encrypting data related to the input using a secure key, in which the data related to the input is encrypted in the secure mode, and the touch IC transmits the encrypted data to the main processor. | 10-18-2012 |
20120272051 | SECURITY KEY DISTRIBUTION IN A CLUSTER - Provided are techniques for the fast and reliable distribution of security keys within a cluster of computing devices, or computers. One embodiment provides a method for secure distribution of encryption keys, comprising generating a symmetric key for the encryption of communication among a plurality of nodes of a cluster of nodes; encrypting the symmetric key with a plurality of public keys, each public key corresponding to a particular node of the plurality of modes, to generate a plurality of encrypted symmetric keys; storing the plurality of encrypted symmetric keys in a central repository; and distributing the encrypted symmetric keys to the nodes such that each particular node receives an encrypted symmetric key corresponding to a corresponding public key of the particular node. | 10-25-2012 |
20120272052 | METHOD FOR GENERATING A CRYPTOGRAPHIC KEY FOR A PROTECTED DIGITAL DATA OBJECT ON THE BASIS OF CURRENT COMPONENTS OF A COMPUTER - A method for coupling protected digital data object, for example an application program, and a specified computer, which allows for, if desired, individual components of the computer to be modified. A cryptographic key is generated on the basis of current components of a computer in order to decrypt an encrypted, computer-specific authorization code for executing a protected digital data object on the computer. The computer-specific authorization code is encrypted with a key based on original components of the computer. The key can be determined from the current components of the computer even if they are different from the original components of the computer. | 10-25-2012 |
20120272053 | Virtual private network for real-time data - The present disclosure describes a method for protecting real-time data exchanged between a mobile electronic device and a VPN gateway over a communications link. The method comprises: establishing a first VPN connection between the mobile electronic device and the VPN gateway through the communications link; establishing, while the first VPN connection is established, a second VPN connection between the mobile electronic device and the VPN gateway through the communications link; providing key information to at least one of the mobile electronic device or VPN gateway through the first VPN connection; and exchanging real-time data packets between the mobile electronic device and the VPN gateway through the second VPN connection, wherein the key information is for encrypting and decrypting the real-time data packets exchanged through the second VPN connection. | 10-25-2012 |
20120278608 | INFORMATION PROCESSING APPARATUS, SECURE MODULE, INFORMATION PROCESSING METHOD AND COMPUTER PRODUCT - An information processing apparatus securely stores a program group comprising one or more programs and includes a first detector that detects an execution waiting state of a given program among the program group; a secure module that is configured such that information stored therein cannot be referred to by an external device, and when the execution waiting state is detected by the first detector, that encrypts the given program and writes the encrypted given program to a storage area that is different from that of the program group; a second detector that detects an execution request concerning the given program; a decrypter that decrypts the given program encrypted by the secure module and writes the decrypted given program to the storage area, when the execution request concerning the given program is detected by the second detector; and a program executor that executes the given program decrypted by the decrypter. | 11-01-2012 |
20120278609 | JOINT ENCRYPTION OF DATA - A method for joint generation of a ciphertext by devices of a data processing system includes providing, by a first device, a first message, representing secret data of the first device, generating an initial ciphertext comprising an initial blinded encrypted message, in which the first message is encrypted under a public key of a trusted entity, and an initial consistency component for validating the initial ciphertext using the bilinear map; and sending the initial ciphertext to a second device; wherein the second device provides a second message, representing secret data of the second device, generates an updated ciphertext comprising an updated blinded encrypted message and an updated consistency component for validating the updated ciphertext, and generating a final ciphertext comprising the final encrypted message and a final consistency component for validating the final ciphertext, wherein the final consistency component is generated using the updated consistency component and the bilinear map. | 11-01-2012 |
20120278610 | APPARATUS AND METHOD FOR SENDING ENCRYPTED DATA TO CONDITIONAL ACCESS MODULE OVER COMMON INTERFACE, CONDITIONAL ACCESS MODULE AND SYSTEM THEREOF - An apparatus and method for sending encrypted data to a conditional access module (CAM) over a common interface (CI). A plurality of data packets are formed, and one data packet of the plurality of data packets includes a header and a payload for storing the encrypted data. The data packets are sent to the CAM over a transport stream (TS) interface of the CI. Encrypted data in different file formats can be sent over the TS interface. An initialization message including information about a selected format can be sent to the CAM over a control interface of the CI, and the CAM can send data request messages over the control interface to request specific data. | 11-01-2012 |
20120284504 | Method and system for the Orange family of stream ciphers and method and system for generating stream ciphers based on the ERINDALE-PLUS hashing function - The present invention introduces the Orange family of stream ciphers. The cipher may involve several elements including splitting with jumping, iterated transformations and padding. The construction of the cipher also involves constantly updated bit strings that may be used as multiple keystreams in transformations of various degrees. The cipher permits parameterizing speed, security and consumed memory. A customization of the cipher allows generating practically unlimited number of stream ciphers with different inner structures and IV parameters. The present invention also presents a transformation of the ERINDALE-PLUS hashing function. The transformed ERINDALE-PLUS hashing is capable simultaneously generate a ciphertext and a secure hash value of a message. | 11-08-2012 |
20120290829 | SYSTEM AND METHOD FOR SELECTIVE INSPECTION OF ENCRYPTED TRAFFIC - Inspection of encrypted network traffic where multiple network connections are monitored that carry encrypted data, but only a subset of the network connections are decrypted and inspected. Typically, only network connections that are associated with designated target users whose encrypted data is to be inspected are decrypted. A Network Monitor Center (NMC) dynamically establishes a list of rules for selection of encrypted data connections. The rules are provided to a Secure data Inspection Appliance (SIA) that accepts some or all of the network user encrypted traffic and checks it against a rule table. When detecting an encrypted connection that matches the rule table, the SIA decrypts the connection and provides a copy of the connection plain data to the NMC. The NMC then inspects the plain data for security threats. Once a security threat is found in a connection, the NMC applies predefined consequent actions to this connection. | 11-15-2012 |
20120290830 | GENERATING AN ENCRYPTED MESSAGE FOR STORAGE - A method begins by a dispersed storage (DS) processing module generating a shared secret key from a public key of another entity and a private key using a first modulo prime polynomial function, wherein a public key is generated from the private key using a second modulo prime polynomial function and wherein the public key of the other entity is derived using the second modulo prime polynomial function on a private key of the other entity. The method continues with the DS module encrypting a message using the shared secret key to produce an encrypted message. The method continues with the DS module outputting the encrypted message to the other entity. | 11-15-2012 |
20120290831 | METHODS FOR DECRYPTING, TRANSMITTING AND RECEIVING CONTROL WORDS, STORAGE MEDIUM AND SERVER FOR SAID METHODS - A method for deciphering control words for mechanically and electronically independent terminals includes causing first and second terminals to transmit a first and second cryptograms to a control-word server, causing that server to decipher them to obtain first and second control words for enabling descrambling of first and second multimedia content broadcast simultaneously on respective first and second channels, causing the server to transmit the control word to the respective terminals, the second control word obtained by deciphering the second cryptogram before the first terminal executes a channel change, and in response to the channel change, causing the first terminal to search to determine whether the second control word has already been transmitted in advance by the server before the channel change, and if the control word has been transmitted in advance, causing the first terminal to immediately start descrambling the second multimedia content with the second control word. | 11-15-2012 |
20120297182 | CIPHER AND ANNOTATION TECHNOLOGIES FOR DIGITAL CONTENT DEVICES - Systems, methods, and/or devices are provided that include a variety of cipher tools and techniques that may be utilized with digital content on digital devices. Systems, methods, and/or devices are provided that include a variety of annotation tools and techniques that may be utilized with digital content on digital devices. | 11-22-2012 |
20120303948 | ADDRESS TRANSLATION UNIT, DEVICE AND METHOD FOR REMOTE DIRECT MEMORY ACCESS OF A MEMORY - An address translation unit for Remote Direct Memory Access (RDMA) of a memory of a processor is provided. The address translation unit comprises an address translator and a signer. The address translator is configured to translate a received virtual address in a real address of the memory. The signer is configured to cryptographically sign the real address. | 11-29-2012 |
20120311317 | Access-controlled customer data offloading to blind public utility-managed device - A method and system for access-controlled customer data offloading uses a blind public utility-managed device. A customer-managed device encrypts collected customer data using per-type, per-period keys and transmits the encrypted customer data to the utility-managed device. The customer-managed device further encrypts the per-type, per-period keys using a master key and transmits the encrypted per-type, per-period keys to the utility-managed device. When the current period ends (e.g., each day at midnight), the customer-managed device generates new per-type, per-period keys and continues the above customer data offloading using the new per-type, per-period keys. As a result, the customer offloads storage of customer data to the public utility without relinquishing control over access to the customer data. Moreover, the fact that the customer data are encrypted by data type and period allows the customer to access and expose the customer data in highly granular fashion. | 12-06-2012 |
20120311318 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD AND PROGRAM - An information processing system includes: a client executing acquisition and reproduction of contents; a management server providing the client with content selection information applied for acquisition of contents; and a content providing server receiving the content selection information from the client and providing the content selected in accordance with the content selection information, wherein the content selection information includes content identifiers as identifiers of encrypted contents respectively encrypted by different encryption keys and range information indicating data areas of range data which is configuration data of respective encrypted contents, and the content providing server provides the client with an encrypted content formed by combining range data as partial data of the encrypted contents specified by the content identifiers and the range information. | 12-06-2012 |
20120311319 | CONTENT DATA DELIVERY SYSTEM, AND METHOD FOR DELIVERING AN ENCRYPTED CONTENT DATA - A handheld device is configured to be connectable to a storage media that holds a unique media identifier and holds a content key data used to decrypt an encrypted content data. A content data delivery system is provided that is configured to be able to deliver various data to the handheld device and to make a content data available to the handheld device. The system includes a member-registration information database that holds member-registration information including a data pair of a handheld-device identifier related to the relevant handheld device and the relevant media identifier. The media identifier held by the storage media is verified with the member-registration information database. | 12-06-2012 |
20120317409 | Mobile Printing - A method of printing comprising, at an imaging device, receiving a print-by-reference print request and an encryption key from a mobile device, transmitting the print-by-reference print request and the encryption key to a print service, receiving encrypted print content from the print service, receiving a decryption key from the mobile device, decrypting the encrypted print content, creating decrypted print content, and printing the decrypted print content. A method of printing content requested from a mobile device, comprising receiving a print request and encrypted print content, receiving a decryption key from the mobile device, decrypting the encrypted print content, and printing the decrypted print content. | 12-13-2012 |
20120324215 | DATA SECURITY METHOD AND APPARATUS USING A CHARACTERISTIC PRESERVING ENCRYPTION - Provided is a data security method and apparatus using a characteristic preserving encryption. The data security apparatus includes an interface communicating with a user terminal or a database server, an input unit receiving information, an output unit outputting information, an encryption unit encrypting data in the data security method, a storage unit storing information, and a control unit controlling functions of the interface, the input unit, the output unit, the encryption unit or the storing unit. | 12-20-2012 |
20120331283 | USER-CONTROLLED DATA ENCRYPTION WITH OBFUSCATED POLICY - An obfuscated policy data encryption system and method for re-encrypting data to maintain the confidentiality and integrity of data about a user when the data is stored in a public cloud computing environment. The system and method allow a user to specify in a data-sharing policy who can obtain the data and how much of the data is available to them. This policy is obfuscated such that it is unintelligible to the cloud operator and others processing and storing the data. In some embodiments, a patient species with whom his health care data should be shared with and the encrypted health care data is stored in the cloud in an electronic medical records system. The obfuscated policy allows the electronic medial records system to dispense the health care data of the patient to those requesting the data without disclosing the details of the policy itself. | 12-27-2012 |
20130013912 | Systems and Methods for Securing Media and Mobile Media Communications with Private Key Encryption and Multi-Factor Authentication - Systems and methods protect and secure one-path and/or multi-path data, media, multi-media, simulations, gaming, television and mobile media communications and their fixed or mobile devices over diverse networks with symmetric key rotation, various forms of encryption, and multiple factors of authentication to provide optimal security for the integrity of any media asset. The distribution of said media asset is driven through virtual servers with effective stealth or cloaked processes, rendering them invisible to outside attacks, and securing any media from internal theft during the distribution process. The systems and methods curtail the ability to copy and/or revise the protected media and are instrumental in preventing piracy of media assets over the Internet, intranets, or private networks. | 01-10-2013 |
20130024683 | SYSTEM AND METHOD FOR SENDING ENCRYPTED MESSAGES TO A DISTRIBUTION LIST - A system and method for sending encrypted messages to a distribution list. In one embodiment, the method comprises: identifying a distribution list address in a message; determining one or more member addresses associated with the distribution list address; for each member address, determining if a public key for a member identified by the member address is available on the computing device; and if so, encrypting the message to the member; sending the encrypted message to the distribution list address only if each of the one or more member addresses associated with the distribution list identifies a member for which a public key is available on the computing device. | 01-24-2013 |
20130031354 | SYSTEM FOR PREVENTING UNAUTHORIZED ACQUISITION OF INFORMATION AND METHOD THEREOF - A server apparatus includes: an output detector for detecting output-processing which is processing of outputting data from the application program into a shared area; and an output control section for storing instruction information in the shared area, instead of storing the output data outputted from the application program therein, in response to the detection of the output-processing, the instruction information specifying an acquisition method by which an authorized client apparatus acquires the output data. The client apparatus includes: a reading detection section for detecting reading-processing which is processing of reading data from the shared area; and a reading control section which reads the instruction information from the shared area in response to the detection of the reading-processing, and which acquires the output data by the acquisition method specified by the instruction information. | 01-31-2013 |
20130031355 | SYSTEM AND METHOD FOR SECURE AND/OR INTERACTIVE DISSEMINATION OF INFORMATION - An interactive information dissemination system includes a media server ( | 01-31-2013 |
20130046968 | Automobile Data Transmission - A device transmits automobile data to a server in a communication network. The device records the automobile data obtained from a plurality of sensors installed in the automobile. The device transmits a random access preamble on a first plurality of subcarriers of an uplink carrier to a base station, when a pre-defined condition is met. The device encrypts the automobile data using a first encryption key and transmits the encrypted automobile data to a server via a base station. The base station decrypts the automobile data before forwarding it to the server. | 02-21-2013 |
20130046969 | METHODS FOR DECRYPTING, TRANSMITTING AND RECEIVING CONTROL WORDS, RECORDING MEDIUM AND CONTROL WORD SERVER TO IMPLEMENT THESE METHODS - A method of transmitting control words to terminals that are mechanically and electronically independent of one another includes transmitting, to a terminal, an absent control word in response to a request from the terminal that contains a cryptogram corresponding to the absent control word, for the terminal, selectively determining a number of additional control words to be transmitted to the terminal as a function of a probability that security of the additional control words is compromised, and transmitting, to the terminal, in addition to the absent control word, the determined number of additional control words to enable the terminal to descramble at least one additional cryptoperiod of the multimedia content in addition to the cryptoperiod of the multimedia content that can be descrambled using the absent control word. | 02-21-2013 |
20130054957 | Two-Way, Secure, Data Communication within Critical Infrastructures - Systems and methods for two-way, secure, data communication within critical infrastructures are usable to protect critical infrastructure information while allowing real-time monitoring and remote access. Such communication systems and methods can be used to protect critical data by, for example, providing a single point of access via unidirectional, serial, non-routable connections. Additionally, data flow may be controlled by a first server that is not accessible outside of the critical infrastructure. | 02-28-2013 |
20130054958 | Systems and Methods for Performing Adaptive Bitrate Streaming Using Automatically Generated Top Level Index Files - Systems and methods for performing adaptive bitrate streaming using top level index files automatically generated based upon the capabilities of a playback device in accordance with embodiments of the invention are disclosed. One embodiment of the method of the invention includes requesting a top level index file from a playback server using a playback device, where the request identifies a piece of content and includes information describing the capabilities of the playback device, receiving a top level index file from the playback server using the playback device, where the top level index file describes a plurality of streams accessible to the playback device and identifies the location of the streams, selecting initial streams using the playback device, and retrieving at least a portion of the initial streams from the locations identified in the top level index file using the playback device. | 02-28-2013 |
20130061034 | Transparent Mode Encapsulation - A method for providing transparent Ethernet frame adjacency may include removing a MAC addresses from a received Ethernet frame to generate a partial Ethernet frame. The partial Ethernet frame may then be encrypted. The encrypted Ethernet frame may be encapsulated in an Internet Protocol (IP) packet. The IP packet may include an indication of a Security Association (SA). The packet may be sent over a non-secure network. A device may de-encapsulate the payload of a received IP packet to generate the encrypted partial Ethernet frame. The device may decrypt the encrypted partial Ethernet frame to generate a partial Ethernet frame. The decryption device may new MAC addresses based on the SA indicated in the received IP packet. The device may append the new MAC addresses to the partial Ethernet frame such the transmitted Ethernet frame is identical to the Ethernet Frame originated at the source network device. | 03-07-2013 |
20130061035 | METHOD AND SYSTEM FOR SHARING ENCRYPTED CONTENT - The present invention relates to the field of sharing encrypted content. In one form, the invention relates to multiple user access and management of encrypted content. In one particular aspect, the present invention is suitable for use in community controlled encryption of shared content using indirect keys. | 03-07-2013 |
20130061036 | METHOD AND APPARATUS FOR PROVIDING A STRUCTURED AND PARTIALLY REGENERABLE IDENTIFIER - An approach is provided for generating a structured and partially regenerable identifier. An identification generation platform receives a request to generate at least one regenerable that includes, at least in part, a plurality of fields. The identification generation platform determines to separately hash and/or encrypt the respective ones of the plurality of fields. A generation of the at least one identifier is caused, based at least in part, on the hashed and/or encrypted respective ones of the plurality of fields. | 03-07-2013 |
20130061037 | ENCRYPTION COMMUNICATION METHOD, APPARATUS AND SYSTEM - An encrypted communication method relating to communication technologies includes allocating a same encryption key for a first application and a terminal that is only bound to the first application. The method also includes transparently transmitting information communicated between the terminal and the first application when determining that the terminal communicates with the first application by using the same encryption key. | 03-07-2013 |
20130067211 | OPERATIONAL MODE FOR BLOCK CIPHERS - In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of sequenced rounds, the cipher is hardened against attack by a protection process. The protection process uses block lengths that are larger or smaller than and not an integer multiple of those of an associated standard cipher, and without using message padding. This is operative in conjunction with standard block ciphers such as the AES, DES or triple DES ciphers, and also with various block cipher cryptographic modes such as CBC or EBC. | 03-14-2013 |
20130067212 | SECURING IMPLEMENTATION OF CRYPTOGRAPHIC ALGORITHMS USING ADDITIONAL ROUNDS - In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of sequenced rounds, the cipher is hardened against an attack by a protection process which adds rounds to the cipher process. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm (process), including the algorithm's internal state during its execution. In one version, a specific number of rounds are added over those of a standard version of the cipher to both encryption and the complementary decryption. The added rounds are inserted immediately after the last of the standard rounds in the sequence. In another version, the added rounds are one or more opposing paired rounds of encryption/decryption or decryption/encryption which effectively cancel each other out, and may be inserted anywhere in the sequence of standard rounds. | 03-14-2013 |
20130067213 | DYNAMIC ENCRYPTION AND DECRYPTION FOR NETWORK COMMUNICATION - Dynamic encryption for network communication includes distributing a key to a network entity and storing the key into the key table. A key in the key table is used to encrypt data, and an index of the used key in the key table is attached to the encrypted data. The encrypted data is sent to the network entity. Dynamic decryption for a network communication includes receiving a key from a network entity and storing the received key into a key table. Encrypted data is received from the network entity. A key in the key table is located based on an index attached to the data and the data is decrypted with the located key. | 03-14-2013 |
20130067214 | COMMUNICATION DEVICE AND COMMUNICATION METHOD - There is provided a communication device in which a network access authenticating unit executes a network access authentication process with an authentication server to establish a connection to a network, the authentication process including generation of information shared with the authentication server, a communication unit receives an authentication result message from the authentication server when succeeding in the network access authentication process, the authentication result message containing an authentication result indicating success in the network access authentication process and an encrypted network key; a key transport key generating unit generates a key transport key by use of the information generated in the network access authentication process; and a network key acquiring unit acquires a network key by decrypting the encrypted network key contained in the authentication result message with the key transport key, the communication unit encrypts data with the network key and transmits encrypted data to the network. | 03-14-2013 |
20130073842 | CONTROLLER- KEYPAD/CARD READER IDENTIFICATION SYSTEM INCLUDING CARD PROGRAMMING AND SECURE COMMUNICATIONS - An access control system including bi-directional communication between a controller and peripheral authentication devices utilized for selectively accessing a locked door is provided. The access control system provides components and circuitry to enable a user to securely assign and designate any card reader compatible card as an appropriate programming card and thereby activate or deactivate users and/or cards. The present invention further provides encrypted communication between the controller device and a PC. | 03-21-2013 |
20130080763 | PERSONAL MESSAGING SECURITY - A method may include creating, by a user device, an electronic message, the electronic message comprising destination information corresponding to an intended recipient of the electronic message. The method many include receiving, by the user device and from a user, a security key corresponding to a particular type of user input and corresponding to the intended recipient of the electronic message. The method may include encrypting, by the user device, the electronic message based on the security key, and the method may include communicating, by the user device, the electronic message based on the destination information corresponding to the intended recipient. | 03-28-2013 |
20130080764 | Secure Remote Credential Provisioning - An embodiment uses hardware secrets secured within a security engine to provide a secure solution for field key provisioning. An embodiment is operating system independent due to the out-of-band communications with the security engine. Secrets need not be provisioned during manufacturing time. An embodiment may ensure only security engine specific provisioned secrets are used at runtime. Other embodiments are addressed herein. | 03-28-2013 |
20130080765 | SECURE CLOUD STORAGE AND SYNCHRONIZATION SYSTEMS AND METHODS - A secure cloud storage and synchronization system and method is described that provides, among other things: (1) local password recovery, including a mechanism by which the user of the system can recover their password without having stored it on a remote server; (2) secure, private versioning of files, including a mechanism to privately store a version history of files on one or more remote servers in such a way that it is technically infeasible for anyone other than the legitimate owner to access any component of the file history; (3) secure, private de-duplication of files stored on one or more remote servers that reduces storage requirements by allowing for the storage of a single file when there are duplicates, even across users; and (4) secure, private sharing of files between users of the system that allows one user to share a file on the “cloud” with another user without deciphering or transporting the file. | 03-28-2013 |
20130080766 | Collaborative Agent Encryption and Decryption - A method for securely transmitting data from a sender computer system to a receiver computer system comprises receiving cleartext message by a first intelligent agent environment; splitting said message into a plurality of message fragments; creating an intelligent agent for each message fragment; generating a key for each message fragment; encrypting each said message fragment to produce a respective encrypted message fragment; and transmitting each intelligent agent with said respective encrypted message fragment as a data payload. The method may further comprise receiving each intelligent agent with its respective encrypted message fragment as a data payload by a second intelligent agent environment at the receiver computer system; locating each of a set of agents; decrypting each encrypted respective message fragment to produce a respective cleartext message fragment; and collaborating by the set of agents to recombine cleartext message fragments to form a cleartext message. | 03-28-2013 |
20130091349 | Enabling Packet Handling Information in the Clear for MACSEC Protected Frames - Techniques are provided to append packet handling information “in the clear” ahead of security related information in a packet to be routed over a network to optimize wide area network deployments of security-configured equipment. In one form, at a network device that performs connectionless secure communication and network routing of packets, data is received from a source device to be sent through a network to a destination device. Packet handling information is inserted in a packet that is to be used to transport the data. The packet handling information is configured to enable controlled handling of the packet in the network and is inserted in an unprotected portion of the packet. Encrypted payload data is generated from the data received from the source device. The encrypted payload data and security information are inserted in a protected portion of the packet and the packet is sent to the network. | 04-11-2013 |
20130097417 | SECURE PRIVATE COMPUTATION SERVICES - An encryption scheme allows meaningful, efficient computation of encrypted data in various application domains, including without limitation patient health care, financial analysis, market research, and targeted advertising. Data providers, computational services, and results consumers work in concert using a somewhat homomorphic encryption scheme to preserve the secrecy while providing practical computational performance. Encrypted data is stored within network-accessible storage. The data is encrypted using an encryption scheme that allows predictive analysis on the encrypted data without decrypting the encrypted data. The predictive analysis includes evaluation of polynomials of bounded degree on elements of the encrypted data. The evaluation includes ciphertext addition compositions and a bounded number of ciphertext multiplication compositions. The predictive analysis is performed on the encrypted data without decrypting the encrypted data to create encrypted results, which are transmitted to an entity possessing a decryption key capable of decrypting the encrypted results. | 04-18-2013 |
20130111204 | HARDWARE COUNTERMEASURE AGAINST CRYPTOGRAPHIC ATTACK | 05-02-2013 |
20130117553 | Method and Apparatus for Increasing the Output of a Cryptographic System - The rate at which packets are provided to a cryptographic engine of a cryptographic system is adjusted using a feedback mechanism to increase the output of the cryptographic system. Data is classified and queued on a per class/flow basis and stored in input queues prior to being processed. A class based queue scheduler is implemented to select data from the input queues to be transmitted to the cryptographic engine. The cryptographic engine operates in processing cycles. At each cycle, an amount of data is transferred from the input queues to a cryptographic engine input queue. A cryptographic accelerator in the cryptographic engine processes the data on the cryptographic engine input queue during the cycle. The output rate of the cryptographic accelerator is measured during the cycle and this value is used as feedback to determine how much data should be passed to the cryptographic engine for a subsequent cycle. | 05-09-2013 |
20130124849 | System And Method For Individualizing Content For A Consumer - Protected content that has been encrypted according to an encryption algorithm is individualized for a consumer according to pseudorandomly-generated individualization data values and individualization indexes. When different instances of individualized protected content are generated from the same protected content for different consumers, the different instances differ in content. To generate the individualized protected content, a packaging component is configured to identify pseudorandom intervals within the protected content using the individualization indexes, and for each given one of the intervals, to combine the protected content included within the given interval with a respective one of the individualization values according to a reversible data transform operation. The data transform operation is less computationally expensive than the given encryption algorithm. | 05-16-2013 |
20130124850 | SMART GRID AND METHOD FOR OPERATING A SMART GRID - Method for operating a smart grid including a plurality of smart meters configured to monitor at least one physical measured quantity and to provide measurement results of the at least one physical measured quantity to a central entity, includes the following steps:
| 05-16-2013 |
20130138946 | SECURE TELEMESSAGING - Systems and methods are described that provide for targeted distribution of messages through communication networks, such as the Internet, in private and confidential environments. Messages, such as advertisements, can be stored in a message database. In a secure environment, consumer profiles, such as medical records, can be mined to identify target consumers for a given message. Messages can be retrieved from the message database, encrypted, and conveyed to the identified target consumers without inappropriately revealing or disclosing private or confidential consumer data. | 05-30-2013 |
20130138947 | USER-DRIVEN MENU GENERATION SYSTEM WITH DYNAMIC GENERATION OF TARGET FILES WITH PLACEHOLDERS FOR PERSISTENT CHANGE OR TEMPORARY SECURITY CHANGE OVER CLOUD COMPUTING VIRTUAL STORAGE FROM TEMPLATE FILES - Dynamic generation of target files is described. A user can select a template file. The template file includes: at least first and second changeable fields configured to be changed persistently, and a third changeable field. The second changeable field is configured to receive a security-related value. A third changeable field includes a first value configured to be changed temporarily to receive an encrypted version of the first value. The template file is parsed to generate a user interface, including: a first prompting label, corresponding to the first changeable field, requesting the user to enter the user content value, a second prompting label, corresponding to the second changeable field, requesting that the user enter audit data and/or access control data. An encrypted version of the first value corresponding to the third changeable field is generated. The first value is temporarily replaced with the encrypted value. The target file is then generated. | 05-30-2013 |
20130151842 | ENCRYPTION KEY TRANSMISSION WITH POWER ANALYIS ATTACK RESISTANCE - Methods and mechanisms for transmitting secure data. An apparatus includes a storage device configured to store data intended to be kept secure. Circuitry is configured to receive bits of the secure data from the storage device and invert the bits prior to transmission. The circuitry may invert the bits prior to conveyance if more than half of the bits are a binary one, set an inversion signal to indicate whether the one or more bits are inverted, and convey both the one or more bits and inversion signal. Embodiments also include a first source configured to transmit Q bits of the secure data on an interface on each of a plurality of clock cycles. The first source is also configured to generate one or more additional bits to be conveyed concurrent with the Q bits such that a number of binary ones transmitted each clock cycle is constant. | 06-13-2013 |
20130159694 | DOCUMENT PROCESSING METHOD AND SYSTEM - A document processing method and system are provided. A client divides at least one document into a plurality of document pages, and individually encrypts the document pages by a first key to obtain a plurality of encrypted pages. The client removes a part of words from the document pages to obtain a plurality of significant words, and individually encrypts the significant words by a second key different to the first key to obtain a plurality of encrypted significant words. The client records the encrypted significant words and a plurality of first index information in a significant word set (SWS), where the first index information indicates a page in the encrypted pages where the encrypted significant word comes from. Then, the client transmits the encrypted pages and the SWS to a remote server for storage. | 06-20-2013 |
20130159695 | DOCUMENT PROCESSING METHOD AND SYSTEM - A document processing method and system divides a document into document pages, and encrypts the document pages by first key to obtain a plurality of encrypted pages; picks a part of words from the document pages and encrypts them by second key to obtain a Significant Word Set (SWS); picks a part of words from the picked part of words and encrypts them by third key to obtain a Most Relevant Word Set (MRWS). The encrypted pages, the SWS and the MRWS are transmits to a remote server for storage. When user search a keyword in the document, the keyword is encrypted by the second and third keys for performing two query. The first query result is decrypted to obtain the search result. The second query result is decrypted and then checked whether it is a subset of the first decrypted query result for detecting unfaithful execution. | 06-20-2013 |
20130159696 | SENDING MESSAGES BY OBLIVIOUS TRANSFER - A system includes a server connectable to a client, the server configured to allow the client to acquire a message of an index designated by the client among N messages held by the server where N is an integer of two or more. The server includes a classification unit configured to classify the N messages into M classified messages by contents of the messages; a message encryption unit configured to encrypt each of the M classified messages; a message provision unit configured to provide the M encrypted classified messages to the client; and a key sending unit configured to send the client, by oblivious transfer, a message key for decrypting the classified message corresponding to the message of the index designated by the client. | 06-20-2013 |
20130159697 | DISTRIBUTING DATA TO MULTIPLE CLIENTS FROM SERVER - Provided are techniques for distributing data in a trackable manner while suppressing an increase in the size of data to be distributed as much as possible and minimizing interruption of usage of the data. A method for distributing data to multiple clients from a server includes the steps of: generating a common noise by using noises unique to the multiple clients, respectively; embedding the common noise in the data to be distributed to make the data unusable; and distributing the data containing the embedded common noise, so that the data containing the embedded common noise is made usable by each of the multiple clients using a unique noise generated in the client. | 06-20-2013 |
20130166902 | SIMPLIFIED SMARTCARD PERSONALIZATION METHOD, AND CORRESPONDING DEVICE - The invention relates to a method for personalizing an electronic device using an encryption device adaptable to standard certified apparatuses. The encryption device makes it possible to ensure the confidentiality of the transfer of a secret code from the user to a possible personalization server. | 06-27-2013 |
20130173903 | UNIFIED NETWORK ARCHITECTURE HAVING STORAGE DEVICES WITH SECURE BOOT DEVICES - A unified computer network may be created between network devices, such as storage devices, servers, and client computing system through multiple protocols and multiple connections. Each of the connections, regardless of different protocols or physical connections, may employ secure communications links through a secure boot device. For example, a secure communications link may be created through a fibre channel over Ethernet (FCoE) protocol. | 07-04-2013 |
20130173904 | SECURE DATA COMMUNICATIONS WITH NETWORK BACK END DEVICES - Devices located on a back end of a web application in a private cloud may establish secure communications to other back end devices or client devices with a secure boot device integrated in the back end device. The secure boot device enables the back end component to cryptographically split data and encrypt data for transmission to other devices through a secure communications link. The secure communications link may improve security on private cloud networks. Further the secure communications link may improve security to allow back end devices to be located remote to other back end devices. | 07-04-2013 |
20130173905 | TRANSMITTING TERMINAL, RECEIVING TERMINAL, ID NUMBERING DEVICE, AND KEY TRANSMISSION METHOD - Provided is a transmitting terminal capable of sharing an encryption key among a number of specific apparatuses using fewer resources and securely. A transmitting terminal ( | 07-04-2013 |
20130179675 | COMPOSITE SYSTEM, METHOD, AND STORAGE MEDIUM - In a composite system that includes a main system that operates with a main program and a plurality of sub-systems that operate both with sub-programs and under the control of the main system attachably and detachably connected with each other via a predefined bus, the main system transfers each fragment of divided target data to the sub-system, and the sub-system includes a receiving buffer that can read and write the fragment of data received from the main system temporarily. An encrypting process can be executed with the main system and the sub-system regardless of the size of target data to be encrypted, the size of memory in the sub-system, and data transfer capability between the main system and the sub-system even if the size of the target data in the main system is bigger than the size of the receiving buffer in the sub-system. | 07-11-2013 |
20130179676 | CLOUD-BASED HARDWARE SECURITY MODULES - A cloud-based hardware security device (HSM) providing core security functions of a physically controlled HSM, such as a USB HSM, while allowing user access within the cloud and from a user device, including user devices without input ports capable of direct connection to the HSM. The HSMs can be connected to multi-HSM appliances on the organization or user side of the cloud network, or on the cloud provider side of the cloud network. HSMs can facilitate multiple users, and multi-HSM appliances can facilitate multiple organizations. | 07-11-2013 |
20130179677 | SECURE DATA EXCHANGE BETWEEN DATA PROCESSING SYSTEMS - A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server. | 07-11-2013 |
20130191626 | RECORDING DEVICE, TERMINAL DEVICE, AND CONTENT TRANSMISSION SYSTEM - A content transmission system transmits content, using a cloud computing system. A recording device records the content to a local storage or a cloud storage. When the local storage is selected as a recording destination, the recording device generates an encryption key, encrypts the content with the key, and generates management information associating the key with an address of the cloud storage. The recording device furthermore determines whether a portable recording medium is connected thereto. If connected, the recording device records the key and the management information to the portable recording medium. The terminal device first reads the key and the management information from the portable recording medium. The terminal device then accesses the cloud storage without performing user authentication, referring to the management information, and downloads the encrypted content from the cloud storage. Furthermore, the terminal device decrypts the content from the encrypted content, using the key. | 07-25-2013 |
20130191627 | Controlling and auditing SFTP file transfers - Encrypted SFTP file transfers and other encrypted file transfers may be audited and what files can be transferred may be controlled at a firewall or other gateway. Transferred files may be subjected to data loss prevention analysis and/or virus checks. | 07-25-2013 |
20130198508 | SYSTEM AND METHOD FOR REMOTE RESET OF PASSWORD AND ENCRYPTION KEY - Data is secured on a device in communication with a remote location using a password and content protection key. The device stores data encrypted using a content protection key, which itself may be stored in encrypted form using the password and a key encryption key. The remote location receives a public key from the device. The remote location uses the public key and a stored private key to generate a further public key. The further public key is sent to the device. The device uses the further public key to generate a key encryption key, which is then used to decrypt the encrypted content protection key. A new content encryption key may then be created. | 08-01-2013 |
20130205132 | OBTAINING A CONTROL WORD TO REVEAL A CLIENT DEVICE IDENTITY - The invention provides for a solution enabling obtaining a control word in the client. The client device has a unique binary identification. An input transformed control word is mapped from an input transform domain to an output transform domain to thereby obtain an output transformed control word by successively applying a transformation function to the input transformed control word using each compound of seeds from the set successively as an input to the successive transformation functions. Each of the successive transformation functions is one of a regular transformation function, a first special transformation function and a second special transformation function. The obtained control word can be used to decrypt one of two copies of a part of content data. The copy that can be decrypted contains a watermark representing either a binary “0” or a binary “1” and represents a bit of the unique binary identification of the client device. | 08-08-2013 |
20130212373 | STORAGE AVAILABILITY USING CRYPTOGRAPHIC SPLITTING - Methods and systems for maintaining data connectivity in a secure data storage network are disclosed. In one aspect, a method includes assigning a volume to a primary secure storage appliance located in a secure data storage network the primary secure storage appliance selected from among a plurality of secure storage appliances located in the secure data storage network, the volume presented as a virtual disk to a client device and mapped to physical storage at each of a plurality of storage systems. The method further includes detecting at one of the plurality of secure storage appliances a failure of the primary secure storage appliance. The method also includes, upon detecting the failure of the primary secure storage appliance, reassigning the volume to a second secure storage appliance from among the plurality of secure storage appliances, thereby rendering the second secure storage appliance a new primary secure storage appliance. | 08-15-2013 |
20130212374 | METHOD FOR IDENTIFYING A DEVICE USED BY A HACKED TERMINAL, AND RELATED DEVICE - The invention relates to a method for preventing the fraudulent use of an electronic device and thus for effectively combating the fraudulent dissemination of protected content. | 08-15-2013 |
20130212375 | Method of Checking and Protecting Data and Identity Especially Within Processes Using Information and Communication Technologies. - A method of checking and protecting data and identities within a communication or computing process between at least one author and at least one recipient comprises at least: a step of allocation by an anonymization authority of one and the same stamp forming a cryptonymic marking, to one or to several different authors and to their objects; a step of inserting said stamp into the communication or computing protocol associated with the data stream, by means of a stamp system, the protocol containing the identity of said author or of said object of the author or authors, and each author being able moreover to simultaneously have a plurality of different cryptonyms; a step of reading, at at least one recipient, of said protocol by means of a reading system able to detect the presence of said stamp. | 08-15-2013 |
20130212376 | DATA ACCESS MANAGEMENT IN A HYBRID MEMORY SERVER - Once or more embodiments manage access to data by accelerator systems in an out-of-core processing environment. In one embodiment, a request from an accelerator system is received for access to a given data set. An access context associated with the given data set is determined. The accelerator system is dynamically configured, based on the access context that has been determined, based on the access context that has been determined, to one of access the given data set directly from the server system; locally store a portion of the given data set in a memory; and locally store all of the given data set in the memory. | 08-15-2013 |
20130219164 | CLOUD-BASED HARDWARE SECURITY MODULES - A cloud-based hardware security device (HSM) providing core security functions of a physically controlled HSM, such as a USB HSM, while allowing user access within the cloud and from a user device, including user devices without input ports capable of direct connection to the HSM. The HSMs can be connected to multi-HSM appliances on the organization or user side of the cloud network, or on the cloud provider side of the cloud network. HSMs can facilitate multiple users, and multi-HSM appliances can facilitate multiple organizations. | 08-22-2013 |
20130219165 | SYSTEM AND METHOD FOR PROCESSING FEEDBACK ENTRIES RECEIVED FROM SOFTWARE - A method and system for processing feedback entries received from software provided by a vendor to an end user machine. The end user machine includes the software, a feedback module, and a database. The feedback module: generates an encryption E | 08-22-2013 |
20130227271 | METHOD FOR DISTRIBUTING DIGITAL DOCUMENTS TO WHICH USER RIGHTS ARE ATTACHED, WHICH SUPPORT MULTIPLE COPYING, EXCHANGE, AND MULTIPLE PLATFORMS - A method and system for distributing digital documents ensures security by encrypting pages, element by element, when the document is downloaded onto a terminal. After the document (w | 08-29-2013 |
20130232333 | METHOD AND APPARATUS FOR INTEGRATING PRECISE TIME PROTOCOL AND MEDIA ACCESS CONTROL SECURITY IN NETWORK ELEMENTS - A transmit portion of a network device including a medium access control (MAC) module configured to receive a frame of data to be transmitted from the network device in accordance with a MAC security (MACsec) protocol. In response to the frame of data being a precise time protocol (PTP) frame, the MAC module is configured to encrypt the PTP frame in accordance with the MACsec protocol, and associate an identifier with the encrypted PTP frame. A physical layer module includes a transmit module configured to transmit the encrypted PTP frame from the network device at a particular time. A PTP module configured to, based on the identifier associated with the encrypted PTP frame, generate a time stamp indicating the particular time that the transmit module transmits the encrypted PTP frame from the network device. The time stamp is transmitted from the network device along with the encrypted PTP frame. | 09-05-2013 |
20130238890 | METHOD FOR TRANSMITTING INFORMATION FROM A FIRST INFORMATION PROVIDER TO A SECOND INFORMATION PROVIDER VIA AN INFORMATION INTERMEDIARY - This invention relates to a method for transmitting information from a first information provider ( | 09-12-2013 |
20130246783 | GENERATING PROTOCOL-SPECIFIC KEYS FOR A MIXED COMMUNICATION NETWORK - Security keys are typically needed to communicate with various network communication protocols of a mixed communication network. Herein, a protocol-specific key for a particular network communication protocol is generated based upon a result of a hash operation that includes a network key associated with the mixed communication network and information corresponding to the particular network communication protocol. Interoperability of multiple devices in the mixed communication network is made possible when the multiple devices generate (i.e. derive) protocol-specific keys using the same network key and common information corresponding to particular network communication protocols. | 09-19-2013 |
20130254528 | SECURE MESSAGE HANDLING ON A MOBILE DEVICE - Systems, methods, and software for providing digital security to a child message transmitted from a mobile device to a messaging server, where the mobile device typically does not transmit the parent message with the child message to the messaging server. Whether to apply digital security, such as encryption or a digital signature, or both, is determined, and if the mobile device does not include a complete copy of a parent message for insertion into the child message, the mobile device selectively downloads the parent message from the messaging server prior to the computation of a digital signature or prior to encryption. The systems and methods may also provide a check of the child message size, when the child message includes inserted parent content, to ensure that the child message does not exceed any prescribed limits on message size. | 09-26-2013 |
20130254529 | METHOD AND APPARATUS FOR PROVIDING A SCALABLE SERVICE PLATFORM USING A NETWORK CACHE - An approach is provided for building a scalable service platform by initiating transmission of encrypted data from a public network cache. An access control server platform determines a first authorization key for a user and a second authorization key for a resource, and then encrypts the resource with the second authorization key, and encrypts the second authorization key with the first authorization key. The access control server platform initiates distribution of the encrypted second authorization key with the encrypted resource over a network. The access control server platform further initiates caching the encrypted second authorization key with the encrypted resource that meets a predefined threshold value (e.g., a data size, an access frequency, a modification frequency, or an auditing requirement) in a cache in the network, and initiates transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity. | 09-26-2013 |
20130254530 | SYSTEM AND METHOD FOR IDENTIFYING SECURITY BREACH ATTEMPT OF A WEBSITE - The present invention is a method, circuit and system for detecting, reporting and preventing an attempted security breach of a commercial website (for example a banking website), such as identity theft, website duplication (mirroring/Phishing), MITB (man in the browser) attacks, MITM (man in the middle) attacks and so on. | 09-26-2013 |
20130262850 | SECURE AND AUTOMATIC CONNECTION TO WIRELESS NETWORK - Described herein are systems, methods, and apparatus for automatically establishing secure connections to wireless networks using a wireless local area network access point which calls for acceptance of terms and conditions of use. During an initial connection, the user is prompted to review and accept terms and conditions associated with use of that wireless network. Once accepted, future connections at that or other access points, which use those same terms and conditions, occur free from user intervention. | 10-03-2013 |
20130262851 | Download Control - Download control is disclosed. An apparatus includes one or more processors, and one or more memories including computer program code. The one or more memories and the computer program code configured to, with the one or more processors, cause the apparatus at least to perform: obtain one or more cryptographic hash values of a target file to be downloaded; cause transmission of the one or more cryptographic hash values to a trusted source; obtain reputation data relating to the target file originated from the trusted source in response to the transmission of the one or more cryptographic hash values; and control download of the target file on the basis of the reputation data. | 10-03-2013 |
20130262852 | Range-Based Queries for Searchable Symmetric Encryption - Techniques enable range-based queries in searchable symmetric encryption (SSE) systems. A server device includes or provides access to a database that stores encrypted documents along with an encrypted index that maps bucketized terms (e.g., a term coupled with a value range associated with that term) to encrypted documents. Search is performed through a two-step process in which the client first sends a first search token to request the bucketization for a term, then sends one or more second search tokens each specifying a particular bucket in which to search for the term. In response to the second tokens, the server sends information corresponding to encrypted documents that satisfy the search. Embodiments further provide for incremental addition and deletion of particular values for a term, and rebucketization at the client when a rate of false positive search results exceeds a threshold. | 10-03-2013 |
20130262853 | SERVER APPARATUS, CLIENT APPARATUS, AND REQUEST PROCESSING METHOD - An object of the present invention is to reduce a processing load on a server apparatus in a web system which provides contents to a client apparatus on the basis of an access authority of the client apparatus. | 10-03-2013 |
20130262854 | DATA DE-DUPLICATION IN A DISPERSED STORAGE NETWORK UTILIZING DATA CHARACTERIZATION - A computing device includes a processing module and an interface. The processing module is operable to receive, from a requesting device via the interface, a data storage request that includes data for storage. The processing module then determines whether substantially identical data is currently stored in a dispersed storage network (DSN) memory. When the substantially identical data is stored in the DSN memory, the processing module generates, for the requesting device, a second unique retrieval matrix of a plurality of sets of encoded data slices corresponding to the already stored substantially identical data, wherein the requesting device can recover at least a portion of the data based on the second unique retrieval matrix of the plurality of sets of encoded data slices. | 10-03-2013 |
20130275743 | Fault-Tolerant Privacy-Preserving Statistics - Disclosed is a protocol for a fault-tolerant, private distributed aggregation model that allows a data consumer to calculate unbounded statistics (weighted sums) over homomorphically encrypted sensitive data items from data producers. The data consumer can choose to calculate over an arbitrary subset of all available data items, thus providing fault tolerance; i.e., failing data producers do not prevent the statistics calculation. A key-managing authority ensures differential privacy before responding to the data consumer's decryption request for the homomorphically encrypted statistics result, thus preservation the data's producer's privacy. Security against malicious data consumers is provided along with aggregator obliviousness, differential privacy in a unidirectional communication model between data producers and data consumers. | 10-17-2013 |
20130275744 | ENCRYPTING SEGMENTED DATA IN A DISTRIBUTED COMPUTING SYSTEM - A method begins by a dispersed storage (DS) processing module segmenting a data partition into a plurality of data segments. For a data segment of the plurality of data segments, the method continues with the DS processing module dividing the data segment into a set of data sub-segments and generating a set of sub keys for the set of data sub-segments based on a master key. The method continues with the DS processing module encrypting the set of data sub-segments using the set of sub keys to produce a set of encrypted data sub-segments and aggregating the set of encrypted data sub-segments into encrypted data. The method continues with the DS processing module generating a masked key based on the encrypted data and the master key and combining the encrypted data and the masked key to produce an encrypted data segment. | 10-17-2013 |
20130283033 | TOKEN-BASED ENTITLEMENT VERIFICATION FOR STREAMING MEDIA DECRYPTION - A device sends an authentication request from the device to a session management server, and receives a token from the session management server if the device authenticates successfully. The device obtains a streaming media playlist file from a content delivery server, and sends the token to a key server for token validation. The device receives a decryption key from the key server if the token validates successfully, and requests a first streaming media segment file from the content delivery server based on the playlist file. The device receives the first streaming media segment file from the content delivery server; and decrypts the first streaming media segment file using the decryption key. | 10-24-2013 |
20130283034 | SYSTEMS AND METHODS USING ONE TIME PADS DURING THE EXCHANGE OF CRYPTOGRAPHIC MATERIAL - A solution that enables the exchange of information in a secure manner over an insecure text messaging infrastructure provides part of the exchange as cryptographic material to be used to secure subsequent communications. The exchange of the cryptographic material is protected from malicious and nefarious parties. Systems and methods for the exchange of cryptographic material enable the parties involved in the exchange to have confidence that the material received was communicated from the originating party. Once the cryptographic material is successfully exchanged between cooperating peers, it can be used by smartphones, tablets, feature phones, or special purpose machine to machine devices for private communications, such as command and control, location services, etc. over insecure voice or data communication paths, such as SMS. | 10-24-2013 |
20130283035 | DIGITAL FILE AUTHENTICATION USING BIOMETRICS - This invention provides a means of authenticating digital files without the need for a central trusted authority. A message digest of one or more digital files is calculated, preferably using a cryptographic hash function and all or part of the digest value is implanted into one or more biometric information files produced by the originator of the digital files or a trusted third party. The recipient of the digital files and biometric information files is able to determine all or part of the digest value from the biometric information files, check that this corresponds to the calculated message digest of one or more digital files as well as check the identity of the originator or trusted third party. In further embodiments the biometric information files contain all or part of a digital signature generated by the originator of the digital files or a trusted third party. The invention may be used in many applications including the distribution of public encryption keys. | 10-24-2013 |
20130283036 | Protected Distribution And Location Based Aggregation Service - A system for and method of per access-point streaming media customization and privacy protected feedback in a wireless network. The system is operative to: encrypt real time streamed media content from a streaming media source; multicast the streamed encrypted media content for availability to a user device for playback, the user device sending out unicast responses at the time of joining or dropping the multicast; aggregate the unicast responses in the form of a connect multicast state or a disconnect multicast state of the user device based on the joining or dropping of the multicast; and provide information back to the streaming media source based on the aggregated unicast responses. | 10-24-2013 |
20130290696 | SECURE COMMUNICATIONS FOR COMPUTING DEVICES UTILIZING PROXIMITY SERVICES - Techniques are disclosed for establishing secure communications between computing devices utilizing proximity services in a communication system. For example, a method for providing secure communications in a communications system comprises the following steps. At least one key is sent from at least one network element of an access network to a first computing device and at least a second computing device. The first computing device and the second computing device utilize the access network to access the communication system and are authenticated by the access network prior to the key being sent. The key is useable by the first computing device and the second computing device to securely communicate with one another when in proximity of one another without communications between the first computing device and the second computing device going through the access network. | 10-31-2013 |
20130290697 | System and Method for Signaling Segment Encryption and Key Derivation for Adaptive Streaming - An apparatus for decoding a media stream, wherein the apparatus comprises a memory module, a processor module coupled to the memory module, wherein the memory module contains instructions that when executed by the processor cause the apparatus to perform the following: receive a media stream comprising a segment signaling information and a plurality of segments, wherein the plurality of segments comprises encoded and unencoded segments, wherein the segment signaling information comprises identification of at least two segment groups each comprising at least one segment, identify at least one segment group using the segment signaling information in the media stream, identify at least one segment decoding algorithm for the at least one segment group, identify at least one decoding key for the at least segment group, and decode each encoded segment within the at least segment group using the at least segment decoding algorithm and the at least one decoding key. | 10-31-2013 |
20130290698 | System and Method for Efficient Support for Short Cryptoperiods in Template Mode - System and method embodiments are provided herein for efficient representation and use of initialization vectors (IVs) for encrypted segments using template mode representation in Dynamic Adaptive Streaming over Hypertext Transfer Protocol (DASH). An embodiment method includes sending in a media presentation description (MPD), from a network server to a client, a template for generating a universal resource locator (URL) to obtain an IV that is used for encrypting a segment, in absence of an IV value in the MPD, receiving from the client a URL configured according to the template, and upon receiving the URL, returning an IV corresponding to the URL to the client. Another embodiment method includes receiving in a MPD, at a client from a network server, a template for generating a URL to obtain an IV that is used for encrypting a segment, upon detecting an absence of an IV value or IV base value in the MPD, configuring a URL for the IV using the template, sending the URL for the IV, and receiving an IV. | 10-31-2013 |
20130297929 | Real-time Asset Tracking using Discovery Services - Implementations of the present disclosure are directed to sharing data in a supply chain, the data corresponding to an item having a tag associated therewith. Methods include storing item-level data in a computer-readable repository, determining endpoint data, the endpoint data indicating a location of the item-level data, determining a random number from the tag, the random number unique to the item, selecting a first integer and a second integer, generating a first public key based on the first integer and a semi-public key based on the second integer, generating an identifier based on the first public key and the random number, generating a key based on the semi-public key and the random number, encrypting the endpoint data using the key to provide encrypted endpoint data, defining a tuple comprising the identifier and the encrypted endpoint data, and transmitting the tuple over a network for storage in a persistent storage device. | 11-07-2013 |
20130305032 | ANONYMIZATION OF DATA WITHIN A STREAMS ENVIRONMENT - Streams applications may decrypt encrypted data even though the decrypted data is not used by an operator. Operator properties are defined to permit decryption of data within the operator based on a number of criteria. By limiting the number of operators that decrypt encrypted data, the anonymous nature of the data is further preserved. Operator properties also indicate whether an operator should send encrypted or decrypted data to a downstream operator. | 11-14-2013 |
20130305033 | DATA ENCRYPTION METHOD - A method performed by a computing system. Embodiments of the method include shifting source data by a shift amount and encrypting the shifted data with an encryption key to produce encrypted data. An encryption package is produced by removing a portion of the encrypted data. Decryption data is generated that includes the shift amount, the encryption key, the location in the encrypted data from which the data was removed, and the data that was removed. Copies of the encryption package are sent to remote client computing devices and the system waits until a decryption time. At the decryption time, copies of the decryption data are sent to the client computing devices, which are each configured to decrypt the encryption package using the decryption data to obtain the information of the source data at substantially the same time. | 11-14-2013 |
20130305034 | ANONYMIZATION OF DATA WITHIN A STREAMS ENVIRONMENT - Streams applications may decrypt encrypted data even though the decrypted data is not used by an operator. Operator properties are defined to permit decryption of data within the operator based on a number of criteria. By limiting the number of operators that decrypt encrypted data, the anonymous nature of the data is further preserved. Operator properties also indicate whether an operator should send encrypted or decrypted data to a downstream operator. | 11-14-2013 |
20130305035 | VIRTUAL TRANSPORTATION POINT OF SALE - Embodiments provided herein include techniques for enabling a mobile device to communicate with smart media in a manner that can sidestep the secure element of the mobile device—and the costs associated with it. The mobile device can communicate with the smart media using near-field communication (NFC) by creating an encrypted connection with a remote computer while bypassing a secure element of the mobile device. This allows the mobile device to provide point-of-sale (POS) functionality by reading and/or writing to the smart media, without compromising the security of the smart media. | 11-14-2013 |
20130311764 | SYSTEM FOR PROTECTION AND AUTHENTICATION OF LOCATION SERVICES WITH DISTRIBUTED SECURITY - Generally, this disclosure provides methods and apparatus for the protection and authentication of location services based on a distributed security system. The method may include exchanging security keys between a secure location processor (SLP) and a location requesting entity, the location requesting entity external to the SLP; obtaining location determination measurements, the obtaining performed by the SLP; determining a location based on the location determination measurements, the determining performed by the SLP; encrypting the location based on the security keys, the encrypting performed by the SLP; and transmitting the encrypted location from the SLP to the location requesting entity. | 11-21-2013 |
20130311765 | INFORMATION PROCESSING APPARATUS, DATA GENERATION METHOD, INFORMATION PROCESSING METHOD, AND INFORMATION PROCESSING SYSTEM - A differencing generator generates difference data between a first data set and a second data set. An encryption unit encrypts data. An electronic signature generator generates the electronic signature of data. A transmission data generator generates transmission data. The encryption unit encrypts the difference data generated by the differencing generator so as to generate encrypted difference data. The transmission data generator generates transmission data containing both the encrypted difference data generated by the encryption unit and the electronic signature of the second data set as generated by the electronic signature generator. | 11-21-2013 |
20130318339 | Systems and Methods for Protecting Communications Between Nodes - Systems and methods for protecting communications between at least two nodes protect the identity of a node requesting information, provide content of communications being sent and/or obscuring a type of communications being sent. Varying degrees of protection options including encryption, intermediate node termination and direct node communications are provided. | 11-28-2013 |
20130318340 | Flexible Method for Modifying a Cipher to Enable Splitting and Zippering - A cryptographic framework embodies modular methods for securing data, both at rest and in motion, via an extensible encryption method. Key derivation and synchronization methods are defined. Using a small set of initialization values (keys), a multi-dimensional geometric form from which two or more entities (participants) may derive the same discrete set of public and secret keys. Participants can initialize a random number generation method of practically infinite non-repeating length. Furthermore, the random number generator can be used as a One Time Pad synchronized between participants, without ever exchanging said One Time Pad. Furthermore, a method for ciphering and deciphering data including a method for splitting the encrypted data into multiple files or streams and for recombining the original data back. Finally, a method for extending the encryption to include a practically unlimited number of external authentication factors without negatively impacting encryption performance while simultaneously increasing cryptographic strength. | 11-28-2013 |
20130326210 | SECURE CLIENT-SIDE COMMUNICATION BETWEEN MULTIPLE DOMAINS - Methods and systems for secure client-side communication between multiple domains is provided. Such methods and systems can provide for decreased communication latency particularly effective for dynamic multi-domain and/or multi-tenant environments while allowing for granular security or specific security of messages and operations with regard to users, user sessions, groups, organizations, permissions sets, applications, or any other logical delineation. Such methods and systems may involve a variety of security components, for example, at least one set of instructions including a plurality of defined instruction to be utilized by users of the set of instructions to communicate, and cryptographic construct data in order to verify the data integrity and the authenticity of messages sent and received using the secure client-side communication between multiple domains. | 12-05-2013 |
20130326211 | METHOD AND SYSTEM FOR CONDITIONAL ACCESS TO A DIGITAL CONTENT, ASSOCIATED TERMINAL AND SUBSCRIBER DEVICE - The invention relates to a method and a system for conditional access making it possible to prevent the fraudulent use of a subscriber electronic device ( | 12-05-2013 |
20130332723 | SYSTEMS AND METHODS FOR SECURE FILE PORTABILITY BETWEEN MOBILE APPLICATIONS ON A MOBILE DEVICE - Systems and methods for secure file portability between mobile applications in a cloud-based environment or cloud-based collaboration and file sharing environment. In one embodiment, a server-based key generation service generates an encryption key that is unique to each file transfer transaction between mobile applications accessed via a mobile device. Data packages leaving a mobile application are then encrypted using the encryption key to provide secure file portability between mobile applications. In another embodiment, a background service triggered by a mobile application detects when a user is logged out of the mobile application and revalidates the user session with the mobile application to maintain portability of files between mobile applications. The background service presents a minimal user interface to get the user's credentials for the mobile application, without the user having to switch to the mobile application, and obtains an authentication token from a remote server using the user's credentials. | 12-12-2013 |
20130339722 | METHOD FOR PROTECTING DATA USED IN CLOUD COMPUTING WITH HOMOMORPHIC ENCRYPTION - A method for protection of cloud computing includes homomorphic encryption of data. Partially or fully homomorphic encryption allows for data within the cloud to be processed without decryption. A partially or fully homomorphic encryption is provided. The proposed scheme can be used with both an algebraic and analytical approaches. A cloud service is implemented on a server. A client encrypts data using fully homomorphic encryption and sends it to the server. The cloud server performs computations without decryption of the data and returns the encrypted calculation result to the client. The client decrypts the result, and the result coincides with the result of the same calculation performed on the initial plaintext data. | 12-19-2013 |
20130339723 | CLOSED NETWORK PRESENTATION - A system, related methods and computer readable memory device for delivering a presentation are provided. In one example, a method includes establishing a wireless network access point that creates a closed wireless network. An encrypted communication session is established via the closed wireless network with a plurality of client computing devices that each comprise a display. Each of the client computing devices is communicatively coupled to a virtual network server on the host computing device. Frame buffer data is retrieved from a storage subsystem of the host computing device. The frame buffer data is sent to each of the client computing devices to modify the display of the devices. | 12-19-2013 |
20140006772 | PROTECTING ENTERPRISE DATA THROUGH POLICY-BASED ENCRYPTION OF MESSAGE ATTACHMENTS | 01-02-2014 |
20140006773 | SECURED CLOUD DATA STORAGE, DISTRIBUTION AND RESTORATION AMONG MULTIPLE DEVICES OF A USER | 01-02-2014 |
20140006774 | INFORMATION GATHERING SYSTEM, TERMINAL UNIT, PROGRAM FOR INFORMATION GATHERING, AND PROGRAM FOR A TERMINAL | 01-02-2014 |
20140013100 | ESTABLISH BIDIRECTIONAL WIRELESS COMMUNICATION BETWEEN ELECTRONIC DEVICES USING VISUAL CODES - Methods, systems, and computer readable media relating to techniques for forming network connections between electronic devices using visual codes are described. Various configurations make use of one of many possible techniques for encoding data into a visual image. A first device which receives indication of intent to establish a data connection with a second device, can display an image containing encoded data. A second device can capture the image with an attached camera and decode the image to obtain connection information for the first device. The first device can then create a data connection with the second device using the information obtained from the image. | 01-09-2014 |
20140013101 | COMMUNICATION DEVICE, KEY GENERATING DEVICE, AND COMPUTER READABLE MEDIUM - According to an embodiment, a communication device is connected to a key generating device which generates an encryption key. The communication device includes a querying unit, an encryption processor, and a selecting unit. The querying unit is configured to send a query to the key generating device about capability information which indicates capability of the key generating device to generate the encryption key. The encryption processor is configured to implement a plurality of encryption functions. The selecting unit is configured to select, from among the plurality of encryption functions, an encryption function according to the capability information. The encryption processor implements the encryption function thus selected. | 01-09-2014 |
20140013102 | Method for verifying the security of a device for generating private and public cryptographic keys - A method for verifying the security of a device for generating private and public cryptographic keys. Such a method includes generating at least one pair of private and public cryptographic keys by the device from at least one random variable coming from a random-variable generator; transmitting at least one constituent element of a generated private or public key to at least one device for verifying; and determining a level of security of the device from the at least one transmitted element, as a function of pieces of information stored by the device for verifying. | 01-09-2014 |
20140013103 | Low-Latency Secure Segment Encryption and Authentication Interface - An apparatus comprising a memory, a processor coupled to the memory and configured to obtain a Dynamic Adaptive Streaming over Hypertext Transfer Protocol (HTTP) (DASH) Media Presentation Description (MPD) from an HTTP server, wherein the MPD describes a media presentation as at least one encrypted segment, and wherein the encrypted segment is associated with an availability time and a decryption key, and prefetch the decryption key associated with the encrypted segment by requesting the decryption key from a key server prior to the availability time of the encrypted segment. | 01-09-2014 |
20140013104 | SYSTEMS AND METHODS FOR SECURELY SUBMITTING COMMENTS AMONG USERS VIA EXTERNAL MESSAGING APPLICATIONS IN A CLOUD-BASED PLATFORM - Systems and methods are disclosed for facilitating secure commenting on content items among collaborators via external messaging applications in a collaborative cloud-based environment. In one embodiment, the system receives a response to a notification associated with a content item from a collaborator via an external messaging application. The response can include a text-based comment associated with the content item and secure message information provided by the notification including a message and a message authentication code. The system then determines a validity of the response. The validity of the response can include verifying the integrity of the message using the message authentication code. | 01-09-2014 |
20140019744 | Right of Individual Privacy and Public Safety Protection Via Double Encrypted Lock Box - A method substantially as shown and described the detailed description and/or drawings and/or elsewhere herein. A device substantially as shown and described the detailed description and/or drawings and/or elsewhere herein. | 01-16-2014 |
20140019745 | CRYPTOGRAPHIC ISOLATION OF VIRTUAL MACHINES - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Security may be further enhanced by establishing a session key for use during communications between a first and a second virtual machine. The session key may be encrypted with the COI key. | 01-16-2014 |
20140019746 | Runtime Environment Management of Secure Communications on Card Computing Devices - A card computing device may be configured to establish and manage secure channel communications between terminal applications and local applications installed on the card computing device. A runtime component of the card computing device may be configured to generate a registry of applications available as endpoints for secure channel communications, either in response to applications registering as endpoints or based on installation parameters on the card computing device. The runtime component may provide a list of the registered applications to a terminal application. The runtime component may establish a secure channel between a terminal application and a local application and may receive and decrypt secure commands from the terminal application. The runtime component may forward the decrypted commands to the local application and encrypt and forward responses from the local application to the terminal application. | 01-16-2014 |
20140019747 | CRYPTOGRAPHIC HASH FUNCTION - A first module divides a string into a number of blocks. A second module associates the blocks with monoid elements in a list of first monoid elements to produce second monoid elements. A third module applies a first function to an initial monoid element and a first of the second monoid elements producing a first calculated monoid element and evaluates an action of the initial monoid element on the first function producing a second function. A fourth module applies the second function to the first calculated monoid element and to a second of the second monoid elements producing a second calculated monoid element and evaluates the action of the first calculated monoid element on the first function producing a third function. Further modules iteratively, corresponding to the number of blocks, apply the produced function to calculated monoid elements and the second monoid elements to produce a hash of the string | 01-16-2014 |
20140019748 | LEVEL-TWO DECRYPTION ASSOCIATED WITH INDIVIDUAL PRIVACY AND PUBLIC SAFETY PROTECTION VIA DOUBLE ENCRYPTED LOCK BOX - A method substantially as shown and described the detailed description and/or drawings and/or elsewhere herein. A device substantially as shown and described the detailed description and/or drawings and/or elsewhere herein. | 01-16-2014 |
20140019749 | SECURING INFORMATION EXCHANGED VIA A NETWORK - A privacy key is provided over a network. An information page is provided over the network. A submission of data that is to be transmitted over the network in response to the information page is detected. A subset of the data is to be encrypted using the privacy key is determined. The privacy key is used to encrypt the subset of the data. | 01-16-2014 |
20140025944 | Secure Storage and Signature - An integrated circuit device comprises a processor and a secure protection zone with security properties that can be verified by a remote device communicating with the integrated circuit device. The secure protection zone includes a persistent storage that is configured for storing cryptographic keys and data. The secure protection zone also includes instructions that are configured for causing the processor to perform cryptographic operations using the cryptographic keys. In addition, the secure protection zone includes an ephemeral memory that is configured for storing information associated with the cryptographic operations. The instructions are configured for causing the processor to perform the cryptographic operations on the data stored in the persistent storage and the information in the ephemeral memory as part of a secure communication exchange with the remote device. | 01-23-2014 |
20140032896 | SECURE COMMUNICATION USING PHYSICAL PROXIMITY - Systems and methods may provide for implementing a secure communication using physical proximity. In one example, the method may include transmitting an encrypted first communication including a sensitive information file, decrypting the encrypted first communication to generate a decrypted first communication including the sensitive information file displaying the decrypted first communication, capturing a version of the decrypted first communication displayed on the intermediary device, and extracting the sensitive information file at a user device. | 01-30-2014 |
20140047231 | Secure Sub-Joined Computing Device - A system includes a sleeve capable of allowing a host-computing device to be positioned therein. The sleeve itself includes a processing device and a serial interface adapter to allow communication between the secure sub-joined computing device and the host communication device. The secure sub-joined computing device will include an authentication device to authenticate the identity of the user. The secure sub-joined computing device will be able to accommodate a wide variety of host devices and provide an exclusive computing environment where strong authentication and encryption can be performed with or without the knowledge of the host device and host means to communicate the data from the device. The secure sub joined computing device can be configured to be limited to operate within a configured geographic boundary. The system includes software such as the source or executable files necessary to perform the instructions or algorithms. | 02-13-2014 |
20140052979 | SYSTEM AND METHOD FOR INTERLEAVING INFORMATION INTO SLICES OF A DATA PACKET, DIFFERENTIALLY ENCRYPTING THE SLICES, AND OBFUSCATING INFORMATION IN THE DATA PACKET - Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice. | 02-20-2014 |
20140059340 | PERIMETER ENCRYPTION METHOD AND SYSTEM - A method and system for consistent format preserving encryption (C-FPE) are provided to protect data while the data is in a domain while allowing encrypted data to be treated inside the domain as if it were the unencrypted data. The method includes inserting a coupling into a data flow at a perimeter of the domain, and translating a data element from an unprotected data element to a protected data element using the coupling such that the data element is a protected data element within the domain. | 02-27-2014 |
20140068244 | METHOD AND APPARATUS FOR DELIVERING ENCRYPTED CONTENT TO WEB BROWSERS BASED ON ENTROPY OF THE CONTENT - An approach is provided for enabling a web browser to decrypt and to display encrypted information based on entropy calculations of the information. The decryption manager determines at least one entropy value for at least one element of at least one webpage. The decryption manager causes, at least in part, a decryption of the at least one element to generate at least one decrypted element based, at least in part, on a comparison of the at least one entropy value against one or more entropy threshold values. | 03-06-2014 |
20140075180 | Media Storage Structures for Storing Content, Devices for Using Such Structures, Systems for Distributing Such Structures - Some embodiments of the invention provide a content-distribution system. In some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content. | 03-13-2014 |
20140075181 | SYSTEMS AND METHODS FOR PROVIDING CONDITIONAL ACCESS TO TRANSMITTED INFORMATION - Systems, methods and computer program products for controlling access to position information at a receiver based on various considerations, including a requested service type, a user type, a device type, a software application type, and/or other characteristics associated with a particular software application at the receiver from which the position information was requested | 03-13-2014 |
20140075182 | METHOD FOR PROVIDING DATA TO A PERSONAL PORTABLE DEVICE VIA NETWORK AND A SYSTEM THEREOF - Disclosed are a method and a system for synchronizing and providing data requiring digital rights protection, to a portable device, wherein a contents providing server is connected with a contents synchronization server to which the portable device is connected. | 03-13-2014 |
20140075183 | SECURE AND SCALABLE MAPPING OF HUMAN SEQUENCING READS ON HYBRID CLOUDS - System and methods are provided for performing privacy-preserving, high-performance, and scalable DNA read mapping on hybrid clouds including a public cloud and a private cloud. The systems and methods offer strong privacy protection and have the capacity to process millions of reads and allocate most of the workload to the public cloud at a small overall cost. The systems and methods perform seeding on the public cloud using keyed hash values of individual sequencing reads' seeds and then extend matched seeds on the private cloud. The systems and methods are designed to move the workload of read mapping from the extension stage to the seeding stage, thereby ensuring that the dominant portion of the overhead is shouldered by the public cloud. | 03-13-2014 |
20140082348 | MOBILE DEVICE SECURITY - A mobile device ( | 03-20-2014 |
20140089657 | RECORDING MEDIUM STORING DATA PROCESSING PROGRAM, DATA PROCESSING APPARATUS AND DATA PROCESSING SYSTEM - A computer-readable storage medium stores a data processing program for causing a computer to execute a process. The process includes: identifying a first combination of first data and second data based on a predetermined condition from a storage in which the first data and first ciphered data obtained by ciphering the first data are correspondently stored, and the second data and second ciphered data obtained by ciphering the second data are correspondently stored; extracting a second combination of the first ciphered data and the second ciphered data stored respectively and correspondently to the first data and the second data identified by the identifying; and transmitting the second combination of the first ciphered data and the second ciphered data extracted by the extracting to an external device. | 03-27-2014 |
20140095860 | ARCHITECTURE FOR CLOUD COMPUTING USING ORDER PRESERVING ENCRYPTION - A method for providing enhanced security in cloud computing architecture by managing the types of interaction a server should be allowed, thus preventing decryption of private data. A client may encrypt data using an order preserving encryption (OPE) algorithm. One application of the method and system is a browser-based webmail application where a client may receive email from one or more servers then store the received email that has been associated with OPE data, on a separate server that is not used to send or receive email. | 04-03-2014 |
20140101434 | CLOUD-BASED FILE DISTRIBUTION AND MANAGEMENT USING REAL IDENTITY AUTHENTICATION - Systems, devices and process for secure storage, retrieval and management of files using cloud-based hosting services are supported with a real identity authentication device and process. Biometric authentication is required for encryption/decryption of files. The real identity authentication processes are integrated with file exchange processes and API's related to the hosting services. Systems for enabling third parties to request encrypted files, and for notifying a file owner of such requests, are supported. | 04-10-2014 |
20140108780 | WIRELESS COMMUNICATIONS USING A SOUND SIGNAL - A method for communicating messages by a mobile device via a sound medium is disclosed. The mobile device receives input sounds from at least one mobile device via the sound medium. From the input sounds, an input sound signal carrying a first message encoded with a first key is detected. The mobile device decodes the first message based on a matching key. An output sound signal carrying a second message encoded with a second key is generated. Further, the mobile device transmits an output sound corresponding to the output sound signal via the sound medium. | 04-17-2014 |
20140115319 | APPLICATION LAYER ENCRYPTED PACKET ROUTING - Mechanisms for cloaking, or otherwise masking, information in packets communicated between nodes. A source node generates a packet comprising communication layer data and encrypted application layer data. The encrypted application layer data includes a payload and waypoint data. The waypoint data includes a waypoint list that identifies one or more nodes of a path of nodes that the packet is to transit from the source node to the destination node. The source node addresses the packet to an intermediate node on the path, and sends the packet toward the intermediate node. | 04-24-2014 |
20140129824 | SINGLE-PASS DATA COMPRESSION AND ENCRYPTION - Embodiments compress and encrypt data in a single pass to reduce inefficiencies that occur from compression and encrypting data separately. Typically, compression and encryption are implemented in separate functional units. This has a few disadvantages: 1) encryption cannot make use of compression state to further secure the message, 2) processed data is read and written twice, 3) additional space, time, and resources are consumed, and 4) it is more prone to potential cipher-attacks since the encryption stage is independent from compression. Embodiments overcome these disadvantages by structuring these operations so that both compression and encryption is executed within the same processing loop. Thus: 1) encryption is stronger due to the dependence on the compression state, 2) I/O buffers are accessed only once reducing overhead, 3) system footprint is reduced, and 4) cipher analysis is more complex since the decryption process cannot be separated from the decompression process. | 05-08-2014 |
20140136832 | SYSTEMS AND METHODS OF TRANSMITTING DATA - Systems and methods of transmitting data from one location to another location that can be used in a number of applications including, but not limited to, secure transmission of data from one location to another and secure data backup. In one embodiment, a data file is split into pieces and the pieces are placed randomly in a diverse mesh of online cloud storage providers. So all the data is not sitting in a single point of failure and with the entire file available for theft. Each piece of data is given a randomized numerical code that determines where the packet of data is stored. Also, the pieces of data can be encrypted. | 05-15-2014 |
20140143533 | SECURING SPEECH RECOGNITION DATA - Methods and apparatus for reducing security vulnerabilities in a client/server speech recognition system including one or more client computers and one or more server computers connected via a network. Decryption of sensitive information, such as medical dictation information, is performed on designated servers to limit the attack surface of unencrypted data. Management of encryption and decryption keys to restrict the storage and/or use of decryption keys on the server side of the client/server speech recognition system, while maintaining encrypted data on the server side is also described. | 05-22-2014 |
20140143534 | SYSTEMS FOR PROVISIONING UNIVERSAL INTEGRATED CIRCUIT CARDS - A system that incorporates the subject disclosure may include, for example, a system for receiving a request to modify a universal integrated circuit card, generating a package comprising configuration data for modifying the universal integrated circuit card, encrypting the package with a transport key to generate an encrypted package, transmitting the encrypted package to a communication device communicatively coupled to the universal integrated circuit card to provision the universal integrated circuit card, and providing a mobile network operator trusted service manager system information relating to the configuration data to enable the mobile network operator trusted service manager system to manage content and memory allocation of the universal integrated circuit card. Other embodiments are disclosed. | 05-22-2014 |
20140164758 | SECURE CLOUD DATABASE PLATFORM - A cloud computing service to securely process queries on a database. A security device and method of operation are also disclosed. The security device may be provisioned with a private key of a subscriber to the cloud service and may have processing hardware that uses that key, sequestering the key and encryption processing in hardware that others, including operating personnel of the cloud service, cannot readily access. Processing within the security device may decrypt queries received from the subscriber and may encrypt responses for communication over a public network. The device may perform functions on clear text, thereby limiting the amount of clear text data processed on the cloud platform, while limiting bandwidth consumed in communicating with the subscriber. Such processing may include formatting data, including arguments in a query, in a security protocol used by the cloud platform. | 06-12-2014 |
20140173269 | Event Sharing Protocol for Data Processing Devices - Systems, methods and apparatus are disclosed for an event sharing protocol for data processing devices. In some implementations, a first user's interactions with a first device are recorded as events and stored in an event history log. Upon request by the first user, an event data packet is transferred to a second device. The event data packet includes a payload comprising one or more event commands and operands. At the second device, the one or more event commands and operands are used by a service to replicate the events or initiate a new event on the second device. | 06-19-2014 |
20140173270 | SECRET SHARING METHOD AND SYSTEM - In a secret sharing process based on an improved threshold scheme, secret data is shared as shared data parts equal to or greater than a threshold value in number such that the secret data cannot be reconstructed from shared data parts less than the threshold value in number. Each of the shared data pieces is created essentially from a different combination of the secret data pieces and the data pieces for secret sharing computation. The secret sharing process allows an algorithm desired by the user to be freely incorporated, and can prevent the secret data to be easily reconstructed even when more shared data parts than the threshold value are acquired by a third party. | 06-19-2014 |
20140195796 | Universal File Packager for Use with an Interoperable Keychest - There is provided a system and method for a universal file packager for use with an interoperable key chest. There is provided a method for distributing media contents to distributors, comprising obtaining a first key, a second key and a content, encrypting the second key using the first key to generate an encrypted second key, encrypting the content using the second key to generate an encrypted content, generating a key information file including the encrypted second key, generating a universal file including the encrypted content and a first network address for a central key repository (CKR), providing the key information file for storage in the CKR, and providing the universal file to the distributors. The universal file can then be provided to users for digital e-commerce and transferred across different distributors with the CKR negotiating key access for granting new interoperable DRM licenses. | 07-10-2014 |
20140201516 | AUTOMATED CONTROL PLANE FOR LIMITED USER DESTRUCTION - To avoid user error and breaking operations, administration and management (OAM), the control plane for implementing OAM is automatically generated by network devices without user input. This control plane is hidden from the user, preventing any configuration that may bring down the connectivity for OAM. | 07-17-2014 |
20140244995 | Adaptive Media Transmission Processing - Provided are methods and systems for processing information. In one example method a first frame of a first group of frames of an information transmission can be processed. The first frame can be encoded without reference to other frames of the information transmission. Additionally, a second frame can be processed in the first group of frames. The second frame can be processed with reference to a frame from a second group of frames of the information transmission. | 08-28-2014 |
20140244996 | PRIVATE DISCOVERY OF ELECTRONIC DEVICES - The disclosed embodiments provide a system that facilitates communication between a first electronic device and a second electronic device. During operation, the system uses the first electronic device to create a discovery request comprising a first group identifier (ID) associated with the first electronic device, wherein using the first electronic device to create the discovery request involves encrypting the first group ID and including the encrypted first group ID in the discovery request. Next, the system transmits the discovery request to the second electronic device, wherein the discovery request is used by the second electronic device to generate a discovery response to the discovery request. | 08-28-2014 |
20140258705 | LOW LATENCY SERVER-SIDE REDIRECTION OF UDP-BASED TRANSPORT PROTOCOLS TRAVERSING A CLIENT-SIDE NAT FIREWALL - Systems, methods, and machine-readable media for low latency server-side redirection of User Datagram Protocol (UDP)-based transport protocols traversing a client-side Network Address Translation (NAT) are provided. At a first server, a request for directing a data resource to a client may be received. The request may be received from the client or a back-end server trying to push the data resource to the client. The first server may lack the data resource or the resources to provide the data resource to the client. A second server may be determined for responding to the request. The request may be redirected to the second server. The first server may provide for the second server to connect to the client and directly respond to the request. The second server may have not been previously connected to the client. | 09-11-2014 |
20140258706 | GESTURE-INITIATED ENCRYPTION USING ERROR CORRECTION CODING - Methods and systems for providing gesture-based security are disclosed. For example, a method for establishing secure communications can include receiving one or more human gestures using a sensor on a first device, quantizing the one or more human gestures so as to create a metric of the one or more human gestures, performing an error correction operation on the metric using error correction information derived from a template of the metric to create a corrected metric, performing a hashing operation on the corrected metric to create a metric hash, and comparing the metric hash to a hash of the template to verify that the one or more human gestures sufficiently conform to the template. | 09-11-2014 |
20140258707 | SECURE COMMUNICATIONS SYSTEM FOR DIRECT TRANSFER BETWEEN MOBILE DEVICE - Apparatus and associated methods relate to securely transmitting, directly between two mobile devices, AES-256 encrypted file attachments which are decrypted within an application program (APP) using a decryption key that is available only to the APP. In an illustrative embodiment, the encrypted file may be attached to an e-mail. The e-mail may be transmitted directly to another mobile device via direct Wi-Fi, for example. The e-mail may be transmitted directly to another mobile device using Bluetooth, for example. In encrypted attachment may be deciphered only within the APP running on the receiving mobile device using a private key accessible to only the APP. | 09-11-2014 |
20140281477 | Secure Cloud Storage and Encryption Management System - An embodiment of the invention allows a user to back-up/store data to a cloud-based storage system and synchronize that data on the user's devices coupled to the storage system. The devices have secure out-of-band cryptoprocessors that conceal a private key. The private key corresponds to a public key that is used to encrypt a session key and information, both of which are passed to and through cloud based storage, all while remaining encrypted. The encrypted material is communicated from the cloud to another of the user's devices where the encrypted material is decrypted within a secure out-of-band cryptoprocessor (using the private key that corresponds to the aforementioned public key) located within the device. The embodiment allows for secure provisioning of the private key to the devices. The private key is only decrypted within the cryptoprocessor so the private key is not “in the open”. Other embodiments are described herein. | 09-18-2014 |
20140281478 | CONFIGURING SECURE WIRELESS NETWORKS - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for configuring secure wireless networks. One of the methods includes receiving, at a security system management device, protocol and key information for establishing a connection as a client device to the wireless IP device, wherein the protocol and key information is received in response to a user transmitting an identifier for the IP device to a service provider system; establishing communication with the wireless IP device, wherein the wireless IP device is acting as an access point device; exchanging keys with the wireless IP device; rebooting the security system management device to become an access point for the secure wireless network; and establishing communication with the wireless IP device, wherein the wireless IP device has become a wireless client. | 09-18-2014 |
20140281479 | ENVIRONMENTAL MEASUREMENT DISPLAY SYSTEM AND METHOD - Environmental measurement display systems that can be used in home and commercial environments are disclosed. The environmental measurement display system can include an environmental sensor array, signal-processing circuitry, a power supply, a display device, a communications system, a data storage system, and a remote data visualization system. | 09-18-2014 |
20140289507 | METHOD AND SYSTEM FOR SECURE DISTRIBUTION OF SELECTED CONTENT TO BE PROTECTED ON AN APPLIANCE-SPECIFIC BASIS WITH DEFINABLE PERMITTED ASSOCIATED USAGE RIGHTS FOR THE SELECTED CONTENT - The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing, and/or printing of electronic data files. | 09-25-2014 |
20140317396 | SYSTEM AND METHOD FOR RELICENSING CONTENT - A method of relicensing digital encrypted radio media content transmitted via a network and received by a user electronic device includes receiving a request to relicense an encrypted digital media data file included within digital encrypted radio media content. The encrypted digital media data file is retrieved from the digital encrypted radio media content stored in a memory of the user electronic device. The encrypted digital media data file is decrypted using a radio encryption key to generate an unbound digital media data file. The unbound digital media data file is bound with the user electronic device to generate, a bound encrypted digital media data file. The bound encrypted digital media data file is stored in the memory of the user electronic device. | 10-23-2014 |
20140325205 | SECURE TRANSMISSION BETWEEN A SOURCE COMPONENT AND A NODE DEVICE - A system and method for communicating a data file is described. The system includes at least one particular node, a source component, a node identifier request, a query, an encrypted data file and a node decryption key. The node identifier request is communicated from the source component to the particular node. The unique node identifier is communicated from the particular node to the source component. The encrypted data file is generated by the source component. The encrypted data file is produced with an encryption algorithm that utilizes the unique node identifier to generate an encryption key. The node decryption key for the node device is also generated by the source component utilizing the unique node identifier. The encrypted data file is then communicated from the source component to the particular node. The encrypted data is decrypted at the node with the node decryption key that corresponds to the particular node. | 10-30-2014 |
20140325206 | DIGITAL DEVICE AND METHOD FOR PERFORMING SECURE COMMUNICATION USING SAME - Disclosed is a method for performing secure communication using a digital device. The method includes outputting a light pattern using a radiator of a proximity sensor unit; and detecting the proximity of an object using the proximity sensor unit. Further, the method includes, when the object is in proximity within a predetermined distance range, extracting key generation information for the secure communication using the light pattern outputted from the radiator; generating a security key using the key generation information; and performing the secure communication with an external device using the generated security key. | 10-30-2014 |
20140325207 | MULTI-VERSION MESSAGE CONDITION BASED DELIVERY - A recipient message system receiving an email message set of two or more email messages and a related condition from a sender to a recipient. The recipient message system detects an attempt from the recipient to read the message set at a second time instance and evaluates the condition at the second time instance. If the evaluation of the condition results in the first evaluation value, the recipient is provided with the first email message in response to the attempt to read the message set, wherein the recipient is not able to read the second email message in this event. If the evaluation of the condition results in the second evaluation value, the recipient is provided with the second email message in response to the attempt to read the message set, wherein the recipient is not able to read the first email message in this event. | 10-30-2014 |
20140344566 | Secure Cloud-Based Data Access System and Method - A data storage and retrieval system suitable for use by law enforcement/criminal justice personnel and their designees. The invention creates secure connectivity over communications channels, such as the Internet, which are not considered secure under the mandate of the FBI's security policies. All of the communications are processed via a secure cloud, which processes, verifies and audits all data that passes through the system. The audited data is made available, immediately upon request by the FBI or other authorized agency. | 11-20-2014 |
20140359272 | SECURE MULTI-PARTY DEVICE PAIRING USING SENSOR DATA - Content is securely shared between communication devices in an ad-hoc manner by employing common sensing context to establish pairing between the communication devices. In one aspect, the communication devices are within a specified distance from each other and sense common signals from their environment over a specified time period. The common signals are analyzed to determine an initialization or session key, which is utilized to secure content transfer between the communication devices. Additionally or alternatively, the key is utilized to provide access to virtual (e.g., digital content) and/or physical (e.g., buildings) resources. | 12-04-2014 |
20140359273 | METHOD AND APPARATUS FOR INPUTTING DATA - Embodiments of the present invention provide a method and an apparatus for inputting data. The present invention relates to the communications field and aims to improve security of input information. The method includes: acquiring, by a virtual machine manager, input data; performing, by the virtual machine manager, encryption processing on the input data according to an encryption rule of a security connection to obtain encrypted data, where the security connection refers to a connection that is established between an application interface and a server and used for data transmission; and sending, by the virtual machine manager, the encrypted data to the server. The present invention is applicable to a data input scenario. | 12-04-2014 |
20140359274 | SYSTEM AND METHOD FOR EXCHANGING ENCRYPTION KEYS BETWEEN A MOBILE DEVICE AND A PERIPHERAL DEVICE - Systems and methods for providing additional security for data being transmitted across a wireless connection that has been established using a known wireless protocol (e.g. Bluetooth) are described. An encryption key is exchanged between a computing device (e.g. a mobile device) and a wireless peripheral device (e.g. a keyboard, a printer). In some embodiments, the encryption key is generated at one of the two devices. Data associated with the encryption key is output at the one device, which can be input by the user at the other device. The encryption key is then recovered at the other device from the input, thereby completing the key exchange. The encryption key can then be used to encrypt and decrypt data transmitted over the established wireless connection, providing additional security. | 12-04-2014 |
20140380036 | DISTRIBUTED NETWORK ENCRYPTION KEY GENERATION - Embodiments of methods and network devices for securing data within a network are generally described herein. One such method includes a key aggregation server receiving a request for an encryption key to secure the data. The server may query a plurality of network devices for a respective key from each queried network device. The server may then receive the respective key from each of the plurality of network devices and select a key element from each of the plurality of keys. An encryption key may be constructed from the key elements and transmitted to a client. | 12-25-2014 |
20140380037 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - A plurality of user terminals or sensors transmit data encrypted by individual cryptographic key, a server receives the encrypted data items, and executes a data process according to a program defining a decryption process sequence. Bit slice expression data is generated by performing a bit slice process with respect to the plurality of encrypted data items which are decryption target, bit slice expression key based on the cryptographic key of each encrypted data item is generated, round key is generated based on a bit slice expression key, a decryption process including operation and movement processes of a block unit of the bit slice expression data, and an operation using the round key is executed, and a plurality of plain text data items corresponding to the plurality of encrypted data items are generated by a reverse conversion of the data with respect to the decryption process results. | 12-25-2014 |
20150012740 | TECHNIQUES FOR SECURE NETWORK SEARCHING - Techniques for network searching are provided. A search is defined and the search is encrypted in a format known to a search service. Return instructions are defined for delivering search results of the search to a principal that defined the search and the return instructions. The return instructions are encrypted in a different format know to a return search process. The encrypted search is delivered to the search service for processing the search and the encrypted return instructions are delivered to the return search process for handling search results provided by the search service and for conforming delivery of the search results to the return instructions. | 01-08-2015 |
20150012741 | Protecting Information Using Policies and Encryption - A technique and system protects documents at rest and in motion using declarative policies and encryption. Encryption in the system is provided transparently and can work in conjunction with policy enforcers installed at a system. A system can protect information or documents from: (i) insider theft; (ii) ensure confidentiality; and (iii) prevent data loss, while enabling collaboration both inside and outside of a company. | 01-08-2015 |
20150019858 | DATA LOSS PREVENTION TECHNIQUES - Data received through a proxy for a service is analyzed for compliance with one or more data policies, such as one or more data loss prevention policies. When data satisfies the criteria of one or more data policies, the data is manipulated at the proxy prior to transmission of the data to the service. In some examples, the manipulation of the data includes encryption. | 01-15-2015 |
20150026452 | DIGITAL RIGHTS MANAGEMENT - There is disclosed a method of controlling use of encrypted content by a plurality of client terminals each provided with a digital rights management (DRM) client and a content decryption module separate to the DRM client. First key information is provided for use by one or more selected ones of the DRM clients, and second key information is provided for use by one or more selected ones of the content decryption modules. Content key information is encrypted to form encrypted content key information such that the selected ones of the content decryption modules are enabled by the second key information to recover the content key information from the encrypted content key information. The encrypted content key information is further encrypted to form super-encrypted content key information such that the selected ones of the DRM clients are enabled by the first key information to recover the encrypted content key information from the super-encrypted content key information. Corresponding head-end and client terminal apparatus are also disclosed. | 01-22-2015 |
20150033008 | EFFICIENT COMMON STORAGE OF PARTIALLY ENCRYPTED CONTENT - Techniques and mechanisms described herein facilitate the efficient common storage of partially encrypted content. According to various embodiments, a client device to transmit a designated representation of a media content item via a communications interface may be received. The media content item may be associated with a plurality of representations including the designated representation. The media content item may be associated with first media content data and second media content data. The first media content data may be shared among the plurality of representations. The second media content data may be specific to the designated representation. The first media content data may be combined with the second media content data to create a designated partially encrypted media content portion associated with the designated representation via a processor. The designated partially encrypted media content portion may be transmitted to the client device via the communications interface. | 01-29-2015 |
20150052345 | SELECTIVELY PERFORMING MAN IN THE MIDDLE DECRYPTION - A HTTP request addressed to a first resource on a second device outside the network is received from a first device within the network. The HTTP request is redirected to a third device within the network. A first encrypted connection is established between the first device and the third device, and a second encrypted connection between the third device and the second device. The third device retrieves the first resource from the second device. The first resource is modified to change pointers within the first resource to point to location in a domain associated with the third device within the network. The third device serves, to the first device, the second resource. | 02-19-2015 |
20150052346 | Privacy-Protective Data Transfer and Storage - A method is performed at a computer system having one or more processors and memory storing one or more programs executed by the one or more processors. The method includes receiving a first data transmission from a first client system, where the first data transmission including a first document, the first document having one or more portions that are marked as private; encrypting the marked portions of the first document using a key; and sending a second data transmission to a destination system, where the second data transmission includes a second document, the second document including the encrypted marked portions of the first document and a remainder of the first document that is not marked as private. The key is unavailable to the destination system. The second document is stored at the destination system. | 02-19-2015 |
20150082018 | SECURE DATA EXCHANGE METHOD, AND COMMUNICATION DEVICE AND SYSTEM IMPLEMENTING SAME - The invention relates to a method for securely exchanging data ( | 03-19-2015 |
20150082019 | Private Data Processing in a Cloud-Based Environment - In one embodiment, a method for securing data on a semi-trusted server is implemented on a computing device and includes: receiving at least a current session key from a user device for use during a current session, where the current session key is suitable for encrypting data and for decrypting data encrypted with the current session key, decrypting communications received from the user device during the session with said session key, encrypting with the session key at least one of communications to be sent to said user device and personal data generated during the session, storing the encrypted personal data, and discarding the current session key upon completion of the session, thereby limiting possible access to the stored encrypted personal data other than during the session. Related apparatus and methods are also described. | 03-19-2015 |
20150082020 | STREAMING ONE TIME PAD CIPHER USING ROTATING PORTS FOR DATA ENCRYPTION - A streaming one time pad cipher using rotating ports for data encryption uses a One Time Pad (OTP) and an Exclusive Or (XOR) (or other cipher) with a public key channel to encrypt and decrypt OTP data. There is no method in cryptography to thwart the OTP/XOR method and it is proven impossible to crack. The method also rotates the ports of the channels periodically to increase communication obfuscation. Through pre-fetching and cache of OTP data, latency increases from encryption are kept to an absolute minimum as the XOR for encryption and decryption is done with a minimal number of instructions. | 03-19-2015 |
20150106614 | SYSTEMS AND METHODS OF SAFEGUARDING USER INFORMATION WHILE INTERACTING WITH ONLINE SERVICE PROVIDERS - The disclosed technology includes techniques for improving data privacy in mobile communications over public cloud services. According to certain implementations, a novel conceptual layer may be interposed between the “application” layer and the “user” layer. In some implementations, the conceptual layer may be at least partially embodied by a transparent window or pane overlaid on top of existing app graphical user interfaces to: (1) intercept plaintext user input before transforming the input and feeding it to an underlying app; and (2) reverse transform output data from the app before displaying the plaintext data to the user. Accordingly, the conceptual layer may serve as a protective layer while preserving the original application workflow and look-and-feel. | 04-16-2015 |
20150134947 | SECURE COMMUNICATION - A method for allowing a first party and a second party to obtain shared secret information is provided. The method comprises the steps of: obtaining, by the first party, a sequence of values A=X+N | 05-14-2015 |
20150143102 | SENDING MESSAGES BY OBLIVIOUS TRANSFER - A system includes a server connectable to a client, the server configured to allow the client to acquire a message of an index designated by the client among N messages held by the server where N is an integer of two or more. The server includes a classification unit configured to classify the N messages into M classified messages by contents of the messages; a message encryption unit configured to encrypt each of the M classified messages; a message provision unit configured to provide the M encrypted classified messages to the client; and a key sending unit configured to send the client, by oblivious transfer, a message key for decrypting the classified message corresponding to the message of the index designated by the client. | 05-21-2015 |
20150149762 | Method and Apparatus for Unified Encrypted Messaging - A unified encrypted messaging system transmits messages from a first computer to a second computer by dividing the encrypted message into a plurality of encrypted message fragments. A first portion of the plurality of encrypted message fragments is transmitted via a first protocol and a second portion of the plurality of encrypted message fragments is sent via a second protocol. The first portion may be sent via a first device and the second portion may be sent via a second device where the first device is different from the second device. The dividing the encrypted message may include adding a message identifier and fragment identifier to each of the plurality of encrypted message fragments to facilitate reassembly of the encrypted message upon receipt. | 05-28-2015 |
20150149763 | Server-Aided Private Set Intersection (PSI) with Data Transfer - Existing private set intersection (PSI) protocol allows two parties to find intersection of their sets, but restricts learning any other information about each other's set except for its size. In general, the server-aided private set intersection with data transfer technique described herein provides a server-aided private set intersection (PSI) protocol that supports data transfers. The technique pertains to a method for providing a server-aided private set intersection protocol which allows two parties to transfer some of the information about their elements via an untrusted third party. The protocol involves (a) parties applying a shared pseudo-random permutation to each of their sets to create labels of the elements of the set, (b) sending the labels to the third party and (c) the third party performing data transfer between the two parties along with computation of intersection of sets received using a multi-share key. | 05-28-2015 |
20150295902 | Instant Messaging Private Tags - Systems for instant messaging private tags preferably comprise a parser for parsing an instant message for sensitive data and an encryption engine for encrypting the sensitive data. A modified uuencoder is also preferably included for converting the encrypted sensitive data into a data stream that complies with an XML format. Other systems and methods are also provided. | 10-15-2015 |
20150295907 | CONTENT ENCRYPTION AND DECRYPTION - A method of sharing secure content in a group may include receiving a one-time pad (OTP) key. The method may include encrypting content using the OTP key. The encrypting may include generating intermediate codes from the content and the OTP key. The encrypting may also include adding a first common constant to each of the intermediate codes to generate a corresponding encrypted code that includes a predetermined number of digits. The method may include sending encrypted content that includes encrypted codes corresponding to the intermediate codes. | 10-15-2015 |
20150309151 | ULTRASONIC-WAVE COMMUNICATION SYSTEM - Provided is an ultrasonic-wave communication system where the influence of ambient noise and the Doppler effect are suppressed and where a user of a portable terminal is prevented from hearing unwanted sound. After performing encryption processing of store information, a beacon | 10-29-2015 |
20150310190 | METHOD AND SYSTEM FOR ENSURING SEQUENTIAL PLAYBACK OF DIGITAL MEDIA - Techniques for ensuring that media playback proceeds sequentially through media content of a digital media asset are disclosed. In one embodiment, distinct portions (e.g., segments) of a digital media asset can be separately encrypted such that on playback decoded data being output from at least one prior portion can be used to derive a cryptographic key that is used in decrypting a subsequent portion of the digital media asset. | 10-29-2015 |
20150341324 | TRANSFERRING ENCRYPTED AND UNENCRYPTED DATA BETWEEN PROCESSING DEVICES - Methods, apparatus and computer readable media for transferring encrypted and unencrypted data between processing devices are disclosed. Example data transmission methods disclosed herein include dividing, at a first processing device, a set of data collected at the first processing device into a first unencrypted data subset and a second unencrypted data subset. Disclosed example methods also include encrypting, at the first processing device, the first unencrypted data subset using an encryption key provided by a second processing device to generate a first encrypted data subset. Disclosed example methods further include transmitting the second unencrypted data subset from the first processing device to the second processing device before transmitting the first encrypted data subset from the first processing device to the second processing device to thereby transmit the set of data from the first processing device to the second processing device. | 11-26-2015 |
20150350119 | SENDING MESSAGES TO MULTIPLE RECEIVING ELECTRONIC DEVICES USING A MESSAGE SERVER - The described embodiments include a message server that is configured to send, to multiple receiving electronic devices, corresponding messages that each include a payload acquired from a single request message received from a client electronic device. In these embodiments, the request message received from the client electronic device includes a push token for each of the receiving electronic devices and the payload. Upon receiving the request message, the message server generates, for a receiving electronic device associated with each push token, a message that includes the payload. The message server then sends each message to the corresponding receiving electronic device. In this way, the message server “fans out,” to the multiple receiving electronic devices, corresponding messages that each include the payload from the single request message. | 12-03-2015 |
20150372807 | FLEXIBLE AND SECURE TRANSFORMATION OF DATA USING STREAM PIPES - Responsive to a request to retrieve or store a file, a transformation pipeline may be created to efficiently transform file data one unit at a time in memory. The transformation pipeline includes a sequence of transformation streams, each containing a write method, a read method, and a transformation to be applied. The write method moves a unit of data, for instance, from a memory buffer into an associated stream. The read method reads the unit of data from the stream, calls an associated transformation, and passes the unit of data thus transformed to the next stream or a destination. This process is repeated until all desired and/or required transformations such as compression, encryption, tamper protection, conversion, etc. are applied to the unit of data. | 12-24-2015 |
20150372987 | SECURE END-TO-END TRANSPORT THROUGH INTERMEDIARY NODES - A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key. | 12-24-2015 |
20160021071 | RAPID DATA ENCRYPTION AND DECRYPTION FOR SECURE COMMUNICATION OVER OPEN CHANNELS WITH PLAUSIBLE DENIABILITY - Technologies are generally described for providing rapid data encryption and decryption for secure communication over an open channel with plausible deniability. In some examples, a single bit of information may be encoded by many alternative combinations of bits thus providing high security as well as enabling a single ciphertext to encrypt several different plaintexts of the same length simultaneously. The ability to encrypt several different plaintexts of the same length simultaneously may allow plausible deniability of messages. Encryption speed may be enhanced through accumulation of useful bit sets with desired properties in advance for later use. When the need arises, several plaintexts of the same size may be encrypted into a single ciphertext using accumulated bit combinations corresponding to different secret keys. | 01-21-2016 |
20160028698 | SYSTEM AND METHOD FOR CRYPTOGRAPHIC SUITE MANAGEMENT - Systems and methods for cryptographic suite management are described. A system for cryptographic suite management has a cryptographic suite management unit comprising a series of APIs enabling diverse applications to call cryptographic functions. The system enables: multiple applications on an interface to access shared cryptographic resources; applications across multiple devices to share and license cryptographic resources between devices; encryption, decryption and sharing of data between devices having different cryptographic implementations; the definition, distribution and enforcement of policies governing the terms of use for cryptographic implementations, systems and methods to secure and protect shared and dynamically loaded cryptographic providers; use by an application of multiple cryptographic resources and the management of cryptographic provider bundles and associated policies across one or many cryptographic suite management unit instances. | 01-28-2016 |
20160036787 | METHODS AND SYSTEMS FOR NON-INTRUSIVE ANALYSIS OF SECURE COMMUNICATIONS - Method and system, comprising: capturing a plurality of secure communications between the first application and the second application; grouping the plurality of communications into one or more streams, each stream representing a network connection; and processing the one or more streams in parallel to create a plurality of transactions. | 02-04-2016 |
20160044003 | SECURE COMPUTATION USING A SERVER MODULE - A server module evaluates a circuit based on concealed inputs provided by respective participant modules, to provide a concealed output. By virtue of this approach, no party to the transaction (including the sever module) discovers any other party's non-concealed inputs. In a first implementation, the server module evaluates a garbled Boolean circuit. This implementation also uses a three-way oblivious transfer technique to provide a concealed input from one of the participant modules to the serer module. In a second implementation, the server module evaluates an arithmetic circuit based on ciphertexts that have been produced using a fully homomorphic encryption technique. This implementation modifies multiplication operations that are performed in the evaluation of the arithmetic circuit by a modifier factor; this removes bounds placed on the number of the multiplication operations that can be performed. | 02-11-2016 |
20160050186 | Method and Apparatus for Diverse Security Handling in an Enhanced Local Area Network - A method for diverse security handling may comprise: maintaining a first connection between a user equipment and a first network node, and a second connection between the user equipment and a second network node which has a third connection with the first network node; setting an indicator in a packet to indicate whether a destination of user data in the packet is the first network node or the second network node; and transmitting the packet from the user equipment to the first network node via the first connection. | 02-18-2016 |
20160057113 | ENCRYPTION METHOD AND INFORMATION PROCESSING DEVICE - An encryption method for packaging, encrypting, and transmitting a plurality of contents included in a web application to a communication device, the encryption method includes: acquiring performance information relating to performance of the communication device; determining, by circuitry, an encryption algorithm to be applied to each of the plurality of contents, based on the performance information; performing first encryption processing on the plurality of contents using the encryption algorithm respectively; performing second encryption processing on identification information that identifies the encryption algorithm used for the plurality of contents respectively; packaging encrypted contents and encrypted identification information, the encrypted identification information being stored in a location specified by the communication device; and transmitting the encrypted contents and the encrypted identification information, which are packaged, to the communication device. | 02-25-2016 |
20160070889 | ELECTRONIC BOOK SECURITY AND COPYRIGHT PROTECTION SYSTEM - The invention, electronic book security and copyright protection system, provides for secure distribution of electronic text and graphics to subscribers and secure storage. The method may be executed at a content provider's site, at an operations center, over a video distribution system or over a variety of alternative distribution systems, at a home subsystem, and at a billing and collection system. The content provider or operations center and/or other distribution points perform the functions of manipulation and secure storage of text data, security encryption and coding of text, cataloging of books, message center, and secure delivery functions. The home subsystem connects to a secure video distribution system or variety of alternative secure distribution systems, generates menus and stores text, and transacts through communicating mechanisms. A portable book-shaped viewer is used for secure viewing of the text. A billing system performs the transaction, management, authorization, collection and payments utilizing the telephone system or a variety of alternative communication systems using secure techniques. | 03-10-2016 |
20160094523 | MULTI-NODE ENCRYPTION - For multi-node encryption, a method generates an upstream node nonce from communication data exchanged with an upstream node. In addition, the method generates a first upstream message transformation as a function of the upstream node nonce. The method further generates a tunnel transformation as a function of previous upstream message transformations and the first upstream message transformation. | 03-31-2016 |
20160094524 | LINGUAL TRANSFORMATION BASED ENCRYPTION - For lingual transformation-based encryption, a method parses a secure message into lingual units. The method further generates a validation nonce from the lingual units. In addition, the method generates a transform unit for each lingual unit by applying a lingual message transformation to each lingual unit as an encryption function of a selection rule. | 03-31-2016 |
20160099805 | System and Method for Efficient Support for Short Cryptoperiods in Template Mode - System and method embodiments are provided herein for efficient representation and use of initialization vectors (IVs) for encrypted segments using template mode representation in Dynamic Adaptive Streaming over Hypertext Transfer Protocol (DASH). An embodiment method includes sending in a media presentation description (MPD), from a network server to a client, a template for generating a universal resource locator (URL) to obtain an IV that is used for encrypting a segment, in absence of an IV value in the MPD, receiving from the client a URL configured according to the template, and upon receiving the URL, returning an IV corresponding to the URL to the client. Another embodiment method includes receiving in a MPD, at a client from a network server, a template for generating a URL to obtain an IV that is used for encrypting a segment, upon detecting an absence of an IV value or IV base value in the MPD, configuring a URL for the IV using the template, sending the URL for the IV, and receiving an IV. | 04-07-2016 |
20160119294 | METHODS AND SYSTEMS FOR DATA TRAFFIC CONTROL AND ENCRYPTION - Methods, systems and programming for data traffic control and encryption. In one example, data traffic is received from a first node to be sent to a second node. The health of an encryption pathway between the first node and the second node is determined. The data traffic is sent to the second node over the network without going through the encryption pathway when the encryption pathway is not healthy. | 04-28-2016 |
20160127882 | METHOD OF PERFORMING DEVICE TO DEVICE COMMUNICATION BETWEEN USER EQUIPMENTS - The present disclosure relates to a pre-5 | 05-05-2016 |
20160188593 | METHOD IMPLEMENTED BY COMPUTER FOR CAPTURING EVIDENTIARY AUDIOVISUAL AND/OR MULTIMEDIA INFORMATION AND COMPUTER PROGRAM - The invention relates to a method which comprises capturing audiovisual and/or multimedia information by means of a processing unit of a user computing device ( | 06-30-2016 |
20160191469 | SECURE HOST COMMUNICATIONS - A trusted device includes a secure interface and a host interface, the secure interface being isolated from the host interface by an isolated environment. A user provides a communication to the trusted device via the secure interface. A processor of the isolated environment encrypts the communication and transmits the encrypted communication to a read file of the host interface. A host device connected to the trusted device via the host interface receives the encrypted communication. The host device transmits the encrypted communication to a second host device that is connected to a second trusted device via a second host interface. The second host device transmits the encrypted communication to a write file of the second host interface. A processor in an isolated environment of the second trusted device decrypts the communication and provides the decrypted communication to a second user via a secure interface of the second trusted device. | 06-30-2016 |
20160191479 | SECURITY FRAMEWORK FOR MEDIA PLAYBACK - Disclosed are various embodiments relating to a security framework for media playback. In one embodiment, a client device has a decryption module, a streaming module, and a playback module. The playback module may be configured to request media data from the streaming module and render the media data on an output device. The streaming module may be configured to obtain the media data from the decryption module by a request that specifies a size of the media data. The size may be dynamically determined based at least in part on an amount of available temporary data storage. The decryption module may be configured to decrypt a portion of an encrypted media file based at least in part on the specified size to produce the media data. | 06-30-2016 |
20160191566 | WIDE AREA NETWORK ACCESS MANAGEMENT COMPUTER - A system and method for connecting a classified internet protocol (IP) network to a public IP network including an unclassified computing device. The unclassified computing device is a wide area network access management computer which directly connects to a National Security Agency (NSA) High Assurance Internet Protocol Encryptor (HAIPE) device and interfaces between the IP network and the classified IP network. The wide area network access management computer includes a graphical user interface, an internal data network communications interface, an external data network communications interface and a processing unit. The processing unit operates the network interfaces and presents information to the graphical user interface and interprets user input from the graphical user interface. The processing unit also performs the processing and protocols associated with the internal and external networks, performs client processing and allows the user to interact with services on any of the attached networks. | 06-30-2016 |
20160197894 | METHOD OF GENERATING A DENIABLE ENCRYPTED COMMUNICATIONS VIA PASSWORD ENTRY | 07-07-2016 |
20160197895 | METHOD OF DENIABLE ENCRYPTED COMMUNICATIONS | 07-07-2016 |
20160197896 | CRYPTOGRAPHIC METHOD FOR SECURE COMMUNICATIONS | 07-07-2016 |
20160255058 | SYSTEM AND METHOD FOR POLICY DRIVEN PROTECTION OF REMOTE COMPUTING ENVIRONMENTS | 09-01-2016 |
20170237780 | METHODS AND SYSTEMS FOR ENABLING LEGAL-INTERCEPT MODE FOR A TARGETED SECURE ELEMENT | 08-17-2017 |
20180026783 | SOFTWARE SECURITY PROTECTION METHOD AND APPARATUS | 01-25-2018 |