Entries |
Document | Title | Date |
20080201580 | TRUSTWORTHY TIMESTAMPS AND CERTIFIABLE CLOCKS USING LOGS LINKED BY CRYPTOGRAPHIC HASHES - A method and apparatus for creating and/or using trustworthy timestamps and certifiable clocks using logs linked by cryptographic hashes. In one embodiment, the method comprises maintaining a first, chained-hash log; associating a first clock with the chained-hash log, and entangling the first log; with a second by adding a time-stamped synchronization entry to the chained-hash log, where the synchronization entry has a second time indication associated with the second log and a hash of one or more entries in the first log. | 08-21-2008 |
20080201581 | Method and apparatus for storing data - According to an aspect of an embodiment, a method comprises providing a matrix comprising m rows and n columns, each of the rows and columns comprising elements of zero and one, dividing data into n data blocks, associating each of the data blocks with each of the columns, calculating an exclusive-OR of selected data blocks in reference to one of the rows, the selected data blocks being determined by the element of one in the associated columns in the one of the rows, repeating the calculating in other rows and storing separately the calculated data resulting from the exclusive-OR of data blocks in association with the associated rows, respectively. | 08-21-2008 |
20080209231 | Contents Encryption Method, System and Method for Providing Contents Through Network Using the Encryption Method - Disclosed are a contents encryption method, and a system and method for providing contents through a network using the contents encryption method. In order to provide contents through the network more securely, at least one piece of contents and corresponding metadata are recursively multi-encrypted at least once, and encrypted data are then provided. In particular, encrypted positions of the contents and corresponding decryption information are expressed as metadata, and the metadata include parameter information on respective encryption tools used for multi-encryption, an order of the applied encryption tools, positions of the encryption tools, and a list of encryption tool substitutes. The metadata are provided when the contents are provided. Therefore, the contents provider and receiver can more safely and systematically manage the metadata including contents decryption information, and multimedia are efficiently protected, managed, and controlled. | 08-28-2008 |
20080215892 | Data Transmission Between Modules - In a method for transferring data (D) between a first module ( | 09-04-2008 |
20080215893 | Multiple levels of guided scrambling - Multiple levels of guided scrambling. Selective scrambling is performed on user data (or any information) that is to be output. The selection of which scrambling is to be employed can be based on whether or not a baseline error constraint and/or randomness constraint is met. The writing of the scrambled user data can be performed in parallel with, during the same time period, and/or simultaneously with the determination of whether or not a baseline error constraint and/or randomness constraint is met. If the constraint is not met, the outputting and/or writing of the scrambled user data can be aborted mid-process. | 09-04-2008 |
20080215894 | Method, System and Devices For Digital Content Protection - This invention relates to a system (and a corresponding method and devices) of digital content protection the system comprising a first digital content protection system ( | 09-04-2008 |
20080222427 | DEVICE AND METHOD WITH REDUCED INFORMATION LEAKAGE - The invention is directed to a data-processing system comprising a processor and first encrypted information in a first persistent memory whose level of information leakage is higher than that of a second persistent memory. In the second persistent memory is stored a first cryptographic key for decrypting the first encrypted information, thereby generating therefrom first unencrypted information that is usable by the processor for executing an operation. The same cryptographic key may also be used for encrypting the first unencrypted information, thereby generating the first encrypted information. It is also directed to a method of processing such a data-processing system with an operating system, comprising a writing step for writing first unencrypted information into the first persistent memory, an encryption step for encrypting the first unencrypted information under use of the first cryptographic key, creating therefrom first encrypted information in the first persistent memory, and an access-limitation step for setting the data-processing system to a state in which writing into the first persistent memory is controlled by the operating system. It also relates to a method of executing an operation on such a data-processing system comprising a decryption step for decrypting the first encrypted information under use of the first cryptographic key, thereby generating therefrom first unencrypted information and an execution step for executing an operation by the processor, using the first unencrypted information. | 09-11-2008 |
20080229113 | Trusted Time Stamping Storage System - Data stored in a data storage system is hashed to generate a hash value. The hash value and a request for a time stamp are then sent to a time stamping authority. A time stamp token and/or a time stamp certificate is received from the time stamping authority. The time stamp token includes a time stamp and the hash value, and may be encrypted using a private key of the time stamping authority. The time stamp token and/or time stamp certificate is then stored with, for example, a reference to the data being stored in the data storage system. The time stamp token and/or time stamp certificate may then be used to validate the data being stored and the time stamp. | 09-18-2008 |
20080229114 | INFORMATION PROCESSING APPARATUS, SOFTWARE UPDATE METHOD, AND IMAGE PROCESSING APPARATUS - An information processing apparatus, a software update method, and an image processing apparatus capable of encrypting and decrypting information using values uniquely calculated from booted primary modules or booted backup modules with less effort are disclosed. The information processing apparatus includes primary modules and the same kinds of backup modules, and includes a value storage unit storing values calculated from the modules, an encryption information storage unit storing information unique to the modules, an information decryption unit decrypting the information unique to the modules using the values in the value storage unit, and an encryption information update unit, when the module is updated, encrypting the information unique to the modules based on a value calculated from the each kind of the primary modules or the backup modules after the update. | 09-18-2008 |
20080235518 | APPLICATION PROTECTION SYSTEMS AND METHODS - Application protection systems and methods. The system comprises a security platform device comprising a storage unit and a processing unit. The storage unit comprises a root security key and an application security key. The security platform device receives a unique key from an application. The processing unit encrypts the unique key using the root security key, and determines whether the encrypted unique key conforms to the application security key. If so, the application is allowed to execute. | 09-25-2008 |
20080235519 | Data processing method and data processing device - An object is to achieve improvement in efficiency in a case where encoding processing of data and encryption processing are executed in parallel with each other. A program of a first accelerator core out of multiple accelerator cores is reconfigured for encryption processing in order to perform encryption processing on encoded data. At this time, control is extended so that the time required for encoding processing of data for one frame and the total time of the program rewrite time for the first accelerator core and the time which the first accelerator core requires for implementing encryption processing of accumulated encoded data will be nearly equal to each other. The control is performed by a first general-purpose processor out of multiple general-purpose processors. By minimizing a wasted time during which hardware does not execute any arithmetic and logic operation, improvement in efficiency in a case where encoding processing of data and encryption processing are executed in parallel with each other is achieved. | 09-25-2008 |
20080235520 | Transportable, Configurable Data Carrier For Exchanging Data Between Electrical Devices, and Method Therefor - Adequately designed transportable data carriers are used for different applications. In order to allow for individual, particularly automatically adjustable, interactive configuration and allow also inexperienced users to rapidly transfer data, the invention relates to a data carrier comprising a single interface circuit to be connected to the respective device, a data memory for temporarily storing the data fed by the respective device, input and display means for user-controlled operation and user guidance, and a control unit that is connected to the same and is provided with a program memory for executing application programs and communication functions such that an authentication process is carried out, the transfer mode (master/slave) and the direction of the data transfer are automatically detected, and the adequate transmission type/speed/protocol for downloading the data are selected according to said authentication and identification processes with the aid of the control units for configuration purposes when the data carrier is connected to the respective device, and memory areas of the data memory can be read in and out and deleted only once the authentication process has been successful. | 09-25-2008 |
20080244273 | CRYPTOGRAPHIC METHOD USING REDUNDANT BITS AND ADAPTIVE CLOCK FREQUENCY - The present invention discloses a cryptographic method using redundant bits and an adaptive clock frequency, which adds redundant bits and modifies clock frequency to change the contents and transmission rate of the bit sequence to encrypt data. The present invention can combine with the existing security mechanism or cryptographic algorithm, such as AES (Advanced Encryption Standard) or DES (Data Encryption Standard), to achieve a multi-fold security function. Thereby, the present invention can apply to various communication devices to increase the immunity against attacks, promote information security and protect personal privacy. | 10-02-2008 |
20080244274 | Methods and Systems for Processing of n-State Symbols with XOR and EQUALITY Binary Functions - Multi-valued or n-state with n=2 | 10-02-2008 |
20080250250 | Method and Apparatus for Using USB Flash Devices and Other Portable Storage as a Means to Access Prepaid Computing - A form of removable memory, such as a universal serial bus (USB) flash device (UFD), may allow secure storage of and access to a time balance of a pay-per-use or subscription computing system. A computing device may establish a secure connection to a portable secure computing device to access a stored time balance or other device-enabling, exhaustible data. During operation, the device may deplete the balance. Upon reaching a threshold depletion of the balance, the user may add more data to continue device use. The device may include a processor and a secure memory including identification and subscription data. Further, the device may store configuration data that may be used by the computer to bind the device to a particular subscription service or internet service provider. | 10-09-2008 |
20080250251 | Systems and Methods for Hardware Driven Program Execution - Systems and methods for storing and accessing encrypted content are described. At least one embodiment includes a system for storing and accessing encrypted content comprising a secure hardware device coupled to a memory comprising a trusted module, wherein the hardware device is configured to receive content from a remote location, and wherein the hardware device is configured to encrypt content and generate a key for decrypting the content. The system further comprises logic stored within the memory configured to access the encrypted content, wherein the logic comprises a plurality of decryption modules and at least one decoder. | 10-09-2008 |
20080250252 | Systems and methods for bios processing - Methods and systems for Basic Input/Output System BIOS processing such as hashing are disclosed. In one embodiment, there is a direct interface between a security module and a non-volatile memory storing the BIOS in a computing system so that the security module may directly access the BIOS without using the central processing unit CPU as an intermediary. In one embodiment, the security module is powered by standby power and therefore can begin BIOS processing even if the computing system has not yet been turned on. | 10-09-2008 |
20080250253 | System and method for accessing information resources using cryptographic authorization permits - A system and method for securing information associates a party with a node that communicates messages over one or more channels based on a channel access privilege. One or more authorities sign a cryptographic authorization permit (CAP) to authorize the channel access privilege, which can be a write privilege or a read privilege. In one embodiment, the authorization for the channel access privilege is based on a public key issued by an authority and the CAP comprises a cryptographic certificate digitally signed by the authority. | 10-09-2008 |
20080256364 | DYNAMIC NEGOTIATION OF SECURITY ARRANGEMENTS BETWEEN WEB SERVICES - The present invention relates to computer-based devices and methods negotiate and implement security arrangements between two or more web services. More particularly, it relates to devices and methods that specify input and output interfaces, computation and generation of a security contract consistent with inputs, and implementation of security in accordance with negotiated security arrangements. Particular aspects of the present invention are described in the claims, specification and drawings. | 10-16-2008 |
20080256365 | APPARATUS FOR WRITING INFORMATION ON A DATA CONTENT ON A STORAGE MEDIUM - An apparatus for writing checksum information on a data content on a storage medium. The apparatus has a provider for providing checksum information based on the data content and a writer for writing the data content and the checksum information on the storage medium such that a baseline reader and an enhanced reader can read the data content, the enhanced reader can read and process the checksum information, and the baseline reader ignores, skips or does not read the checksum information. | 10-16-2008 |
20080256366 | System and Method for Booting a Multiprocessor Device Based on Selection of Encryption Keys to be Provided to Processors - A system and method for booting a multiprocessor device based on selection of encryption keys to be provided to the processors are provided. With the system and method, a security key and one or more randomly generated key values are provided to a selector mechanism of each processor of the multiprocessor device. A random selection mechanism is provided in pervasive logic that randomly selects one of the processors to be a boot processor and thereby, provides a select signal to the selector of the boot processor such that the boot processor selects the security key. All other processors select one of the one or more randomly generated key values. As a result, only the randomly selected boot processor is able to use the proper security key to decrypt the boot code for execution. | 10-16-2008 |
20080256367 | Duo Codes for Product Authentication - Systems and methods are provided that employ two or more cryptographically linked codes. The codes, when encrypted, become cipher texts that appear unrelated. The codes described herein are characterized by a series of bits including one or more switch bits. The cipher text of a code having a switch bit in one state will appear to be unrelated to the cipher text of another code differing only in that the switch bit is in the opposite state. The cryptographically linked codes can be used in various combinations, such as on a product and its packaging, on a product and a component of the product, on a certificate packaged with the product and on the packaging, or on outer and inner packagings of the product. | 10-16-2008 |
20080270804 | COPY PROTECTED DIGITAL DATA - The present invention relates to digital data comprising a passive part ( | 10-30-2008 |
20080270805 | Method for Protecting Intellectual Property Cores on Field Programmable Gate Array - Techniques are used to protect intellectual property cores on field programmable gate arrays. An approach is to associate each field programmable gate array, or a limited number of field programmable gate arrays, with a secret key. Each field programmable gate array may only be properly configured or programmed by an appropriate encrypted bitstream (which includes one or more intellectual property cores). This encrypted bitstream has been encoded by or for the secret key associated with a particular FPGA. Other techniques are also presented in this application and include network-based, nonnetwork-based, software-based, layered, and other approaches. The techniques allow an intellectual property core vendor to charge a customer per-use or per-configuration of their intellectual property. This is because an encrypted bitstream is useable only in a limited number, possibly just one, of the integrated circuits. | 10-30-2008 |
20080288783 | METHOD AND SYSTEM TO AUTHENTICATE AN APPLICATION IN A COMPUTING PLATFORM OPERATING IN TRUSTED COMPUTING GROUP (TCG) DOMAIN - A method and system for verifying authenticity of an application in a computing-platform operating in a Trusted Computing Group (TCG) domain is provided. The method includes computing one or more integrity measurements corresponding to one or more of the application, a plurality of precedent-applications, and an output file. The output file includes an output of the application, the application is executing on the computing-platform. Each precedent-application is executed before the application. The method further includes comparing one or more integrity measurements with re-computed integrity measurements. The re-computed integrity measurements are determined corresponding to one or more of the application, the plurality of precedent-applications, and the computing-platform. | 11-20-2008 |
20080288784 | METHOD OF INSTALLING SOFTWARE FOR USING DIGITAL CONTENT AND APPARATUS FOR PLAYING DIGITAL CONTENT - A method of and apparatus for installing software for using digital content and are provided. The method of installing software for using digital content includes: transmitting a request for the software; transmitting security information indicating a security status of a device in which the software is to be installed; and receiving the software from an external apparatus that received the request and security information. According to the method and apparatus, the software can be dynamically securely installed, thereby allowing a variety of digital contents to be used and enhancing the utilization of the device. | 11-20-2008 |
20080294908 | Recording Device, Content Key Processing Device, Recording Medium, and Recording Method - A recording device has a content encryption unit for writing a content encrypted with a content key in a recording medium, and a key encryption unit for encrypting the content key and writing the encrypted content key in the recording medium. A content key processing device has a key decryption unit that decrypts the content key that has been encrypted and recorded in a recording medium, and a key encryption unit that re-encrypts the decrypted content key with predetermined information and writes the re-encrypted content key in the recording medium. | 11-27-2008 |
20080294909 | Method for Private Keyword Search on Streaming Data - A method for private keyword searching on streaming data such that the searching does not reveal what keywords are being searched for and does not reveal whether any such keywords have been located nor which documents in the data stream are saved. | 11-27-2008 |
20080301465 | PROTECTION OF SOFTWARE TRANSMITTED OVER AN UNPROTECTED INTERFACE - The same level of protection and ability to associate rights to media content available with a stand alone media player is provided with a software media player. In an example configuration, a peripheral device comprising an optical disc drive capable of reading HD DVD media, and comprising a flash memory microcontroller with cryptographic capabilities, is coupled to a host game console via a universal serial bus (USB) interface. Media content from the peripheral device is rendered on the host game console. Software protection and management are provided utilizing various cryptographic keys and protocols. Software protection and management meets the prescribed rules of the Advanced Access Content System (AACS) license agreement with respect to consumer electronics players while allowing the playback of media content (e.g., movies) to be performed by software. | 12-04-2008 |
20080301466 | METHODS FOR PROGRAM VERIFICATION AND APPARATUSES USING THE SAME - An embodiment of an apparatus for downloading and/or executing programs from a tool resident on a computer host is disclosed. The apparatus comprises an external flash memory storing a program, and a processor for validating the tool when detecting that the computer host connects to the apparatus. The processor permits the computer host to update the program of the external flash memory after determining that the tool has been successfully verified. | 12-04-2008 |
20080320312 | Hardware-Based Computer Theft Deterrence - A hardware-based security module is used to protect an electronic device, especially a portable electronic device. The security module may determine either via timeout of a watchdog timer or via an explicit message to encrypt selected data on the electronic device. In addition, the electronic device may enter a limited function mode that only allows display of simplistic messages and supports network traffic with a recovery service. The recovery service may be able to use the network traffic to locate the electronic device. The security module may include a secure memory, a cryptographic function, a timer, and support for direct display of data on a monitor. | 12-25-2008 |
20080320313 | SYSTEM AND METHOD TO PROTECT COMPUTING SYSTEMS - A system and method for protecting computing systems, and more particularly a system and method which a dedicated hardware component configured to communicate with a protection program. A computer hardware subsystem includes a memory comprising content. The content is at least a list of files which have been modified within a predetermined period of time. The list of files is a subset of files of a hard drive. A dedicated hardware component is configured to track the files which have been modified and provide a location of the files to the memory. A communication link between the dedicated hardware component and a protection program provides the protection program with the subset of files of the hard drive as referenced by the memory content. | 12-25-2008 |
20080320314 | APPARATUS FOR WRITING DATA TO A MEDIUM - An apparatus for writing data to a medium. The apparatus has a receiver for receiving a write request and encrypted data from a data provider. The apparatus further has a creator for creating a medium ID upon reception of the write request. Furthermore, the apparatus has a provider for providing the medium ID to the data provider for generating the encrypted data and a storage for storing the encrypted data on the medium and for storing the medium ID on the medium upon creation of the medium ID, wherein the encrypted data is encrypted based on the medium ID. | 12-25-2008 |
20080320315 | Method for Creating a Secure Counter on an On-Board Computer System Comprising a Chip Card - According to the inventive method, the chip card, a counting function (FC), a counter (Cpt) and a private key (Cf) stored in the write-only part of the memory region are stored in a persistent memory, the counter and the private key (Cf) being accessible only by the counting function (FC). When the chip card receives a counter request emitted by an requesting entity (ER), the counting function (FC) performs a modification of the counter (Cpt) and a calculation of a signature, and sends a response to the applicant entity (ER). When the on-board system receives the response to the counter request, the signature contained in the response is checked. | 12-25-2008 |
20080320316 | Selective Encryption System and Method for I/O Operations - Upon occurrence of a trigger condition, writes of allocation units of data (including code) to a device, such as writes of blocks to a disk, are first encrypted. Each allocation unit is preferably a predetermined integral multiple number of minimum I/O units. A data structure is marked to indicate which units are encrypted. Upon reads from the device, only those allocation units marked as encrypted are decrypted. The disk protected by selective encryption is preferably the virtual disk of a virtual machine (VM). The trigger condition is preferably either that the virtual disk has been initialized or that the VM has been powered on. Mechanisms are also provided for selectively declassifying (storing in unencrypted form) already-encrypted, stored data, and for determining which data units represent public, general-use data units that do not need to be encrypted. The “encrypt-on-write” feature of the invention may be used in conjunction with a “copy-on-write” technique. | 12-25-2008 |
20080320317 | Electronic device and information processing method - An electronic device is connectable to an information processing apparatus and includes a reading unit to read biologic information; an authentication unit to authenticate a user based on the biologic information; a storage unit including (i) a first storage area that is accessible from the information processing apparatus after authentication has been successfully performed and that stores data supplied from the information processing apparatus with the data being encrypted and (ii) a second storage area storing software that is executed by the information processing apparatus and that has a function of restricting an output destination of data read from the first storage area; a decrypting unit to decrypt the data stored in the first storage area and output the data to the information processing apparatus; and a control unit to control whether the decrypting unit is allowed to decrypt the data in response to instructions from the information processing apparatus. | 12-25-2008 |
20090006860 | GENERATING MULTIPLE SEALS FOR ELECTRONIC DATA - The description generally provides for systems and methods for a mobile communication network. Archives of seals can be sealed to protect the integrity of the seals and facilitate validation in the event a sealing party's sealed registration document is revoked. A document can be sealed multiple times to nest seals within other seals. Specific evidentiary metadata can be included by the sealing party. A main document including or associated with other documents can be sealed as a collection of documents. The seal of the main document can include external references to the files included in the main document to verify the external files were not changed or altered. | 01-01-2009 |
20090006861 | Method and Apparatus for Preventing Internet Phishing Attacks - The invention provides secure access to a web page using a personal pass-phrase to prevent phishing attacks. Upon requesting a web page from a user device, a determination is made as to whether or not an encrypted cookie exists for the requested web page. An encrypted cookie includes the personal pass-phrase and at least one of an identifier of the user device, an identifier of a web browser from which the web page request is initiated, and information about the network path used to establish the personal pass-phrase. If an encrypted cookie does not exist, the user is provided a capability to create the encrypted cookie including a personal pass-phrase. If the encrypted cookie exists, the user device provides the encrypted cookie with the web page request for use by the web server to validate the web page request using information included in the encrypted cookie. If the web page request is valid, the web server propagates the web page toward the user device, otherwise the user device receives an indication that the web server is invalid. | 01-01-2009 |
20090006862 | Provisioning a computing system for digital rights management - Various embodiments utilize hardware-enforced boundaries to provide various aspects of digital rights management or DRM in an open computing environment. Against the backdrop of these hardware-enforced boundaries, DRM provisioning techniques are employed to provision such things as keys and DRM software code in a secure and robust way. Further, at least some embodiments utilize secure time provisioning techniques to provision time to the computing environment, as well as techniques that provide for tamper-resistant storage. | 01-01-2009 |
20090013192 | INTEGRITY CHECK METHOD APPLIED TO ELECTRONIC DEVICE, AND RELATED CIRCUIT - An integrity check method applied to an electronic device includes: fetching at least one portion of external data into a specific memory, where the external data is stored within the electronic device; during fetching the portion of the external data into the specific memory, checking whether the size of the fetched data in the specific memory reaches a predetermined value, where the predetermined value is less than the total size of the external data; and when the size of the fetched data in the specific memory reaches the predetermined value, enabling an integrity check of the fetched data. | 01-08-2009 |
20090013193 | Circuit Building Device - The present invention provides an apparatus for securely acquiring a circuit configuration information set corresponding to a new cryptosystem without increasing the number of reconfigurable circuits. A content playback apparatus | 01-08-2009 |
20090019290 | METHOD AND CENTRAL PROCESSING UNIT FOR PROCESSING ENCRYPTED SOFTWARE - The present invention provides a central processing unit for processing at least one encrypted software. The encrypted software comprises at least one encrypted software section. The encrypted software section is encrypted with a management key MK, and the MK being encrypted with a device key DK as a encrypted MK. The central processing unit comprises processing and cache unit, and cryptographic unit. The cryptographic unit comprises device key storage unit for storing the DK, a plurality of management key storage units for storing MKs, wherein each management key storage unit corresponding to a management key index MKI, and decryption unit. The decryption unit decrypts a encrypted MK with the DK to obtain a MK, stores the MK to a management key storage unit, and output a MKI corresponding to the management key storage unit, thus the MKI is used to correspond to the encrypted software section. Wherein, the decryption unit invokes corresponding MK according to the MKI and decrypts the encrypted software section, and directly transfers the decrypted software code and/or data to the processing and cache unit. | 01-15-2009 |
20090024854 | DOCUMENT OUTPUTTING APPARATUS, CONTROL METHOD THEREOF, AND DOCUMENT OUTPUT SYSTEM - A document providing computer creates a JDF file and a PDF file, and associates them by embedding a path to the PDF file in the JDF file (S | 01-22-2009 |
20090049309 | Method and Apparatus for Verifying Integrity of Computer System Vital Data Components - Vital data components of a computer system are protected by a mechanism for detecting unauthorized alteration, preferably in the form of digital signatures to detect unauthorized alteration. A vital data validation mechanism is provided to verify that vital data modules have not been tampered with. The vital data validation mechanism verifies the current state of each vital data module, preferably by decrypting the digital signature. The validation mechanism also checks an alteration log to verify that no alterations have been made to the corresponding memory locations. The second verification is intended to detect whether a vital data module has been altered temporarily, and then restored to its initial state. | 02-19-2009 |
20090055657 | Program Converting Device, Secure Processing Device, Computer Program, and Recording Medium - To provide a program conversion device capable of executing a program that includes a secret operation for decrypting encrypted data using secret information without exposure of the secret information in a memory thereby to improve confidentiality in execution of the program. In an execution program generation device | 02-26-2009 |
20090055658 | Authenticating and Verifying an Authenticable and Verifiable Module - A module-specific public key and cryptographically protected data related to the module-specific public key are extracted from an authenticable and verifiable module. The cryptographically protected data is compared with the module-specific public key to authenticate the authenticable and verifiable module. A value calculated from an image, including a size and location block, included within the authenticable and verifiable module is compared with a value extracted from a digital signature contained in a verification block within the authenticable and verifiable module to verify the authenticable and verifiable module. | 02-26-2009 |
20090055659 | Method and apparatus for processing arbitrary key bit length encryption operations with similar efficiencies - A calculating apparatus, or system, having a plurality of stages, such as in a pipeline arrangement, has the clocking rail or conductor positioned alongside the stages. With a large number, i.e., hundreds, of stages arranged in parallel sub-arrays, the clocking conductor is snaked alongside the sub-arrays. In individual stages it is arranged that the shortest of the two calculations taking place in a stage, takes place in the return path. An array can be divided into separate sections for independent processing. | 02-26-2009 |
20090063869 | Securing Data in a Networked Environment - Apparatus for securing data, comprising: an isolated processing environment having a boundary across which data cannot cross and a channel for allowing data to cross the boundary. A filter restricts data passage across the channel. Protected data is initially located in a secure area and is only released to such a secure processing environment so that access for authorized users to the secure data is available, but subsequent release of the secure data by the authorized users to the outside world is controlled. | 03-05-2009 |
20090063870 | Method, Apparatus, and Product for Prohibiting Unauthorized Access of Data Stored on Storage Drives - A method, apparatus, and computer program product are disclosed in a data processing system for prohibiting unauthorized access of data that is stored on storage drives. Multiple logical partitions are generated. A different unique randomizer seed is associated with each one of the logical partitions. In response to one of the logical partitions needing to access a storage drive, the logical partition transmits a seed to the storage drive. The transmitted seed is associated with the one of the logical partitions. A transmitting one of the logical partitions is unable to transmit a seed that is other than a seed that is associated with the transmitting one of the logical partitions. The storage drive utilizes the transmitted seed to randomize and de-randomize data for the one of the logical partitions. Data randomized for one of the logical partitions cannot be de-randomized for a different one of the logical partitions. | 03-05-2009 |
20090070594 | TRANSIENT ON-DEMAND DATA SECURITY CONTROL - The present invention addresses the deficiencies of the art in respect to data security control and provides a method, system and computer program product for securing confidential data through transient on-demand data security control. In one embodiment of the invention, a method of securing confidential data can be provided. The method can include decrypting confidential data in a document, determining a subset of the confidential data specified by an author of the document, rendering a view of the confidential data including the subset, and, in response to detecting when an authorized viewer of the document no longer views the document, concealing the subset of the confidential data while maintaining a view of the confidential data not included in the subset. | 03-12-2009 |
20090070595 | SYSTEM FOR IMPLEMENTING DYNAMIC PSEUDORANDOM KEYBOARD REMAPPING - A system for implementing dynamic pseudorandom keyboard remapping includes a keyboard in communication with an operating system of a computing device; the keyboard configured to encrypt an original keyboard scan code corresponding to each of a plurality of keyboard keys, using a mapping algorithm, wherein the mapping algorithm encrypts the original keyboard scan code by using both the original keyboard scan code and a current one of a sequence of pseudorandom numbers generated using a pseudorandom number generator (PRNG) algorithm and an initial seed value; and the operating system configured to decrypt the original keyboard scan code based on an encrypted scan code generated and transmitted from the keyboard thereto, responsive to a keystroke of the keyboard, wherein the operating system also uses the mapping algorithm, the PRNG algorithm, and the initial seed value. | 03-12-2009 |
20090070596 | Secure Read-Write Storage Device - A method is described for securing a read write storage (RWS) device, the method comprising, providing the RWS device, the RWS device comprising a controller comprising a processor and a bit bucket and employing, in response to a decision making process, a sanction in the RWS device. Related apparatus and methods are also described. | 03-12-2009 |
20090070597 | Method and Apparatus for Store and Replay Functions in a Digital Radio Broadcasting Receiver - A method includes: receiving a plurality of audio frames, assembling groups of the audio frames into logical recording units, storing a plurality of the logical recording units, retrieving the stored logical recording units, and decoding the retrieved logical recording units. An apparatus that performs the method is also provided. | 03-12-2009 |
20090077388 | INFORMATION PROCESSING APPARATUS AND COMPUTER READABLE MEDIUM - An information processing apparatus includes an information acceptance unit, a calculation unit and an encryption unit. The information acceptance unit accepts information relevant to a program. The calculation unit calculates one of a one-way function and a pseudo one-way function using one of the information relevant to the program accepted by the information acceptance unit and a part of the information. The encryption unit performs encryption processing for one of code of the program and the conversion result of the code and a part thereof using one of the calculation result of the calculation unit and a part of the result. | 03-19-2009 |
20090083545 | SEARCH REPORTING APPARATUS, METHOD AND SYSTEM - A method of reporting search results of a collection of data is disclosed. The method includes obtaining a hash function and a pattern of data for which to search within the collection of data and searching the collection of data for one or more strings of data that match the pattern. In response to finding one or more strings of data that match the pattern, the method further includes hashing each string that matches the pattern of data with the hash function and creating one or more rows of a results table. Each row of the results table corresponds to one string of data that matches the pattern of data and includes the corresponding hashed string of data. | 03-26-2009 |
20090083546 | System And Method For Providing Private Inference Control - A system and method for providing private inference control is presented. A query count and database including records are maintained. Each record includes attributes, wherein the attributes form inference channels. A data structure is constructed including ciphertext keys, which each relate to one attribute and record. A seed for a pseudorandom function and a secret key for non-malleable encryption are chosen. A query is specified by providing indices identifying one record and attribute by homomorphic encryption. A secure function evaluation is executed upon the inference channels, seed, secret key, query count, and the set of ciphertext keys. An output is generated including the pseudorandom function and an updated set of ciphertext keys subject to sum-consistency of the set of ciphertext keys and a non-inference enabling query. A table of entries is formed by combining each attribute for each record with an output from the pseudorandom function. The entry is provided. | 03-26-2009 |
20090094464 | SIGNATURE GENERATING DEVICE, SIGNATURE GENERATING METHOD AND SIGNATURE GENERATING PROGRAM - A signature generation apparatus is capable of making a value used in signature generation processing difficult to analyze. In the signature generation apparatus, a random number generation module generates a len-bit random number u, a selection module converts the generated random number u into a bit expression, and acquires element pairs corresponding to the bit values from a table memory unit. A random element generation module applies a basic operation of a first group G and a second group to all acquired element pairs, and calculates an element Pk on the first group G and an element Pak on the second group Ga. The signature generation apparatus generates a digital signature S for a message m with use of a transformation module, a main operation module, an inverse transformation module, a multiplication module, a division module, and a signature data generation module. | 04-09-2009 |
20090100271 | Counterfeit Prevention System based on Random Processes and Cryptography - A first portion of a label is formed using a chaotic process that cannot be controlled and forms a portion of the label using the chaotic information. A prospective counterfeiter cannot control the first portion of the label, and hence can only form a different random portion. A private encryption key is used to encrypt information indicative of the random portion. That encrypted information is placed on the same label. That encrypted information can be decrypted by a user using a public key, and compared with the random portion. If they agree, then the label is genuine, and the product has not been counterfeited. Since the random information cannot be replicated exactly, there is no way to copy this label and its encrypted portion exactly onto another product or label. | 04-16-2009 |
20090100272 | ANTI-ROLL-BACK MECHANISM FOR COUNTER - A method of maintaining a version counter indicative of a version of memory content stored in a processing device. The method comprises selectively operating the device in a first or second mode. Access to the first mode is limited to authorised users and controlled separately from access to the second mode. In the first mode at least an initial integrity protection value is generated for cryptographically protecting an initial counter value of said version counter during operation of the processing device in the second mode; wherein the initial counter value is selected from a sequence of counter values, and the initial integrity protection value is stored as a current integrity protection value in a storage medium. In the second mode, a current counter value is incremented to a subsequent counter value; wherein incrementing includes removing the current integrity protection value from said storage medium. | 04-16-2009 |
20090106560 | ENTITY-IDENTITY BASED SECURITY PROCUREMENT OF COMPUTER FILES THAT ARE DOWNLOADABLE TO AN AIRCRAFT, METHOD OF AUTHENTICATION, AND ASSOCIATED SYSTEM AND AIRCRAFT - The present invention relates in general to the security of computer files installed on board an aircraft and in particular to the mechanisms with which the authenticity thereof, or in other words the origin and integrity, can be guaranteed. | 04-23-2009 |
20090113211 | PROCESSING UNIT INCLUDING A WIRELESS MODULE AND METHOD THEREOF - A processing unit includes a processing core and a wireless module directly connected to the processing core, wherein the wireless module is for providing wireless communications to the processing core. A multi-processor system includes a first processing unit having a first processing core and a first wireless module directly connected to the first processing core, the first wireless module for providing wireless communications to the first processing core; a second processing unit having a second processing core and a second wireless module directly connected to the second processing core, the second wireless module for providing wireless communications to the second processing core; and a wireless link between the first and second wireless modules; wherein the first processing unit is for communicating with the second processing unit via the wireless link. | 04-30-2009 |
20090113212 | Multiprocessor electronic circuit including a plurality of processors and electronic data processing system - A multiprocessor electronic circuit and an electronic data processing system comprising such circuit are disclosed for reducing the power consumption and the chip area consumption of a multiprocessor system having cryptographic functionality. In one embodiment, the multiprocessor electronic circuit comprises a plurality of processors, a single cryptographic processing unit that comprises a plurality of input/output buffer pairs and two cryptographic engines, a cipher engine and a hash engine, and associated control logic. | 04-30-2009 |
20090113213 | SYSTEM AND METHOD FOR SEARCHING ENCRYPTED NUMERICAL DATA - A system for searching encrypted numerical data according to an embodiment of the present invention includes: a key generator that generates a key for encryption; an index generator that generates an index for documents from a plurality of documents including numerical data and the generated key, on the basis of individual digits of the numerical data and the positions of the digits; a trapdoor generator that generates a trapdoor including search information on the individual digits of the numerical data and the positions of the digits, using the generated key; and a document searching unit that receives numerical data for search, searches the index using the trapdoor, and outputs document information including the numerical data for search. | 04-30-2009 |
20090113214 | SOFTWARE PROTECTION AGAINST FAULT ATTACKS - A method for protecting information in a device includes providing a device with a non-secure hardware domain, a processor having a software-controlled mode of operation, and a secure hardware domain having a secure memory that is inaccessible by the processor when the processor is operating in the software-controlled mode of operation. Data from the non-secure hardware domain is established in the secure hardware domain. Computing operations are executed on the data in the secure hardware domain to produce a result. The secure hardware domain is purged, while retaining the result therein. The result is thereafter returned from the secure hardware domain into the non-secure hardware domain. | 04-30-2009 |
20090113215 | FAST UPDATE FOR HIERARCHICAL INTEGRITY SCHEMES - A method for data integrity protection includes arranging data in a plurality of data blocks. A respective block signature is computed over each of the data blocks, thereby generating multiple block signatures. The data blocks and the block signatures in an integrity hierarchy are stored in a storage medium, the hierarchy comprising multiple levels of signature blocks containing signatures computed over lower levels in the hierarchy, culminating in a top-level block containing a top-level signature computed over all of the hierarchy. A modification is made in the data stored in a given data block within the hierarchy. The respective block signature of the given data block is recomputed in response to the modification, and the recomputed block signature is stored in the top-level block for use in verifying a subsequent requests to read data from the given data block. | 04-30-2009 |
20090113216 | CRYPTOGRAPHIC MULTI-SHADOWING WITH INTEGRITY VERIFICATION - A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided. | 04-30-2009 |
20090119514 | CONTENT DATA STRUCTURE AND MEMORY CARD - Content data of the present invention is used by a playback apparatus having a display. The content data has a data structure in which a plurality of pieces of audio data to be played back are associated with pieces of encrypted code information which are created by encrypting with a predetermined algorithm pieces of code information. Each piece of the code information indicates text to be shown on the display at the time of playback of a corresponding piece of the audio data. | 05-07-2009 |
20090125726 | Method and Apparatus of Providing the Security and Error Correction Capability for Memory Storage Devices - A method and apparatus of configuring the byte structure of a memory storage device, including a flash memory device, to enhance the security and error correction capability is described. In one embodiment, the method includes increasing the security of data stored in the storage device by encrypting data with a unique initialization vector and storing the initialization vector in the storage device. The method also includes using a unique initialization vector for encrypting data, to be stored in each datablock, each time data are encrypted. In one embodiment, the apparatus includes an AES controller that includes encryption and decryption modules to encrypt and decrypt data prior to writing data to or reading from the storage device. The apparatus also includes an encoder module and decoder circuits to encode and decode data prior to writing or reading from memory storage devices. The apparatus optionally includes a state machine that generates and provides the initialization vector and also activates different components of AES controller and ECC module depending on the operation of the device. | 05-14-2009 |
20090125727 | METHOD FOR CRYPTOGRAPHIC PROCESSING OF A MESSAGE - A method for cryptographic processing of a message by a secret key includes the following steps:
| 05-14-2009 |
20090132830 | SECURE PROCESSING DEVICE, SECURE PROCESSING METHOD, ENCRYPTED CONFIDENTIAL INFORMATION EMBEDDING METHOD, PROGRAM, STORAGE MEDIUM, AND INTEGRATED CIRCUIT - When performing secure processing using confidential information that needs to be confidential, the secure processing device according to the present invention prevents the confidential information from being exposed by an unauthorized analysis such as a memory dump. A signature generation device | 05-21-2009 |
20090132831 | CIRCUIT ARRANGEMENT WITH NON-VOLATILE MEMORY MODULE AND METHOD FOR EN-/DECRYPTING DATA IN THE NON-VOLATILE MEMORY MODULE - An apparatus and method is provided for protecting data in a non-volatile memory by using an encryption and decryption that encrypts and decrypts the address and the data stored in the non-volatile memory using a code read only memory that stores encryption and decryption keys that are addressed by a related central processing unit at the same time data is being written or read from the non-volatile memory by the central processing unit. | 05-21-2009 |
20090132832 | ELECTRONIC MUSICAL APPARATUS FOR RECORDING AND REPRODUCING MUSIC CONTENT - In an electronic musical apparatus, a media ID (MD | 05-21-2009 |
20090138726 | Authentication-secured access to a data carrier comprising a mass storage device and chip - The invention provides a method for accessing the mass memory of a data carrier with a mass memory and a chip. The data carrier has been or is personalized by an individual date of a use device which is or has already been stored in(to) the chip to a use device for accessing the data carrier, so that the data carrier can only be used with this use device. | 05-28-2009 |
20090144557 | RECOVERABLE SECURE DATA STORE SYSTEM AND METHOD - A data security provision system and method are provided herein. | 06-04-2009 |
20090144558 | Method For Anit-Keylogger - A method for preventing keyloggers from logging text data, that is outputted by a computer user data input device. By encrypting the text data of the user data input device, the keyloggers cannot understand the text data of the user data input device in a computer. | 06-04-2009 |
20090144559 | ELECTRONIC DEVICE BOOTED UP WITH SECURITY, A HASH COMPUTING METHOD, AND A BOOT-UP METHOD THEREOF - A method for authenticating a public key to execute a process with security, including: invoking a process; reading a public key from a first source; calculating a hash value of the public key with a block encryption algorithm, wherein part of the public key is an initial input value of the block encryption algorithm; reading a hash value from a second source; comparing the calculated hash value to the read hash value to determine if the public key is authentic; and executing the process if the public key is authentic. | 06-04-2009 |
20090144560 | Image retrieval system and method - An image retrieval system that provides secured image data in response to a query specified by a user. The system includes a data retrieval unit, an encryption unit, and an output unit. The data retrieval unit is configured to retrieve image data relevant to the specified query from a collection of image data. The encryption unit is configured to encrypt at least a portion of the retrieved image data according to the specified query. The output unit is configured to output the at least partially encrypted image data to the user. The image data represents an image formed of one or more regions each having a keyword associated therewith. The encrypted portion is decryptable by the user only when the user is authorized to view the entire image. | 06-04-2009 |
20090150680 | Data Security in Mobile Devices - Systems, methods for computer program products for securely storing data in a data store or in an external data store associated with a mobile device are described herein. Data that is being sent from an application module to a data store, on the mobile device or an external data store used by the mobile device is first encrypted by a security manager. The security manager encrypts data based on an encryption algorithm that may be selected by a user. Data received from an application module is thus stored in an encrypted form on a data store. When an application requests data from the data store, the security manager decrypts the data and provides the data to the application module in its decrypted form. All data that is transmitted to or received from a data store or an external data store is intercepted by the security manager for encryption and decryption respectively. | 06-11-2009 |
20090158050 | Trusted Labeler - A cryptographic device and method are disclosed for processing different levels of classified information. Input and output ports are physically isolated on the cryptographic device. Within the cryptographic device, each port has its packets labeled in such a way that it can be processed differently from other packets by a cryptographic module. High-assurance techniques are used to assure labeling and proper processing of the packets. These labeled packets are intermixed on common pathways regardless of level of classification. Despite intermixing, separation of the packets is assured through the process. | 06-18-2009 |
20090158051 | METHOD AND SYSTEM FOR OBFUSCATING A CRYPTOGRAPHIC FUNCTION - A method of protecting an integrity of a data processing system. The method comprises determining ( | 06-18-2009 |
20090158052 | IMAGE PROCESSING APPARATUS FOR CHECKING UNAUTHORIZED ACCESS TO INFORMATION AND METHOD OF PERFORMING THE SAME - Information is prevented from being retrieved by an unauthorized person when an information processing apparatus is stolen or lost. There is provided an information processing apparatus including: a storage; dividing logic/utility that divides data stored on the storage into a predetermined first number of pieces of partial data; transmitting logic/utility that transmits one or more of the first number of pieces of divided partial data to one or more different information processing apparatuses, and deletes the one or more of the first number of pieces of partial data from the storage; retrieving logic/utility that retrieves the one or more pieces of partial data from the one or more different information processing apparatuses, and stores the retrieved pieces of partial data onto the storage; and restoring logic/utility that restores the data from the minimum number of pieces of partial data. | 06-18-2009 |
20090158053 | Battery Pack and Electronic Apparatus - A battery pack includes at least one rechargeable battery configured to output power; a remaining battery capacity detection unit configured to detect a remaining battery capacity of the at least one rechargeable battery; and a cryptographic unit configured to output a response word in response to an external request word by encrypting the external request word based on a cryptographic algorithm with a common code key. | 06-18-2009 |
20090158054 | PRIVATE DATA PROCESSING - A method for processing one or more terms includes, at a first computation facility, computing an obfuscated numerical representation for each of the terms. The computed obfuscated representations are provided from the first facility to a second computation facility. A result of an arithmetic computation based on the provided obfuscated values is received at the first facility. This received result represents an obfuscation of a result of application of a first function to the terms. The received result is processed to determine the result of application of the first function to the terms. | 06-18-2009 |
20090164800 | Secure End-of-Life Handling of Electronic Devices - Methods and apparatus for verifying that an electronic device has been disabled are disclosed. An exemplary electronic device includes a communications interface, a secure memory, storing a secret key, and a cryptographic circuit configured to calculate a verification token from the secret key, using a first cryptographic operation. The cryptographic circuit is further configured to calculate an identification token from the verification token, using a second cryptographic operation. The cryptographic circuit is further configured to output the identification token in response to a first command received via the communications interface. The verification token is output to the communications interface only if a predetermined functionality of the electronic device has been disabled. The electronic device may further comprise a disabling circuit configured to disable the predetermined functionality in response to a disable command. | 06-25-2009 |
20090164801 | RECORDING/REPRODUCING DEVICE, COMMUNICATION DEVICE, PROGRAM, SYSTEM LSI - A reading unit | 06-25-2009 |
20090164802 | MEMORY MANAGEMENT METHOD - A mobile communicator including a CPU, communications software and application software for at least one application which can be launched only by using at least one application key, the at least one application key being scrambled using a scrambling function which is based on a seed, which seed is not stored in any computer memory used by the mobile communicator. | 06-25-2009 |
20090172409 | CORE DUMP PRIVACY DURING APPLICATION FAILURE - Embodiments of the present invention address deficiencies of the art in respect to core dump generation during application fault handling and provide a method, system and computer program product for privacy preservation of core dump data during application fault handling. In an embodiment of the invention, a method for privacy preservation of core dump data during application fault handling can be provided. The method can include receiving a crash signal for an application and generating a core dump with object data for the application. The method further can include obfuscating the object data in the core dump and writing the core dump with obfuscated object data to a file. In this way, the privacy of the object data in the core dump can be preserved. | 07-02-2009 |
20090172410 | PERSONAL VAULT - In some embodiments data input to an input device is encrypted before it is received by any software, and information is stored securely so that the information is not accessible to any software. Other embodiments are described and claimed. | 07-02-2009 |
20090172411 | Protecting the security of secure data sent from a central processor for processing by a further processing device - A data processing apparatus comprising: a data processor for processing data in a secure and a non-secure mode, said data processor processing data in said secure mode having access to secure data that is not accessible to said data processor in said non-secure mode, and processing data in said secure mode being performed under control of a secure operating system and processing data in said non-secure mode being performed under control of a non-secure operating system; and a further processing device for performing a task in response to a request from said data processor, said task comprising processing data at least some of which is secure data; wherein said further processing device is responsive to receipt of a signal to suspend said task to initiate: processing of said secure data using a secure key; and storage of said processed secure data to a non-secure data store; and is responsive to receipt of a signal to resume said task to initiate: retrieval of said processed secure data from said non-secure data store; and restoring of said processed secure data using said secure key; wherein said secure key is securely stored such that it is not accessible to other processes operating in said non-secure mode. | 07-02-2009 |
20090172412 | SYSTEM FOR AND METHOD OF AUTO-REGISTRATION WITH CRYPTOGRAPHIC MODULES - A system for and method of registering devices an applications with cryptographic modules is presented. The system and method prevent devices and applications from operating in conjunction with cryptographic modules unless such devices and applications have previously been registered with the module. | 07-02-2009 |
20090172413 | High Speed Cryptographic System with Modular Architecture - The present invention concerns a cryptographic system ( | 07-02-2009 |
20090177893 | DIGITAL IDENTITY DEVICE - A digital identity device for uniquely identifying legal entities. The digital identity device is used for secure electronic communications. | 07-09-2009 |
20090187769 | SYSTEM AND METHOD FOR AN AUTONOMOUS SOFTWARE PROTECTION DEVICE - A system and method is introduced for protecting software from being altered, duplicated, inspected or used in an unauthorized manner. An autonomous software protection device is presented, containing encryption and decryption unit along with an independent execution environment such as a Java Virtual Machine to carry out computations in a protected environment. The software protection device carries out protected code and may make use of protected data to carry out protected computations. Unsecured memory may be used securely by software protection device through an internal virtual memory mechanism managed by the independent execution environment. The software protection device may serve an external computing device for making computations that are protected from software and data alteration and inspection while preventing duplication and usage not as intended by the software and data owner. | 07-23-2009 |
20090193265 | FAST DATABASE INTEGRITY PROTECTION APPARATUS AND METHOD - An apparatus and method of protecting the integrity of a database is provided. Protection of the database is implemented by randomly selecting part of the database that is to be authenticated, the part of the database being less than the entire database to be authenticated. Then, only the selected part of the database is processed through a security function to generate a representation of authentication of the database for comparison with another representation of authentication of the database. Based on a comparison of the representation of authentication and the another representation of authentication, it is determined if integrity of the database has been maintained. | 07-30-2009 |
20090204822 | REDUCING THE BOOT TIME OF A TCPA BASED COMPUTING SYSTEM WHEN THE CORE ROOT OF TRUST MEASUREMENT IS EMBEDDED IN THE BOOT BLOCK CODE - A method, computer program product and system for reducing the boot time of a TCPA based computing system. A flash memory in the TCPA based computing system may include a register comprising bits configured to indicate whether the segments of the flash memory have been updated. The flash memory may further include a table configured to store measurements of the segments of the flash memory. The flash memory may further include a boot block code that includes a Core Root of Trust for Measurement (CRTM). The CRTM may read the bits in the register to determine if any of the segments of the flash memory have been updated. The CRTM may further obtain the measurement values in the table for those segments that store the POST BIOS code that have not been updated thereby saving time from measuring the POST BIOS code and consequently reducing the boot time. | 08-13-2009 |
20090210722 | System for and method of locking and unlocking a secret using a fingerprint - The present invention provides a way to lock a secret in a portable package. The package contains the key needed to unlock it. The key is dispersed throughout the encrypted data so that an attacker has no way to feasibly recover it. The package also contains information that uniquely identifies users who are authorized to unlock the secret. In a preferred embodiment, the information is fingerprint image data, such as fingerprint templates. The locked secret thus has several levels of security, requiring information needed to recover and assemble the key, information about the decryption algorithm that uses the key to unlock the secret, and biometric information needed to grant a user permission to unlock the secret. | 08-20-2009 |
20090210723 | METHOD OF DETECTING SOFTWARE FALSIFICATION, APPARATUS CONFIGURED TO DETECT SOFTWARE FALSIFICATION, AND COMPUTER-READABLE STORAGE MEDIUM - A method of detecting falsification of software installed in an apparatus includes the steps of (a) encrypting software configuration information of the apparatus at the time of installing the software using an encryption and decryption unit specific to the apparatus, and storing the encrypted software configuration information outside the apparatus, (b) decrypting the encrypted software configuration information of the apparatus at the time of installing the software, stored outside the apparatus, using the encryption and decryption unit specific to the apparatus, and (c) determining the presence or absence of the falsification of the software by comparing the software configuration information of the apparatus at the time of installing the software obtained by step (b) and the current software configuration information of the apparatus. | 08-20-2009 |
20090217054 | SECURE SOFTWARE AND HARDWARE ASSOCIATION TECHNIQUE - In an embodiment, authenticated hardware and authenticated software are cryptographically binded using symmetric and asymmetric cryptography. Cryptographically binding the hardware and software ensures that original equipment manufacturer (OEM) hardware will only run OEM software. Cryptographically binding the hardware and software protects the OEM binary code so it will only run on the OEM hardware and cannot be replicated or altered to operate on unauthorized hardware. This cryptographic binding technique is referred to herein as secure software and hardware association (SSHA). | 08-27-2009 |
20090217055 | Apparatus and Method for Preventing Unauthorized Copying - The present invention relates to an apparatus for preventing unauthorized copying that comprises a casing, an optical storage device, a control center installed in the casing and coupled to the optical storage device, and an input/output port installed in the casing and exposed from the casing and coupled to an electronic device, such that if a user places a medium into the optical storage device, the control center will determine whether or not the medium is a read-once medium; if yes, then the content of the medium will be copied to the control center. In the meantime, the electronic device is examined to check whether or not the electronic device is a copy permit user; if yes, then the control center will copy the content of the medium to the electronic device. The present invention also provides a method for preventing unauthorized copying. | 08-27-2009 |
20090222672 | Integrated Circuit That Uses A Dynamic Characteristic Of The Circuit - An integrated circuit has a first component that has a dynamic characteristic that varies among like integrated circuits, for example, among integrated circuits fabricated using the same lithography mask. Operating the first component produces an output that is dependent on the dynamic characteristic of the first component. A digital value associated with the integrated circuit is generated using the output of the first component, and then the generated digital value is used in operation of the integrated circuit. | 09-03-2009 |
20090222673 | SYSTEM FOR CONTROLLING ACCESS AND DISTRIBUTION OF DIGITAL PROPERTY - Digital data protection is provided by a processor running an operating system programmed to generate one or more interrupts; an access mechanism detects one or more interrupts at or below a BIOS level, a given detected interrupt being associated with an operating system request to access protected portions of the data, and restricts access to the protected portions of the data by the operating system in accordance with at least one rule; a tamper detecting mechanism prevents access to the data in an unprotected form has means for destroying data stored in the access mechanism when tampering is detected. | 09-03-2009 |
20090228715 | MEDIA SECURITY SYSTEM AND METHOD - The present specification provides, amongst other things, a system for offering the capability to asynchronously upload secure media packages to client machines and providing for recovery of the media packages in playable (or other usable form) only at a predefined time, so that the client machines can all access the media packages only at or after the predefined time. | 09-10-2009 |
20090240951 | SYSTEM SECURITY MANAGER - In another embodiment, a method for securing a field-programmable logic chip or circuit (FPLC) is disclosed. Information is cryptographically processed within the FPLC. An error condition is detected outside of the FPLC and the error condition is communicated to the FPLC to disrupt an image(s) within the FPLC. Optionally, at least a portion of a key can be erased such that cryptographic processing is curtailed or eliminated. | 09-24-2009 |
20090254758 | METHOD AND APPARATUS FOR THE SECURE PROCESSING OF SENSITIVE INFORMATION - The subject matter of the invention relates to a system ( | 10-08-2009 |
20090254759 | TAMPER RESISTANCE OF A DIGITAL DATA PROCESSING UNIT - A system for increasing a tamper resistance of a digital data processing unit, comprises a first unit ( | 10-08-2009 |
20090254760 | DATA SECURITY - In one embodiment, a method is provided that may include encrypting, based least in part upon at least one key, one or more respective portions of input data to generate one or more respective portions of output data to be stored in one or more locations in storage. The method of this embodiment also may include generating, based at least in part upon the one or more respective portions of the output data, check data to be stored in the storage, and/or selecting the one or more locations in the storage so as to permit the one or more respective portions of the output data to be distributed among two or more storage devices comprised in the storage. Many modifications, variations, and alternatives are possible without departing from this embodiment. | 10-08-2009 |
20090259854 | METHOD AND SYSTEM FOR IMPLEMENTING A SECURE CHAIN OF TRUST - A method, an integrated circuit and a system for implementing a secure chain of trust is disclosed. While executing secure boot code in a secure boot mode, less-secure boot code may be authenticated using a secret key. A secure key may also be calculated or generated during the secure boot mode. After control is turned over to the authenticated less-secure boot code, at least one application may be authenticated using the secure key. Once authenticated in the less-secure boot mode, the application may be executed by the programmable integrated circuit. In this manner, a secure chain of trust may be implemented for the programmable integrated circuit. | 10-15-2009 |
20090259855 | Code Image Personalization For A Computing Device - A method and apparatus for personalizing a software component to be executed in particular environment are described herein. According to an aspect of the invention, in response to an executable code image representing a software component to be installed in an electronic device, the executable code image is encrypted using an encryption key. The encryption key is then wrapped with a UID that uniquely identifies the electronic device, where the UID is embedded within a secure ROM of the electronic device. The wrapped encryption key and the encrypted executable code image are then encapsulated into a data object to be stored in a storage of the electronic device, such that when the electronic device is subsequently initialized for operation, the executable code image can only be recovered using the UID of the electronic device to retrieve a decryption key in order to decrypt the executable code image. | 10-15-2009 |
20090259856 | DATA PROCESSING APPARATUS - A data processing apparatus is provided, which detects falsification of software to data and rewriting of the data. The data processing apparatus according to an embodiment of the present invention comprises a security unit which has an encryption circuit for decrypting an encrypted signal including secrecy data. The security unit includes a compression circuit which compresses an access signal used in accessing the security unit and outputs the compression result, and a comparison circuit which compares the compression result outputted from the compression circuit with a previously-calculated expectation value of the compression result of the access signal. | 10-15-2009 |
20090265561 | Separating Keys and Policy for Consuming Content - In accordance with one or more aspects of the separating keys and policy for consuming content, content has a corresponding leaf license, and the leaf license has one or more associated root policy addenda. Each root policy addenda includes policy identifying when it is permissible to decrypt and consume the content, but excludes a content key to decrypt the content. The content can be decrypted and consumed only if the policy identifies that it is permissible to decrypt and consume the content. | 10-22-2009 |
20090271636 | COMPUTER ENABLED SECURE STATUS RETURN - Computer related method and apparatus to transmit a logical value (e.g., 1 or 0) between two entities, such as an operating system and application program, in a secure way in an insecure environment. The logical status is sent by in effect encrypting it using two random numbers, one from each entity, before sending it to the other entity. However the encrypting is much “lighter” (requiring much less computer or circuit resources) than any conventional secure cipher and has a built-in verification feature. | 10-29-2009 |
20090271637 | INFORMATION PROCESSING TERMINAL AND STATUS NOTIFICATION METHOD - The present invention aims at providing an information processing terminal, a status notification system, and a status notification method that can protect both privacy and security when a status of the information processing terminal is notified to a server. An information processing terminal | 10-29-2009 |
20090276636 | FEDERATED DIGITAL RIGHTS MANAGEMENT SCHEME INCLUDING TRUSTED SYSTEMS - Federated systems for issuing playback certifications granting access to technically protected content are described. One embodiment of the system includes a registration server connected to a network, a content server connected to the network and to a trusted system, a first device including a non-volatile memory that is connected to the network and a second device including a non-volatile memory that is connected to the network. In addition, the registration server is configured to provide the first device with a first set of activation information in a first format, the first device is configured to store the first set of activation information in non-volatile memory, the registration server is configured to provide the second device with a second set of activation information in a second format, and the second device is configured to store the second set of activation information in non-volatile memory. | 11-05-2009 |
20090282261 | MANAGEMENT OF A TRUSTED CRYPTOGRAPHIC PROCESSOR - In an embodiment, an apparatus includes a trusted cryptographic processor that includes at least one functional unit. The trusted cryptographic processor also includes a controller to receive a primitive instruction that identifies which of the at least one functional unit is to perform an operation, wherein the controller is to reduce power to the at least one functional unit that is not identified by the primitive instruction. The apparatus includes a trusted power management unit to supply the power based on control from the controller, wherein the control is independent of a processor that is not in a trusted state. | 11-12-2009 |
20090282262 | Information Processing Apparatus, Information Processing System, and Encryption Information Management Method - According to one embodiment, the user virtual machine includes, a cryptographic key generating module configured to generate a cryptographic key for encrypting data an encryption module configured to encrypt data using the cryptographic key, an information generation module configured to generate information required for decrypting the encrypted data, a monitoring module configured to monitor generation of the cryptographic key, an instructing module configured to instruct the information generation module to generate the information when the monitoring module detects generation of the cryptographic key, and a transmitting module configured to transmit information generated according to instruction from the instructing module to the management virtual machine, and the management virtual machine includes a receiving module configured to receive information transmitted from the transmitting module, and a storing module configured to store the received information the storage apparatus allocated to the management virtual machine. | 11-12-2009 |
20090282263 | METHOD AND APPARATUS FOR A TRUST PROCESSOR - In an embodiment, an apparatus includes a cryptographic processor within a wireless device. The cryptographic processor includes at least one cryptographic unit. The cryptographic processor also includes a nonvolatile memory to store one or more microcode instructions, wherein at least one of the one or more microcode instructions is related to a sensitive operation. The cryptographic processor also includes a controller to control execution of the one or more microcode instructions by the at least one cryptographic unit, wherein the controller is to preclude execution of the sensitive operation if the apparatus is within an untrusted state. | 11-12-2009 |
20090282264 | ENCRYPTION/DECRYPTION ENGINE WITH SECURE MODES FOR KEY DECRYPTION AND KEY DERIVATION - In at least some embodiments, an electronic device comprises a processor and an encryption/decryption (E/D) engine coupled to the processor via a bus. The E/D engine selectively operates in a first mode and a second mode. For the first mode, an E/D engine output is provided to the bus. For the second mode, the E/D engine output is not provided to the bus and is accessible only to the E/D engine. | 11-12-2009 |
20090287939 | SECURE DEVICE, INFORMATION PROCESSING TERMINAL, SERVER, AND AUTHENTICATION METHOD - A secure device can make contents of terminal application authentication information calculation a different complicated calculation process at each time while suppressing the processing load in the secure device and a card application code size to low values. When issuing of a terminal application ( | 11-19-2009 |
20090287940 | SYSTEM AND METHOD FOR PROCESSING AND PROTECTING CONTENT - Systems and methods that process and protect content are provided. In one example, a system may include, for example, a first device coupled to a second device. The first device may include, for example, an integrated circuit that may include a content processing system and a security system. The security system may include, for example, a digital rights manager. The first device and the second device may be part of a network. The network receives content and control information via the first device. The content processing system processes incoming content based upon at least the control information. The integrated circuit protects the content before placing the content on the network. | 11-19-2009 |
20090292929 | INITIALIZATION OF A MICROPROCESSOR PROVIDING FOR EXECUTION OF SECURE CODE - An apparatus including a microprocessor and a secure non-volatile memory. The microprocessor executes non-secure application programs and a secure application program. The microprocessor has secure execution mode initialization logic and an authorized public key. The secure execution mode initialization logic provides for initialization of a secure execution mode within the microprocessor. The secure execution mode initialization logic employs an asymmetric key algorithm to decrypt an enable parameter directing entry into the secure execution mode. The authorized public key is used to decrypt the enable parameter, the enable parameter having been encrypted according to the asymmetric key algorithm using an authorized private key that corresponds to the authorized public key. The secure non-volatile memory stores the secure application program, where transactions over the private bus between the microprocessor and the secure non-volatile memory are isolated from the system bus and corresponding system bus resources within the microprocessor. | 11-26-2009 |
20090292930 | SYSTEM, METHOD AND APPARATUS FOR ASSURING AUTHENTICITY AND PERMISSIBLE USE OF ELECTRONIC DOCUMENTS - A system and method for secure document management including tagging and/or remotely tracking documents exchanged between one or more users and a document repository. In some embodiments, the security policies for documents are determined based at least in part on document content, metadata associated with the document, and/or usage history of the document. | 11-26-2009 |
20090300366 | System and Method for Providing a Secure Application Fragmentation Environment - System and method for providing and using expanded memory resources secure application environment is disclosed. An embodiment comprises a system and method for providing secure application functionality comprising receiving a request for a secure operation; determining if required application code for the secure operation is present in an application fragment store; sequentially loading a plurality of fragments of the required application code from an external memory, if the required application code is not present in the application fragment store; sequentially executing the plurality of fragments of the required application code; and sending a reply to the request for the secure operation. The system and method may further comprise decrypting each of the plurality of fragments of the required application code using a secure key prior to execution of the fragment and verifying the integrity of the code fragment. | 12-03-2009 |
20090300367 | ELECTRONIC CERTIFICATION AND AUTHENTICATION SYSTEM - The invention is an automated system that works in the data center of certification offices connected to the internet which enables a member of the any of the certification offices to certify his document electronically from a distance using a computer connected to the internet, digital pad, an electronic pen and a printer. | 12-03-2009 |
20090313481 | METHOD AND SYSTEM FOR CHANGING SAFETY-RELEVANT DATA FOR A CONTROL DEVICE - A system and method for changing safety-relevant data for a control device is provided wherein an authorized user inputs new or altered safety-relevant data, which is received on a data processing installation. A first checksum for the safety-relevant data is established and stored along with the safety-relevant data in at least one data record on the data processing installation. An enable code may also be stored in the at least one data record. This enable code may be produced by a code generator and encrypted by a key module. The data processing installation then reads back the safety-relevant data from a memory in the data processing installation, thereby allowing a comparison of the received safety-relevant data and the read back safety-relevant data. A second checksum is generated in a case where the comparison resulted in no differences. The second checksum may also be stored in the at least one data record. At least one new data record containing the safety-relevant data, the encrypted enable code and the first and second checksums is created and transmitted to the control device. The new data record is checked against prior data records and prior checksums stored on a storage medium to determine that the at least one new data record is known to the control device. | 12-17-2009 |
20090313482 | Apparatus, Method and System for Generating a Unique Hardware Adaptation Inseparable from Correspondingly Unique Content - The present invention includes an apparatus, method and system for generating a configuration of an adaptive circuit which is inseparable from selected content. Either the adaptive circuit or encrypted, selected content has a unique identifier. In one of the preferred method and system embodiments in which the adaptive circuit has the unique identifier, a request for the selected content is received, along with the unique identifier, such as by a network server. The selected content is then encrypted, based upon the unique identifier, to form encrypted content. Configuration information for the adaptive circuit, corresponding to the unique identifier and the encrypted content, is generated to form corresponding configuration information. A service provider, such as through a network server, transfers the encrypted content and the corresponding configuration information to the adaptive circuit having the unique identifier, which may then be configured for use of the selected content. As a consequence, the present invention creates adaptive hardware configurations which are uniquely coupled to the selected content. | 12-17-2009 |
20090319799 | GENERATING UNIQUE DATA FROM ELECTRONIC DEVICES - Providing for analysis of artifacts of electronic devices to generate data that is substantially unique to a particular device or to a class of devices is described herein. In some aspects, analyzed artifacts are chosen based on reliable reproducibility of such data over many analyses. The substantially unique data can be associated with a particular electronic device(s) to distinguish such devices from other devices. In some aspects, the generated data is first transformed into an identifier, such as a number, word, string of data, etc., to distinguish the electronic device in remote communication, to provide a key in an encryption/decryption algorithm, and so on. The data can be reproduced by reanalyzing the artifacts, and thus need not be stored for future consumption, mitigating risks involved in storing sensitive data. | 12-24-2009 |
20090319800 | CRYPTOGRAPHIC DEVICE HAVING SESSION MEMORY BUS - Provided is a cryptographic device performing encryption or decryption on input data, and more particularly, a cryptographic device having a session memory bus for communicating with a session memory. The cryptographic device includes: an external session memory for storing cryptographic information on each session; a cryptographic processor for encrypting or decrypting input data using the cryptographic information; an external session memory bus connected to the external session memory and the cryptographic processor; and a Central Processing Unit (CPU) for transferring and receiving data to and from the external session memory via the cryptographic processor. The separate session memory buses allow the cryptographic processor to access a session memory without being disturbed by another device, thereby improving the entire performance of the cryptographic device. | 12-24-2009 |
20090319801 | Security-Enhanced Storage Devices Using Media Location Factor in Encryption of Hidden and Non-Hidden Partitions - Methods and devices for increasing or hardening the security of data stored in a storage device, such as a hard disk drive, are described. A storage device provides for increased or hardened security of data stored in hidden and non-hidden partitions of a storage medium in the device. An algorithm may be utilized for deriving a key that is used to encrypt or decrypt text before it is read from or written to the hard disk. The algorithm accepts as input a specific media location factor, such as an end address or start address of the block where the text is being read from or written to, and a secret key of the storage component. The output of the algorithm is a final key that may be used in the encryption and decryption process. Thus, in this manner, the final key is dependent on the location of the block where the data is being written or read, thereby making it more difficult to tamper with the data, which may be stored in a hidden or non-hidden partition of a hard disk. | 12-24-2009 |
20090319802 | Key Genaration In An Integrated Circuit - A method of manufacturing a series of integrated circuits having related functionality, the method including the steps of: (a) determining an identifier; (b) permanently storing the identifier on one of the integrated circuits; (c) repeating steps (a) and (b) for each integrated circuit in the series; and wherein the identifiers for the series are determined in such a way that knowing the identifier of one of the integrated circuits does not improve the ability of an attacker to determine the identifier of any of the other integrated circuits. | 12-24-2009 |
20090319803 | INFORMATION PROCESSING SYSTEM AND INFORMATION PROCESSING METHOD - An information processing system has a power supply section which detects a predetermined potential applied to a USB terminal and supplying the potential as a source potential, an information detection section which detects the predetermined information supplied to the USB terminal, and a processing section which executes, subsequent to the detection of the predetermined potential, the encryption process or the decryption process in accordance with at least the operating information supplied from the operation key arranged on the body and in accordance with the predetermined information supplied to the USB terminal after detection of the predetermined information. The recording and reproducing operation can be performed with the operating key on the body with power supplied only from the USB terminal. | 12-24-2009 |
20090327746 | KEY ENCRYPTION AND DECRYPTION - Provided is a data storage drive for encrypting data, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a session key, wherein a result is a data key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium. Also provided is a system, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a private key, wherein a result is a secret key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium. | 12-31-2009 |
20090327747 | TEMPLATE RENEWAL IN HELPER DATA SYSTEMS - The invention provides a method for authenticating a physical object (OBJ) using a first helper data (W | 12-31-2009 |
20090327748 | SYSTEM AND METHOD FOR FAST QUERYING OF ENCRYPTED DATABASES - A system, method, computer program product, and data management service that allows any comparison operation to be applied on encrypted data, without first decrypting the operands. The encryption scheme of the invention allows equality and range queries as well as the aggregation operations of MAX, MIN, and COUNT. The GROUPBY and ORDERBY operations can also be directly applied. Query results produced using the invention are sound and complete, the invention is robust against cryptanalysis, and its security strictly relies on the choice of a private key. Order-preserving encryption allows standard database indexes to be built over encrypted tables. The invention can easily be integrated with existing systems. | 12-31-2009 |
20090327749 | INDEXING ENCRYPTED FILES BY IMPERSONATING USERS - Methods and computer-readable media for indexing an encrypted file by impersonating a user is provided. A set of keys may be associated with a particular encrypted file. Once these keys are identified, the users who own these keys may then be identified by consulting an association of keys to users, which may be updated immediately upon the addition of new keys. If one of the users is currently logged on, the logon information associated with that user may be used to access the content of the encrypted file. The encrypted file may then be indexed based on the accessed content. To allow more than one user to use the same index, security identifiers may be assigned to index records associated with encrypted files to protect content of encrypted files from unauthorized users. | 12-31-2009 |
20090327750 | SECURITY SYSTEM FOR CODE DUMP PROTECTION AND METHOD THEREOF - A security system for code dump protection includes a storage device, a processor, and a decryption unit. The storage device has a protected storage area storing at least an encrypted code segment. The processor is utilized for issuing at least one address pattern to the storage device for obtaining at least one information pattern corresponding to the address pattern. The decryption unit checks signal communicated between the processor and the storage device to generate a check result, and determines whether to decrypt the encrypted code segment in the protected storage area to generate a decrypted code segment to the processor according to the check result. | 12-31-2009 |
20090327751 | METHOD AND SYSTEM FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - A method and system for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object. | 12-31-2009 |
20090327752 | Method and apparatus for selectively enabling a microprocessor-based system - A system for selectively enabling a microprocessor-based system is disclosed. State information that describes the operating conditions or circumstances under which a user intends to operate the system is obtained. In the preferred embodiment of the invention, a valid hash value is determined, preferably based on the state information and preferably by locating the valid hash value within a table of valid hash values indexed by the state information. Candidate authorization information is obtained from the user, and a candidate hash value is generated by applying a hashing algorithm to the candidate authorization information, the state information, or a combination of the candidate authorization information and state information. The candidate hash value and the valid hash value are then compared, and the microprocessor-based system is enabled if the candidate hash value matches the valid hash value. In this manner, the designer or distributor of the system can determine, at the time of manufacture or distribution, the conditions and circumstances under which the system may be operated. | 12-31-2009 |
20090327753 | Method and apparatus for selectively enabling a microprocessor-based system - A system for selectively enabling a microprocessor-based system is disclosed. State information that describes the operating conditions or circumstances under which a user intends to operate the system is obtained. In the preferred embodiment of the invention, a valid hash value is determined, preferably based on the state information and preferably by locating the valid hash value within a table of valid hash values indexed by the state information. Candidate authorization information is obtained from the user, and a candidate hash value is generated by applying a hashing algorithm to the candidate authorization information, the state information, or a combination of the candidate authorization information and state information. The candidate hash value and the valid hash value are then compared, and the microprocessor-based system is enabled if the candidate hash value matches the valid hash value. In this manner, the designer or distributor of the system can determine, at the time of manufacture or distribution, the conditions and circumstances under which the system may be operated. | 12-31-2009 |
20090327754 | COMMUNICATIONS TERMINAL, STORAGE MEDIUM STORING COMMUNICATION TERMINAL CONTROLLING PROGRAM, COMMUNICATION TERMINAL CONTROLLING METHOD, STORAGE MEDIUM STORING COMMUNICATION CONTROLLING PROGRAM AND AUTHENTICATION SYSTEM - A communication terminal | 12-31-2009 |
20090327755 | INFORMATION-PROCESSING DEVICE AND INFORMATION MANAGEMENT PROGRAM - [Problems] To more infallibly prevent leak of information because loss or theft. | 12-31-2009 |
20100005316 | BRANCH TRACE METHODOLOGY - Method, system, and computer program product embodiments for performing a branch trace operation on a computer system of an end user are provided. An encrypted mapping macro is provided to the end user to be made operational on the computer system. A trace program is provided to the end user. The end user executes the trace program on the computer system as a diagnostic tool. The trace program is adapted for decrypting the encrypted mapping macro, determining a storage offset location of a branch instruction; checking the storage offset location for an identifying constant, cross referencing the identifying constant with an entry in the decrypted mapping macro to identify a branch triggering bit and diagnostic information associated with the branch instruction, and returning the branch triggering bit and diagnostic information, the branch triggering bit and diagnostic information provided to a coder. | 01-07-2010 |
20100011224 | SYSTEM AND METHOD FOR PRODUCING AND CHECKING VALIDATION CERTIFICATES - A system, method, and computer program product for computing a digest value of a document, one or more schemas, and a validation report. The validation report indicates a validation status of the document based on the schema or schemas. The digest value is encrypted to produce a digital signature of the document, the schema or schemas, and the validation report. | 01-14-2010 |
20100011225 | INFORMATION TERMINAL, SECURITY DEVICE, DATA PROTECTION METHOD, AND DATA PROTECTION PROGRAM - An information terminal that decrypts sealed data without returning program data after update to the state before update. The information terminal includes update certificate storage unit | 01-14-2010 |
20100011226 | DATA MANAGEMENT METHOD, DATA MANAGEMENT SYSTEM, AND DATA STORAGE SYSTEM - Encrypted data and an encryption key used for the encrypted data are separately stored and managed. A first storage device stores an encrypted data block, predetermined information and first management information. The predetermined information includes key data for decrypting the encrypted data block and includes a requirement for using the encrypted data block. The first management information is used to manage the encrypted data block and includes a first storage address at which the predetermined information is stored. A host device transfers the predetermined information from the first storage device to a second storage device, causes second management information including a second storage address, at which the transferred predetermined information is stored and which is included in the second storage device to be stored in the second storage device. | 01-14-2010 |
20100017621 | RADIO TRANSCEIVER OR OTHER ENCRYPTION DEVICE HAVING SECURE TAMPER-DETECTION MODULE - An encryption device includes a system processor having a first key for encrypting information. The system processor periodically generates random data strings that are also encrypted using the first key. The encryption device also includes a first output for communicating the encrypted information to an external location and a tamper detection module for receiving on a periodic basis the random data strings generated by the system processor. The tamper detection module includes a second key that is the same as the first key, an encryption engine for encrypting the random data strings using the second key, and a second output for communicating the encrypted data strings to the system processor. The tamper detection module is configured to alter the second key upon detection of a tampering event so that the second key is different from the first key. | 01-21-2010 |
20100017622 | High performance arithmetic logic unit (ALU) for cryptographic applications with built-in countermeasures against side channel attacks - The present invention is a cryptoengine configured for providing countermeasures against attacks, including: an input/output (I/O) control unit, a memory, a controller, and an Arithmetic Logic Unit (ALU). The memory is communicatively coupled with the I/O control unit, receives inputs from the I/O control unit, and provides outputs to the I/O control unit based upon the received inputs. The controller is communicatively coupled with the I/O control unit for transmitting and receiving control signals. The ALU includes a plurality of storage components and computational components. The ALU is communicatively coupled with the controller and receives commands from/transmits status bits and flags to the controller. The ALU is further communicatively coupled with the memory and is configured for providing output signals to/receiving input signals from the memory. Further, the cryptoengine is configured for being communicatively coupled with a host computing device. | 01-21-2010 |
20100017623 | Executable software security system - A computer system which is configured to load executable programs. This configuration first accepts an operator defined key; withdraws an encrypted executable program from memory; and, using the operator defined key, decrypts the encrypted executable program into a functional executable program. It is this functional executable program which is used by the processing unit. During shutdown, each executable program is checked to see if it was derived from an encrypted executable program; those that aren't, are verified as being legitimate by the operator prior to their storage into the memory. | 01-21-2010 |
20100023779 | CRYPTOGRAPHIC PROCESSING METHOD AND CRYPTOGRAPHIC PROCESSING APPARATUS - In a cryptographic processing method, middle data which is the result of operation at a predetermined stage during encryption and decryption processing is saved and the subsequent encryption and decryption processes are divided into a first encryption and decryption processing which uses the initial data as input for the initial operation and second encryption and decryption processing which uses the saved middle data as input for the first stage operation. | 01-28-2010 |
20100031054 | ENCRYPTION MONIKER IN MEDIUM AUXILIARY MEMORY - A tape cartridge is described including tape storage medium maintaining stored encrypted data that can be unencrypted via an encryption key. The tape cartridge also contains a medium auxiliary memory possessing a moniker wherein the moniker identifies the encryption key. The tape cartridge further includes a threshold parameter stored in the medium auxiliary memory wherein the threshold parameter influences a moniker state control, the moniker state control comprises an on state and an off state wherein the off state disables the moniker from identifying the encryption key. | 02-04-2010 |
20100031055 | EMBEDDED DEVICE HAVING COUNTERMEASURE FUNCTION AGAINST FAULT ATTACK - A cryptographic processing device, comprising: a storage unit; initial setting unit for setting a value to be stored in the storage unit; Montgomery modular multiplication operation unit for performing a Montgomery modular multiplication operation plural times for a value set by the initial setting unit; and fault attack detection unit for determining whether or not a fault attack occurred for each of at least some parts of the Montgomery modular multiplication operations performed plural times. | 02-04-2010 |
20100037066 | INFORMATION PROCESSING APPARATUS, METHOD, PROGRAM, AND INFORMATION PROCESSING SYSTEM - An information processing apparatus, comprising: a decryption request unit that issues a decryption request for decrypting a encrypted target program at the time of the start of execution of the target program; a decryption unit that receives said decryption request from said decryption request unit, decrypts said encrypted target program and writes the so-decrypted target program into a first memory; an erasure request unit that issues an erasure request for erasing said decrypted target program at the time of the completion of execution of the target program; and
| 02-11-2010 |
20100037067 | Operating System - A new and improved operating system comprising a series of self-contained interconnected modules and service layers for connecting proprietary systems together and extracting and translating data therefrom enables existing software systems to operate and cooperate in an existing software ecosystem while allowing flexible connections with both existing and new applications. | 02-11-2010 |
20100049988 | METHOD FOR ACCESS TO A PORTABLE MEMORY DATA SUPPORT WITH AUXILIARY MODULE AND PORTABLE MEMORY DATA SUPPORT - A method, a memory data carrier ( | 02-25-2010 |
20100049989 | Digital content management method and apparatus for mobile terminal - A mobile terminal includes an apparatus configured to perform content management method. When a DRM content that is not playable owing to license expiration is found during the content playback mode, the non-playable DRM content can be removed, moved to a pre-specified folder, or license-renewed according to settings. The content management method includes: playing back a content selected from a given content list during a content playback mode; finding, during the content playback mode, an expired DRM content that is not playable owing to license expiration; determining, when an expired DRM content is found, a handling option for the expired DRM content; and performing one of deleting the expired DRM content, moving the expired DRM content, and renewing the license associated with the expired DRM content, according to the determined handling option. | 02-25-2010 |
20100058069 | METHOD AND DEVICE FOR DETERMINING A UNIQUE CONTENT INSTANCE IDENTIFIER, UNIQUE CONTENT INSTANCE IDENTIFIER AND METHOD AND DEVICE FOR MANAGING CONTENT LICENSES - A method and a device for determining a unique content instance identifier of a content item, wherein the content item is received by a receiving device and provided to a content management system and includes an original content identifier of an original identification scheme. The method: defines a data structure of the unique content item identifier depending on the original identification scheme, the data structure including a first, a second and third part, wherein the size of at least one of the second and third parts depends on the original identification scheme; stores a code in the first part, wherein the code uniquely identifies the original identification scheme; stores the original content identifier, a derivative thereof, and/or a device identifier identifying the receiving device in the second part; and stores a freely allocatable value in the third part, such that no duplicate unique content instance identifiers are generated by the device. | 03-04-2010 |
20100064142 | INFORMATION SECURITY DEVICE, INFORMATION SECURITY METHOD, COMPUTER PROGRAM, COMPUTER-READABLE RECORDING MEDIUM, AND INTEGRATED CIRCUIT - The present invention aims to provide an information security apparatus that counters a simple power analysis attack (SPA) on an information security apparatus such as an RSA cryptosystem. The information security apparatus uses a multiplication with 1 in a Montgomery domain. 1 in the Montgomery domain is determined depending on a modulus and an integer k, which is greater than a number of bits of a modulus p. Therefore, it is hard for attackers who do not know p or k to analyze. Also, even if an analyzer can predict the Hamming weight, it is possible to further improve the safety against the SPA by modifying k or the modulus at random. | 03-11-2010 |
20100064143 | SYSTEM LSI - A system LSI comprising: a processor which processes confidential data; a first on-chip bus which is connected to the processor; a working memory which saves the confidential data processed by the processor; and a memory interface circuit which is connected between the first on-chip bus and the working memory, and through which data is transferred between the working memory and the first on-chip bus under control of the processor. | 03-11-2010 |
20100070776 | Logging system events - Provided is computer implemented method for logging system events, comprising:
| 03-18-2010 |
20100070777 | SEMICONDUCTOR DEVICE IDENTIFIER GENERATION METHOD AND SEMICONDUCTOR DEVICE | 03-18-2010 |
20100070778 | SECURE FILE ENCRYPTION - A technique for secure file encryption first choose a file encryption key randomly among a set of file encryption keys and encrypts a file using the chosen file encryption key based on a set of encryption rules. The file encryption key can then be encrypted via a directory master secret (DMS) key for an extra layer of security so that an intruder cannot decrypt the encrypted file even if the intruder gains access to the DMS-encrypted file encryption key. Finally, the DMS-encrypted file encryption key can be stored in a metadata associated with the file. | 03-18-2010 |
20100070779 | INTEGRITY OF CIPHERED DATA - A method for protecting the integrity of data ciphered by a ciphering algorithm providing at least an intermediary state meant to be identical in ciphering and in deciphering, this intermediary state being sampled during the ciphering to generate a signature. | 03-18-2010 |
20100077225 | Protection Against Side Channel Attacks with an Integrity Check - The invention relates to a method for protecting a sensitive operation by checking the integrity of at least a subset of the data manipulated by the sensitive operation. Data to be checked are divided into blocks, an intermediate integrity check value being computed for each block, the intermediate integrity check values being computed in random order. The invention also relates to a cryptographic device wherein at least one sensitive operation of the cryptographic device is protected by a method according to the invention. | 03-25-2010 |
20100077226 | ENCRYPTION DEVICE AND ENCRYPTION OPERATION METHOD - Provided is an encryption device which can effectively use a hardware encryption engine and reduce a packet processing delay of a real time application. In this device, an approval unit ( | 03-25-2010 |
20100077227 | CRYPTOGRAPHIC PROCESSING DEVICE AND METHOD FOR ADAPTING TO SHARED-CACHE ATTACKS - Embodiments of a cryptograph processing device and method for adapting to shared-cache attacks are generally described herein. Other embodiments may be described and claimed. In some embodiments, the cryptographic processing device comprises first and second processing units, and a cache that is shared by the first and second processing units. The first processing unit may monitor a number of cache misses that occur during the performance of a first cryptographic process and may switch to performing a second cryptographic process after the number of cache misses exceeds a threshold. | 03-25-2010 |
20100083002 | Method and System for Secure Booting Unified Extensible Firmware Interface Executables - A method and computing device for secure booting of unified extensible firmware interface executables includes generating a platform private key, signing a third party credential, storing the signed third party credential in a database located in a trusted platform module, and executing a unified extensible firmware interface executable only if an associated signed third party credential is stored in the trusted platform module. | 04-01-2010 |
20100088523 | TRUSTED PLATFORM MODULE SECURITY - The described implementations relate to trusted platform module (TPM) security. One configuration that is implemented on a computing device includes a TPM configured to generate a key pair utilizing a factor stored on the TPM and an external cofactor that is not stored on the TPM. The computing device also includes a communication device configured to receive the external cofactor and convey the external cofactor to the TPM. | 04-08-2010 |
20100088524 | Data processing on a non-volatile mass storage device - A non-volatile mass storage device is provided comprising memory circuitry accessible to a host data processing device via a communication link. The non-volatile mass storage device comprises processing circuitry for locally accessing the memory circuitry of the file system and is capable of triggering generation of a file for storage on the memory circuitry by connection of the non-volatile mass storage device to the host data processing device. The generated file comprises information dependent upon a state of the non-volatile mass storage device. A corresponding method of operating a non-volatile mass storage device is provided and a computer program is provided for obtaining the information dependent upon the state of the non-volatile mass storage device, for locally accessing the memory circuitry and for generating the file for storage on the memory circuitry. | 04-08-2010 |
20100095130 | SMARTCARDS FOR SECURE TRANSACTION SYSTEMS - Systems and methods for programming a secured smartcard are described. An encrypted mapping is stored on the smartcard and is accessible using encryption keys, each encryption key providing an access level to the content of the mapping, providing a reference mapping and a development key to a developer. The developer may provide data files and an edited version of the reference mapping. The encrypted mapping can then be updated and the files stored on the smartcard according to the updated encrypted mapping. The developer need not know the structure and content of the encrypted mapping file. The data file may include a biometric template corresponding to an authorized user of the smartcard. The data file may additionally or alternatively comprise an application that can access encrypted files on the smartcard even if the developer of the application cannot access those same files. | 04-15-2010 |
20100095131 | METHOD AND SYSTEM FOR SEAMLESS INTEGRATION OF PREPROCESSING AND POSTPROCESSING FUNCTIONS WITH AN EXISTING APPLICATION PROGRAM - A method for associating file activity of an application with the graphical display of the file on a screen comprises loading by an operating system an executable code of a message monitoring program adapted to monitoring a message sent by an operating system to a document display window. The message monitoring program establishes a system-wide window hook using available operating system API functions associated with one or more functions in a library of the message monitoring program. The message monitoring program library is loaded into the memory space of a newly started application program, the import table of the application is fixed with addresses of functions from the message monitoring program library, and the application's main window function is substituted with a message monitoring program window function. | 04-15-2010 |
20100095132 | PROTECTING SECRETS IN AN UNTRUSTED RECIPIENT - A technique for protecting secrets may involve enclosing master secret keys in an encapsulation module functioning like an envelope on a host that may run an untrusted operating system. The encapsulation module itself can be obfuscated and protected with various software security techniques, such as anti-debugging techniques, which make reverse-engineering more difficult. Session or file keys could then be derived from the master key stored in the encapsulation module on the host, wherein each of the keys protects a session or a file on the host. Additionally, a code can be provided to prevent the master secret and the keys from being swapped to a non-volatile storage device of the host. | 04-15-2010 |
20100095133 | REDUCTION OF SIDE-CHANNEL INFORMATION BY INTERACTING CRYPTO BLOCKS - A cryptography device which reduces side channel information including a first computing block adapted to either encrypt or decrypt received first input data and to output the encrypted or decrypted first input data as first output data at a first data output, a second computing block adapted to either encrypt or decrypt received second input data and to output the encrypted or decrypted second input data as second output data at a second data output, and a control unit connected to the first and second computing blocks and adapted in a first operating condition on the one hand to partially or completely assign the first output data to the first computing block as the first input data and on the other hand to completely or partially assign the first output data to the second computing block as part of the second input data. | 04-15-2010 |
20100100748 | ARRANGEMENT FOR AND METHOD OF PROTECTING A DATA PROCESSING DEVICE AGAINST AN ATTACK OR ANALYSIS - In order to further develop an arrangement for as well as a method of protecting at least one data processing device, in particular at least one embedded system, for example at least one chip card or smart card, against at least one attack, in particular against at least one side-channel attack, for example against at least one current trace analysis, the data processing device, in particular at least one integrated circuit of the data processing device, carrying out calculations, in particular cryptographic operations wherein an attack, for example an E[lectro]M[agnetic] radiation attack, or an analysis, for example a D[ifferential]P[ower]A[nalysis], such attack or such analysis in particular targeted on finding out a private key, is to be securely averted, it is proposed to blind all intermediate results of the calculations by at least one random variable, without inverting any operand of the calculations. | 04-22-2010 |
20100106976 | REPRESENTATION AND VERIFICATION OF DATA FOR SAFE COMPUTING ENVIRONMENTS AND SYSTEMS - Techniques for representation and verification of data are disclosed. The techniques are especially useful for representation and verification of the integrity of data (integrity verification) in safe computing environments and/or systems (e.g., Trusted Computing (TC) systems and/or environments). Multiple independent representative values can be determined independently and possibly in parallel for respective portions of the data. The independent representative values can, for example, be hash values determined at the same time for respective distinct portions of the data. The integrity of the data can be determined based on the multiple hash values by, for example, processing them to determine a single hash value that can serve as an integrity value. By effectively dividing the data into multiple portions in multiple processing streams and processing them in parallel to determine multiple hash values simultaneously, the time required for hashing the data can be reduced in comparison to conventional techniques that operate to determine a hash value for the data as a whole and in a single processing stream. As a result, the time required for integrity verification can be reduced, thereby allowing safe features to be extended to devices that may operate with relatively limited resources (e.g., mobile and/or embedded devices) as well as improving the general efficiency of device that are or will be using safety features (e.g., Trusted Computing (TC) device). | 04-29-2010 |
20100106977 | Method and Apparatus for Secure Software Platform Access - In an advantageous approach to securing type safety in software platform accesses made by software applications, this disclosure teaches the inclusion of cryptographically signed type information in software applications, for authentication and registration by a software platform. With this approach, a given software application is permitted to make platform accesses (e.g., data type instantiations, memory accesses, method invocations, etc.) only in conformance with the registered type information. | 04-29-2010 |
20100106978 | DISPLAY DEVICE AND DISPLAY CONTENT SHARING METHOD - This present disclosure provides a display device and a display content sharing method by employing the display device, the display device includes a storage unit and a display unit, the display content sharing method includes: obtaining an identity code of a wireless communication device; obtaining encrypted digital content of the identity code in the storage unit; decrypting the encrypted digital content of the identity code; displaying the decrypted content on the display unit. | 04-29-2010 |
20100106979 | Method, Apparatus, and Device for Providing Security Among a Calling Function and a Target Function - The device and accompanying apparatus and method provides security among a calling function, such as an any executable code, and at least one target function, such as any executable code that the calling function wishes to have execute. In one example, the device includes an engine operative to perform run-time verification of the signatures of secure interrupt handler code and at least one target function before allowing execution of the at least one target function. If both the secure interrupt handler code's signature and the at least one target function's signature are successfully verified, the at least one target function is allowed to execute. | 04-29-2010 |
20100115286 | LOW LATENCY BLOCK CIPHER - A block cipher is provided that secures data by encrypting it based on the memory address where it is to be stored. When encrypting data for storage in the memory address, the memory address is encrypted in a first plurality of block cipher rounds. Data round keys are generated using information from the first plurality of block cipher rounds. Data to be stored is combined with the encrypted memory address and encrypted in a second plurality of block cipher rounds using the data round keys. The encrypted data is then stored in the memory location. When decrypting data, the memory address is again encrypted as before while the encrypted stored data is decrypted in a second plurality of the block cipher rounds using the data round keys to obtain a partially decrypted data. The partially decrypted data is combined with the encrypted memory address to obtain fully decrypted data. | 05-06-2010 |
20100115287 | SYSTEM AND METHOD FOR OBFUSCATING CONSTANTS IN A COMPUTER PROGRAM - Disclosed herein are systems, computer-implemented methods, and tangible computer-readable media for obfuscating constants in a binary. The method includes generating a table of constants, allocating an array in source code, compiling the source code to a binary, transforming the table of constants to match Pcode entries in an indirection table so that each constant in the table of constants can be fetched by an entry in the indirection table. A Pcode is a data representation of a set of instructions populating the indirection table with offsets toward the table of constants storing the indirection table in the allocated array in the compiled binary. The method further includes populating the indirection table with offsets equivalent to the table of constants, and storing the indirection table in the allocated array in the compiled binary. Constants can be of any data type. Constants can be one byte each or more than one byte each. In one aspect, the method further includes splitting constants into two or more segments, treating each segment as a separate constant when transforming the table of constants, and generating a function to retrieve and reconstruct the split constants. | 05-06-2010 |
20100115288 | SYSTEM AND METHOD OF ENCRYPTION FOR DICOM VOLUMES - Digital image storage and management systems capable of producing encrypted DICOM volumes on different types of media (e.g., Blu-ray, CD, DVD, memory stick, USB flash drive, etc.), with or without the automatic generation of labels, systems and mechanisms to generate and manage passwords for the encrypted volumes, and systems and mechanisms to manage access to encrypted data on such volumes are disclosed. Generated encrypted DICOM volumes, which can comprise confidential patient data, can be securely interchanged, archived, and distributed to users. The disclosed systems and methods can permit authorized users to access encrypted data, even if the users do not have access to the original encryption mechanism. Encrypted data stored on the volume can be easily and securely accessed by a variety of authorized users. | 05-06-2010 |
20100115289 | Method and apparatus for encrypting user data - A mobile terminal is capable of performing message encryption. The mobile terminal includes a display unit that can display contents of a message and an input unit that can receive a selection input for a portion of the displayed content. A portion of the displayed content can be selected for encryption. The selected portion of the displayed content is encrypted. The mobile terminal can store the message containing the encrypted content and information regarding the password. | 05-06-2010 |
20100122094 | SOFTWARE IC CARD SYSTEM, MANAGEMENT SERVER, TERMINAL, SERVICE PROVIDING SERVER, SERVICE PROVIDING METHOD, AND PROGRAM - A management server calculates a hash value of software for providing a service, generates a first software area from software which is provided a second electronic signature, provides a third electronic signature to user information provided with a first electronic signature transmitted from a terminal, to the hash value, and to user management information, encrypts a second software area generated from the third electronic signature, user information, from hash value, and from user management information using a common key of the management server and service providing server, combines the first software area and encrypted second software area to create a software IC card, encrypts the software IC card using a public key of the terminal, and transmits the encrypted software IC card to the terminal. | 05-13-2010 |
20100125739 | SECURE CONFIGURATION OF PROGRAMMABLE LOGIC DEVICE - A cryptographic system ( | 05-20-2010 |
20100131771 | METHOD TO RESTORE A FAILED HDD OF A PVR - The invention relates to recovering files stored on a HDD of a Personal Video Recorder (PVR) in the case of a crash of the HDD. Every time a file is stored on an external medium special information of the file system of the HDD is stored —optionally in encrypted form—on the medium as far as enough storage capacities available there. According to the invention the stored information is overwritten if a rewritable medium is used. By that the medium can be optimally used. If the HDD fails the stored information can be used to copy the files to external media. | 05-27-2010 |
20100131772 | MODULE VALIDATION - A module validation system and methods are disclosed for use with graphical user interfaces provided by a workstation that, among other things, remotely monitor and/or control game and/or gaming devices and/or systems. Validation of modules used in shells that provide graphical user interfaces enables the module validation system to provide users with varying levels of access to a gaming system. | 05-27-2010 |
20100138669 | ENCRYPTION AND DECRYPTION OF A DATASET IN AT LEAST TWO DIMENSIONS - It is described a method for encrypting and a method for decrypting at least a portion ( | 06-03-2010 |
20100138670 | STORAGE APPARATUS AND DATA WRITING METHOD - According to one embodiment, a storage apparatus includes: a controller encrypting user data with a key, and writing the encrypted user data in a storage medium; and a key changing module changing the key. The storage medium includes a user data region and a key changing region. When the key is changed, the controller divides the user data written in the storage medium into a plurality of pieces, encrypts a piece of the user data adjacent to the key changing region with the changed key, writes the encrypted piece into the key changing region, sequentially shifts each of the pieces other than the piece of the user data adjacent to the key changing region by one logical block size in a direction toward the key changing region, and writes the shifted pieces. | 06-03-2010 |
20100138671 | METHODS AND APPARATUSES FOR PROVIDING DRM INTEROPERABILITY - Methods and apparatuses for providing DRM interoperability are provided. Proxy re-encryption technique using bilinear map is used, and the same content can be used in different devices. According to the method of providing DRM interoperability includes in proxy agent with respect to digital rights management (DRM) service providers and device which supports predetermined DRM, first DRM service provider, second DRM service provider, the proxy agent, and the device identify each other, and proxy re-encrypt an interoperable content (IC) and provide the IC to the device. The IC is second-level encrypted by using a key of the first DRM service provider, and the proxy re-encryption is performed by using a proxy key generated from proxy key information provided from the first DRM service provider and the second DRM service provider. Therefore, a problem in which interoperability cannot be guaranteed since a DRM technique depends on a service provider is resolved. | 06-03-2010 |
20100146291 | SECURE FRAMEWORK FOR INVOKING SERVER-SIDE APIS USING AJAX - Techniques for securely invoking a server-side API from client-side Web application code using AJAX. In one set of embodiments, a request to invoke a server-side API is received from a client-side component of a Web application, where the request is sent asynchronously using AJAX. One or more security handlers are then invoked to process the request in a manner that mitigates various security attacks. In one embodiment, a security handler is invoked to defend against a plurality of different types of Web application/AJAX security attacks. In another embodiment, authentication and authorization security handlers are invoked to authenticate a user of the Web application that originated the request and determine whether the user is authorized to call the server-side API. In yet another embodiment, configuration is implemented at the data storage tier to enforce user-access and data security on data that is retrieved/stored as a result of invoking the server-side API. | 06-10-2010 |
20100146292 | APPARATUS, SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR GENERATING AND SECURING A PROGRAM CAPABLE OF BEING EXECUTED UTILIZING A PROCESSOR TO DECRYPT CONTENT - A system, method, and computer program product are provided for generating and securing a program, and secrets including confidential keys, capable of being executed utilizing a processor to decrypt content. In operation, a second party's program for decrypting content from a third party is generated by a second party, and then secured in a process involving the second party in such a manner that it can be subsequently executed on the processor, without revealing the contents of the second party's program, nor any secrets provided by third party, or used by the second party, in securing the program, nor any portion of the third party's content while being handled by the program. | 06-10-2010 |
20100146293 | APPARATUS, SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR EXECUTING A PROGRAM UTILIZING A PROCESSOR TO GENERATE KEYS FOR DECRYPTING CONTENT - An apparatus, system, method, and computer program product are provided for executing a program provided a second party utilizing a processor to generate keys for decrypting content of a third party. In operation, content and a program to confidentially generate keys for decrypting the content of the third party are received at a processor. Additionally, the second party's program is executed utilizing the processor-derived keys to decrypts the third party's content. | 06-10-2010 |
20100146294 | BEST2000C: platform-independent, acrostic database encryption of biometrically-inert transgression-ciphers for up to 90% reduction of the $50 billion annual fictitious-identity transgressions - The invention (“INVENTION”) herein relates to government or private-use ciphers for assignable fictitious-identity information accessed through a data system or other form of data repository for maintenance or retention of financial, credit, medical or related asset management records. To help protect or restore integrity to such government or private-use ciphers occasionally compromised through private, public or commercial transactions, the art applies a prime/number-keyed acrostic-encryption throughout a data system or other form of information repository, encoding biometrically-inert transgression ciphers (“BIT-ciphers” or “TRANSGRESSION-CIPHERS”) therein. Such BIT-ciphers and their financial, credit or related asset management records form fictitious-identities, unassigned to any real person or real institution. These are populated throughout an extant data system or other form of information repository, including archival storage, containing preexisting fictitious-identity ciphers (“FID-ciphers”) assigned by a government or agencies, thereof, to online records for various parties, whether they be public or private institutions, corporations or individuals. FID-ciphers are processed through extant government and commercial systems for tax collections, credit monitoring, financial transactions and other forms of fictitious-identity processing. However, every BIT-cipher accessed through encoded government or commercial systems, or access of any BIT-cipher's related record components, in any way, triggers a 100% positive detection of a fictitious-identity transgression at the moment of access. A Fast-Access Network of Transgression Alert Servers for Transparently Implanted Ciphers version 7 (herein “FANTASTIC-7™”) allows instant capture and/or monitoring, for extended periods, of a party or parties engaged in fictitious-identity transgression. | 06-10-2010 |
20100146295 | Trusted Computing Entities - The present invention relates to trust in computing platforms and the like. In particular, embodiments of the invention provide a trusted computing entity ( | 06-10-2010 |
20100146296 | APPARATUS AND METHOD FOR HASH CRYPTOGRAPHY - An apparatus for hash cryptography has a hardware structure that is capable of providing both secure hash algorithm (SHA)-1 hash calculation and SHA-256 hash calculation. The apparatus for hash cryptography generates a plurality of first message data corresponding to a plurality of first rounds when the SHA-1 hash calculation is performed and generates a plurality of second message data corresponding to a plurality of second rounds when the SHA-256 hash calculation is performed by using one memory, one first register, one XOR calculator, and one OR calculator, calculates a message digest by the SHA-1 hash calculation by using the plurality of first message data when the SHA-1 hash calculation is performed, and calculates a message digest by the SHA-256 by using the plurality of second message data when the SHA-256 hash calculation is performed. | 06-10-2010 |
20100146297 | Method and system digital for processing digital content according to a workflow - A method of processing digital content according to a workflow. The digital content is received and information for the workflow is checked to decide if a processing device is authorised to process the content, the workflow imposing that the digital content be processed in a process chain comprising at least two nodes, wherein the processing device is authorised to process the content if it corresponds to the node that according to the process chain is the next node to process the digital content. If the processing device is authorised to process the content, the digital content is processed and the information for the workflow is updated. Also provided is a system. | 06-10-2010 |
20100146298 | Method and system for processing digital content according to a workflow - A method of processing digital content following a workflow. A processing device receives the digital content and a license for the digital content, the license comprising workflow information about a process chain, which comprises a present node and a following node; decrypts the license; verifies if it may process the content by verifying if it corresponds to the present node. If the processing device may process the digital content, it processes the digital content to obtain processed content and generates a new license comprising updated workflow information, wherein the following node is set as a new present node. Also provided is a processing device. | 06-10-2010 |
20100146299 | SYSTEM AND METHOD FOR CONFIDENTIALITY-PRESERVING RANK-ORDERED SEARCH - A confidentiality preserving system and method for performing a rank-ordered search and retrieval of contents of a data collection. The system includes at least one computer system including a search and retrieval algorithm using term frequency and/or similar features for rank-ordering selective contents of the data collection, and enabling secure retrieval of the selective contents based on the rank-order. The search and retrieval algorithm includes a baseline algorithm, a partially server oriented algorithm, and/or a fully server oriented algorithm. The partially and/or fully server oriented algorithms use homomorphic and/or order preserving encryption for enabling search capability from a user other than an owner of the contents of the data collection. The confidentiality preserving method includes using term frequency for rank-ordering selective contents of the data collection, and retrieving the selective contents based on the rank-order. | 06-10-2010 |
20100146300 | HEALTH MONITORING SYSTEM - A health monitoring system includes a plurality of remote user sites, each remote user site comprising at least one health monitoring device for collection of user health monitoring data, an interactive video device, and a user interface apparatus; at least one remote computing facility configured for signal communication with, and to receive health monitoring data-related signals from, the plurality of remote user sites; and at least one computer, configured for signal communication with the remote computing facility, wherein the interactive video device is interactively coupled with the remote computing facility. Associated methods are also described. | 06-10-2010 |
20100153739 | Securable independent electronic document - In accordance with embodiments within, a secure independent electronic document apparatus, it's system, method, and manufacture is taught. With an authenticable and tamper detectable electronic container supporting platform vendor and authentication independence, character text data sections supporting digital signatures, data automation and nested embedding, as well as graphical image data, or other free format data sections supporting many data processing operations, imaging representation comprised within a container using a secure and independent system, the secure independent electronic document presents a solution for digital electronic information distribution, commerce, trade and exchange. | 06-17-2010 |
20100153740 | DATA RECOVERY USING ERROR STRIP IDENTIFIERS - A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary data blocks by performing splitting and encrypting operations on a primary data block received from the client for storage on the virtual disk and reconstitute the primary data block from at least a portion of the plurality of secondary data blocks stored in shares on corresponding physical storage devices in response to a request from the client. Write counters written with the secondary data blocks are used to determine whether the secondary data blocks were stored correctly. | 06-17-2010 |
20100153741 | ENCRYPTING SYSTEM AND METHOD FOR NUMERICAL CONTROL DEVICES - An encrypting system for numerical control devices includes a function module, a code module, a memory, and a controller. The function module includes function programs. Each of the function programs presetting a service life. The code module encrypts and decrypts the service life of each of the function programs. The memory stores the service life encrypted by the code module. The controller reads the encrypted service life from the memory according to an input instruction and controlling the code module to decrypt the encrypted service life, and comparing the decrypted service life with the current date to control the function program to be executed in response to the service life of the function program being valid. | 06-17-2010 |
20100153742 | METHOD AND APPARATUS FOR ENCRYPTING/DECRYPTING PACKET DATA OF PRECISE TIME SYNCHRONIZATION PROTOCOL AND TIME SYNCHRONIZATION SYSTEM - A method and an apparatus for encrypting/decrypting packet data of a precise time synchronization protocol and a time synchronization system are illustrated. The method is suitable for the time synchronization system using a precise time protocol. The time synchronization system includes a master node and a slave node, wherein the slave node synchronizes its time with the master node. In the method for encrypting/decrypting packet data of the precise time synchronization protocol, an encryption/decryption hardware device is disposed on the hardware protocol layer of each of the master node and the slave node. The hardware protocol layer is under the data link layer, and includes the data link layer. A synchronization message is encrypted by using the encryption/decryption hardware devices of the master node to generate a frame data, and the frame data is decrypted by using the encryption/decryption hardware devices of the slave node to obtain the synchronization message. | 06-17-2010 |
20100153743 | ELECTRONIC DEVICE AND METHOD TO CONTROL OUTPUT THEREOF - An electronic device and a method to control an output thereof are provided. The electronic device includes a controller to control whether to output non-encrypted multimedia data to an external device based on whether the external device is communicatively connected to the electronic device, and an interface to output the non-encrypted multimedia data to the external device under the control of the controller. | 06-17-2010 |
20100153744 | CRYPTOGRAPHIC PROCESSING APPARATUS - A cryptographic processing apparatus includes: at least one register configured to store data for operation; a first operation block configured to execute an operation in accordance with data stored in the register; a second operation block configured to execute a logic operation between one of a register-stored value and a key and an operation result of the first operation block; and a decode block configured to decode binary data in units of the predetermined number of bits to convert the binary data into decode data having the number of bits higher than the number of bits of the binary data. | 06-17-2010 |
20100161994 | METHOD AND APPARATUS FOR AUTHENTICATING STATIC DATA CARRIERS - Method of authenticating optical discs ( | 06-24-2010 |
20100161995 | SYSTEM, METHOD, AND COMPUTER-READABLE MEDIUM FOR CRYPTOGRAPHIC KEY ROTATION IN A DATABASE SYSTEM - A system, method, and computer-readable medium that facilitate key rotation without disrupting database access are provided. Generation identifiers that specify a particular encryption key are stored in association with cipher text of encrypted columns in database tables. When data is to be read from an encrypted column, the cipher text is read along with the associated generation identifier. An encryption key corresponding to the generation identifier is then read to decrypt the cipher text. When data is to be written to the encrypted column, a most recent encryption key is retrieved from the key repository to encrypt the data. The cipher text is then written to the encrypted column in association with the generation identifier of the key used to encrypt the data. Advantageously, the key rotation may be performed without requiring that the table or database to be taken offline or otherwise unavailable during key rotation. | 06-24-2010 |
20100161996 | System and Method for Developing Computer Chips Containing Sensitive Information - A system and method for developing a software program containing sensitive information requires the use of a developer key (a unique public/private key pair) to download the software onto a uniquely identified developer chip. The software program can then be developed and debugged on the developer chip. After being developed and debugged, the software program is transferred to a uniquely identified release chip for subsequent use. Specifically, transfer of the software program requires use of a release key (also a public/private key pair) that is different from the developer key. The private key part of the developer key, as well as all developer chips (albeit a limited number) are protected by strict security procedures. | 06-24-2010 |
20100161997 | APPARATUS AND METHOD FOR AUTHENTICATING PERSONAL USE OF CONTENTS BY USING PORTABLE STORAGE - A system for authenticating personal use of contents by using a portable storage medium includes: a portable personal use authentication device configured to store domain authentication information; and a contents personal use authentication apparatus configured to extract playback information for playing a provided content based on the domain authentication information and provide the extracted playback information to a player | 06-24-2010 |
20100161998 | Associating a Signing key with a Software Component of a Computing Platform - A method and system is provided for operatively associating a signing key with a software component of a computing platform. The computing platform includes a trusted device and on start-up first loads a set of software components with each component being measured prior to loading and a corresponding integrity metric recorded in registers of the trusted device. The system stores a key-related item in secure persistent storage, the key-related item being either the signing key or authorisation data for its use. The trusted device is arranged to enable a component of the software-component set to obtain the key-related item, this enabling only occurring when the current register values correspond to values only present prior to loading of components additional to those of the software-component set. Certificate evidence is provided indicating that the signing key is operatively associated with a component of the software-component set. | 06-24-2010 |
20100161999 | Scalable RFID systems: a privacy preserving protocol with constant-time identification - A protocol with constant-time complexity solves the problem of private identification of tags in low-cost, large-scale radio frequency identification (RFID) systems—assuming that an adversary has complete control over the communication channel. Each RFID tag has an internal counter, c, and is preloaded with a unique pseudonym, ψ, and a secret key, k. A RFID reader attempting to identify and authenticate a tag within its range generates and transmits a random nonce to the RFID tag, which returns a first hash of its current pseudonym and counter, and a second hash that is a function of the secret key. The reader uses the returned data to identify the RFID tag and its secret key by reference to a database and returns other hash values that authenticate the reader to the RFID tag. The most expensive operation that RFID tags are required to perform is a hash function. | 06-24-2010 |
20100162000 | DATA SECURITY IN AN INFORMATION PROCESSING DEVICE - A device and method for data protection of inputted and stored publicly encrypted data. Publicly encrypted data can be received by a data receiver module and stored in a storage module and be decrypted by a decryption module using a first encryption key. A deciding device can determine whether or not the data needs protection. If necessary, the data can be re-encrypted by an encryption module based on a second and different internal private encryption key generated from the encryption module and stored in the storage module. | 06-24-2010 |
20100169661 | SIMULTANEOUS STATE-BASED CRYPTOGRAPHIC SPLITTING IN A SECURE STORAGE APPLIANCE - Methods and systems for managing I/O requests in a secure storage appliance are disclosed. One method includes receiving a plurality of I/O requests at the secure storage appliance, each I/O request associated with a block of data and a volume, each volume associated with a plurality of shares stored on a plurality of physical storage devices. The method further includes storing a plurality of blocks of data in buffers of the secure storage appliance, each of the blocks of data associated with one or more of the plurality of I/O requests. The method also includes associating a state with each of the blocks of data, the state selected from a plurality of states associated with processing of an I/O request. The method includes determining the availability of a resource in the secure storage appliance, the resource used to process an I/O request of a buffer, and, upon determining that the resource is available, applying the resource to a block of data in the buffer and updating the state associated with the block of data. | 07-01-2010 |
20100169662 | SIMULTANEOUS STATE-BASED CRYPTOGRAPHIC SPLITTING IN A SECURE STORAGE APPLIANCE - Methods and systems for managing data blocks and I/O requests are provided. One method is a method of managing data blocks in a secure storage appliance. The method includes receiving a block of data associated with a volume, the volume associated with a plurality of shares stored on a plurality of physical storage devices, and storing the block of data in a buffer. The method also includes associating the block of data with a state from among a plurality of states, each of the states corresponding to a status of the block of data. The method further includes processing the block of data by performing at least one cryptographic operation on the block of data, and upon completion of processing the block of data, updating the state of the block of data. | 07-01-2010 |
20100169663 | Systems and Methods for Detecting Authorized Players - One embodiment includes method for determining whether a player application is authorized to play protected content. The method comprises reading a digital signature associated with the player application from a predetermined memory location using a protection interface associated with the player application, where the digital signature comprises one or more file designations. The embodiment further comprises mapping, by the protection interface, the one or more file designations to one or more files associated with the player application and transmitting mapping information from the protection interface to a verification application stored on a storage medium. The verification application is configured to determine whether the player application is authorized to play the protected content if the one or more file designations match the one or more files based on the mapping information. | 07-01-2010 |
20100169664 | SECURITY PROCESSOR AND RECORDING METHOD AND MEDIUM FOR CONFIGURING THE BEHAVIOUR OF THIS PROCESSOR - Security processor ( | 07-01-2010 |
20100169665 | METHOD FOR INDEXING ENCRYPTED COLUMN - The present invention relates to a method of creating indexes so that an index scan can be worked for columns in a database encrypted by means of secrete key cipher algorithm. The method of creating indexes according to the present invention comprises the steps of: re-encrypting to be able to maintain the sort ordering based on a plain text; creating new indexes based on the re-encrypted data; and configuring domain index architecture of encrypted columns so that the created index is used for the index scan in a query | 07-01-2010 |
20100174915 | TURNOVER CONTROLLER - This disclosure solves the problem of data security of transactions and turnovers in all distribution levels, including monitoring by the appropriate government institutions, in order to prevent tax avoidance, VAT fraud, smuggling, bootlegging, diversion of original goods from the distribution system and infiltration into the distribution system of counterfeited and original goods without payment of customs, tax and excise duties. | 07-08-2010 |
20100174916 | Universal File - A system for processing a universal media file is provided. The system includes a universal file recognition module that processes a universal media file based on a key. A key protection module provides the key based on a business relationship. | 07-08-2010 |
20100174917 | INFORMATION RECORDING MEDIUM, REPRODUCING APPARATUS AND CUMPUTER PROGRAM - An information recording medium ( | 07-08-2010 |
20100174918 | Personal Digital Server (PDS) - Personal Digital Server (“PDS”) is a unique computer application for the storage, updating, management and sharing of all types of digital media files, including audio, video, images and documents, irrespective of their format. PDS provides users with a single location to store and access, both locally and remotely, all of their digital media. It also provides the user total control of the overall management of these assets. | 07-08-2010 |
20100180128 | Information Source Agent Systems and Methods For Distributed Data Storage and Management Using Content Signatures - Information source agent systems and methods for distributed content storage and management using content signatures that use file identicality properties are provided. A data management system is provided that includes a content engine for managing the storage of file content, a content signature generator that generates a unique content signature for a file processed by the content engine, a content signature comparator that compares content signatures and a content signature repository that stores content signatures. Information source agents are provided that include content signature generators and content signature comparators. Methods are provided for the efficient management of files using content signatures that take advantage of file identicality properties. Content signature application modules and registries exist within information source clients and centralized servers to support the content signature methods. | 07-15-2010 |
20100185872 | SYSTEM, METHOD AND APPARATUS FOR READING CONTENT OF EXTERNAL STORAGE DEVICE - A system for enabling the reading on a reader of content stored in an external storage device is disclosed. The reader is a read-only device and has a display, a processor for controlling the operation of the reader, and a port for operative connection of the external storage device. The external storage device has a non-volatile storage and a central processor. The central processor is able to download to the reader the content stored in the non-volatile storage upon a pre-condition being established. The pre-condition is at least one of receipt of a correct encryption key from the reader, and arrival at a start date and time as determined by a real-time clock. The reader, external storage device, and a corresponding method are also disclosed. | 07-22-2010 |
20100185873 | SYSTEM AND METHOD FOR FILE PROCESSING AND FILE PROCESSING PROGRAM - A cipher processing system is provided for allowing file access while maintaining the integrity without a user being conscious of the difference between files when the user accesses a file in a folder containing both a ciphertext file and a plaintext file. Thus, according to the present invention, if a folder stores both a ciphertext file and a plaintext file, the ciphertext file is attached with identification information (preferably, footer information) indicating that the file is a ciphertext file, so that the plaintext file and the ciphertext file can be differentiated from each other when the files are read. A deciphered file gained by removing identification information from a ciphertext file and deciphering the file is delivered to an upper-level application. If the read file is a plaintext file, decipher processing is not executed on the plaintext file but the plaintext file is passed to the upper-level application program. | 07-22-2010 |
20100185874 | Method of Mass Storage Memory Management for Large Capacity Universal Integrated Circuit Cards - A method for managing information in a large capacity UICC, comprising:
| 07-22-2010 |
20100185875 | BACKGROUND SERVICE PROCESS FOR LOCAL COLLECTION OF DATA IN AN ELECTRONIC DISCOVERY SYSTEM - Embodiments of the invention relate to systems, methods, and computer program products for a local collection tool that is configured to run as an authorized background service process. As such, the local collection tool of the present invention is capable of being executed in the absence of the device user's credentials. As a result, local collection can be accomplished without the user being present or covertly without the user's knowledge of collection process. Moreover, the back-up file generated by the collection tool may include encrypted data, which can automatically be decrypted by the collection entity through application of a master key. | 07-22-2010 |
20100191978 | Method For The Parameterization And Operation Of Weighing Scales - The invention relates to a method for the parameterization of scales which have a weighing belt for the weighing of products in a conveying process, wherein a teach procedure and subsequently a verification procedure take place after the input of product-specific data. The invention furthermore relates to a method for the operation of scales parameterized in this manner. | 07-29-2010 |
20100191979 | Apparatus and Method with Controlled Switch Method - An embedded microcontroller system comprises a central processing unit, a system controller for receiving and handling an interrupt, a register having storage locations containing sets of predefined system data for different operating conditions of the system assigned to the interrupts coupled to set a system configuration. The system data in the register is defined and stored before receipt of an interrupt. On receipt of an interrupt the system controller transmits a selection signal to the register. The register selects a predefined storage location assigned to the received interrupt. The corresponding system configuration data is used to control system configuration of the embedded microcontroller system, such as allocation of CPU time to virtual CPUs and selection of clock frequency or power voltage for modules. | 07-29-2010 |
20100191980 | MICROPROCESSOR IN A SECURITY-SENSITIVE SYSTEM - A Microprocessor ( | 07-29-2010 |
20100191981 | STORAGE APPARATUS AND DATA FALSIFICATION PREVENTING METHOD THEREOF - According to one embodiment, a storage apparatus includes: an encryption key generation information generator configured to generate encryption key generation information used to generate an encryption key based on information from a host computer; an encryption key generator configured to generate the encryption key based on the encryption key generation information; an initialization data encryption module configured to encrypt initialization data of a storage medium received from the host computer using the encryption key; a decryption module configured to decrypt data read from the storage medium using a decryption key corresponding to the encryption key; a comparator configured to compare data decrypted by the decryption module and the initialization data; and a write processor configured to permit, when the comparator determines that the data decrypted by the decryption module and the initialization data match with each other, to write user data in the storage medium. | 07-29-2010 |
20100199101 | Adjustable resolution media format - A play limit is set for a media file. The play limit can be, for example a date, or a number of times that the file has been played. When the file exceeds the play limit, the quality of the file playing is degraded. | 08-05-2010 |
20100199102 | Device Having Coded Output of Operational Data - A device for confirming compliance with usage of a breathing gas delivery system that includes at least one sensor for monitoring operating data disposed within the breathing gas delivery system and a device for encoding the monitored operating data and displaying the encoded operating data for reporting to another location. | 08-05-2010 |
20100199103 | SECURE STORAGE | 08-05-2010 |
20100199104 | DEVICE WITH A SECURE VIRTUAL MACHINE - A secure computing device ( | 08-05-2010 |
20100199105 | METHOD FOR PLAYING DIGITAL CONTENTS AND MANAGING LICENSE AND APPARATUS THEREFOR - A method and apparatus for playing digital contents and managing a license, which encrypts a license for digital contents using an IMSI of a SIM card in a portable device, stores the encrypted license, and enables digital contents to be played using a license decrypted by a normal IMSI when the digital contents are requested to be played. In a method for playing digital contents in a portable device, which includes a subscriber identity module (SIM) card, the method includes: calling a license corresponding to the digital contents when the digital contents are requested to be played; when the license is an encrypted license, decrypting the encrypted license; and playing the digital contents as permitted by the decrypted license. | 08-05-2010 |
20100199106 | MAGNETIC DISK APPARATUS AND CIPHER KEY UPDATING METHOD - According to one embodiment, a magnetic disk apparatus comprises a magnetic disk configured to store encrypted data, a magnetic head configured to read data from and to write data to the magnetic disk, and a recording and reproducing circuit connected to the magnetic head, wherein the recording and reproducing circuit configured to read data from an area of the magnetic disk, to decrypt read data, to re-encrypt decrypted data with changing a cipher key, and to rewrite re-encrypted data in the area of the magnetic disk. | 08-05-2010 |
20100199107 | SECURE EXCHANGE OF INFORMATION IN ELECTRONIC DESIGN AUTOMATION - Described herein are methods and systems for secure exchange of information related to electronic design automation. Information deemed sensitive and otherwise worthy of protection may be secured by methods such as encryption, obfuscation and other security measures. The secured information may be provided to an electronic design automation tool for processing without revealing at least some of the secured information. For instance, rule files related to integrated circuit manufacturability may be selectively annotated to indicate portions thereof deserving of protection. An encryption tool may be used to secure the information so indicated and generate a file comprising secured information related to electronic design automation. An electronic design automation tool may then unlock and use the secured information without revealing the same. For instance, the tool may be a physical verification tool capable of verifying whether any of the one or more integrated circuit layouts may violate one or more of the secured rules. An error report may be generated without revealing the secured rules. | 08-05-2010 |
20100205453 | PRE-CONFIGURING OF ENCRYPTION BANDS ON A DISK FOR USE IN A PLURALITY OF ARRAY CONFIGURATIONS - A computational device receives input information on characteristics of customer data, critical metadata, and non-critical metadata, and characteristics of disk array configurations, wherein customer data is to be stored encrypted, wherein critical metadata is to be stored non-encrypted, and wherein non-critical metadata is to be stored encrypted or non-encrypted. The computational device determines band boundary information based on the received input information. Encrypting disks with pre-established bands are created based on the band boundary information and the encrypting disks are pre-initialized. | 08-12-2010 |
20100205454 | CIPHER DATA BOX - A cipher data box comprises: a housing; a printed circuit board; a first connector; a second connector; a controller, having a unique first identification code; a key seat; and a key, having a unique second identification code; therefore, when the key is inserted into the key seat and the first identification code is same as the second identification code, the storage device can be normally accessed, and the data therein will be encrypted/decrypted. Furthermore, for further enhancing the security function of the storage device, a plurality of cipher data boxes of the present invention can be cascade each other. | 08-12-2010 |
20100205455 | DIFFUSION AND CRYPTOGRAPHIC-RELATED OPERATIONS - An embodiment includes at least one processing unit to perform at least first and second sets of diffusion-related operations to produce a resulting block from a data block, and that includes at least one stage and at least one other stage. The at least one stage is to select one of first operands and second operands input to the at least one other stage. The first and second operands are respectively associated with the first and second sets of operations, respectively. The at least one other stage involves arithmetic and logical operations common to both the first and second sets of operations. At least one other processing unit is to perform at least one set of cryptographic-related operations (different, at least in part, from the first and second sets of operations) on at least one of (1) another block to produce the data block and (2) the resulting block. | 08-12-2010 |
20100205456 | FLASH MEMORY DISTRIBUTION OF DIGITAL CONTENT - Methods, apparatuses, and computer-readable media for distributing digital content. One embodiment comprises an apparatus comprising: a device ( | 08-12-2010 |
20100205457 | Portable Mass Storage Device with Virtual Machine Activation - A portable mass storage device is used to store large files such as digital pictures, movies and music. The mass storage device has firmware with security mechanisms that limit access to read write operations to ensure reliable operation of the device to prevent unwanted copying or storing of secure content such a copyrighted material. Although the security mechanisms generally limit access, the firmware is operable to work with a virtual machine and allows the virtual machine to access the secure content and work in conjunction with the firmware to read and write data to the mass storage memory, if the virtual machine is present. The virtual machine is either loaded but not activated at the time of manufacture, or is downloaded and activated post manufacture. Any royalty for the virtual machine is paid for only if and when the virtual machine is both present and activated in the device. | 08-12-2010 |
20100205458 | METHOD AND SYSTEM FOR FILE-SYSTEM BASED CACHING - A method and system for file-system based caching can be used to improve efficiency and security at network sites. In one set of embodiments, the delivery of content and storing content component(s) formed during generation of the content may be performed by different software components. Content that changes at a relatively high frequency or is likely to be regenerated between requests may not have some or all of its corresponding files cached. Additionally, extra white space may be removed before storing to reduce the file size. File mapping may be performed to ensure that a directory within the cache will have an optimal number of files. Security at the network site may be increased by using an internally generated filename that is not used or seen by the client computer. Many variations may be used is achieving any one or more of the advantages described herein. | 08-12-2010 |
20100211798 | Systems and Methods for Signaling Content Rights Through Release Windows Life Cycle - Systems and methods for controlling the use of audio, video and audiovisual content are provided. A data structure includes content usage rights for multiple release windows. The usage rights may be encoded in the content or otherwise bound to the content. Playback devices are configured to access the appropriate usage rights and control usage in accordance with the usage rights. | 08-19-2010 |
20100211799 | Protecting Digital Data such as Images on a Device with Image Acquisition Capabilities - Digital data, such as images on a digital camera, is typically protected (e.g., encrypted and/or authenticated) based on a master key stored off the device. The original master key can be acquired in a number of different ways, including being generated by the device or by another device. A one-way, progressive series of keys are derived from the master key such that only images or data of a same session can be authenticated or decrypted for viewing, export or manipulation of the decrypted image/data. In order to decrypt images or data of a previous session on the device, the master key must be imported to the device, such as by, but not limited to, taking a picture of a representation of the key and interpreting the image to reacquire the master key. | 08-19-2010 |
20100211800 | SYSTEMS AND METHODS FOR PARTIAL MATCHING SEARCHES OF ENCRYPTED RETAINED DATA - Systems and methods are provided for encryption allowing partial matching searches to retrieve data that is retained in a database. A user identification number or other characteristic is stored in unencrypted form such that a wildcard search may be performed to retrieve one or more encrypted indexes associated with the unencrypted user identification. These encrypted indexes are then unencrypted by use of a key to determined their associated unencrypted index and corresponding targeted retained data. The targeted retained data may then be accessed by an authorized entity such as a law enforcement agency. | 08-19-2010 |
20100211801 | DATA STORAGE DEVICE AND DATA MANAGEMENT METHOD THEREOF - Provided is a data storage device including: a storage medium that stores a first type of cipher text; and a storage controller that forms the first type of cipher text by scattering a second type of cipher text in a plurality of random numbers and that transfers the first type of cipher text to the storage medium through an internal bus or an external bus. | 08-19-2010 |
20100218000 | CONTENT DISTRIBUTION WITH RENEWABLE CONTENT PROTECTION - A method of renewing encryption applied to a content file in a playback device comprising determining a specified variant of at least one microcode function to be used in playing back the content file, determining if variants are stored in internal memory on the playback device to determine if the specified variant is included in the stored variants, retrieving the specified variant from a variant storage in a memory located in a media device in communication with the playback device, if the specified variant is not included in the stored variants, and using the specified variant to access the content file. A playback device has at least one memory having a variant storage, the variant storage including at least one variant of a microcode function, and a processor configured to execute instructions to determine at least one specified variant, access the variant storage of at least one memory to acquire the specified variant, and use the specified variant to decrypt a content file downloaded to a media device in communication with the playback device. | 08-26-2010 |
20100218001 | Method for Managing Keys and/or Rights Objects - One or more rights objects (RO) files may be used for storing RO's preferably in the protected area available only to authenticated users. A RO navigation file is stored preferably in an unprotected public area containing status bits, where each status bit identifies whether a location in a RO file contains a valid RO or not. Preferably, there is a one-to-one correspondence between the location for a RO in a RO file and a location in the RO navigation file for the status bit which identifies whether its corresponding location in the RO file contains a valid RO or not. Whether a particular location in a RO file contains a valid RO or not can be found by checking its corresponding status bit in the RO navigation file. By finding out whether a particular location in a RO file contains a valid RO or not in this manner, it is possible to delete ROs without having to go through an authentication process. The process of finding an empty slot in the RO file for storing a new RO is also simplified. This greatly increases the efficiency of RO management. A similar system may be used for management of content encryption/encryption keys for protecting content files. | 08-26-2010 |
20100223475 | LOW-LEVEL CODE SIGNING MECHANISM - Before an application is allowed to execute a secure function, code signing keys associated with the application are analyzed for correspondence with the class that contains the secure function as well as correspondence with the secure function. Optionally, code signing keys associated with the application are analyzed for correspondence with the input parameters to the function. | 09-02-2010 |
20100223476 | SINGLE PIN COMMUNICATION MECHANISM - A method and device include a power pin, a ground pin, and a communications pin. A communications module receives power from the power pin and utilizes an edge counting communication protocol over the communication pin. | 09-02-2010 |
20100223477 | CONTENT REPRODUCING DEVICE, CONTENT REPRODUCING METHOD, RECORDING MEDIUM, AND INTEGRATED CIRCUIT - A content playback apparatus (digital watermark detection apparatus) comprises: a detection unit operable to detect a digital watermark from audio data having a plurality of blocks, the audio data being contained in a content which is to be played back along a playback time-line; a detected block storage unit for storing therein information indicating a block in which the digital watermark has been detected by the detection unit; and a playback control unit operable to play back all data contained in the content other than audio data corresponding to the block indicated by the information stored in the detected block storage unit. This makes it possible, even when audio data containing copyright information is inadvertently recorded on a camcorder, to prevent the audio data containing the copyright information from being played back, thereby enabling users to view the content without the influence of playback control. | 09-02-2010 |
20100228992 | CRYPTOGRAPHIC METHOD AND APPARATUS FOR ENHANCING COMPUTATION PERFORMANCE OF A CENTRAL PROCESSING UNIT - A cryptographic method for enhancing computation performance of a central processing unit involves the execution of a conversion function of the cryptographic method by the central processing unit. The conversion function computation requires the use of a plurality of substitution boxes. The method comprises the steps of: (A) detecting a processing bit length of the central processing unit; (B) generating at least one new substitution box from original substitution boxes according to the processing bit length and a bit permutation sequence, each of the at least one new substitution box containing a plurality of new substitution values whose bit length is equal to the processing bit length; and (C) using a bit expansion operation, a bitwise exclusive OR operation, the selection operations that use the at least one new substitution box generated in step (B), a plurality of bitwise AND operations, and at least one bitwise OR operation to conduct the conversion function computation. The at least one new substitution box is designed according to different bit processing capabilities (e.g., 8 bits, 16 bits, 32 bits), such that the processing capability of a central processing unit can be fully utilized. | 09-09-2010 |
20100228993 | USB interface apparatus and USB packet transmitting/receiving method - A USB interface apparatus is provided in electronic equipment on a USB packet transmission side, and includes a conversion unit for converting CRC object data which is data contained in a field subjected to CRC calculation in a USB packet, based on a predetermined rule corresponding to reverse conversion of conversion to be performed on the CRC object data by destination electronic equipment; a CRC calculation unit for calculating a CRC of CRC object data obtained before conversion by the conversion unit; and a packet generation unit for generating a USB packet containing data converted by the conversion unit and the CRC calculated by the CRC calculation unit. | 09-09-2010 |
20100228994 | SECURITY METHOD OF KEYBOARD INPUT DIRECTLY CONTROLLING THE KEYBOARD CONTROLLER - Disclosed herein is a method of securing keyboard input information by directly controlling a keyboard controller of a keyboard. The keyboard includes the keyboard controller, an interrupt controller, an input information processing module and a keyboard security module. The method includes a status information checking step of enabling the input information processing module to check status information of the keyboard controller; an interrupt inactivation step of inactivating an interrupt request function of the keyboard controller; an input information encryption step of encrypting the keyboard input information written to the keyboard input/output ports; a transfer step of transferring the encrypted input information to the keyboard security module; and an input information deletion step of deleting the keyboard input information remaining in the keyboard controller. | 09-09-2010 |
20100228995 | Universal Serial Bus Data Encryption Device with the Encryption Key Delivered by any Infrared Remote Handheld Controller where the Encryption Key is Unreadable by the Attached Computer System - The user may deliver an encryption key via any infrared remote controller to a computer data encryption controller external to the computing system but connected to the aforementioned computer system via the Universal Serial Bus (USB) port. The infrared delivered key may be combined with the computer system supplied key but this key can not be read directly by the computer system. All encryption functions are done external to the computers processing system, memory system, and disk drive as to erase the possibility of rouge unwanted programs such as spyware, viruses, malware, keystroke loggers, and root-kit programs from gathering encryption-key information. | 09-09-2010 |
20100228996 | Systems and Methods for Secure Transaction Management and Electronic Rights Protection - The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.” | 09-09-2010 |
20100228997 | METHOD AND APPARATUS FOR VERIFYING AUTHENTICITY OF INITIAL BOOT CODE - A programmable processor initializes its state, then computes and verifies a hash of a boot code region of memory before executing any user instructions in the memory. Systems using similar processors, and software to control such a processor's operation, are also described and claimed. | 09-09-2010 |
20100228998 | METHOD AND APPARATUS FOR SECURE DATA MIRRORING A STORAGE SYSTEM - A secure data mirroring capability in a storage system includes encrypting data blocks in a primary volume in preparation for a data mirroring operation. The encrypted data blocks are mirrored to a secure secondary volume. Host systems provide keys from which encryption keys are produced for encrypting the data blocks. Access to data on the secure secondary volume requires decryption using the key that was used to produce the encrypted data blocks. | 09-09-2010 |
20100228999 | Trusted Storage Systems and Methods - Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited. | 09-09-2010 |
20100235648 | Methods and systems for binding a removable trusted platform module to an information handling system - Methods and systems for binding a removable trusted platform module (TPM) subsystem module to an information handling system to provide a core root of trust for the information handling system without requiring soldering down or other hard and permanent (non-removable) attachment of a TPM device to the information handling system planar (e.g., motherboard). The removable TPM subsystem module may be a plug-in module that may be removed from the information handling system planar (e.g., motherboard), while at the same time maintaining the transitive chain of trust, and being capable of remotely attesting its trusted state. An information handling system platform may be provided that has the capability and flexibility of supporting multiple TPMs on the same system planar. | 09-16-2010 |
20100235649 | PORTABLE SECURE DATA FILES - A portable secure data file includes an encrypted data portion and a metadata portion. When a request associated with a current user of a device to access a portable secure data file is received, one or more records in the metadata portion are accessed to determine whether the current user is permitted to access the file data in the encrypted data portion. If a record indicates the user is permitted to access the file data, a content encryption key in that record is used to decrypt the encrypted data portion. | 09-16-2010 |
20100235650 | Methods and Systems for Encoding and Protecting Data Using Digital Signature and Watermarking Techniques - Systems and methods are provided for protecting and managing electronic data signals that are registered in accordance with a predefined encoding scheme, while allowing access to unregistered data signals. In one embodiment a relatively hard-to-remove, easy-to-detect, strong watermark is inserted in a data signal. The data signal is divided into a sequence of blocks, and a digital signature for each block is embedded in the signal via a watermark. The data signal is then stored and distributed on, e.g., a compact disc, a DVD, or the like. When a user attempts to access or use a portion of the data signal, the signal is checked for the presence of a watermark containing the digital signature for the desired portion of the signal. If the watermark is found, the digital signature is extracted and used to verify the authenticity of the desired portion of the signal. If the signature-containing watermark is not found, the signal is checked for the presence of the strong watermark. If the strong watermark is found, further use of the signal is inhibited, as the presence of the strong watermark, in combination with the absence or corruption of the signature-containing watermark, provides evidence that the signal has been improperly modified. If, on the other hand, the strong mark is not found, further use of the data signal can be allowed, as the absence of the strong mark indicates that the data signal was never registered with the signature-containing watermark. | 09-16-2010 |
20100241869 | Encryption By Pixel Property Separation - A method of encrypting a digital file composed of a sequence of bytes, each byte defined by a relative position within the digital file and a value, the method comprising: using an encryption key to encode the relative position separately from the value of each byte; and producing an encrypted digital file in which the correlation between relative position and value of each byte in the original digital file is concealed in the encrypted digital file. | 09-23-2010 |
20100241870 | CONTROL DEVICE, STORAGE DEVICE, DATA LEAKAGE PREVENTING METHOD - According to one embodiment, a control device controls a storage device configured to encrypt data based on an encryption key, store the data in a storage region, and decrypt the data stored in the storage region based on the encryption key. The control device includes an information generator and an encryption key generator. The information generator generates information as change information when the storage device is turned on. The change information is different from information used when the storage device is last turned on. The encryption key generator generates an encryption key based on the change information generated by the information generator. | 09-23-2010 |
20100241871 | METHOD AND APPARATUS FOR ESTABLISHING USAGE RIGHTS FOR DIGITAL CONTENT TO BE CREATED IN THE FUTURE - Usage rights for a digital work are established prior to creation of the corresponding content. The rights can be associated with the content after the content is created. A content creation, such as a video recorder or a still camera, device can store labels of the rights and can associate usage rights with content in real time as the content is created. | 09-23-2010 |
20100250958 | Encrypted data management in database management systems - The subject matter herein relates to database management systems and, more particularly, encrypted data management in database management systems. Various embodiments provide systems, methods, and software to maintain database tables, some of which are encrypted. Some embodiments include holding clear text in cache and servicing queries from the cache. When a query is received, a file system of the database management system determines if a table holding data to service the query is encrypted. If the table is encrypted, the file system decrypts the data and writes the data to the cache as clear text. Some embodiments, when writing clear text to a table from the cache, determine if the table to which the data is to be written is an encrypted table. If the table is encrypted, the file system encrypts the clear text and stores the cipher text to the encrypted table. | 09-30-2010 |
20100250959 | SECURITY FOR STORAGE DEVICES - The invention broadly contemplates a security solution for storage devices that is inexpensive and robust. The invention allows a store of system specific data to be used to release the hard disk key of full-disk encryption (FDE) drives. This system specific data is passed to the FDE drives and used to calculate the actual encryption key. This allows for safe disposal of an FDE drive containing confidential data, as the lack of available system specific decryption data makes decryption virtually impossible. | 09-30-2010 |
20100250960 | APPARATUS, NETWORK SYSTEM, METHOD, AND COMPUTER PROGRAM FOR ENABLING FUNCTIONS OF A PLURALITY OF DEVICES - An apparatus includes a plurality of devices and is configured to enable a specified function of a first device among the plurality of devices in response to a first license key distributed by a licenser. The apparatus includes a key input unit and a key generation unit. The key input unit allows the first license key to be input. A second license key is generated based on the first license key and specific information relating to a second device among the plurality of devices. The apparatus further enables a specified function of the second device that is the same as the specified function of the first device in response to the second license key. | 09-30-2010 |
20100250961 | CONTROL DEVICE - A control device performs reading of data from a recording medium or writing of data into the recording medium. The control device includes a plurality of processing sections for performing at least any one of encrypting and decrypting processes, a plurality of interface sections serving as an interface to the recording medium respectively, and a controlling section for allocating one of the plurality of processing sections and one of the plurality of interface sections to each type of contents read from the recording medium or each type of contents written into the recording medium respectively. The control device encrypts or decrypts a plurality of contents in parallel. | 09-30-2010 |
20100250962 | ELECTRONIC TOKEN COMPRISING SEVERAL MICROPROCESSORS AND METHOD OF MANAGING COMMAND EXECUTION ON SEVERAL MICROPROCESSORS - The invention is a method of managing application (AP) execution in an electronic token (ET) comprising at least a first and a second microprocessors (MP | 09-30-2010 |
20100250963 | EXTERNAL STORAGE DEVICE, AS WELL AS METHOD, PROGRAM AND INFORMATION PROCESSING APPARATUS FOR PROCESSING DATA STORED IN EXTERNAL STORAGE DEVICE - An external storage device connectable to an information processing apparatus is provided. The storage device includes: an input/output interface via which data is exchanged with an information processing apparatus; a first storage region where data associated with first and second validity periods is stored; and a second storage region where a control program is stored. While the first validity period is used when the external storage device is connected to one information processing apparatus, the second validity period is used when the external storage device is connected to another information processing apparatus. The control program causes a processor to execute the steps of: establishing connection of the external storage device to an information processing apparatus; identifying any one of the validity periods as a validity period to be used for the data; and executing predetermined security protection processing on the data in accordance with the identified validity period. | 09-30-2010 |
20100262836 | PRIVACY AND CONFIDENTIALITY PRESERVING MAPPING REPOSITORY FOR MAPPING REUSE - Described herein are systems and methods for importing and retrieving schema mappings while preserving privacy and confidentiality so that existing mappings can be reused across different customers without allowing reverse engineering of the original schemas. The disclosed embodiments provide different levels of mapping anonymity and correspondingly, available structural information in the retrieved mappings, in accordance with the security and privacy requirements. | 10-14-2010 |
20100262837 | Systems And Methods For Personal Digital Data Ownership And Vaulting - Systems and methods are provided for aggregating user-generated digital information. As an example, a system and method can be configured to collect, throughout a current day, a plurality of digital data receipts from different classes of information representing the user activities of a single user; encrypt each data receipt using an encryption method under the control of the user; rout each encrypted data receipt to a first storage facility; and aggregate the encrypted data receipts associated with the user at a second storage facility. | 10-14-2010 |
20100262838 | DIGITAL DATA FILE ENCRYPTION APPARATUS AND METHOD - According to an embodiment, the invention provides a method for decrypting content, the comprising: receiving the content without a source encryption key from a source device connected to the electric reproducing device, the content having been encrypted with the source encryption key in the source device; performing a first addition operation by using a first device internal key and an ID, the first device internal key being associated with the electric reproducing device; generating a device encryption key based on an output of the first addition operation and a second device internal key by using a predetermined encryption algorithm, wherein the second device internal key is associated with the electric reproducing device; decrypting the content using the device encryption key; decoding the decrypted content; and outputting the decoded content. | 10-14-2010 |
20100268962 | WIRELESS RECEIVER AND METHODS FOR STORING CONTENT FROM RF SIGNALS RECEIVED BY WIRELESS RECEIVER - A wireless receiver and methods for storing content from RF signals received by the wireless receiver are provided. The wireless receiver includes a microprocessor and an RF receiver configured to operably communicate with the microprocessor. The RF receiver is configured to receive an RF signal having digital content therein. The wireless receiver further includes a detachable memory device configured to operably communicate with the microprocessor. The detachable memory device has a unique serial number stored therein. The microprocessor is configured to retrieve the unique serial number from the detachable memory device. The microprocessor is further configured to receive the digital content from the RF receiver and to encrypt the digital content utilizing the unique serial number to obtain encrypted digital content. The microprocessor is further configured to store the encrypted digital content on the detachable memory device. | 10-21-2010 |
20100268963 | INTER-BUS COMMUNICATION INTERFACE DEVICE AND DATA SECURITY DEVICE - There is provided an inter-bus communication interface device capable of efficiently performing transfer of data between a plurality of devices connected to different buses, respectively. When communication data is transmitted, a first device writes the communication data into a buffer, whereas when communication control information is transmitted, the first device writes the communication control information into a register. A control circuit passes the communication data stored in the buffer to a second device, and passes the communication control information stored in the register to a second device. | 10-21-2010 |
20100268964 | METHOD FOR EVALUATING USER'S RIGHTS STORED IN A SECURITY MODULE - The aim of the present invention consists of reducing the switching time from one reception channel to another. In fact, this reduction will be particularly discernable since the number of different rights stored in a security module of a multimedia unit or decoder is high. When a user selects a service among those proposed by an electronic programs guide, an access control module explores a stored service information table in order to extract an access condition associated to the service. This access condition allows determining an index in a rights table stored in the access control module of a right that fulfils the access condition. The access control module transmits to the security module the index thus determined alone or accompanied by a control message. This index allows the security module to find quickly the right that it compares afterwards with the access condition included in the control message after decryption of the latter. | 10-21-2010 |
20100268965 | AUTO-NEGOTIATION OF CONTENT FORMATS USING A SECURE COMPONENT MODEL - In accordance with one embodiment of the present invention, secure content objects are transcoded from an input format to an output format based upon identified capabilities of a receiving device. In one embodiment, a plurality of trusted processing components are identified to collectively transcode the secure content object from the identified input format to the determined output format. In one embodiment, each of the trusted processing components are authenticated prior to operating on the secure content object. | 10-21-2010 |
20100275034 | SOFTWARE PROTECTION METHOD - A method of protecting an executable program from reverse engineering and/or tampering. The method includes receiving a copy of the executable program together with a debug database, the database storing the locations of functional blocks within the executable program. A protection code is inserted into the executable program so as to overwrite at least part of a functional block of the executable program. Subsequent execution of the functional block causes the protection code to be executed. The protection code, when executed, performs an operation and executes a copy of the overwritten part of the functional block. | 10-28-2010 |
20100275035 | Cryptographic processing apparatus and method for storage medium - Provided is a cryptographic processing apparatus for a storage medium, including: a location information conversion unit that stores a conversion result in a buffer, the conversion result obtained by performing a conversion process on location information indicating a location of data to be accessed on the storage medium; and a data cryptographic processing unit that performs cryptography processing on the data using the conversion result stored in the buffer, the cryptography processing being one of encryption and decryption. | 10-28-2010 |
20100275036 | RECORDING/REPRODUCING SYSTEM, RECORDING MEDIUM DEVICE, AND RECORDING/REPRODUCING DEVICE - A memory card and a recording/playback device are provided that are capable of deterring a memory card manufacturer from illicitly storing a same media ID on a plurality of memory cards. A memory card ( | 10-28-2010 |
20100275037 | Low-Power USB SuperSpeed Device with 8-bit Payload and 9-bit Frame NRZI Encoding for Replacing 8/10-bit Encoding - A Low-power flash-memory device uses a modified Universal-Serial-Bus (USB) 3.0 Protocol to reduce power consumption. The bit clock is slowed to reduce power and the need for pre-emphasis when USB cable lengths are short in applications. Data efficiency is improved by eliminating the 8/10-bit encoder and instead encoding sync and framing bytes as 9-bit symbols. Data bytes are expanded by bit stuffing only when a series of six ones occurs in the data. Header and payload data is transmitted as nearly 8-bits per data byte while framing is 9-bits per symbol, much less than the standard 10 bits per byte. Low-power link layers, physical layers, and scaled-down protocol layers are used. A card reader converter hub allows USB hosts to access low-power USB devices. Only one flash device is accessed, reducing power compared with standard USB broadcasting to multiple devices. | 10-28-2010 |
20100281270 | CRYPTOGRAPHIC MODULE SELECTING DEVICE AND PROGRAM - A cryptographic module selecting device includes a cryptographic module evaluation information storage device configured to store identification information of a cryptographic module and cryptographic module evaluation information describing a function and/or performance of the cryptographic module in relation to each other, a condition information acquiring device configured to acquire condition information for specifying the condition of the cryptographic module to be selected, an extracting device configured to extract cryptographic module evaluation information conforming to the acquired condition information, from the stored cryptographic module evaluation information of the cryptographic module, and an output device configured to read out the identification information of the cryptographic module corresponding to the cryptographic module evaluation information selected by the extracting device from the cryptographic module evaluation information storage device and output the read identification information. | 11-04-2010 |
20100281271 | MUSICAL CONTENT DATA PROCESSING APPARATUS - A storage portion stores musical contents in which a plurality of musical content material data sets each of which is given a piece of identification information and is encrypted are recorded, and location information for identifying respective locations at which the respective musical content material data sets are situated in the musical contents. The respective locations of the musical content material data sets are correlated with the respective identification information pieces of the musical content material data sets. For use of a desired musical content material data set, the location at which the musical content material data set having designated identification information is stored in the musical contents is identified on the basis of the location information. On the basis of the identified location, the desired musical content material data set is extracted and decrypted. | 11-04-2010 |
20100281272 | INFORMATION UPDATING DEVICE AND INTEGRATED CIRCUIT THEREOF, INFORMATION UPDATING METHOD, AND RECORDING DEVICE AND INTEGRATED CIRCUIT THEREOF - Provided is an information updating apparatus that suppresses performance deterioration due to switching between writable recording areas in which information elements are to be written and readable recording areas from which the information elements are to be read. Also, the information updating apparatus updates a plurality of information elements recorded in a non-volatile recording medium with robustness against power discontinuity ensured. In order to achieve such effects, two groups of recording areas that are identical in number are allocated in the recording medium. The information elements are written in either group of the recording areas indicated by judgment information as the writable recording areas. Each time all the information elements have been written, the judgment information is updated. Thus, the writable recording areas are switched between the two groups of the recording areas. | 11-04-2010 |
20100287383 | TECHNIQUES FOR DETECTING ENCRYPTED DATA - Techniques are described that generally relate to methods for detecting encryption status of a data file or data stream and selectively encrypting the data file or data stream based on the encryption status of the data file or data stream are generally disclosed. Example methods may include one or more of reading the data file or data stream from a data source, calculating a value of a property of the data file or data stream, comparing the calculated value with a threshold value to determine whether the file is encrypted or unencrypted, and encrypting files that are determined to be unencrypted. | 11-11-2010 |
20100293389 | Playback of Information Content using Keys - Media, e.g., video, is played on a player that can store multiple items of video. Some video can be played using a stored key; other video needs to have an external key present. The key can decrypt the video or it can supplement the content of the video. If a request is made to play a video, that video can be automatically downloaded. | 11-18-2010 |
20100293390 | Secure movie download - A movie playing system which utilizes a system for the playing of movies (sound and video). The movie is encrypted and stored on a computer in an ordered sequence of segments. The computer decrypts each segment in series and plays that decrypted segment on the movie playing system. When the segment is nearly, or fully, complete, the computer decrypts the next segment and deletes the prior decrypted segment. The newly decrypted segment is then played and the process continues until the entire movie has been played. Security is provided through the use of a physical identifying key which the computer uses in the decrypting process and the system monitors for recording mechanisms. | 11-18-2010 |
20100299531 | Methods for Processing Genomic Information and Uses Thereof - Methods for processing and storing genomic information in a secure manner are described. In particular, methods for processing, splitting and storing genomic information or portions thereof are disclosed. An individual's genomic information is digitized and a splitting algorithm applied to fragment and randomise the digitized genomic information into at least two separate datasets. Access to at least one dataset is retained by the individual and the second dataset is stored on a central server as a secure database record. Each dataset in isolation presents uninformative data and it is only when all datasets are combined that the data is capable of being presented into a useable and informative format. | 11-25-2010 |
20100299532 | INFORMATION RECORDING DEVICE, INFORMATION REPRODUCING DEVICE, PROGRAM, AND RECORDING MEDIUM - In an information recording device ( | 11-25-2010 |
20100299533 | METHOD FOR SECURING AUTHORIZED DATA ENTRY AND THE DEVICE TO PERFORM THIS METHOD - The method for authorized data entry and securing the authenticity of such data when entering cryptographic operations provides that the application in the computer (A), requiring authorized data entry, sends a specific command to the STM module (C) which defines a template of input data intended to be cryptographically processed. This specific command switches the STM module (C) over to the secure typing mode, the STM module (C) autonomously controls the typing of required data items of the data template, by recording characters typed on the connected entry device (D) and the recorded characters are arranged by the STM module (C) in its internal memory in requested data structures defined by the input data template, and such created data are sent by the STM module (C) directly to the token (E) where the requested cryptographic operation is called, the result of which is sent to the computer (A) by the STM module (C), and subsequently the STM module (C) switches back to the transparent mode. For the devices according to the present invention, both the data entry device (D) and the external token (E) are connected to the computer (A) via an additional STM module (C) which is standardly in the transparent mode when transferring data between the computer (A) and connected peripherals, such as the data entry device (D) and the token (E), without affecting the process, with the computer (A) and connected peripherals, such as the data entry device (D) and the token (E), without affecting the process, with the specific command sent from the application in the computer (A) being a transferrable template of data defining the requirements for the input data of cryptographic operations and the STM module (C) which can be switched over to the secure typing mode where the STM module (C) autonomously controls data typing on the data entry device (D) and their cryptographic processing in the token (E). | 11-25-2010 |
20100299534 | DATA STORAGE DEVICE AND DATA STORAGE SYSTEM - In a data storage device, unauthorized access to stored data in the data storage device can be effectively prevented by encrypting and storing security data needed for data encryption, setting an encryption key to encrypt/decrypt the security data by a user, and receiving the encryption key from a host, if necessary, not storing the encryption key in the data storage device. | 11-25-2010 |
20100299535 | METHOD AND APPARATUS FOR EXTRACTING RASTER IMAGES FROM PORTABLE ELECTRONIC DOCUMENT - A disclosed method for extracting a raster image of a page from a portable electronic document that includes (a) acquiring commands and resources of the raster image of the page by analyzing a format of the portable electronic document, (b) extracting first and second candidate raster images by processing the commands and the resources of the raster image of the page, (c) integrating the first and second candidate raster images as an integrated candidate raster image provided that the first and second candidate raster images are linked together, and (d) removing a pseudo-raster image from the integrated candidate raster image. | 11-25-2010 |
20100299536 | ELECTRONIC DISCOVERY COMPUTER PROGRAM PRODUCT - A system, apparatus, method, and computer program product for electronically stored file profiling and conversion including converting printable files to images, supported by meta-data, and one or more searchable master text files. | 11-25-2010 |
20100306551 | PHYSICALLY MODIFYING A DATA STORAGE DEVICE TO DISABLE ACCESS TO SECURE DATA AND REPURPOSE THE DATA STORAGE DEVICE - A data storage device is disclosed comprising a non-volatile memory and control circuitry operable to evaluate a physical feature of the data storage device, wherein the physical feature is physically alterable by a user. When the physical feature is in a first state, host access to first secure data stored in the non-volatile memory is enabled, and when the physical feature is in a second state, the host access to the first secure data is disabled and host access to second data stored in the non-volatile memory is enabled. | 12-02-2010 |
20100306552 | SYSTEMS AND METHODS FOR PREVENTING UNAUTHORIZED USE OF DIGITAL CONTENT - Theft, distribution, and piracy of digital content (software, video, audio, e-books, any content of any kind that is digitally stored and distributed) is generally accomplished by copying it, if possible, or, if it is protected from being copied in any fashion, such piracy is based upon a number of reverse engineering techniques. Aside from the straightforward copying of unprotected content, all of these other methods require first an understanding of the protective mechanism(s) guarding the content, and finally an unauthorized modification of that protection in order to disable or subvert it. Methods that prevent a skilled individual from using reverse engineering tools and techniques to attain that level of understanding and/or prevent anyone from performing such modifications can offer significant advantages to content creators who wish to protect their products. | 12-02-2010 |
20100306553 | High-throughput cryptographic processing using parallel processing - This invention uses parallel processing to bring greater efficiencies to cryptographic processing of large amounts of data. This technique is scalable, can be applicable for protection of internet data, data moving between data processing centers, data in motion, data going into storage, data coming out of storage and similar large processing operations. | 12-02-2010 |
20100313037 | COLLECTIBLE CASE AUTHENTICATION SYSTEM, DEVICE AND METHOD - There is a collectible case authentication device and method configured to facilitate authentication of a collectible. The collectible case authentication device includes a secured housing and a data interface module. The collectible case authentication device also includes a data storage device including an authentication module. The authentication module includes an encryption module including a public key associated with a private key. The authentication module also includes a communication module configured to communicate over a computerized network with a computerized registry to authenticate the collectible. The authentication module further includes a digital signature derived from the private key. Furthermore, the authentication module includes a user interface module configured to provide a user interface. The collectible case authentication device also includes a global positioning module in communication with the data storage device and a secured receptacle securely coupled to the data storage device and configured to store a collectible. | 12-09-2010 |
20100313038 | INTEROPERABLE SYSTEMS AND METHODS FOR PEER-TO-PEER SERVICE ORCHESTRATION - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs. | 12-09-2010 |
20100313039 | SYSTEM AND METHOD FOR PROVIDING ENCRYPTION IN STORAGE OPERATIONS IN A STORAGE NETWORK, SUCH AS FOR USE BY APPLICATION SERVICE PROVIDERS THAT PROVIDE DATA STORAGE SERVICES - In accordance with embodiments of the invention, a method is provided for performing a storage operation in a pipeline storage system in which one or more data streams containing data to be stored are written into data chunks. The method includes generating an encryption key associated with a first archive file to be stored when encryption is requested for the storage operation, encrypting the archive data from the data stream using the encryption key to create an encrypted data chunk when a data stream containing the archive file is processed in the pipeline storage system, storing the encrypted data chunk on a storage medium, and storing the encryption key in a manner accessible during a restore operation of the encrypted data chunk. | 12-09-2010 |
20100318808 | METHOD AND A SYSTEM FOR THE CUSTOMISATION OF SMART OBJECTS - This present invention concerns a customization method that represents a saving in time and an increase in yield, in the electronic customization of smart objects in particular, by virtue of:—a stage for establishing communication links between a multiplicity of smart objects held on a portable support, and communication interfaces,—a stage for simultaneous unlocking of the smart objects by means of a first key,—a stage for the parallel transfer into the memory of the smart objects of customization data proper to each of the smart objects, with these data being transferred into at least one memory zone of each smart object,—a stage for the locking of each smart object by means of second keys, each proper to one of the smart objects and each associated with the customization data proper to this object. | 12-16-2010 |
20100318809 | METHOD AND SYSTEM FOR CONTROLLING PRESENTATION OF COMPUTER READABLE MEDIA ON A MEDIA STORAGE DEVICE - A method of controlling presentation of content on a media storage device is described. The method is comprised of verifying the presence of a media presentation mechanism and a usage compliance mechanism on a computer system operated by a recipient to whom the media storage device is distributed. The usage compliance mechanism includes a file system filter driver for controlling data reads associated with the computer readable media. The media presentation mechanism is communicatively coupled with the usage compliance mechanism. The present method further includes the file system driver performing a first decryption of the computer readable media. The present method further includes the media presentation mechanism performing a second decrypting of the computer readable media concurrent with presenting the computer readable media to the recipient. | 12-16-2010 |
20100325443 | Differential encryption utilizing trust modes - Systems and methods are provided for data protection across connected, disconnected, attended, and unattended environments. Embodiments of the inventions may include differential encryption based on network connectivity, attended/unattended status, or a combination thereof. Additional embodiments of the invention incorporate “trust windows” that provide granular and flexible data access as function of the parameters under which sensitive data is accessed. Further embodiments refine the trust windows concept by incorporating dynamic intrusion detection techniques. | 12-23-2010 |
20100325444 | DOCUMENT ENCRYPTING SYSTEM AND METHOD THEREOF - A document encrypting system encrypts data by comparing an ongoing operation with a number of predetermined restricted operations and generating a protection password according to a predetermined operation number and a predetermined computing rule. | 12-23-2010 |
20100325445 | MECHANISM TO HANDLE EVENTS IN A MACHINE WITH ISOLATED EXECUTION - A platform and method for secure handling of events in an isolated environment. A processor executing in isolated execution “IsoX” mode may leak data when an event occurs as a result of the event being handled in a traditional manner based on the exception vector. By defining a class of events to be handled in IsoX mode, and switching between a normal memory map and an IsoX memory map dynamically in response to receipt of an event of the class, data security may be maintained in the face of such events. | 12-23-2010 |
20100332843 | SUPPORT FOR SECURE OBJECTS IN A COMPUTER SYSTEM - A method and structure in a computer system, including a mechanism supporting a Secure Object that includes code and data that is cryptographically protected from other software on the computer system. | 12-30-2010 |
20100332844 | MAGNETIC DISK DEVICE AND COMMAND EXECUTION METHOD FOR MAGNETIC DISK DEVICE - According to one embodiment, a magnetic disk device includes a receiver, an encrypting-and-decrypting module, a read-and-write controller, a setting module, an order controller, an executing module. The receiver receives a command to write data to or read data from a recording medium segmented into a plurality of storage areas each corresponding to an encryption key. The command causes an access to at least one of the storage areas. The encrypting-and-decrypting module encrypts the data or decrypts the data using the encryption key. The read-and-write controller controls writing the data to the recording medium and reading data therefrom. The setting module sets the encryption key corresponding to the storage area accessed by the command to the encrypting-and-decrypting module. The order controller controls the execution order in which commands are executed and brings up the execution order of the command causing an access to the storage area. The executing module executes the commands in the execution order. | 12-30-2010 |
20100332845 | INFORMATION PROCESSING SERVER, INFORMATION PROCESSING APPARATUS, AND INFORMATION PROCESSING METHOD - Methods and apparatuses for selectively performing at least one of encryption or decryption of data and for requesting a process. An information processing server includes a communication unit configured to receive from an information processing apparatus a processing request and a cryptographic key, and includes first and second storage units configured to temporarily store the received cryptographic key and to store data. The information processing server also includes a process determining unit configured to determine a type of process requested based on the processing request, and an encryption processing unit configured to selectively perform, based on the determined type of process requested, at least one of encryption or decryption on the stored data using the cryptographic key. The cryptographic key temporarily stored in the first storage unit is deleted after the at least one of encryption or decryption on the stored data has been selectively performed. | 12-30-2010 |
20100332846 | SCALABLE INDEXING - Method and apparatus for constructing an index that scales to a large number of records and provides a high transaction rate. New data structures and methods are provided to ensure that an indexing algorithm performs in a way that is natural (efficient) to the algorithm, while a non-uniform access memory device sees IO (input/output) traffic that is efficient for the memory device. One data structure, a translation table, is created that maps logical buckets as viewed by the indexing algorithm to physical buckets on the memory device. This mapping is such that write performance to non-uniform access SSD and flash devices is enhanced. Another data structure, an associative cache is used to collect buckets and write them out sequentially to the memory device as large sequential writes. Methods are used to populate the cache with buckets (of records) that are required by the indexing algorithm. Additional buckets may be read from the memory device to cache during a demand read, or by a scavenging process, to facilitate the generation of free erase blocks. | 12-30-2010 |
20100332847 | ENCRYPTING PORTABLE MEDIA SYSTEM AND METHOD OF OPERATION THEREOF - A portable media system for a host computer system, and method of operation thereof, that includes: a controller in the portable media system for communicating clear information between the portable media system and the host computer system; and an encryption system in the portable media system for providing an encryption algorithm for the controller to decrypt cipher information for the host computer system. | 12-30-2010 |
20100332848 | SYSTEM AND METHOD FOR CODE SIGNING - A system and method for code signing. The entities may be software application developers or other individuals or entities that wish to have applications digitally signed. Signing of the applications may be required in order to enable the applications to access sensitive APIs and associated resources of a computing device when the applications are executed on the computing device. | 12-30-2010 |
20100332849 | INFORMATION PROCESSING APPARATUS, INFORMATION RECORDING MEDIUM MANUFACTURING APPARATUS, INFORMATION RECORDING MEDIUM, INFORMATION PROCESSING METHOD, INFORMATION RECORDING MEDIUM MANUFACTURING METHOD, AND COMPUTER PROGRAM - An information processing apparatus includes: a data processing unit that acquires content codes including a data processing program recorded in an information recording medium and executes data processing according to the content codes; and a memory that stores an apparatus certificate including an apparatus identifier of the information processing apparatus. The data processing unit is configured to execute an apparatus checking process applying the apparatus certificate stored in the memory on the basis of a code for apparatus checking process included in the content codes, acquire the apparatus identifier recorded in the apparatus certificate after the apparatus checking process, and execute data processing applying content codes corresponding to the acquired apparatus identifier. | 12-30-2010 |
20100332850 | CACHE STRUCTURE FOR A COMPUTER SYSTEM PROVIDING SUPPORT FOR SECURE OBJECTS - A method (and structure) of enhancing efficiency in processing using a secure environment on a computer, includes, for each line of a cache, providing an associated object identification label field associated with the line of cache, the object identification label field storing a value that identifies an owner of data currently stored in the line of cache. | 12-30-2010 |
20100332851 | METHOD FOR PROTECTING A CRYPTOGRAPHIC MODULE AND A DEVICE HAVING CRYPTOGRAPHIC MODULE PROTECTION CAPABILITIES - A device and a method for protecting a cryptographic module of which the method includes: estimating a functionality of a circuit that is adapted to malfunction when a physical parameter has a first value different from a nominal parameter value at which the cryptographic module functions correctly. The cryptographic module malfunctions when the physical parameter has a second value different from the nominal parameter value and a difference between the first value and the nominal parameter value being smaller than a difference between the second value and the nominal parameter value. A cryptographic module protective measure is applied if estimating that the circuit malfunctions. | 12-30-2010 |
20110004771 | ELECTRONIC TERMINAL, CONTROL METHOD, COMPUTER PROGRAM AND INTEGRATED CIRCUIT - An electronic terminal performs early detection of unauthorized analysis thereon and prevents unauthorized acquisition and falsification of confidential information that is not to be released to a third party. The electronic terminal stores confidential information that is protected by consecutive application of a plurality of protection measures for defense against an attack from a third party. The electronic terminal monitors for attacks to the protection measures from an external source, and upon detecting an attack on one protection measure, updates a protection state of the confidential information to a new protection state in which either a new protection measure has been added to a protection path from the one attacked protection means to the confidential information, or the one protection measure on the path has been updated to a higher defense level. | 01-06-2011 |
20110010559 | METHOD FOR ENCRYPTING DIGITAL FILE, METHOD FOR DECRYPTING DIGITAL FILE, APPARATUS FOR PROCESSING DIGITAL FILE AND APPARATUS FOR CONVERTING ENCRYPTION FORMAT - Disclosed herein are a digital file encryption method, a digital file decryption method, a digital file processing apparatus, and an encryption format conversion apparatus. The digital file encryption method includes encrypting a file using specific encryption information, storing the encrypted file in a file system, and storing the encryption information in a stream provided by the file system. Accordingly, since file lengths before and after encryption are identical to each other, an application needs not to consider a header length or perform offset correction when using an encrypted file. | 01-13-2011 |
20110010560 | Failover Procedure for Server System - A failover procedure for a computer system includes steps for routing traffic from a routing device to a first server, storing in the routing device data representing a fingerprint of the first server, receiving periodically at the routing device a status message from the first server, detecting at the routing device an invalid status message from the first server by absence of the fingerprint in a status message from the first server within a predetermined time period after last receiving a valid status message, and routing the traffic from the routing device to a second server in response to detecting the invalid status message from the first server. A redundant server system implementing the failover procedure may include servers each capable of generating its fingerprint by reading current system configuration data. | 01-13-2011 |
20110010561 | METHOD AND APPARATUS FOR CRYPTOGRAPHIC CONVERSION IN A DATA STORAGE SYSTEM - When data is encrypted and stored for a long time, encryption key(s) and/or algorithm(s) should be updated so as not to be compromised due to malicious attack. To that end, stored encrypted data is converted in the storage system with new set of cryptographic criteria. During this process, read and write requests can be serviced. | 01-13-2011 |
20110010562 | PROCESSING RECORDABLE CONTENT IN A STREAM - Methods and a systems are described for processing recordable content in a broadcast stream sent to a receiver, wherein said broadcast stream is protected in accordance with a conditional access system and wherein said receiver is configured for storing and consuming content in said broadcast stream in accordance with a digital rights management system. In this methods and systems recording information is sent in one or more entitlement control messages over a broadcast network to a receiver. Using the recording information in the entitlement control messages the receiver is able to store recordable events in a broadcast stream on a storage medium and to consume said recorded events in accordance with a digital rights management system. | 01-13-2011 |
20110010563 | METHOD AND APPARATUS FOR ANONYMOUS DATA PROCESSING - A system, a method and a computer readable medium for anonymizing collected data associated with one or more data owners is provided. An identifier is received and a hash process is performed using the identifier and a cryptographic salt to produce a hash output. The hash output is associated with an anonymous identifier. The anonymous identifier is then associated with the data. The anonymized data may then be provided to one or more third party processors for processing an analysis. | 01-13-2011 |
20110010564 | SERIALLY CONNECTED PROCESSING ELEMENTS HAVING FORWARD AND REVERSE PROCESSING TIME INTERVALS - Methods and apparatus provide a delayed clock signal to a plurality of serially connected processing elements, such as a bidirectional pipeline processor. The processing elements include forward and reverse processing paths and forward and reverse processing time intervals along the respective paths. The forward and reverse processing time intervals begin when a block of data, such as encryption data, is gated into an individual processing element for processing and terminate when the processed block of data is gated into a subsequent adjacent processing element along the respective forward or reverse processing path. A clock signal distribution circuit provides a clock signal to the plurality of processing elements such that the clock signal arrives at successive processing elements along the clock signal distribution circuit with an increasing amount of delay so that one of the forward or reverse processing time intervals is greater than the other. | 01-13-2011 |
20110016328 | INFORMATION INTERCHANGE SYSTEM AND APPARATUS - To overcome the drawback of difficulties when interchanging a patient's health record among different health information management systems and yet keep the patient's privacy, this invention proposes a method comprising the steps of: extracting, from a certificate, a signature of a first service provider and a first identifier; generating a second identifier corresponding to the first identifier; sending a request to any one of a second identifier manager and the first service provider so as to request a record associated with the first identifier; receiving the requested record from any one of the second identifier manager and the first service provider; and associating the requested record with the second identifier. Use of the proposed method provides the advantage that there is no need to unify all health information management systems adopting the same pseudonymization service, and makes it easy to share health information among different health information management systems without disclosing the patient's privacy. | 01-20-2011 |
20110016329 | INTEGRATED CIRCUIT CARD HAVING A MODIFIABLE OPERATING PROGRAM AND CORRESPONDING METHOD OF MODIFICATION - A smart card including a processor unit associated with a ROM and with a programmable ROM. The ROM contains an operating program that can be executed by the processor unit and that includes functional portions, each defining a function of the processor unit. The program includes an entry/exit point for each functional portion and an identifier is associated with each functional portion. The programmable ROM contains at least one substitutable functional portion suitable for substituting one of the functional portions of the ROM and associated with an identifier corresponding to the identifier of the corresponding functional portion of the ROM, and the processor unit is arranged to execute the substitutable functional portion instead of the corresponding substitutable functional portion of the ROM. | 01-20-2011 |
20110016330 | INFORMATION LEAK PREVENTION DEVICE, AND METHOD AND PROGRAM THEREOF - Provided is an information leak prevention device that prevents information in files from leaking without an access control rule. The information leak prevention device includes a data processing device, a file storage device and a key storage device. The data processing device includes an execution detection unit that detects the execution of the application for each user who starts the application with the use of an access identifier that is a combination of an identifier for identifying the application and an identifier for identifying the user who starts the application; a key confirmation unit that confirms whether a combination of encryption and decryption keys unique to the access identifier is in the key storage device; a key generation unit that generates the encryption and decryption keys unique to the access identifier and stores the access identifier and a combination of the encryption and decryption keys in the key storage device as a key element; an access detection unit that detects access to the file by the application for each of the users; and an encryption/decryption unit that acquires from the key storage device a combination of the encryption and decryption keys unique to the access identifier and encrypts and decrypts data with a combination of the encryption and decryption keys. | 01-20-2011 |
20110022848 | Method and Apparatus for Storing Confidential Information - Techniques for securely storing confidential information associated with a transaction are disclosed. An method for securely storing confidential information may include storing a data set related to a first transaction in a first server, the data set configured to be searchable by an authorized administrator, storing a plurality of encrypted files that include confidential information related to a plurality of transactions in a second server, including a first encrypted file that includes confidential information related to the first transaction, storing an identifier for the first encrypted file, where the identifier is configured to include at least one key required to access the confidential information related to the first transaction, linking the data set to the identifier, and limiting the access to the plurality of encrypted files by the administrator. | 01-27-2011 |
20110022849 | SYSTEM AND METHOD FOR SECURELY STORING INFORMATION - A system and method for storing information on a storage device is disclosed. An encrypted version of the information is stored on a storage device. The information is inspected in order to determine whether it may be stored on the storage device. If the information may be stored on the storage device then the stored encrypted version is decrypted, otherwise it is deleted. Other embodiments are described and claimed. | 01-27-2011 |
20110022850 | ACCESS CONTROL FOR SECURE PORTABLE STORAGE DEVICE - A secure portable storage device includes a control module. When a host sends a first key to the control module with a write command so as to command the control module to write the first key into a redirecting file, the control module stores the first key in a temporary working buffer and verifies whether the first key is valid; when the first key is valid, the control module sends a second key and an encrypted content data to the host for generating a third key by decrypting the second key according to the first key and decrypting the encrypted content data into a content data according to the third key. Moreover, when the host sends multiple read commands to the control module in sequence, the control module verifies whether a sequence of the read commands received is valid and sends the second key and the encrypted content data to the host for an encryption. Related apparatuses, methods and techniques also are provided. | 01-27-2011 |
20110022851 | DATA ENCRYPTION DEVICE - A portable data sensor tag ( | 01-27-2011 |
20110022852 | CRYPTOGRAPHIC COMPUTATION APPARATUS, CRYPTOGRAPHIC COMPUTATION PROGRAM, AND STORAGE MEDIUM - A flowchart shows a general processing procedure of cryptographic computation executed by a cryptographic computation apparatus | 01-27-2011 |
20110029783 | METHOD AND SYSTEM FOR SECURE HARDWARE PROVISIONING - Provisioning a computer related product, comprising manufacturing a product at a product manufacturing entity; maintaining a product control database at product authenticity responsible entity; assigning a first identifier to the product for the purpose of establishing a boot integrity identity of the product, said first identifier being an asymmetric private-public encryption key pair stored in the product control database; storing a copy of the public part of said first identifier (public boot integrity key) in a memory of the product; assigning a second identifier to the product for the purpose of establishing a logistics identity of the product, said second identifier comprising manufacturing information such as a serial number for the product; storing said second identifier indicating the logistics identity in the product control database; assigning a third identifier for the product for the purpose of establishing a production identity of the product, said third identifier being an asymmetric private-public encryption key pair generated by activating an encryption key generator chip provided in the product; extracting and storing a copy of the public part of said third identifier indicating a production identity in the product control database; maintaining the private part of said third identifier indicating a production identity in a storage means of the product. | 02-03-2011 |
20110029784 | METHOD OF PROCESSING DATA PROTECTED AGAINST FAULT INJECTION ATTACKS AND ASSOCIATED DEVICE - A method of cryptographic processing of data (X), in particular a method protected against fault injection attacks, and an associated device. The processing includes at least one transformation ( | 02-03-2011 |
20110029785 | DISK DRIVE DATA ENCRYPTION - Embodiments include methods, apparatus, and systems for storage device data encryption. One method includes encrypting data on a storage device with a key and then transmitting the key to a cryptographic module that encrypts the key to form a Binary Large Object (BLOB). The BLOB is transmitted to an array controller that is coupled to the storage device which stores the BLOB. | 02-03-2011 |
20110035599 | APPARATUS AND METHOD FOR GENERATING UNPREDICTABLE PROCESSOR-UNIQUE SERIAL NUMBER FOR USE AS AN ENCRYPTION KEY - A microprocessor includes a manufacturing ID that is stored in the microprocessor during manufacture thereof in a non-volatile manner. The manufacturing ID is unique to the microprocessor. The microprocessor also includes a secret encryption key that is stored internally within the microprocessor and unreadable externally from the microprocessor. The microprocessor also includes an AES encryption engine, coupled to receive the manufacturing ID and the secret encryption key, configured to encrypt the manufacturing ID using the secret encryption key to generate an unpredictable key that is unique to the microprocessor. | 02-10-2011 |
20110035600 | METHOD AND DEVICE FOR TRANSCODING DURING AN ENCRYPTION-BASED ACCESS CHECK ON A DATABASE - A device for transcoding during an encryption-based access check of a client device to a databank, which provides a data set in an encrypted area, has: a unit for assigning a specific access level of the client device and for providing a corresponding first group key of the client device as a function of a registration parameter, wherein the client device is allowed access to a first area, which is encrypted using the first group key, and all areas of the database subordinate to the first area as a function of the assigned access level; a unit for providing a classification result depending on a classification of the data set of the particular area by one of the client devices allowed to access the particular area; and a unit for transcoding the data set and/or a data set key for the data set as a function of the classification result. | 02-10-2011 |
20110040980 | File Management Safe Deposit Box - Safe deposit box functionality is disclosed. In one aspect, first input dragging-and-dropping a first file representation onto a safe deposit box icon is received, and a file corresponding to the first file representation is encrypted. Second input selecting the safe deposit box icon is received from a user. The user's identity is verified in response to the second input. A safe deposit box window, including a second file representation of the file, is displayed. A user is allowed access to the file in response to third input selecting the second file representation. | 02-17-2011 |
20110040981 | Synchronization of Buffered Audio Data With Live Broadcast - Various techniques relating to the buffering of a live audio broadcast on an electronic device and the subsequently playback the buffered data are provided. In one embodiment, the playback speed of the buffered data may be increased relative to the actual speed at which the data was originally broadcasted. If the buffered playback (using the increased playback speed) synchronizes or catches up to the live broadcast, the electronic device may disable buffering and output the live stream instead. This decreases processing demands by lowering processing cycles required for buffering (encoding, etc.) and playback of the buffered data (decoding, etc.), thereby reducing power consumption. | 02-17-2011 |
20110040982 | FILE ENCRYPTION METHOD - A file encryption method is provided. A first constant and a second constant are set. First one character of the first file is converted in a predetermined order to a first binary ASC code consisting of a high level and a low level. A logical exclusive OR is performed between the high level and the first constant to obtain a first result, and a logical exclusive OR is performed between the high level and the second constant to obtain a second result. A second binary ASC code is obtained. The second binary ASC code is converted to a second character. A second file is obtained. | 02-17-2011 |
20110040983 | SYSTEM AND METHOD FOR PROVIDING IDENTITY THEFT SECURITY - A system and method of providing identity theft security is provided. The system and method utilizes a computer program that identifies, locates, secures, and/or removes from computers, computer systems and/or computer networks personally identifying and/or other sensitive information in different data formats. The computer program utilizes a multi-tiered escalation model of searching/identifying sensitive information. The computer program of the instant invention utilizes a self-learning process for fine-tuning a level of scrutiny for identifying potentially sensitive information. | 02-17-2011 |
20110040984 | METHOD FOR STARTING A KEYBOARD OF A SELF-SERVICE TERMINAL - A method for commencing operation of a keypad (EPP) of a self-service terminal,
| 02-17-2011 |
20110055588 | METHODS AND SYSTEMS FOR SECURELY TERMINATING PROCESSES IN A CLOUD COMPUTING ENVIRONMENT - When terminating a process instantiated in a cloud, a cloud management system can provide and interact with an eraser agent on the computing systems supporting the process. The process can be any type of process that can exits in the cloud such a virtual machine, software appliance, or software instance. The eraser agent can execute on the computing systems to erase information stored on physical storage devices of the computing systems and associated with the process. In particular, the eraser agent can utilize secure algorithms to alter and obscure the information stored on the physical storage devices of the computing systems and associated with the process. | 03-03-2011 |
20110055589 | INFORMATION CERTIFICATION SYSTEM - The invention discloses an information certification system including a data processing device and a portable storage medium. The portable storage medium includes a transmission interface and a memory array. The portable storage medium is removably coupled to the data processing device through the transmission interface. The memory array includes a hidden storage area. When a protected program is executed on the data processing device, the data processing device sends a certification request to the portable storage medium. The portable storage medium checks the certification request and selectively returns certification information stored in the hidden storage area back to the data processing device. Wherein, the certification information corresponds to the protected program. | 03-03-2011 |
20110055590 | APPARATUS AND METHOD FOR COLLECTING EVIDENCE DATA - An apparatus for collecting evidence data includes: an online data collection unit for collecting online data from a location designated by a user; a screen capture unit for capturing shots viewed on a computer screen, as they are; a time stamping unit for calculating a message digest for the collected online data to generate a time stamp including date and time when the message digest has been generated and a signature of the time stamping unit itself; and an image generation unit for generating a forensic image for the collected online data and generating a message digest for the collected online data. | 03-03-2011 |
20110055591 | METHOD FOR CRYPTOGRAPHIC DATA PROCESSING, PARTICULARLY USING AN S BOX, AND RELATED DEVICE AND SOFTWARE - A method for data cryptographic processing, that is implemented by an electronic entity and includes the conversion of input data (M′i−1), masked by an input mask (X), into output data, the conversion using a conversion table (S), and the method including the following steps: for at least one plurality of possible values (A) for the input mask (X), transferring the output value of the conversion table (S) corresponding to the masked input data (M′i−1) converted by the application of an unmasking operation using the possible value (A), into a table (T) at a position corresponding to a determined value (0) masked by the input mask (X) and converted by the application of an unmasking operation using the possible value (A); determining the output data using the value located in the table (T) at the position corresponding to the determined value (0). | 03-03-2011 |
20110060915 | Managing Encryption of Data - In an illustrative embodiment, a method, computer program product, and apparatus for managing encryption of data are provided. The method comprises determining whether the number of data units contains a known pattern responsive to receiving a number of data units to write to a storage device; storing the number of data units on the storage device in an unencrypted form responsive to a determination that the number of data units contains the known pattern; encrypting the number of data units to form encrypted data units responsive to an absence of a determination that the data contains the known pattern; and storing the encrypted data units on the storage device. | 03-10-2011 |
20110060916 | DATA MANAGEMENT UTILIZING ACCESS AND CONTENT INFORMATION - A system for operating an enterprise computer network including multiple disparate clients, data elements and computer resources, the system including monitoring and collection functionality for providing continuously updated metadata relating to at least one of actual access, access permissions and content of the data elements and operating functionality utilizing the continuously updated metadata provided by the monitoring and collection functionality for functions other than reporting the at least one of actual access, access permissions and content or recommending changes in the access permissions. | 03-10-2011 |
20110060917 | CRYPTOGRAPHIC SYSTEM FOR PERFORMING SECURE COMPUTATIONS AND SIGNAL PROCESSING DIRECTLY ON ENCRYPTED DATA IN UNTRUSTED ENVIRONMENTS. - Disclosed embodiments include a cryptographic system implemented in at least one digital computer with one or more processors or hardware such as FPGAs for performing secure computations, analysis, and signal processing directly on encrypted data in untrusted environments. According to a basic embodiment, the proposed cryptographic system comprises: (a) at least one secure protocol for performing matrix multiplications in the encrypted domain, and (b) at least one secure protocol for solving systems of linear equations in the encrypted domain. According to a particular embodiment, the system comprises a plurality of privacy-preserving protocols for solving systems of linear equations (SLE) directly based on homomorphic computation and secret sharing. More specifically, according to a particular embodiment, the system uses a protocol whereby systems of linear equations are solved securely by direct Gaussian elimination using a secure protocol without imposing any restrictions on the matrix coefficients. | 03-10-2011 |
20110060918 | CRYPTOGRAPHIC SYSTEM FOR PERFORMING SECURE ITERATIVE COMPUTATIONS AND SIGNAL PROCESSING DIRECTLY ON ENCRYPTED DATA IN UNTRUSTED ENVIRONMENTS - Disclosed embodiments include a cryptographic system implemented in at least one digital computer with one or more processors or hardware such as FPGAs for performing iterative secure computations, analysis, and signal processing directly on encrypted data in untrusted environments. According to a basic embodiment, the proposed cryptographic system comprises: (a) at least one secure protocol for performing matrix multiplications in the encrypted domain, and (b) at least one secure iterative protocol for solving systems of linear equations in the encrypted domain. According to a particular embodiment the system comprises a plurality of privacy-preserving protocols for solving systems of linear equations (SLE) directly based on homomorphic computation and secret sharing. More specifically, according to a particular embodiment the system uses a protocol whereby systems of linear equations are solved securely and iteratively without imposing any restrictions on the matrix coefficients. | 03-10-2011 |
20110060919 | ENCRYPTION KEYS - A system is provided which includes a key memory storing a group of keys for use in decryption and a programmable memory configured to store a set of rules governing access to the key memory and a first engine for deriving a first key using a second key from the key group. The engine is configured to transmit a request for access to the second key from the key memory. The system further includes logic connected between the engine and the key memory and further connected to the programmable memory. The logic is configured to receive the request from the engine and to use the set of rules to control the access to the second key in the key memory. The programmable memory is writeable in situ to replace the set of rules with an alternative set of rules. | 03-10-2011 |
20110060920 | DISTRIBUTED DATA STORAGE DEVICE - The invention relates to a distributed data memory unit comprising a plurality of memory units, each having memory means and an access controller, an authentication unit comprising memory means and a validation unit, an execution controller comprising an execution controller module and an access verification unit, the execution controller communicating with the memory units and the authentication unit. At least one unambiguous electronic cipher is stored in the memory means of the authentication unit, the access verification unit has an access controller module and a memory unit. A first unambiguous cipher, which corresponds to a stored cipher of the authentication unit is stored in the memory unit and an assignment table is stored in the memory means of the memory unit. The invention also relates to a method for operating a distributed data memory unit. | 03-10-2011 |
20110066861 | DIGITAL CONTENT MANAGEMENT AND DELIVERY - Methods, systems, and apparatus for digital content management and distribution are provided. In an example, a plurality of unique keys can be provide, wherein each unique key corresponding to one or more docks for accessing digital content. A selection of at least one item of digital content can be received from a user and an indication of a dock corresponding to the user can also be received. A unique key can be selected from the plurality of unique keys corresponding to the dock of the user, and the at least one item of digital content can be encrypted based on the selected unique key. | 03-17-2011 |
20110066862 | METHOD FOR OUTPUTTING IMAGE DATA, IMAGE PROCESSING APPARATUS, AND COMPUTER-READABLE STORAGE MEDIUM FOR COMPUTER PROGRAM - A method for outputting image data generated by an image processing apparatus to a portable storage medium connected to an interface is provided. The method includes the following steps of: issuing an identifier of the image data; writing the identifier into the storage medium without waiting for the image data to be generated completely; after generating the image data, associating the image data with the identifier and storing the image data in a storage portion; reading out the identifier from the storage medium when the storage medium is connected to the interface again; and writing, into the storage medium, the image data stored in the storage portion in association with the identifier thus read out. | 03-17-2011 |
20110066863 | IDENTITY-BASED ENCRYPTION OF DATA ITEMS FOR SECURE ACCESS THERETO - The invention uses the concept of identity-based encryption in the context of data-centric protection of electronic health records, where each data item is encrypted by using its own identifier as a public key. The corresponding decryption keys are managed by special trusted entities, which distribute the keys to authorized parties and provide logging facilities. This approach has the particular advantage that emergency access mechanisms can 5 be implemented in a secure and extremely efficient way. In contrast to previous approaches, it requires no large-scale distribution of secret decryption keys. Furthermore, the scheme allows limiting the impact of a compromised decryption key, as one key can only be used to decrypt one single document. | 03-17-2011 |
20110072275 | Detecting counterfeit products - In some embodiments an indication of an intended use of a logic device is stored in a register of the logic device, and any further programming of the register is prevented. Other embodiments are described and claimed. | 03-24-2011 |
20110072276 | DATA STORAGE APPARATUS HAVING CRYPTION AND METHOD THEREOF - A storage apparatus including a storage unit to store data, a processor unit to process the data according to a command received from an external device, a key unit to store a plurality of crypto keys, and a decoder unit to select one of the crypto keys according to address information of the command received from the external device. Hardware encryption is more secure and less complex to manage. | 03-24-2011 |
20110072277 | INTEGRATED CIRCUIT AND ELECTRONIC APPARATUS - An integrated circuit includes a semiconductor-circuit layer; metal layers formed on the semiconductor-circuit layer, one of the metal layers being a metal layer in which an active shield is formed; and an antenna formed by patterning in at least one of the metal layers that are below the metal layer in which the active shield is formed. The semiconductor-circuit layer includes an encryption circuit configured to receive a drive voltage and to perform encryption arithmetic; a power-supply circuit configured to provide the drive voltage to the encryption circuit; and a circuit system configured to receive a power-supply voltage from an external power supply. | 03-24-2011 |
20110078456 | Encrypted Communication Device with Limited Number of Encryption Key Retrievals from Memory - A device for encrypted communication with external entities is configured to frustrate side channel attacks attempting to determine an encryption key. The device has a first memory, an encryption key stored in the first memory and a one-way function for application to the encryption key. During use, the encryption key is retrieved from the first memory prior to application to the one-way function and the device is configured to limit the number of times the encryption key is allowed to be retrieved from the non-volatile memory to a pre-determined threshold. | 03-31-2011 |
20110078457 | Method of Encrypted Communication with Restricted Rate of Stored Encryption Key Retrievals - A method of encrypted communication between entities in a manner that frustrates side channel attacks attempting to determine an encryption key. The method involves providing a device with an encryption key stored in memory, providing an external entity with identity data for transmission to the device, applying a one way function to the encryption key and the identity data to generate a variant key, authenticating communications between the device and the external entity with the variant key and limiting the number of times the encryption key is retrieved from the first memory in a given period of time. | 03-31-2011 |
20110078458 | CONTENTS PROCESSING DEVICE AND CONTENTS PARTIAL INTEGRITY ASSURANCE METHOD - A contents processing device includes a management data storage unit to store an updater identifier and a private key, an accepting unit to accept a content which is divided into a plurality of blocks, an updating type indicating a type of an updating as to the content, an updated block to be updated of the content, and an updated position, an inserting unit to generate an updated content by inserting the updating block into the updated position of the content, a first hash value calculating unit to calculate a hash value as to the updated block, a signature unit to read out the updater identifier and the private key from the management data storage unit to generate a digital signature using the private key as to updating record information including the updater identifier, the updated position, the hash value as to the updated block, and the updating type. | 03-31-2011 |
20110078459 | SIGNATURE GENERATING DEVICE AND METHOD, SIGNATURE VERIFYING DEVICE AND METHOD, AND COMPUTER PRODUCT - A signature generating device includes a receiving unit that receives a sequence of data; a summary data generating unit that generates summary data of the data upon reception of each of the data by the receiving unit; an obtaining unit that obtains, when the number of data included in a sequence of the generated summary data reaches a given number, the sequence of the summary data as a block; a setting unit that sets, as a signature subject, a current block constituted by the sequence of the summary data, and the summary data selected from at least one block contiguous to the current block; a digital signature generating unit that generates a digital signature concerning data summarized for the current block; and a sending unit that sends the generated digital signature, the signature subject associated with the digital signature, and the data summarized for the current block. | 03-31-2011 |
20110078460 | Apparatus for Logging a Configuration of a Microprocessor System and Method for Logging a Configuration of a Microprocessor System - An apparatus includes a logging apparatus and a configuration apparatus. The logging apparatus has a security module operable to create a manipulation-proof log. The configuration apparatus is operable to configure a configurable microprocessor system. The configuration apparatus is further operable to be coupled to the logging apparatus in order to log a configuration of the microprocessor system using the logging apparatus. | 03-31-2011 |
20110078461 | SYSTEM AND METHOD FOR COMMUNICATION IN A WIRELESS MOBILE AD-HOC NETWORK - A system and method for improving digital communication in a wireless mobile ad-hoc network. More specifically, the system includes one or more portable network devices operable to support the seamless operation of a self-initializing, self-healing, adaptive portable network. The portable network devices implement protocols that provide bandwidth management capabilities for use with radios, routers and other wireless network devices. Each portable network device includes at least one wireless transceiver, a processor and control software. The processor and control software are logically coupled to the wireless transceiver to facilitate digital communication via a plurality of communication channels with other network devices. | 03-31-2011 |
20110083019 | PROTECTING DE-DUPLICATION REPOSITORIES AGAINST A MALICIOUS ATTACK - Methods and systems for protecting de-duplication repositories against a malicious attack are disclosed. One method receives at least one block of data to store in a data storage system. A de-duplication engine comprising a secret key is utilized to generate a secret key hash of the at least one block of data. A comparison of the secret key hash of the at least one block of data with a secret key hash table of previously stored data on the data storage system to identify duplicated data, the secret key hash comparing protecting the data storage system against a malicious attack. | 04-07-2011 |
20110083020 | SECURING A SMART CARD - The invention provides a method for securing a smart card ( | 04-07-2011 |
20110087893 | APPARATUS AND METHOD FOR PREVENTING FALSIFICATION OF BLACK BOX DATA - Provided are an apparatus and method for preventing falsification of black box data. The apparatus for preventing falsification of black box data includes a driving information storage module and a falsification prevention module. The driving information storage module stores a driving information data which is collected by a black box. The falsification prevention module encrypts the driving information data to generate a falsification determination data through a predetermined encryption mechanism, and stores the falsification determination data. | 04-14-2011 |
20110087894 | METHOD OF MANAGING MULTIMEDIA DATA AND MOBILE COMMUNICATION TERMINAL EQUIPPED WITH FUNCTION OF MANAGING MULTIMEDIA DATA - A mobile communication terminal having a function of managing multimedia data is provided, including: a main memory including a multimedia database storing the multimedia data; a signal processor converting the multimedia data stored in the main memory into data of a format suitable to be output to a display of the mobile communication terminal; a back_end chip which processes the multimedia data outputted from the signal processor, stores digest information of multimedia data upon occurrence of an update event of the multimedia data, and provides the stored digest information upon receiving a signal of requesting the digest information to be synchronized; and a front_end chip including a controller which requests the digest information stored in the back_end chip, compares and synchronizes the digest information offered from the back_end chip and digest information stored in advance in the front_end chip. | 04-14-2011 |
20110093720 | Storage of KeyID in Customer Data Area - A key identifier for an encryption key repository is stored with customer data on a logical device. When the customer data is compressible, the key identifier is stored in space freed by compressing the customer data. When the customer data is not compressible, a portion of the customer data is copied to a key record in the key repository identified by the key identifier, and the key identifier overwrites the copied customer data. | 04-21-2011 |
20110093721 | PARAMETERIZABLE CRYPTOGRAPHY - Some embodiments provide systems and techniques for performing parameterizable cryptography. An encryption key can be determined based at least on a string associated with an authorization policy. The encryption key can then be used to encrypt information. The decryption key can also be determined based at least on the string associated with the authorization policy. Note that the authorization policy must be satisfied to decrypt information. In some embodiments, the systems and techniques for performing parameterizable cryptography are blindable. These blindable embodiments can be used to preserve privacy. | 04-21-2011 |
20110093722 | Apparatuses, Systems, And Methods For Renewability With Digital Content Protection Systems - In one embodiment of the invention, a format for renewability content (e.g., a System Renewability Message (SRM)) corresponding to a content protection protocol (e.g., High-Bandwidth Digital Content Protection (HDCP)) may be interoperable with devices that are compliant with different versions of the standard (e.g., HDCP1.x and 2.x devices) and that include different amounts of storage for the renewability content (e.g., first and second generation devices). | 04-21-2011 |
20110099386 | DEVICE AND METHOD FOR DETECTING A MANIPULATION OF AN INFORMATION SIGNAL - The present invention relates to a device for detecting a manipulation of an information signal, having an extractor for extracting an information signal component characteristic for the information signal from the information signal, an encryptor for encrypting the information signal component to obtain an encrypted signal, and a comparator for comparing the encrypted signal to a reference signal, wherein the reference signal is an encrypted representation of a non-manipulated reference signal component of a reference information signal to detect the manipulation. | 04-28-2011 |
20110107108 | CONTENT RECORDER/PLAYER AND CONTENT WRITING AND READING METHOD - A content recorder/player. The content recorder/player includes a first data-storage medium including a first data-storage area, a second data-storage medium including a second data-storage area, and a control section. The control section is configured: to encrypt information groups having a predetermined relationship for writing into the first data-storage area; to generate and to encrypt an individual information group from which the information having the predetermined relationship is omitted, and to perform writing thereof into the second data-storage area; to read and to decrypt the individual information group, and to read and to decrypt an information group recorded on a first recording-destination location; and to restore, from an information group read from the second data-storage area, and from an information group read from the first data-storage area, an information group correlated with the content data based on the predetermined relationship, and to transmit the restored information group to an external device. | 05-05-2011 |
20110107109 | STORAGE SYSTEM AND METHOD FOR MANAGING DATA SECURITY THEREOF - A method for managing data security of a storage system includes dividing a storage unit of the storage system into a data access block and a key block. An encryption key input is used to set the encryption key, the data access block is encrypted using the set encryption key, and the set encryption key is stored in the key block. The data access block may be decrypted using the decryption key under the condition that the decryption key corresponds to the set encryption key. | 05-05-2011 |
20110107110 | INFORMATION PROCESSING APPARATUS, CONTROL METHOD AND COMPUTER-READABLE MEDIUM - An information processing apparatus that performs mapping of a data field in a database to a document template holding a variable area according to a mapping rule defined in the variable area, thereby generating print data for each record in the database, the information processing apparatus comprises: an accepting unit configured to accept designation from a user regarding whether or not to perform encryption of the data field referred to by the mapping rule, for each data field; a determination unit configured to determine whether or not to encrypt content that is to be applied to the variable area based on the data field for which encryption designation is accepted by the accepting unit and the mapping rule; and a generation unit configured to encrypt the content that is to be applied to the variable area and that is determined to be encrypted by the determination unit. | 05-05-2011 |
20110107111 | INFORMATION CARRIER COMPRISING ACCESS INFORMATION AND DUMMY INFORMATION - The invention relates to an information carrier for holding user information, the information carrier comprising access information for accessing the user information, the access information being stored in a pre-determined first region on the information carrier. The information carrier further comprises at least one further region different from the first region, the further region comprising dummy information. | 05-05-2011 |
20110113256 | Secure Method for Processing a Content Stored Within a Component, and Corresponding Component - The component comprises a first memory (MM) comprising a first portion (P | 05-12-2011 |
20110113257 | SYSTEMS AND METHODS FOR MANIPULATING AND MANAGING COMPUTER ARCHIVE FILES - A computer program for managing and manipulating archive zip files of a computer. The program includes a system and method for opening, creating, and modifying, and extracting zip archive files. The program is fully integrated into Microsoft Windows Explorer and is accessed via Explorer menus, toolbars, and/or drag and drop operations. An important feature of the program is the archive manager which may be used to open a zip file, create a new zip file, extract zip files, modify zip files, etc. The program is integrated into Microsoft Windows Explorer using the shell name space extension application program interface developed by Microsoft. | 05-12-2011 |
20110113258 | INFORMATION PROCESSING DEVICE, INFORMATION RECORDING MEDIUM MANUFACTURING DEVICE, INFORMATION RECORDING MEDIUM, METHODS THEREOF, AND COMPUTER PROGRAM - An information processing device for executing reproduction processing of content recorded in an information recording medium that includes: a data processing unit for acquiring content codes including a program or application information to be applied to the recording content of the information recording medium, and executing data processing in accordance with the acquired content codes. The data processing unit executes the verification processing of a digital signature which allows tampering verification of the entire content codes included in a content code file storing the content codes, and as the verification result, executes data processing in accordance with the content codes on the condition that validity of the content code file has been confirmed. | 05-12-2011 |
20110119498 | IMPLEMENTING DATA CONFIDENTIALITY AND INTEGRITY OF SHINGLED WRITTEN DATA - A method, apparatus and a data storage device are provided for implementing data confidentiality and integrity of data stored in overlapping, shingled data tracks on a recordable surface of a storage device. A unique write counter is stored for each zone written to the recordable surface of the storage device. An encryption key is used together with the write counter information and a logical block address to encrypt each sector being written, and to decrypt all sectors being read. An individual sector is decrypted, obtaining the write counter information and reading the data sector. A message authentication code is stored for each zone. All sectors of the zone are read to perform integrity check on a sector. | 05-19-2011 |
20110119499 | INFORMATION PROCESSING APPARATUS, CONTROL METHOD FOR THE SAME, PROGRAM AND STORAGE MEDIUM - An information processing apparatus that generates private information used as one of an encryption key for encrypting data or a generation key for generating falsification detection information used in detecting falsification of data, comprises a storage unit adapted to prestore key information, an input unit adapted to input calculation target information, a calculating unit adapted to perform a calculation on targeted information based on the key information held in the storage unit, a detecting unit adapted to detect a predetermined event, and a control unit adapted, when triggered by detection of the event by the detecting unit, to perform controls to generate the private information by making the calculating unit perform the calculation with the input calculation target information as the targeted information, and to place the key information stored in the storage unit in an unusable state. | 05-19-2011 |
20110119500 | SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied. | 05-19-2011 |
20110119501 | SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied. | 05-19-2011 |
20110119502 | SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, bound key operations on ciphertext and/or data are implemented. A bound key operation can receive both data to be signed and a bound key blob that is bound to one or more processors, recover a private key from the bound key blob, and generate a digital signature over the data using the private key. A bound key operation can alternatively receive both ciphertext and a bound key or bound key structure bound to one or more processors, recover or reconstruct a private key based on the bound key or bound key structure, and use the private key to generate plaintext corresponding to the ciphertext. | 05-19-2011 |
20110126025 | Active Intelligent Content - Active intelligent content is aware of its own timeline, lifecycle, capabilities, limitations, and related information. The active intelligent content is aware of its surroundings and can convert automatically into a format or file type more conducive to the device or environment it is stored in. If the active intelligent content does not have the required tools to make such a transformation, it is self-aware enough to seek out the tools and/or information to make that transformation. Such active intelligent content can be used for enhanced file portability, target advertising, personalization of media, and selective encryption, enhancement, and restriction. The content can also be used to collaborate with other content and provide users with enhanced information based on user preferences, ratings, costs, genres, file types, and the like. | 05-26-2011 |
20110131419 | SEARCHING DATA - A device or “dongle” ( | 06-02-2011 |
20110131420 | COMPUTING ENTITIES, PLATFORMS AND METHODS OPERABLE TO PERFORM OPERATIONS SELECTIVELY USING DIFFERENT CRYPTOGRAPHIC ALGORITHMS - Described herein is a computing platform incorporating a trusted entity, which is controllable to perform cryptographic operations using selected ones of a plurality of cryptographic algorithms and associated parameters, the entity being programmed to record mode of operation information, which is characterised by the algorithms and associated parameters that are selected to perform an operation. | 06-02-2011 |
20110131421 | METHOD FOR INSTALLING AN APPLICATION ON A SIM CARD - A method of installing an application on a SIM card is disclosed. A host agent in a host device installs an application on a Subscriber Identity Module card from a non-volatile storage device. The host agent coordinates mutual authentication between the non-volatile storage device and a Subscriber Identity Module card in the host device. If the mutual authentication is successful, the host agent reads an application from the non-volatile storage device and installs the application on the Subscriber Identity Module card, wherein installing the application enables the Subscriber Identity Module card to execute the application. The application may be protected from tampering or unauthorized copying during the host agent transfer by creation of a secure communication channel or transferring encrypted applications. The Subscriber Identity Module card may verify the signature associated with an application before installation to prevent the installation of unauthorized or tampered applications. | 06-02-2011 |
20110131422 | Systems and Methods Using Cryptography to Protect Secure Computing Environments - Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)—allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment. Several dissimilar digital signature algorithms may be used to reduce vulnerability from algorithm compromise, and subsets of multiple digital signatures may be used to reduce the scope of any specific compromise. | 06-02-2011 |
20110131423 | SYSTEM AND METHOD FOR SECURING A USER INTERFACE - The invention relates to a method for securing a user interface that comprises a user interface including one or more peripheral hardware devices of the user interface for interaction with said interface, said peripheral hardware devices being driven by driver software, and one or more applications using the user interface. The invention also relates to a method for securing such an interface. The system of the invention is characterised in that the same further comprises a hypervisor and one or more virtual machines, the drivers of the peripheral hardware devices of the user interface being divided into two portions, i.e. a main portion of said drivers under the control of the hypervisor and a front-end portion of said drivers under the control of the virtual machines, wherein the front-end portion of the securing software component is in charge of managing the front-end portion of the drivers and the main portion of the securing software component is in charge of managing the main portion of the drivers. The invention can particularly be used in onboard systems. | 06-02-2011 |
20110131424 | ZERO DIVISORS PROTECTING EXPONENTIATION - The invention relates to a method and to an electronic device for securing the computation of a modular exponentiation x=m | 06-02-2011 |
20110138189 | SYSTEMS AND METHODS FOR MANAGING STORAGE DEVICES - Systems and methods for managing storage devices are provided. The functionalities of smart card and micro SD card are integrated into a storage device to expand the effective storage capacity. The system includes a storage device having a storage area, a microcontroller, and a microprocessor. The microcontroller receives an access request, determines whether the access request conforms to a specific protocol or whether the access request is requesting to activate the microprocessor, and transmits the access request to a microprocessor when the access request conforms to the specific protocol or when the access request is requesting to activate the microprocessor. The microprocessor executes a Card Operating System (COS), and manages the storage area by performing the access request based on the COS. Further, the segmentation of expanded storage space and independent management/security mechanism for segmented spaces also make it possible to perform multi-applications for different card organizations/issuers. | 06-09-2011 |
20110138190 | GRAPH ENCRYPTION - A storage system stores information about a graph in an encrypted form. A query module can submit a token to the storage system to retrieve specified information about the graph, e.g., to determine the neighbors of an entity in the graph, or to determine whether a first entity is connected to a second entity, etc. The storage system formulates its reply to the token in a lookup result. Through this process, the storage system gives selective access to information about the graph to authorized agents, yet otherwise maintains the general secrecy of the graph from the perspective of unauthorized agents, including the storage system itself. A graph processing module can produce encrypted graph information by encrypting any representation of the graph, such as an adjacency matrix, an index, etc. | 06-09-2011 |
20110138191 | SECURE DATA CACHE - This invention is generally concerned with methods, apparatus and computer program code for securely caching\data, in particular for caching data stored on smart card systems such as those used in ICAO-compliant EU electronic passports. A caching system for providing a secure data cache for data stored in an electronic document, the comprising: an input to receive data to be cached; a processor configured to use all or part of said received data to calculate a unique cryptographic key for said data; encrypt all or part of said data with said unique cryptographic key; and discard said unique cryptographic key after encryption and an output to send said encrypted data to a data cache, with decryption of encrypted data requiring said unique cryptographic key to be recalculated from said electronic document whereby said data cache is secure. Use of such a cache dramatically speeds up the inspection process, by bypassing the need to read data entirely, except for during the first inspection. | 06-09-2011 |
20110138192 | Verifiable, Leak-Resistant Encryption and Decryption - This patent describes techniques usable by devices to encrypt and decrypt sensitive data to in a manner that provides security from external monitoring attacks. The encrypting device has access to a base secret cryptographic value (key) that is also known to the decrypting device. The sensitive data are decomposed into segments, and each segment is encrypted with a separate encryption key derived from the base key and a message identifier to create a set of encrypted segments. The encrypting device uses the base secret cryptographic value to create validators that prove that the encrypted segments for this message identifier were created by a device with access to the base key. The decrypting device, upon receiving an encrypted segments and validator(s), uses the validator to verify the message identifier and that the encrypted segment are unmodified, then uses a cryptographic key derived from the base key and message identifier to decrypt the segments. Derived keys and validators are produced using methods designed to preserve security even if cipher and hashing operations leak information. Embodiments for systems including SoCs, firmware loading, FPGAs and network communications are described. | 06-09-2011 |
20110138193 | PRODUCT SECURITY SYSTEM - The present invention relates to a product information system and a corresponding method in a product information system with products | 06-09-2011 |
20110145591 | ADAPTIVE VIRTUAL ENVIRONMENT MANAGEMENT SYSTEM - A user computing system configured to host a virtual user environment is disclosed. The system includes a local memory configured to store a plurality of data blocks and a programmable circuit operatively connected to the local memory. The programmable circuit is configured to execute program instructions to cause the user computing system to manage profile definition data including a manifest of software associated with a user, and host a virtual user environment on the device, the virtual user environment including executable instructions specific to the user computing system and constructed from data blocks stored in the local memory, the virtual user environment including a plurality of application programs and settings defined in the manifest. | 06-16-2011 |
20110145592 | Virtual Token for Transparently Self-Installing Security Environment - A virtual token for use in a virtual computer environment to implement the secure cryptographic facilities of a hardware security token within a computer without requiring custom installation or administrator privileges. The hardware security token contains an automatic installer for the virtual environment and the virtual token with the computer's operating system. When plugged into the computer the hardware security token automatically performs dynamic installation as necessary, providing secure cryptographic services to standard application programs already installed in the computer. The installation is transparent to the user, and requires no user attention or special access privileges. After the session is completed and the security token is removed from the computer, the virtual environment is effectively uninstalled from the host computer, also transparently to the user, without any user attention, and without making any modifications to the computer's operating system. | 06-16-2011 |
20110145593 | VERIFIABLE TRUST FOR DATA THROUGH WRAPPER COMPOSITION - A digital escrow pattern for data services can include selective access for obscured data at a remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Based on the pattern, a “trustworthy envelope” for any kind of payload enables curtained access through a variety of decorations or seals placed on the envelope that allow for a gamut of trust ranging with guarantees such as, but not limited to, confidentiality, privacy, anonymity, tamper detection, integrity, etc. Verifiable trust is provided through families of techniques that are referred to as wrapper composition. Multiple concentric and/or lateral transform wrappers or layers can wholly or partially transform data, metadata or both to mathematical transform (e.g., encrypt, distribute across storage, obscure) or otherwise introduce lack of visibility to some or all of the data, metadata or both. | 06-16-2011 |
20110145594 | METHOD FOR PERFORMING SEARCHABLE SYMMETRIC ENCRYPTION - Disclosed is a method for searchable symmetric encryption. The method for performing searchable encryption and searching for encrypted data includes: setting all necessary variables and preparing a secret key necessary for encryption; encrypting a data using the secret key and a given data and generating an index to be used for later search, to store the encrypted data and the index; generating a trapdoor to be used to search the encrypted data by using the secret key and a keyword to be used for the searching; and searching a desired data using the generated trapdoor and the stored index. | 06-16-2011 |
20110145595 | SECURE DEVICE AND METHOD FOR PREVENTING SIDE CHANNEL ATTACK - Provided are a secure device and method for preventing a side channel attack. The secure device includes a secure module converting plaintext data received from the outside into ciphertext data to thereby store the converted ciphertext data, or converting stored ciphertext data into plaintext data to thereby output the converted plaintext data, and a side channel attack sensing module sensing a side channel attack upon the secure module, and, according to the sensing result, allowing the secure module to stop operating, inducing malfunctions of the secure module, delaying operations of the secure module, or making the secure module a device having the secure module disabled. The secure device can safely protect an internal security algorithm and data from the side channel attack. | 06-16-2011 |
20110145596 | Secure Data Handling In A Computer System - An improved computer system comprising a first storage area accessible by an operating system and a second storage area which is accessible by authorized functions only is disclosed. According to the invention at least one protected storage area is implemented into the second storage area, wherein the operating system installs at least one secret key and/or at least one customized processing function into regions of the at least one protected storage area, wherein the operating system transfers data, and/or parameters to process into regions of the at least one protected storage area, wherein the operating system selects one of the customized processing functions to execute, wherein the selected customized processing function is executed and accesses storage regions of the at least one protected storage area to process the data and/or the parameters, and wherein resulting process data is read from the at least one protected storage area. | 06-16-2011 |
20110145597 | DATA EXCHANGE PROCESSING APPARATUS AND DATA EXCHANGE PROCESSING METHOD - The data exchange processing apparatus pertaining to the present invention includes a cryptographic engine unit performing cryptographic processing and verification processing, a stream control unit outputting content while performing cryptographic processing of the content using the cryptographic engine unit, an unauthorized device list update unit verifying an unauthorized device list using the cryptographic engine unit, and a state management unit outputting a permission notification to the unauthorized device list update unit when detecting a low load section of the content according to metadata of the content and processing position of the stream control unit, the low load section being a section in which processing load on the cryptographic engine unit is lower than in other sections. The unauthorized device list update unit, when receiving the permission notification from the state management unit, causes the cryptographic engine unit to execute verification processing of the unauthorized device list. | 06-16-2011 |
20110154050 | SYSTEM AND METHOD FOR SELECTIVELY PROVIDING CRYPTOGRAPHIC CAPABILITIES BASED ON LOCATION - A system and method of providing cryptographic functionality includes receiving a request to perform a cryptographic operation in a mobile electronic device, determining whether the cryptographic operation is permitted to be performed by the mobile electronic device based on the current location of the mobile electronic device, and performing the cryptographic operation in the mobile electronic device only if it is determined that the cryptographic operation is permitted. | 06-23-2011 |
20110154051 | SECURING EXECUTION OF COMPUTATIONAL RESOURCES - Controlling access to computational features includes: preparing a computational resource for execution by an execution system that has been provided a primary descriptor containing an identity value and that has associated a feature indicator with the primary descriptor; accessing a secondary descriptor containing the identity value and cryptographically assigned to the computational resource; and granting the computational resource access to a computational feature of the execution system based on the feature indicator. | 06-23-2011 |
20110154052 | MEDIA-FOLLOWING ENCRYPTION POLICY CONTROL - Example articles of manufacture, methods, and systems facilitate having encryption policy follow an article of manufacture like a tape cartridge. One example article of manufacture includes a media portion (e.g., tape) and a non-media portion (e.g., housing). The media portion is configured to store machine readable information. The article of manufacture could be a tape, a disk, a memory, and other computer readable media. The article of manufacture also includes an encryption policy information indicator. The encryption policy information indicator can be configured to store information that controls an encryption policy associated with the article of manufacture. Therefore, encryption policy can, for example, follow a tape cartridge rather than be resident solely in a controlling application (e.g., tape library). | 06-23-2011 |
20110154053 | Distributed Database - The invention relates to a module to be included onboard the equipment of a telecommunication network and comprising: a database storing at least search field values including URL addresses, at least some of said URL addresses being stored in an encrypted form, encryption means capable of encrypting a piece of information received by the module in order to allow an information search in the database by comparison with the encrypted search field values. | 06-23-2011 |
20110154054 | COMPUTER IMPLEMENTED METHOD FOR GENERATING A PSEUDONYM, COMPUTER READABLE STORAGE MEDIUM AND COMPUTER SYSTEM - The invention relates to a computer implemented method for generating a pseudonym for a user comprising entering a user-selected secret, storing the user-selected secret in memory, computing a private key by applying an embedding and randomizing function onto the secret, storing the private key in the memory, computing a public key using the private key, the public key and the private key forming an asymmetric cryptographic key, erasing the secret and the private key from the memory, and outputting the public key for providing the pseudonym | 06-23-2011 |
20110154055 | COMPUTER READABLE STORAGE MEDIUM FOR GENERATING A PSEUDONYM, COMPUTER IMPLEMENTED METHOD AND COMPUTING DEVICE - The invention relates to a method of generating a pseudonym, the method including accessing an input value and calculating a pseudonym by applying a cryptographic one-way function to the input value, where the cryptographic one-way function is an injective function. In alternative embodiments, the cryptographic one-way function is an embedding and/or randomizing function | 06-23-2011 |
20110154056 | COMPUTER READABLE STORAGE MEDIUM FOR GENERATING AN ACCESS KEY, COMPUTER IMPLEMENTED METHOD AND COMPUTING DEVICE - A computer readable storage medium having stored therein instructions, which when executed by a computing device cause the computing device to perform a method of generating an access key, the method comprising the steps of:
| 06-23-2011 |
20110154057 | SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied. | 06-23-2011 |
20110154058 | METHOD AND APPARATUS FOR STORING AND VERIFYING DATA - Embodiments of the present invention provide a method of storing data, comprising: updating a counter, and storing data and a value of the updated counter together in encrypted form; and a method of verifying data, comprising decrypting stored data to recover a data element value, and comparing the data element value against a counter to verify the stored data. | 06-23-2011 |
20110161675 | SYSTEM AND METHOD FOR GPU BASED ENCRYPTED STORAGE ACCESS - A system and method for graphics processing unit (GPU) based encryption of data storage. The method includes receiving a write request, which includes write data, at a graphics processing unit (GPU) encryption driver and storing the write data in a clear data buffer. The method further includes encrypting the write data with a GPU to produce encrypted data and storing the encrypted data in an encrypted data buffer. The encrypted data in the encrypted data buffer is sent to an IO stack layer operable to send the request to a data storage device. GPU implemented encryption and decryption relieves the CPU from these tasks and yield better overall performance. | 06-30-2011 |
20110161676 | ENTERING A SECURED COMPUTING ENVIRONMENT USING MULTIPLE AUTHENTICATED CODE MODULES - Systems, apparatuses, and methods, and for entering a secured system environment using multiple authenticated code modules are disclosed. In one embodiment, a processor includes a decoder and control logic. The decoder is to decode a secured enter instruction. The control logic is to find an entry corresponding to the processor in a match table in a master authenticated code module and to read a master header and an individual authenticated code module from the master authenticated code module in response to decoding the secured enter instruction. | 06-30-2011 |
20110161677 | SEAMLESSLY ENCRYPTING MEMORY REGIONS TO PROTECT AGAINST HARDWARE-BASED ATTACKS - Systems, apparatuses, and methods, and for seamlessly protecting memory regions to protect against hardware-based attacks are disclosed. In one embodiment, an apparatus includes a decoder, control logic, and cryptographic logic. The decoder is to decode a transaction between a processor and memory-mapped input/output space. The control logic is to redirect the transaction from the memory-mapped input/output space to a system memory. The cryptographic logic is to operate on data for the transaction. | 06-30-2011 |
20110167276 | Method and device for detecting if a computer file has been copied and method and device for enabling such detection - A method of detecting whether a computer file has been copied, the computer file comprising a software program and having an inode number. The inode number of the computer file is retrieved by the software program. From the computer file, a stored inode number is read, the stored inode number being the inode number of a file system from which the computer file should not be copied. The retrieved inode number and the read inode number are compared and it is determined that the computer file has been copied if the retrieved inode number does not match the read inode number. Also provided are a method of enabling detection of the copying of a computer file, and devices and software program products corresponding to the methods. | 07-07-2011 |
20110167277 | PROCESSING DEVICE, PROCESSING SYSTEM AND CONTROL METHOD FOR PROCESSING DEVICE - A processing device is provided. A first storage unit stores a correspondence table which is indicative of a correspondence relationship between attributes of data and encryption levels for encrypting data. An obtaining unit obtains data. A first determination unit determines an encryption level according to an attribute of the data obtained by the obtaining unit, using the correspondence table stored in the first storage unit. An encryption unit encrypts the data obtained by the obtaining unit in the encryption level determined by the first determination unit. A second storage unit stores the data encrypted by the encryption unit. | 07-07-2011 |
20110173454 | ASSOCIATING POLICY WITH UNENCRYPTED DIGITAL CONTENT - A content license associated with unencrypted digital content is generated, the content license including both an identifier of the unencrypted digital content and a content policy. At a user device, a determination is made as to whether the content license corresponds to particular unencrypted digital content. Use of the particular unencrypted digital content by the computing device is permitted in accordance with the content policy if the content license corresponds to the particular unencrypted digital content. However, use of the particular unencrypted digital content by the computing device based on the content license is prohibited if the content license does not correspond to the particular unencrypted digital content. | 07-14-2011 |
20110173455 | DATABASE SYSTEM, COMPUTER SYSTEM, AND COMPUTER-READABLE STORAGE MEDIUM FOR DECRYPTING A DATA RECORD - A database system comprising: a memory containing multiple data records, wherein each of the data records has a data record asymmetric key pair for cryptographic encryption and decryption, wherein each data record asymmetric key pair comprises a data record public key and a data record private key, wherein the data contained in each of the multiple data records is encrypted by the data record public key, wherein the data record private key of each data record asymmetric key pair is encrypted with the public key of another asymmetric key pair; a set of user accounts, wherein each of the user accounts has a user asymmetric key pair for encryption and decryption, wherein each user asymmetric key pair has a user public key and a user private key; wherein data is added to a data record by encrypting it with the data record public key; wherein access to the data record is granted to a user account by encrypting the data record private key with the public key of an asymmetric cryptographic key pair whose encrypted private key is accessible from the user account via a sequence of successive decryptions of encrypted private keys; and wherein the data record private key allows decryption of the data record. | 07-14-2011 |
20110173456 | EFFICIENT STORAGE OF CRYPTOGRAPHIC PARAMETERS - Cryptographic products for mass applications, such as RFIDs or special ICs for the protection from plagiarism, always require that the price per unit costs are reduced as low as possible. This is achieved, for example, in that in such methods the required storage space is further reduced for system parameters to be permanently stored. Accordingly, in a method for coding and decoding the cryptographic system parameters of an elliptical curve, when storing the system parameters, storage cells are each completely occupied, and therefore no storage space is wasted. | 07-14-2011 |
20110179285 | Computer system, client device and method - A computer system includes a network. The system includes a first client device in communication with the network having a transaction description for a transaction t. The first client device sends the transaction description to a second client device. The second client device receives the transaction description from the first client device. One of the first or second client devices executes the transaction description and creates a second transaction description for transaction t and then sends the second transaction description to a client device. A client device of a computer system having a network and a second client device. A method of a computer system. A method of a client device of a computer system having a network and a second client device. | 07-21-2011 |
20110179286 | COMPUTER IMPLEMENTED METHOD FOR PERFORMING CLOUD COMPUTING ON DATA BEING STORED PSEUDONYMOUSLY IN A DATABASE - The invention relates to a computer implemented method for performing cloud computing on data of a first user employing cloud components, the cloud components comprising a first database and a data processing component, wherein an asymmetric cryptographic key pair is associated with the first user, said asymmetric cryptographic key pair comprising a public key and a private key, the data being stored pseudonymously non-encrypted in the first database with the data being assigned to an identifier, wherein the identifier comprises the public key, the method comprising retrieving the data from the first database by the data processing component, wherein retrieving the data from the first database comprises receiving the identifier and retrieving the data assigned to the identifier from the first database, wherein the method further comprises processing the retrieved data by the data processing component and providing a result of the analysis. | 07-21-2011 |
20110179287 | SECURE DATA PARSER METHOD AND SYSTEM - The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity. | 07-21-2011 |
20110179288 | Technique for Content Management using Group Rights - A technique for content management using group rights is described. The technique facilitates a flexible management for a group of content files mainly by effecting a change of group memberships for subsets of the group and a partial update of the content files. As one aspect, a content file manager ( | 07-21-2011 |
20110179289 | METHOD AND DEVICE FOR ELECTRONICALLY CAPTURING A HANDWRITTEN SIGNATURE USING EMBEDDING TECHNIQUE - A method and apparatus for encrypting an electronic document involves a computer having a first monitor and a signature capture apparatus configured to capture a handwritten signature on a second monitor. A hash sum of the electronic document generated in the computer is transmitted to the signature capture apparatus. The electronic document and the first hash sum thereof are displayed on the first monitor. The first hash sum is also displayed on the second monitor. After electronically capturing the handwritten signature, the signature data are encrypted using the first hash sum. A digital signature image is generated in the signature capture apparatus and the first hash sum is embedded therein. The embedded first hash sum is then extracted in the computer. If the extracted hash sum is identical to the first hash sum generated in the computer apparatus, the encrypted signature data and the signed document are stored. | 07-21-2011 |
20110185186 | SYSTEM AND METHOD FOR PROTECTING DATA ON A MOBILE DEVICE - Methods and systems are disclosed for protecting data on a mobile device. A data protection module on the mobile device receives a transmission including a secret key. The secret key is used in encrypting data on the device and is then deleted. Subsequent to an event detectable to the mobile device, the data protection module receives another transmission including said secret key. The secret key is then used to decrypt the encrypted data. | 07-28-2011 |
20110185187 | ELECTRONIC DEVICE AND METHOD - According to one aspect of embodiments of the present invention there is provided apparatus comprising a main assembly having a processing element configured to: obtain a first and second sub-assembly identifier stored on a second-assembly in communication with the main assembly; and enable operation of the main assembly and second assembly based on a determination that the first and second sub-assembly identifiers are cryptographically related. | 07-28-2011 |
20110185188 | COMPUTER IMPLEMENTED METHOD FOR ANALYZING DATA OF A USER WITH THE DATA BEING STORED PSEUDONYMOUSLY IN A DATABASE - The invention relates to a computer implemented method for analyzing data of a first user, wherein an asymmetric cryptographic key pair is associated with the first user, said asymmetric cryptographic key pair comprising a public key and a private key, the data being stored pseudonymously in a database with the data being assigned to an identifier, wherein the identifier comprises the public key, the method comprising: | 07-28-2011 |
20110185189 | SDK Use-Restriction Imposing Device, Use-Restriction-Imposed SDK Developing System, and SDK Use-Restriction Imposing Method - An SDK use-restriction imposing device includes a user interface unit, a source file of a use-restriction plug-in, a use-restriction plug-in edit unit, a build unit, and a use-restriction plug-in generation unit. The use-restriction plug-in edit unit sets use restrictions to the source file on the basis of use-restriction information received via the user interface unit. The build unit compiles the source file so as to generate an executable file of the use-restriction plug-in in response to a build instruction received via the user interface unit. The use-restriction plug-in generation unit generates a use-restriction-imposed SDK including an original SDK and the executable file of the use-restriction plug-in in response to an output instruction received via the user interface unit. | 07-28-2011 |
20110185190 | SYSTEM AND METHOD FOR PROTECTING CONTENT ON A STORAGE DEVICE - A system apparatus and method for protecting information on a storage device. Embodiments of the invention may create a virtual volume on a storage device. Embodiments of the invention may further transfer information to the virtual volume, remove information stored outside the virtual volume and extend the size of the virtual volume. Other embodiments are described and claimed. | 07-28-2011 |
20110191593 | Software License Embedded In Shell Code - Software application protection methods and systems for protecting and verifying licensing of an original application. The system reads the original application executable, and generates a shelled application comprising the original application and a shell containing the license information. The shelled application implements license APIs, and establishes secure communications within the shelled application between the original application and the shell. Licensing for the original application can be verified by the shelled application alone. | 08-04-2011 |
20110191594 | KEY ROTATION FOR ENCRYPTED STORAGE MEDIA - An I/O module is provided to service I/O requests from a host to access storage media. Data blocks of the storage media are encrypted with an old key, and the I/O module performs key rotation to cause data blocks to be re-encrypted with a new key. | 08-04-2011 |
20110191595 | ENCRYPTION KEY ROTATION MESSAGES WRITTEN AND OBSERVED BY STORAGE CONTROLLERS VIA STORAGE MEDIA - Storage media is coupled to first and second storage controllers. When the first storage controller performs encryption key rotation, the First storage controller writes a key rotation message to a storage controller metadata section of the storage media indicating that key rotation is underway. The second storage controller observes the key rotation message indicating that key rotation is underway and suspends access by the second storage controller to encrypted portions of the storage media. | 08-04-2011 |
20110191596 | Security Protocols for Processor-Based Systems - A processor-based system such as a wireless communication module may implement security functions in a cost effective fashion by providing a virtual memory space whose addresses may be recognized. The memory is integrated with an application processor. When those addresses are recognized, access to special security protocols may be allowed. In another embodiment, a variety of dedicated hardware cryptographic accelerators may be provided to implement security protocols in accordance with a variety of different standards. By optimizing the hardware for specific standards, greater performance may be achieved. | 08-04-2011 |
20110191597 | METHOD AND SYSTEM FOR SECURING SOFTWARE - In a method and system for securing a software package that can be broken down into a number of “event-action” type independent tasks, the tasks managing a set of “scripts”, the method includes using a script and message encapsulation module and a transmission of encapsulated scripts to a trust resource suitable for executing them. | 08-04-2011 |
20110197075 | ELECTRONIC DEVICE AND POWER ADAPTER THEREOF AND METHOD FOR IDENTIFYING POWER ADAPTER - An electronic device includes a detection module, an identification code generation module, a decryption module, a comparison module, and a control module. The detection module transmits a detection signal after detecting that a power adapter is connected to the electronic device. The identification code generation module randomly generates an encrypted identification code after receiving the detection signal. The decryption module decrypts the identification code to generate a first decryption code. The comparison module compares a second decryption code that has been fed back from the power adapter after the power adapter receiving the detection signal, with the first decryption code. The control module controls the electronic device to receive power from the power adapter when the first decryption code is the same as the second decryption code. | 08-11-2011 |
20110197076 | Total computer security - A total security system for a computer which permits a user to render the entire computer's contents beyond access by any third party. A security program grants a user access to the directory of files stored on the computer. The security program is capable of selectively corrupting the directory of files with the capability also to selectively restore the directory of files to its original condition. | 08-11-2011 |
20110197077 | SOFTWARE FEATURE AUTHORIZATION THROUGH DELEGATED AGENTS - A method enables selected features of a software product residing on an end user electronic device with a license delivered from a licensing provider to a service provider of the end user electronic device. The method includes requesting at least one license to authorize a first service provider. An encrypted installation key uniquely associated with the first service provider is received as well as an authorization agent module for installation on one or more authorization agent devices associated with the first service provider. The encrypted installation key and the authorization agent module are installed on the authorization agent devices. A device-unique identifier (DUID) is generated for each authorization agent device based on hardware characteristics of the respective authorization agent devices. The DUID and the encrypted installation key are sent from the authorization agent device to a licensing provider to obtain the requested license. The requested license is received by the authorization agent devices if the DUID and the encrypted installation key are validated by the licensing provider. The license on authorization agent device authorizes and enables the selected features of the software product on an end user electronic device. | 08-11-2011 |
20110197078 | RIGHTS ENFORCEMENT AND USAGE REPORTING ON A CLIENT DEVICE - An integrity hash is obtained of rights information stored at a client device. The rights information is associated with content stored at the client device. The integrity hash is encrypted using a client device key to generate an encrypted hash. The client device key is externally inaccessible from the client device. The encrypted hash is stored on the client device. | 08-11-2011 |
20110202774 | System for Collection and Longitudinal Analysis of Anonymous Student Data - A method and system for aggregating and anonymizing student data is disclosed. A method includes receiving from an educational institution a set of student data records, each student data record associated with a student and including a unique identifier, and lacking information rendering the record personally identifying of a student. The method further includes, for each student data record, extracting the unique identifier associated with the student data record, and encrypting the unique identifier. The method also includes associating the encrypted unique identifier with the student data record to form an anonymized student data record and storing the anonymized student data record in a database containing aggregated student data. | 08-18-2011 |
20110208974 | Countermeasure Against Keystroke Logger Devices - An anti-key logging protocol executable by a computer platform and a corresponding keystroke input device (e.g., keyboard or keypad) functions as a countermeasure to a key logger device. Following an authentication procedure, the computer platform sends encryption parameters to the keystroke input device, and the keystroke input device uses the encryption parameters to scramble or otherwise encrypt keystrokes entered on the keystroke input device before sending them to the computer platform. In such manner, keystrokes and/or keystroke representations sent from the keystroke input device to the computer platform are unrecognizable to a key logger device yet can be decoded by the computer platform. | 08-25-2011 |
20110208975 | ELECTRONIC DEVICE AND METHOD OF SOFTWARE OR FIRMWARE UPDATING OF AN ELECTRONIC DEVICE - An electronic device is provided having a memory driver unit for reading partition headers including encrypted version numbers from a memory and for writing updated encrypted version numbers to the memory. The electronic device has an update agent unit for controlling a software or firmware update, a one-time programmable memory for storing a first value, and an encrypt-decrypt unit for decrypting the partition headers stored in the memory. The update agent is configured to compare the retrieved version numbers with a version number from a software or firmware update. The first value is incremented and stored in the one-time programmable memory if an update is performed. The encrypt-decrypt unit is configured to encrypt the version numbers of the software or firmware update based on the new first value. The memory driver unit is configured to write a new partition header with the updated encrypted version numbers into the memory. | 08-25-2011 |
20110208976 | Method And Apparatus For Processing Arbitrary Key Bit Length Encryption Operations With Similar Efficiencies - A calculating apparatus, or system, having a plurality of stages, such as in a pipeline arrangement, has the clocking rail or conductor positioned alongside the stages. With a large number, i.e., hundreds, of stages arranged in parallel sub-arrays, the clocking conductor is snaked alongside the sub-arrays. In individual stages it is arranged that the shortest of the two calculations taking place in a stage, takes place in the return path. An array can be divided into separate sections for independent processing. | 08-25-2011 |
20110208977 | REMOVABLE DRIVE WITH DATA ENCRYPTION - A removable drive such as a USB drive or key is provided for connecting to computer devices to provide secure and portable data storage. The drive includes a drive manager adapted to be run by an operating system of the computer device. The drive manager receives a password, generates a random key based on the password, encrypts a user-selected data file in memory of the computer device using the key, and stores the encrypted file in the memory of the removable drive. The drive manager performs the encryption of the data file without corresponding encryption applications being previously loaded on the computer system. The drive manager may include an Advanced Encryption Standard (AES) cryptography algorithm. The drive manager generates a user interface that allows a user to enter passwords, select files for encryption and decryption, and create folders for storing the encrypted files on the removable drive. | 08-25-2011 |
20110213987 | CONTROLLER FOR DATA STORAGE DEVICE, DATA STORAGE DEVICE, AND CONTROL METHOD THEREOF - According to one embodiment, a controller that controls a data storage device provided with a storage module that stores data encrypted with a first key includes an input/output module, encryption/decryption modules, and a connector. The input/output module manages data input and output between the storage module and a host. The encryption/decryption modules are switched to function as an encryptor or a decryptor. The connector changes connection between the encryption/decryption modules and the host. When encrypted data is backed up, one of the encryption/decryption modules is switched to function as a decryptor, while the other is switched to function as an encryptor. The decryptor, the encryptor, and the host are connected in series. The encrypted data is decrypted by the decryptor with the first key and is then encrypted by the encryptor with a second key to be output to the host. | 09-01-2011 |
20110219239 | PC Secure Video Path - A system and method are disclosed for creating a secure video content path, or a protected media content bus, within an unsecure personal computer. A portable security module, or electronic key safe, may be inserted into a personal computer that has different internal components for processing secure and unsecured content. The security module may establish a secure encrypted link with a secure video processor of the personal computer, and may use the personal computer's network interface to request authority to receive secured content. The security module may provide content keys to the secure video processor to access secured content received over an external network. | 09-08-2011 |
20110219240 | SEMICONDUCTOR MEMORY DEVICE AND METHOD FOR REALIZING SECURE DATA STORAGE - A semiconductor memory device includes a controller module as well as a universal interface module and a semiconductor memory medium module, which are connected electrically with the controller module respectively. The device also includes a one-time programmable memory, which stores a unique serial number. This one-time programmable memory is provided within the controller module or the semiconductor memory medium module. The number sequence of the unique serial number contained in each of the semiconductor memory device is different from that of another semiconductor memory device. While providing a mobile data storage function, this invention adopts a security technology to prevent from illegal data reading/writing. This increases significantly the difficulty in decrypting the data of a legal user, subsequently improving the security of the stored data of the user greatly. This invention also provides a method for realizing secure data storage with this semiconductor memory device. With the help of the unique serial number in this semiconductor memory device, the user can protect the stored data. This invention can be extensively used in information security fields, including ID authentication, copyright protection, etc. | 09-08-2011 |
20110225428 | System and Method for Encryption and Decryption of Data - Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. A method for encryption and decryption of data, may include encrypting or decrypting data associated with an input/output operation based on at least one of an encryption key and a cryptographic function, wherein at least one of the encryption key and the cryptographic function are selected based on one or more characteristics associated with the data to be encrypted or decrypted. Another method may include encrypting an item of data based on at least one of a first-layer encryption key and a first-layer cryptographic function to produce first-layer encrypted data and encrypting the first-layer encrypted data based on at least one of a second-layer encryption key and a second-layer cryptographic function to produce second-layer encrypted data. | 09-15-2011 |
20110225429 | CRYPTOGRAPHIC ACCUMULATORS FOR AUTHENTICATED HASH TABLES - In one exemplary embodiment, an apparatus includes a memory storing data and a processor performing operations. The apparatus generates or maintains an accumulation tree for the stored data—an ordered tree structure with a root node, leaf nodes and internal nodes. Each leaf node corresponds to a portion of the data. A depth of the tree remains constant. A bound on a degree of each internal node is a function of a number of leaf nodes of a subtree rooted at the internal node. Each node of the tree has an accumulation value. Accumulation values of the root and internal nodes are determined by hierarchically employing an accumulator over the accumulation values of the nodes lying one level below the node in question. The accumulation value of the root node is a digest for the tree. | 09-15-2011 |
20110225430 | Secured database system with built-in antivirus protection - A secured database system with built-in antivirus protection is described. In one embodiment, for example, a method of the present invention is described for securing a database system, the method comprises steps of: provisioning storage from a storage device, for storing database information; generating an encryption key so that the database information is stored on the storage device in an encrypted manner; generating a decryption key for decrypting the database information stored on the storage device, wherein access to the decryption key is controlled by the database system based on user privileges; receiving a request from a user for access to the database information; determining whether the user has been granted sufficient privileges to access the database information; if the user has been granted sufficient privileges, automatically decrypting the database information to provide the access; and otherwise denying the request if the user has not been granted sufficient privileges. | 09-15-2011 |
20110231670 | SECURE ACCESS DEVICE FOR CLOUD COMPUTING - A secure access device for providing secure access of a computing resources (CR) user, such as a cloud user, to remote computing resources offered by multiple CR providers, such as cloud providers. The device has a network interface circuit for providing interface to a data network configured for accessing the remote computing resources offered by the multiple CR providers. A network access controller is configured to interact with the network interface for controlling access of the CR user to the remote computing resources. Multiple data storage sections may be provided. Each of them keeps computing environment data (CED) associated with a particular CR provider. The CED define a secure local computing environment prescribed by the CR provider for accessing the remote computing resources offered by this CR provider. The network access controller enables the CR provider to manage the CED and prevents the CED from being modified even by the CR user. | 09-22-2011 |
20110231671 | APPARATUS, SYSTEM, AND METHOD FOR AUDITING ACCESS TO SECURE DATA - An apparatus, system, and method are disclosed for auditing access to secure data. A detection module detects an access to the secure data. A record module records an encrypted log entry describing the access to the secure data. A verification module verifies the secure data is securely stored. | 09-22-2011 |
20110231672 | ADAPTER FOR PORTABLE STORAGE MEDIUM AND METHOD OF DISABLING DATA ACCESS - A portable storage medium adapter, which is connected to a computer to store data received from the computer in a portable storage medium, includes a holding part that detachably holds the portable storage medium, a detecting part that detects an unloading operation of the portable storage medium by a user, and a disablement executing part that executes a disabling process to disable external access to the data stored in the portable storage medium at a time when the unloading operation is detected in the detecting part. | 09-22-2011 |
20110239001 | Secure data scanning method and system - A method of scanning secure data in a data store is performed in a manner that does not expose the scan data, the files being searched, or information about when matches occur between the scan data and the files. During the scan process, encrypted versions of searched files are compared to encrypted versions of match strings, and any resulting match data is encrypted before being written into a results file. In addition, to disguise when match entries are written, during the scan one or more encrypted dummy items are written into the results file. | 09-29-2011 |
20110239002 | DIFFERENTIAL UNCLONEABLE VARIABILITY-BASED CRYPTOGRAPHY - Differential uncloneable variability-based cryptography techniques are provided. The differential cryptography includes a hardware based public physically uncloneable function (PPUF) to perform the cryptography. The PPUF includes a first physically uncloneable function (PUF) and a second physically uncloneable function. An arbiter determines the output of the circuit using the outputs of the first and second PUFs. Cryptography can be performed by simulating the PPUF with selected input. The output of the simulation, along with timing information about a set of inputs from where the corresponding input is randomly selected for simulation, is used by the communicating party that has the integrated circuit with the PPUF to search for an input that produces the output. The input can be configured to be the secret key or a part of the secret key. | 09-29-2011 |
20110239003 | Direct Injection of Data To Be Transferred In A Hybrid Computing Environment - Direct injection of a data to be transferred in a hybrid computing environment that includes a host computer and a plurality of accelerators, the host computer and the accelerators adapted to one another for data communications by a system level message passing module. Each accelerator includes a Power Processing Element (‘PPE’) and a plurality of Synergistic Processing Elements (‘SPEs’). Direct injection includes reserving, by each SPE, a slot in a shared memory region accessible by the host computer; loading, by each SPE into local memory of the SPE, a portion of data to be transferred to the host computer; executing, by each SPE in parallel, a data processing operation on the portion of the data loaded in local memory of each SPE; and writing, by each SPE, the processed data to the SPE's reserved slot in the shared memory region accessible by the host computer. | 09-29-2011 |
20110239004 | MEMORY DEVICE, HOST DEVICE, AND MEMORY SYSTEM - A memory device includes: a storage unit that stores public key information of a certificate authority for verifying a certificate and includes a secret area storing data of which secrecy is assured; and a control unit that controls access to the storage unit depending on reception information, wherein the reception information includes information where access control information is added to certificate information authenticated by the certificate authority, and the control unit verifies the certificate using the public key, identifies the access control information, and limits the accessible secret area in the storage unit. | 09-29-2011 |
20110246784 | SYSTEMS AND METHODS FOR DISK ENCRYPTION WITH TWO KEYS - Embodiments provide for using two encryption keys to encrypt data instead of only one as is customarily used in the industry. According to various embodiments, a default encryption key is generated and is initially used to encrypt data, while a second encryption key is available for generation by an end user. Embodiments provide that data is encrypted with the default key until the user generates their own key, after this event, all data is encrypted with key generated by the user. | 10-06-2011 |
20110246785 | HARDWARE SUPPORTED VIRTUALIZED CRYPTOGRAPHIC SERVICE - A Trusted Platform Module (TPM) can be utilized to provide hardware-based protection of cryptographic information utilized within a virtual computing environment. A virtualized cryptographic service can interface with the virtual environment and enumerate a set of keys that encryption mechanisms within the virtual environment can utilize to protect their keys. The keys provided by the virtualized cryptographic service can be further protected by the TPM-specific keys of the TPM on the computing device hosting the virtual environment. Access to the protected data within the virtual environment can, thereby, only be granted if the virtualized cryptographic service's keys have been protected by the TPM-specific keys of the TPM on the computing device that is currently hosting the virtual environment. The virtualized cryptographic service's keys can be protected by TPM-specific keys of TPMs on selected computing devices to enable the virtual environment to be hosted by other computing devices. | 10-06-2011 |
20110246786 | Mechanism for Automatically Encrypting and Decrypting Virtual Disk Content Using a Single User Sign-On - A mechanism for automatically encrypting and decrypting virtual disk content using a single user sign-on is disclosed. A method of embodiments of the invention includes receiving credentials of a user of a virtual machine (VM) provided as part of a single sign-on process to access the VM, referencing a configuration database with the received credentials of the user, determining encryption and decryption policy settings for the VM from the configuration database, and at least one of encrypting or decrypting, by the VM, files of the VM based on the determined encryption and decryption policy settings. | 10-06-2011 |
20110246787 | OBFUSCATING TRANSFORMATIONS ON DATA ARRAY CONTENT AND ADDRESSES - In a first computer (digital) data obfuscation process, data which is conventionally arranged in a data structure called an array (e.g., a table) and conventionally stored in computer or computer device memory is obfuscated (masked) by logically or mathematically combining the data, entry-by-entry, with a masking value which is computed as a logical or mathematical function of the entry itself or its index in the array, modulo a security value. The complementary unmasking value is a pointer to the entry's address in the table modulo the security value. In a second computer (digital) data obfuscation process, the addresses (location designations) in memory of a data array are themselves obfuscated (masked) by partitioning the array into blocks of entries and shuffling the order of the data entries in each block by a predetermined algorithm, resulting in a shuffled array also differing from the original array in terms of its size (the total number of entries). | 10-06-2011 |
20110246788 | DATA SECURITY SYSTEM FOR A DATABASE - A method and an apparatus for processing data provides protection for the data. The data is stored as encrypted data element values (DV) in records (P) in a first database (0-DB), each data element value being linked to a corresponding data element type (DT). In a second database (IAM-DB), a data element protection catalogue (DC) is stored, which for each individual data element type (DT) contains one or more protection attributes stating processing rules for data element values (DV), which in the first database (0-DB) are linked to the individual data element type (DT). In each user-initiated measure which aims at processing a given data element value (DV) in the first database (0-DB), a calling is initially sent to the data element protection catalogue for collecting the protection attribute/attributes associated with the corresponding data element types. The user's processing of the given data element value is controlled in conformity with the collected protection attribute/attributes. | 10-06-2011 |
20110252242 | MULTI-PHASE STORAGE VOLUME TRANSFORMATION - In accordance with one or more aspects, a storage volume is transformed into an encrypted storage volume or an unencrypted storage volume using a multi-phase process. One or more parts of the storage volume that have not yet been transformed are identified, and one or more parts of the storage volume that are allocated for use are identified. In a first phase of the multi-phase process, one or more parts of the storage volume that have not yet been transformed and that are allocated for use are transformed. In a second phase of the multi-phase process, after the first phase is finished, one or more parts of the storage volume that have not yet been transformed and are not allocated for use are transformed. | 10-13-2011 |
20110252243 | SYSTEM AND METHOD FOR CONTENT PROTECTION BASED ON A COMBINATION OF A USER PIN AND A DEVICE SPECIFIC IDENTIFIER - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Additionally, a method of generating a cryptographic key based on a user-entered password and a device-specific identifier secret utilizing an encryption algorithm is disclosed. | 10-13-2011 |
20110258456 | EXTENSIBLE MANAGEMENT OF SELF-ENCRYPTING STORAGE DEVICES - Security device objects can be utilized to support a stack of components of computer-executable instructions that are directed to managing the security functionality represented by the security device object. In the case of hardware encrypting storage devices, a security device object can represent the self-encrypting capabilities of those devices and the attendant stack can comprise drivers directed to band and key management. A default band management driver can support a band-centric set of input/output controls that can be redirected to the band management driver. It can cache band authentication keys or provide callback mechanisms for key providers to register themselves to provide keys on-demand. Key provider identifiers can be stored on the storage device and utilized to dynamically load, install or upgrade key providers when the band authentication key is required. The band management driver can also prevent the powering-down of the storage device in an unlocked state. | 10-20-2011 |
20110258457 | Method and System for Cryptographic Processing Core - A combination firmware and hardware cryptographic core architecture is provided for encrypting, decrypting and authenticating data. The core provides flexibility to change and add new cryptographic protocols, while providing increased performance by loading new firmware into a microcontroller that programs behavior of various components in the core. The core combines a microcontroller programmable by firmware, and flexible aligner, insertion and removal controllers programmed by the microcontroller that process, manage and manipulate an incoming data stream as it moves through the core. The firmware may be reprogrammed upon an enhancement or change to a protocol while still realizing performance benefits of the hardware. Reprogramming the microcontroller allows it to change the way the aligner, insertion and removal controllers manipulate the data stream as it enters various components. Such systems provide redesign time savings compared to hardware cryptographic core architectures, and improved speed and throughput compared to software cryptographic core architectures. | 10-20-2011 |
20110258458 | METHOD AND APPARATUS FOR MANAGING KEYS USED FOR ENCRYPTING DATA - A method, a data processing system, and a computer program product for managing cryptographic information. A determination is made as to whether a first time stamp of when cryptographic information was created is more recent than a second time stamp of a backup of the cryptographic information in response to receiving a request for the cryptographic information from a requester. The cryptographic information is used to encrypt data. The cryptographic information is prevented from being provided to the requester in response to a determination that the first time stamp of cryptographic information creation is more recent than the second time stamp of the backup of the cryptographic information. | 10-20-2011 |
20110258459 | METHOD FOR PROTECTING THE DECRYPTING OF THE CONFIGURATION FILES FOR PROGRAMMABLE LOGIC CIRCUITS AND CIRCUIT IMPLEMENTING THE METHOD - A method for protecting a programmable logic circuit includes storing data file(s) used for the configuration of the programmable resources of the circuit in a non-volatile memory after having been encrypted. A decryption module internal to the circuit is responsible for decrypting the file(s) by using a secret key stored in the circuit, the decryption module being protected against attacks aiming to obtain the key during the decryption operation by implementing at least one countermeasure technique. | 10-20-2011 |
20110258460 | SYSTEM AND METHOD FOR BIOMETRICALLY SECURED, TRANSPARENT ENCRYPTION AND DECRYPTION - A computer program for enabling biometrically secured, transparent encryption and decryption provides a user interface that allows a user to drag and drop files into and out of a secure repository, wherein the program automatically encrypts files transferred into the repository and automatically decrypts files transferred out of the repository. The user can transfer file folders into the repository, wherein the program encrypts all of the files within the folder and retains the original file/folder structure, such that individual files can be moved within the repository, moved out of the repository, and opened or executed directly from the repository. The program requires the user to submit biometric data and grants access to the secure repository only if the biometric data is authenticated. The program generates an encryption key based at least in part on biometric data received from the user. | 10-20-2011 |
20110264920 | SYSTEMS AND METHODS FOR COMMUNICATION, STORAGE, RETRIEVAL, AND COMPUTATION OF SIMPLE STATISTICS AND LOGICAL OPERATIONS ON ENCRYPTED DATA - Systems and methods provide for a symmetric homomorphic encryption based protocol supporting communication, storage, retrieval, and computation on encrypted data stored off-site. The system may include a private, trusted network which uses aggregators to encrypt raw data that is sent to a third party for storage and processing, including computations that can be performed on the encrypted data. A client on a private or public network may request computations on the encrypted data, and the results may then be sent to the client for decryption or further computations. The third party aids in computation of statistical information and logical queries on the encrypted data, but is not able to decrypt the data on its own. The protocol provides a means for a third party to aid in computations on sensitive data without learning anything about those data values. | 10-27-2011 |
20110264921 | METHOD OF VERIFYING AN IDENTIFICATION CIRCUIT - The invention relates to a method for verifying an identification circuit ( | 10-27-2011 |
20110264922 | DIGITAL VIDEO GUARD - This invention relates to the veracity of information that is displayed to a user of a computer and can also relate to the veracity of information provided to a computer by human input devices such as pointing devices and keyboards. A digital video guard device is a peripheral that is retrofitted to commodity computer device. The digital video guard device provides trust in specific information presented on a digital display. The digital video guard device resides in-line with a digital display and enables secure end-to-end interactions between a user and a displayed (usually remote) application. In-band signalling within the digital video stream is used to carry encrypted information from a remote source, over untrusted network infrastructure through the digital video guard device to a user for viewing. The creation of encrypted digital video content can be achieved by either local or remote applications, and is effected by manipulating what is to be rendered on a computer's display, i.e. encrypting data that will at some time form part of a digital display stream and be output from an information device to a digital display. The digital video guard device can decrypt and verify the integrity of the digital video content as it is sent to a digital display. The integrity of the displayed information is indicated by a trusted LED on the digital video guard device hardware. Part or the entire video signal may be designated as trusted, depending on what data within the video signal has been encrypted, signed, or otherwise labelled as being trustworthy. | 10-27-2011 |
20110264923 | SELF-PROTECTING DIGITAL CONTENT - Technologies are disclosed to transfer responsibility and control over security from player makers to content authors by enabling integration of security logic and content. An exemplary optical disc carries an encrypted digital video title combined with data processing operations that implement the title's security policies and decryption processes. Player devices include a processing environment (e.g., a real-time virtual machine), which plays content by interpreting its processing operations. Players also provide procedure calls to enable content code to load data from media, perform network communications, determine playback environment configurations, access secure nonvolatile storage, submit data to CODECs for output, and/or perform cryptographic operations. Content can insert forensic watermarks in decoded output for tracing pirate copies. If pirates compromise a player or title, future content can be mastered with security features that, for example, block the attack, revoke pirated media, or use native code to correct player vulnerabilities. | 10-27-2011 |
20110264924 | SYSTEMS AND METHODS FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object. | 10-27-2011 |
20110271119 | Secure Data Storage and Transfer for Portable Data Storage Devices - Embodiments of system and method for protection of data in a portable data storage device are provided. In one aspect, a portable data storage device includes a first portable storage identification (PSID) parameter unique to the portable data storage device, one or more data storage media in which the first PSID parameter is stored, and control logic coupled to the one or more data storage media. The one or more data storage media include a data file section to store therein a data file, which includes data and a rights object. The rights object contains a second PSID parameter. The control logic controls access to the one or more data storage media by a user of the portable data storage device. The control logic determines whether or not the first PSID parameter and the second PSID parameter are equal and, if the first PSID parameter and the second PSID parameter are equal, causes the data in the data file to be provided to the user in response to a request for the data from the user. | 11-03-2011 |
20110271120 | Method and System for Verifying the Identity of an Individual by Employing Biometric Data Features Associated with the Individual - The invention relates to a method for verifying the identity of an individual by employing biometric data features associated with the individual, which method provides privacy of said biometric data features, comprising at least the steps of: a) for enrolment purposes deriving a first biometric template from at least a first set of first biometric data features associated with said individual, and b) for identity verifying purposes deriving a further biometric template from at least a further set of said first biometric data features associated with said individual, and c) comparing said further biometric template with said first biometric template. The invention also relates to a system for verifying the identity of an individual by employing biometric data features associated with the individual, which system at least comprises: an enrolment means and a verifying means, wherein said enrolment means are arranged in deriving a first biometric template data, said first biometric template data being secret and associated with a first set of first biometric data features of said individual, and in receiving a further set of first biometric data features of said individual, and in deriving a further biometric template data associated with said further set of first biometric data, and wherein said verifying means are arranged in comparing the first biometric template data with the further biometric template data to check for correspondence, wherein the identity of the individual is verified if correspondence exists. | 11-03-2011 |
20110276805 | System and Method for Third Party Creation of Applications for Mobile Appliances - The creation of an application for any mobile appliance, for example Apple's iPhone, requires several elements to be present at compile time. In the Apple example of an enterprise application where an entity wishes to develop applications internally for its staff, two of these elements are the source code and a digital certificate. These must be combined in the compiler so that the application may be properly authorized to run in the appliance. Where the owner of the source code and the owner of the digital certificate are not the same, serious concerns arise because each element must be secured. An intermediating system and method are described that allows each party to cooperate securely through a third party escrow service to produce the complied application whilst leaving no unwanted residue of the independent parts. | 11-10-2011 |
20110276806 | Creation and Delivery of Encrypted Virtual Disks - The present application is directed to methods and systems for receiving a request for a virtual disk and creating a virtual disk that includes the virtual disk attributes identified in the request or determined by an organization's security policies. The created virtual disk can then be encrypted and in some aspects, an encryption key for the encrypted virtual disk can be stored in an encryption key database. Upon creating and encrypting the virtual disk, the virtual disk can be transmitted to a client. The client, upon receiving the encrypted virtual disk, can mount the virtual disk into the client system. The encrypted virtual disk may be stored as a file within an unencrypted virtual disk, and the unencrypted virtual disk backed up to a local or remote storage location. | 11-10-2011 |
20110276807 | REMOTE UPDATE METHOD FOR FIRMWARE - The present invention relates to a remote update method for a firmware, in which the encoded firmware is decoded and updated using the XOR table, checksum, and signature stored in the header of the remotely updated new firmware in the update of an automated teller machine, thereby updating the firmware in a convenient manner without moving the automated teller machine to the outside, thus improving the efficiency of managing the machine and preventing illegal operations of the automated teller machine performed by external hacking using a network. | 11-10-2011 |
20110283112 | EXTRACTING PORTIONS OF AN ABSTRACT DATABASE FOR PROBLEM DETERMINATION - Systems, methods and articles of manufacture are disclosed for extracting portions of an abstract database for problem determination. An error may be detected when an application executes an abstract query against the abstract database. A portion of the abstract database may be extracted for problem determination. A defect entry may be created in a defect tracking tool, to store the extracted portion. One or more administrative users may be notified of the defect entry. | 11-17-2011 |
20110283113 | METHOD AND SYSTEM FOR ENCRYPTING DATA - A processing device may generate a data encryption key configured to encrypt unique data within a clone of an encrypted data set and associated with a set of transaction identifiers of a transaction based file system. The processing device may further wrap the data encryption key with a wrapping key, create a cloned encrypted data set with the data encryption key, and store the wrapped data encryption key with the cloned encrypted data set indexed by at least one of the set of transaction identifiers. | 11-17-2011 |
20110283114 | TECHNIQUES FOR SECURE NETWORK SEARCHING - Techniques for network searching are provided. A search is defined and the search is encrypted in a format known to a search service. Return instructions are defined for delivering search results of the search to a principal that defined the search and the return instructions. The return instructions are encrypted in a different format know to a return search process. The encrypted search is delivered to the search service for processing the search and the encrypted return instructions are delivered to the return search process for handling search results provided by the search service and for conforming delivery of the search results to the return instructions. | 11-17-2011 |
20110289324 | Optimizing Use of Hardware Security Modules - Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device. | 11-24-2011 |
20110289325 | Data encryption device for storage medium - A data encryption device for storage medium has an encryption key input interface for acquiring a user encryption key; a block code encoder for encoding and decoding data; a scrambler connected with the encryption key input interface and the block code encoder to scramble and descramble data according to the user encryption keys respectively inputted; and a controller connected with the block code encoder and the scrambler, performing an encryption process transmit original data to the block code encoder for encoding, the encoded data to the scrambler for scrambling, and the scrambled data to a storage medium for storage, and performing a decryption process to transmit the scrambled data to the scrambler for descrambling, the encoded data to the block code encoder for decoding to acquire the original data when the user encryption keys respectively inputted in the encryption process and the decryption process are identical. | 11-24-2011 |
20110289326 | ELECTRONIC FILE ACCESS CONTROL SYSTEM AND METHOD - A digital file is associated with a security attribute in which identification data for a physical key is stored. The digital file content is encrypted, and may not be decrypted by a receiving computer unless a removable physical key that can be associated with the receiving computer includes identification data which matches the identification data stored in the file's security attribute. The digital content encrypted in the file may be compressed, and a portion of the security attribute may also be encrypted. When a portion of the security attribute is encrypted, the receiving computer may decrypt only the encrypted portion of the security attribute unless the identification data of the security attribute matches the identification data of a physical key physically or wirelessly coupled to the receiving computer. Improved security and reduction of pirating of the digital content are therefore provided. | 11-24-2011 |
20110296195 | STORAGE DEVICE AND ITS CONTROL METHOD - Provided is a storage device which partitions data from a host into multiple partitioned data and distributes, encrypts and stores them together with a parity to and in multiple memory mediums. This storage device executes processing of restoring the partitioned data or the parity stored in a memory medium to be subject to encryption re-key based on decrypted data of the partitioned data or the parity stored in each memory medium other than the memory medium to be subject to encryption re-key among the multiple memory mediums, storing the restored partitioned data or the parity in a backup memory medium while encrypting the restored partitioned data or the parity with a new encryption key, and thereafter interchanging the backup memory medium and the memory medium to be subject to encryption re-key so that the backup memory medium will be a memory medium configuring the parity group and the memory medium to be subject to encryption re-key will be the backup memory medium. | 12-01-2011 |
20110296196 | System and Method for Supporting Task Oriented Devices in a Client Hosted Virtualization System - A client hosted virtualization system includes a task oriented device, a processor, and non-volatile memory with BIOS code and virtualization manager code. The virtualization manager initializes the client hosted virtualization system, authenticates a virtual machine image, launches the virtual machine based on the image, receives a transaction targeted to the task oriented device, prioritizes the transaction, sends the transaction to the task oriented device, receives a response from the task oriented device, and sends the response to the virtual machine. The client hosted virtualization system is configurable to execute the BIOS or the virtualization manager. | 12-01-2011 |
20110296197 | System and Method for Supporting Full Volume Encryption Devices in a Client Hosted Virtualization System - A client hosted virtualization system includes a full volume encryption (FVE) storage device, a processor, and non-volatile memory with BIOS code and virtualization manager code. The virtualization manager initializes the client hosted virtualization system, authenticates a virtual machine image, launches the virtual machine based on the image, receives a transaction from the virtual machine targeted to the FVE storage device, sends the transaction to the FVE storage device, receives a response from the FVE storage device, and sends the first response to the first virtual machine. The client hosted virtualization system is configurable to execute the BIOS or the virtualization manager. | 12-01-2011 |
20110296198 | CRYPTOGRAPHIC PROCESSING APPARATUS AND IC CARD - A cryptographic processing apparatus according to embodiments includes a cryptographic operation processing section that can execute cryptographic processor of encryption operation and decryption operation, and a control section. The control section controls the execution of the cryptographic operation processing section such that a first operation for converting a first value, which is input data to be subjected to cryptographic processor, or intermediate data during cryptographic processor, into a second value, and a second operation for converting the second value into the first value are performed successively at least one time. | 12-01-2011 |
20110296199 | METHOD AND SYSTEM FOR PROTECTING ELECTRONIC DATA IN ENTERPRISE ENVIRONMENT - Even with proper access privilege, when a secured file is classified, at least security clearance (e.g. a clearance key) is needed to ensure those who have the right security clearance can ultimately access the contents in the classified secured file. According to one embodiment, referred to as a two-Opronged access scheme, a security clearance key is generated and assigned in accordance with a user's security access level. A security clearance key may range from most classified to non-classified. Depending on implementation, a security clearance key with a security level may be so configured that the key can be used to access secured files classified at or lower than the security level or multiple auxiliary keys are provided when a corresponding security clearance key is being requested. The auxiliary keys are those keys generated to facilitate access to secured files classified respectively less than the corresponding security or confidentiality level. | 12-01-2011 |
20110296200 | Method and Device for Encrypting and Decrypting Digital Data - Method for encrypting an initial digital data set, which comprises a compression of the initial digital data set delivering a compressed set comprising at least one compressed digital data stream and at least one dictionary making it possible to describe the content of the compressed digital data stream or streams, and an encryption of each dictionary only delivering an encrypted digital data set. | 12-01-2011 |
20110302425 | SYSTEMS, METHODS, AND APPARATUS TO VIRTUALIZE TPM ACCESSES - Embodiments of system, method, and apparatus for virtualizing TPM accesses is described. In some embodiments, an apparatus including a CPU core to execute a software program, a manageability engine coupled to the CPU core, the manageability engine to receive a trusted platform module (TPM) command requested by the software program and to process the TPM command utilizing a manageability firmware by at least creating a TPM network packet, and a network interface coupled to the manageability engine to transmit the TPM network packet to a remote TPM that is external to the apparatus for processing is utilized as a part of this virtualization process. | 12-08-2011 |
20110302426 | Method for generating a bit vector - A method and a circuit configuration for generating a bit vector are described. At least two configurations, each having state machines of the same design, are used, to whose inputs an input signal is sent and which generate an output signal as a function of their state, each state machine always having a different state than the other state machine of one configuration, so that the bit vector is generated by a linear gating of the output signals of the state machines of different configurations. | 12-08-2011 |
20110302427 | METHOD FOR ACTIVATING AT LEAST A FUNCTION ON A CHIPSET AND CHIPSET FOR THE IMPLEMENTATION OF THE METHOD - A method for activating a function of a chipset comprising at least a memory and a calculation module in charge of cryptographic operations, the memory containing at least a seed and the calculation module containing at least one cryptographic algorithm, the method comprising the steps of: receiving at least one of a segmentation key, a global key and a global cryptographic algorithm selector; transmitting at least two items selected from the group consisting of the seed, the received segmentation key, the global key and the global cryptographic algorithm selector, to the calculation module, each of the items being provided by different entities; generating in the calculation module, a temporary key by using one of said at least one cryptographic algorithm of the calculation module and at least the two items; and verifying an authenticity of a received activation message using the temporary key and controlling activation based on the verification. | 12-08-2011 |
20110307712 | MULTI-OWNER DEPLOYMENT OF FIRMWARE IMAGES - A method, apparatus, system, and computer program product for multi-owner deployment of firmware images. The method includes obtaining a signed firmware image that comprises a first code module signed by a first code owner and a second code module signed by a second code owner. The method further includes obtaining an updated first code module comprising updated code for the first code module, verifying that the updated first code module is signed by the first code owner, and updating the signed firmware image with the updated first code module in response to verifying that the updated first code module is signed by the first code owner. The signed firmware image may further comprise an access control list that authorizes updates to the first code module by the first code owner and updates to the second code module by the second code owner. | 12-15-2011 |
20110307713 | PROCESSOR AND PROCESSOR SYSTEM - In a processor including a CPU core executing instruction codes and a cache memory part having plural ways, encryption counter data encrypting and decrypting data input/output for the core in a common key encryption system are stored at one way among the plural ways, an XOR operation is performed between the encryption counter data and the input/output data, and the common key encryption process generating the encryption counter data is not executed every time when the data is encrypted or decrypted, to thereby enable high-speed memory access without sacrificing security. | 12-15-2011 |
20110307714 | REFERENCE TOKEN SERVICE - A reference token service is herein described. In one embodiment, the reference token service receives raw data strings from trusted source applications associated with merchants or other users. Upon receipt of a given raw data string, the reference token service then identifies one or more reference token pools corresponding to a merchant that sent the raw data string, wherein each reference token pool includes a plurality of reference tokens with comprising formats and data structures compatible with the merchant. The raw data string is then sent to a crypto system for tokenization. The crypto system returns a crypto token to the reference token service, wherein the crypto token may not satisfy the specific formatting or data requirements of the merchant. The crypto token is then associated with a reference token corresponding to the merchant, and the reference token is provided to the merchant. The merchant is then able to use the reference token amongst various applications within the merchant's system to enable easy sharing and retrieval of the raw data string. | 12-15-2011 |
20110314297 | EVENT LOG AUTHENTICATION USING SECURE COMPONENTS - Some embodiments provide a system that facilitates use of a computing device. During operation, the system obtains an event description of an event on the computing device. Next, the system computes a message authentication code (MAC) for the event description using a secure component associated with the computing device. Finally, the system uses the MAC to maintain the integrity of an event log containing the event description. | 12-22-2011 |
20110314298 | SYSTEM AND METHOD FOR N-ARY LOCALITY IN A SECURITY CO-PROCESSOR - Enhancing locality in a security co-processor module of a computing system may be achieved by including one or more additional attributes such as geographic location, trusted time, a hardware vendor string, and one or more environmental factors into an access control space for machine mode measurement of a computing system. | 12-22-2011 |
20110314299 | ELECTRONIC APPARATUS, DISPLAY DRIVING APPARATUS, AND DIGITAL CONTENT DISPLAY METHOD THEREOF - A digital content display method adaptable to an electronic apparatus is provided. The electronic apparatus includes a display interface and a display driving apparatus. The digital content display method includes following steps. An encrypted digital content is received by the display driving apparatus. The encrypted digital content is decrypted by the display driving apparatus according to an algorithm. The display interface of the electronic apparatus is driven by the display driving apparatus according to the decrypted digital content so that the display interface displays the digital content. Additionally, an electronic apparatus and a display driving apparatus thereof are also provided. | 12-22-2011 |
20110314300 | Segmented Mapping - Described are methods and apparatus, including computer program products for masking data. The inventions involves receiving a mapping scheme with a number of segments and a different cryptographic algorithm for each segment and then receiving a target value to be masked. The target value is then split into a number of segments based on the number of segments of the mapping scheme and the cryptographic algorithm is applied for each segment in the mapping scheme to each segment of the target value to generate an encrypted segment for each segment in the target value. Then, the encrypted segments are concatenated to create a masked value. | 12-22-2011 |
20110314301 | SYSTEMS AND METHODS FOR HARDWARE KEY ENCRYPTION - Various systems and methods for implementing dynamic logic are disclosed herein. For example, some embodiments of the present invention provide systems for encrypting/decrypting data. Such systems include a hardware key, a memory, a hardware decoder and a message encoder. The memory includes an encoded encoding key that represents an original encoding key. The hardware decoder receives a portion of the encoded encoding key and decodes the portion of the encoded encoding key using the hardware key to recover a portion of the original encoding key. The message encoder receives a data set and the portion of the original encoding key and encodes the data set using the portion of the original encoding key to create an encoded data set. | 12-22-2011 |
20110314302 | VERIFYING SIGNATURES FOR MULTIPLE ENCODINGS - Digitally signing data for multiple encodings is disclosed. A first signature of the data is generated. A second signature of a second encoding of the data is generated. The first signature and the second signature are associated with the signed data. | 12-22-2011 |
20110320823 | TRUSTED SENSORS - Architecture that provides trusted sensors and trusted sensor readings on computing devices such as mobile devices. The architecture utilizes a trustworthy computing technology (e.g., trusted platform module (TPM). In the context of TPM, one implementation requires no additional hardware beyond the TPM and a virtualized environment to provide trusted sensor readings. A second implementation incorporates trusted computing primitives directly into sensors and enhances security using signed sensor readings. Privacy issues arising from the deployment of trusted sensors are also addressed by utilizing protocols. | 12-29-2011 |
20110320824 | INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - An information processing method has a request determining part determining a request type for streaming contents from a communicating apparatus, a copy number managing part managing the number of copies permissible for the communicating apparatus when permission of one or more of copies of streaming contents is requested, a stream number managing part managing the number of streams now in communication when the request determining part determines that the communicating apparatus has requested transfer of streaming contents without asking permission of one or more of copies, and to make stop transfer of streaming contents if the number of streams now in communication exceeds a predetermined threshold value, a key-selection processing part selecting a first key corresponding to transfer of streaming contents permissible for one or more of copies or a second key corresponding to transfer of streaming contents for copies with generation management restriction or not permissible for copies, an encryption processing part generating encrypted streaming contents using the first or the second key, and a packet processing part generating a packet that includes the encrypted streaming contents and key information selected by the key-selection processing part and to include information on the number of copies to the packet when the first key is selected. | 12-29-2011 |
20120005484 | HIGH-ASSURANCE SECURE BOOT CONTENT PROTECTION - A method and apparatus for high assurance boot processing is disclosed. A trusted processor is used to authenticate a trusted boot program and in conjunction with a selector, to provide the authenticated boot program to a boot memory where it can be accessed by a main processor to execute the bootup sequence. The trusted processor also provides a command for the main processor to write a data sequence to a hard drive or similar device, and monitors the data written by the main processor to verify that the data has not been tampered with or otherwise compromised. | 01-05-2012 |
20120017095 | Software Service for Encrypting and Decrypting Data - A system for making encryption and decryption available to software applications as a service is disclosed. An encryption/decryption server verifies the credentials of human operators, hardware devices, or combinations of operators and hardware devices and determines the cryptographic keys to which they have access, and provides access to said keys. Client software applications send service requests to the encryption/decryption server to encrypt or decrypt data. The server encrypts or decrypts the data as requested if the operator or device has the proper credentials to access the required key. The system may include multiple levels of security access. | 01-19-2012 |
20120017096 | More Elegant Exastore Apparatus and Method of Operation - An apparatus to scale for multiple petabyte backup in redundant locations. Workload is automatically shared among many servers by a characteristic derived from the content itself. Duplicate storage is eliminated by checking for the existence or absence of simple files and appending client identification to files shared among multiple subscribers. Replication depends on simple atomic file operations rather than use of tables or databases. An efficient storage method for much larger quantities of data than conventional services. | 01-19-2012 |
20120030477 | SCALABLE SEGMENT-BASED DATA DE-DUPLICATION SYSTEM AND METHOD FOR INCREMENTAL BACKUPS - A system in accordance with exemplary embodiments may provide a scalable segment-based data de-duplication for incremental backups. In the system, a master device on a secondary-storage node side may receive at least incremental changes, fingerprints, mapping entities, and distribute de-duplication functionality to at least a slave device, and performs data de-duplication on said plurality of segments via a way to cluster a plurality of fingerprints in a data locality unit called container for the incremental changes, varied sampling rates of a plurality of segments by having a fixed sampling rate for stable segments and by assigning a lower sampling rate for a plurality of unstable target files of de-duplication, and a per-segment summary structure to avoid unnecessary I/Os involved in de-duplication. | 02-02-2012 |
20120030478 | Dynamic Storage Enabler For Service Delivery HUB On A Mobility Network - A system includes a hub having interfaces to an application service provider and a portal in communication with an end user, a storage enabler connected to the hub, the storage enabler having application programming interfaces configured to receive a request for a storage facility from the application service provider and to allocate the storage facility based on the request for storage, and wherein the hub provides a single interface for the application service provider to request the storage facility when servicing the end user without regard to a location of the end user. The storage enabler is further configured to track data stored by one of the end user and the application service provider and to further provide encryption functionality. | 02-02-2012 |
20120030479 | STORAGE APPARATUS, HOST APPARATUS, AND STORAGE SYSTEM - Disclosed herein is a storage apparatus including: a first storage block configured to record and hold encrypted content data and output the encrypted content data on an on-demand basis; a second storage block configured to record and hold a confidential title key; a title stream key generation block configured to generate a title stream key corresponding to a subject of encryption of the content data by use of the held confidential title key; and a communication block configured to transmit the generated title stream key with confidentiality thereof held. | 02-02-2012 |
20120030480 | BATTERY PACK AND ELECTRONIC APPARATUS - A battery pack includes at least one rechargeable battery configured to output power; a remaining battery capacity detection unit configured to detect a remaining battery capacity of the at least one rechargeable battery; and a cryptographic unit configured to output a response word in response to an external request word by encrypting the external request word based on a cryptographic algorithm with a common code key. | 02-02-2012 |
20120036369 | MEMORY IDENTIFICATION CODE GENERATION METHOD, MANAGEMENT METHOD, CONTROLLER, AND STORAGE SYSTEM - An identification code generation method and a management method for a non-volatile memory, and a controller and a storage system using the same are provided, and the non-volatile memory has a plurality of physical blocks. The identification code generation method includes testing the physical blocks to obtain an availability state of the physical blocks and identifying a plurality of good physical blocks or bad physical blocks among the physical blocks according to the availability state. The identification code generation method also includes generating a memory identification code corresponding to the non-volatile memory according to the good physical blocks or the bad physical blocks. Thereby, in the present invention, a unique memory identification code is generated and is prevented from being stolen. | 02-09-2012 |
20120036370 | Protecting Documents Using Policies and Encryption - A system protects documents at rest and in motion using declarative policies and encryption. A document at rest includes documents on a device such as the hard drive of a computer. A document in motion is a document that is passing through a policy enforcement point. The policy enforcement point can be a server (e.g., mail server, instant messenger server, file server, or network connection server). | 02-09-2012 |
20120042173 | Digital Content and Right Object Management Systems and Methods - Digital content and rights object management systems and methods are provided. The system at least includes a storage device having a hardware UID, a public area and a hidden area. The public area at least includes a security management application. The hidden area at least includes a rights object and a specific ID. The specific ID is read and determined whether or not it matches with the hardware UID. When the specific ID matches with the hardware UID, the rights object is retrieved from the hidden area, and the rights object is delivered to a security management application of a playback device for playback. In some embodiments, the rights object may be encrypted, and the security management application can read the hardware UID of the storage device, and decrypt the rights object according to the hardware UID. In the present invention, the hardware UID of the storage device and the rights object stored in the hidden area which cannot be accessed by general consumers are used to manage the DRM content. | 02-16-2012 |
20120042174 | Remote Container - Methods, program products, and systems implementing remote container techniques are disclosed. A relational database can include a container data field, which can be a data field for storing multimedia data. In one aspect, when the multimedia data are inserted into the container field, the multimedia data can be stored in one or more remote database files. The remote database files can be located separately from other data of the relational database and remotely from a client computer accessing the relational database. Corresponding data structures, or remote containers, can be configured to store metadata of the database files. References to the remote containers can be stored as values of the container data field. Using various encryption techniques, the remote database files can be given same access restrictions as access restrictions of the container data field, even when the remote database files are stored as flat files. | 02-16-2012 |
20120047371 | SECURE FIELD-PROGRAMMABLE GATE ARRAY (FPGA) ARCHITECTURE - A method and system for configuring a field-programmable gate array (FPGA) includes receiving an encrypted FPGA load-decryption key at an FPGA from a remote key-storage device. The remote key-storage device may be external to and operatively connected with the FPGA. The encrypted FPGA load-decryption key is decrypted using a session key, which may be stored at both the FPGA and the remote key-storage device. Encrypted FPGA-configuration data is received at the FPGA, and decrypted and authenticated using the decrypted FPGA load-decryption key. The decryption of the FPGA-configuration data may indicate a cryptographic state associated with the FPGA-configuration data, which may be used in recurring authentication of the FPGA-configuration data. For recurring authentication, a challenge message may be received at the FPGA from an authentication device, which may be encrypted using the cryptographic state and the session key to generate a response message. The response message may then be sent to the authentication device to determine authenticity of the FPGA-configuration data. | 02-23-2012 |
20120047372 | OPTICAL DISC, OPTICAL DISC RECORDING METHOD, OPTICAL DISC REPRODUCTION METHOD, OPTICAL DISC DEVICE AND STORAGE SYSTEM - A storage system having a plurality of optical disc devices allows other optical disc devices inside the storage system to reproduce the optical disc recorded by a certain optical disc device but inhibits optical disc devices outside the storage system to reproduce the optical disc. A device key as a base for generating an encryption key is common to the plurality of optical disc devices. In the optical disc devices, a guest key other than the device key can be used temporarily to generate the encryption key. An authentication list containing a reproduction condition is recorded with the key information to the optical disc. | 02-23-2012 |
20120060037 | PROTECTING AGAINST DIFFERENTIAL POWER ANALYSIS ATTACKS ON DECRYPTION KEYS - An embodiment of a method is disclosed for protecting a key from discovery during decryption of a data stream. This embodiment of the method includes decrypting the data stream with the key. Before completing decryption of the data stream, the method checks consistency between a decrypted portion of the data stream and expected data using a circuit arrangement. In response to an inconsistency between the decrypted portion and the expected data, a tampering signal is generated to indicate tampering is suspected. | 03-08-2012 |
20120060038 | PROTECTING AGAINST DIFFERENTIAL POWER ANALYSIS ATTACKS ON SENSITIVE DATA - An embodiment of a method is disclosed for protecting sensitive data from discovery during an operation performed on input data with the sensitive data. This embodiment of the method includes performing the operation on a first quantity of random data with the sensitive data using a circuit arrangement before performing the operation with the sensitive data on the input data using the circuit arrangement. After performing the operation with the sensitive data on the first quantity of the random data, the operation is performed with the sensitive data on the input data using the circuit arrangement. After performing the operation with the sensitive data on the input data, the operation is performed with the sensitive data on a second quantity of random data using the circuit arrangement. | 03-08-2012 |
20120060039 | Code Download and Firewall for Embedded Secure Application - A device includes a demodulator for receiving an encrypted content, an interface unit communicatively coupled to an external memory, and a hardware unit coupled to the demodulator and configured to enable the demodulator to decrypt the received content. The hardware unit includes a processing unit, a ROM having a boot code causing the device to fetch data from the external memory, a RAM for storing the fetched data, multiple non-volatile memory registers or fuse banks, and a mechanism configured to write the stored data to an external storage device in response to a backup event. The data may be encrypted using an encryption key prior to being written to the external storage device. The interface unit may include a wired or wireless communication link. The boot code includes executable instructions performing a series of validations. The device disables the executable instructions in the event of a validation failure. | 03-08-2012 |
20120066509 | MULTI-LEVEL SECURITY SOFTWARE ARCHITECTURE - A multi-level security software architecture includes various components configured to provide full data separation across multiple processors while limiting the number and size of high assurance components. The architecture includes a domain separator for ensuring that messages exchanged between domains that are distributed on different microprocessors are securely routed between domain members. The domain separator verifies a message label including a domain identifier provided by a domain gateway and cryptographically binds the message label to each message via cryptographic keys. This prevents misrouting messages caused by accidental or malicious corruption of message labels. Additionally, the domain separator can encrypt messages as necessary to enforce data separation on shared network buses. The domain separator is also responsible for managing the cryptographic keys used to label or encrypt messages. | 03-15-2012 |
20120066510 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR PERFORMING HOMOMORPHIC ENCRYPTION AND DECRYPTION ON INDIVIDUAL OPERATIONS - A method of processing data includes receiving a request for an operand from a second processor at a first processor, encrypting the operand that has been requested using the first processor responsive to receiving the request for the operand, sending the operand that has been encrypted from the first processor to the second processor, receiving a result from the second processor at the first processor, the result generated from a single homomorphic operation being performed using the operand sent to the second processor, decrypting the result received from the second processor at the first processor, and receiving a request for the result that has been decrypted from the second processor at the first processor. | 03-15-2012 |
20120066511 | Container Security - A container security device includes a housing, electronic circuitry, and cabling. The electronic circuitry is disposed within the housing, and includes first and second microprocessor functions and an interface for accepting and providing data. The cabling is removably coupled to the housing, provides the only communicative coupling between the first microprocessor function and the second microprocessor function, and is adapted to be attached to a container latch so as to break the communicative coupling if the latch is opened. The housing includes a port for the electronic circuitry interface. A method of providing container security includes closing a container using a latch device and removably coupling the cabling to the housing so that the communicative coupling is broken if the latch is opened., providing the only communicative coupling between the first microprocessor function and the second microprocessor function. | 03-15-2012 |
20120066512 | REAL-TIME SECURE SELF-AQUIRING ROOT AUTHORITY - When software is delivered to a customer, there are often programs or routines of programs that a software distributor intended to run under the credentials of a specific user other than the user who started the program. A secure method is proposed for software running in a process to acquire rights to issue restricted operations. A trusting entity trusts a process based on verifying ownership of code residing in the process. The trusted process is granted rights by the trusting entity to perform any or specific operations under the credentials of a specific user, not necessarily the current process user. | 03-15-2012 |
20120066513 | METHOD AND APPARATUS FOR AUTHENTICATING A NON-VOLATILE MEMORY DEVICE - A method and an apparatus for authenticating a non-volatile memory device are provided. The method includes sending, to the memory device, a request for an Enhanced Media Identification (EMID) for identifying the memory device, by an EMID decoder for authenticating the memory device; receiving the requested EMID changed by a preset calculation of the EMID with an optional value from the memory device; and restoring the EMID by decoding the received changed EMID. | 03-15-2012 |
20120066514 | DIGITAL IDENTITY DEVICE - A digital identity device for uniquely identifying legal entities. The digital identity device is used for secure electronic communications. | 03-15-2012 |
20120066515 | ELECTRONIC DEVICE, KEY GENERATION PROGRAM, RECORDING MEDIUM, AND KEY GENERATION METHOD - An electronic device | 03-15-2012 |
20120072734 | PLATFORM FIRMWARE ARMORING TECHNOLOGY - A method, apparatus, method, machine-readable medium, and system are disclosed. In one embodiment the method includes is a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure. | 03-22-2012 |
20120072735 | STORAGE DEVICE, PROTECTION METHOD, AND ELECTRONIC DEVICE - According to one embodiment, a storage device encrypts/decrypts data with an encryption key to write/read the data to/from the storage area. In the storage device, an elapsed time counter starts counting triggered by turning on of the storage device. A receiver receives a command containing a password and time information from a host device. The time information indicates current date and time. A calculator calculates elapsed time from last command input to current command input based on the time information and a counter value. An adder adds the elapsed time to time information contained in a command received last time. A time information determination module determines the consistency of the time information. A disabling module disables the encryption key if the time information is not consistent. An authentication module authenticates the password if the time information is consistent and allows access to the storage area if the password is successfully authenticated. | 03-22-2012 |
20120072736 | MEMORY DEVICE, MEMORY SYSTEM, AND AUTHENTICATION METHOD - According to one embodiment, a memory device includes a third partial key write module, an encryption key write module, and a decryption module. The third partial key write module is configured to combine a second partial key received from the current host device with the first partial key in the partial key memory device and to write a generated third partial key into the volatile memory after the device authentication. The encryption key write module is configured to combine the third partial key with the second user authentication information and to write a generated encryption key into the volatile memory after the user authentication. The decryption module is configured to decrypt the encrypted data based on the encryption key in the volatile memory based on a read request received from the current host device and to output obtained data to the current host device when the user authentication has succeeded. | 03-22-2012 |
20120072737 | SYSTEM FOR ESTABLISHING A CRYPTOGRAPHIC KEY DEPENDING ON A PHYSICAL SYSTEM - In systems for establishing a cryptographic key depending on a physical uncloneable function (PUF) it may be a problem that internal information correlated with the cryptographic key is leaked to the outside of the system via a side-channel. To mitigate this problem a cryptographic system for reproducibly establishing a cryptographic key is presented. The system comprises a physical system comprising a physical, at least partially random, configuration of components from which an initial bit-string is derived. An error corrector corrects deviations occurring in the initial bit-string. Through the use of randomization the error corrector operates on a randomized data. Information leaking through a side channel is thereby reduced. After error correction a cryptographic key may be derived from the initial bit-string. | 03-22-2012 |
20120079280 | Method, system and secure processor for executing a software application - A host reads host software code and secure processor software code of an software application and passes the secure processor software code to the secure processor that requests an activation sequence for the software application from a remote server. The secure processor receives the activation sequence for the software application and applies it to the secure processor software code to make it executable. The host executes the host software code and calls a procedure of the executable secure processor software code in the secure processor, which executes the procedure of the executable secure processor software code to obtain a response to the call that is then returned. The activation sequence is advantageously software code. The invention can enable protection of a plurality of software titles using a single secure processor that is dynamically adapted for each title. | 03-29-2012 |
20120079281 | SYSTEMS AND METHODS FOR DIVERSIFICATION OF ENCRYPTION ALGORITHMS AND OBFUSCATION SYMBOLS, SYMBOL SPACES AND/OR SCHEMAS - In some embodiments, a method includes generating a round key for each round from one or more rounds for encrypting input data and partitioning the input data into one or more data blocks for each round. A block key is generated for each data block and each data block is encrypted using the round key, the block key and the data block as inputs to a mathematic operation to produce a cipher text. A number of rounds is variable, at least one of a size of the round key or a number of data blocks are variable for each round, or at least one of a size of each data block, a size of the block key for each data block, the mathematic operation for each data block, or a size of the cipher text for each data block are variable for each data block within each round. | 03-29-2012 |
20120079282 | SEAMLESS END-TO-END DATA OBFUSCATION AND ENCRYPTION - A system comprises an input obfuscation module and an input encryption module coupled to the input obfuscation module. The input obfuscation and encryption modules are configured to define a first end of a secure channel for exchanging information with a secure software application module. The system further comprises an output de-obfuscation and decryption module coupled to the input obfuscation and encryption modules and is configured to define a second end of the secure channel, the secure channel having no seams between the first end of the secure channel and the second end of the secure channel. The system further comprises an output de-obfuscation module coupled to the output decryption module. | 03-29-2012 |
20120079283 | MEMORY MANAGEMENT DEVICE AND MEMORY MANAGEMENT METHOD - According to an embodiment, a memory management device increments a lower value of a first counter, updates the counter by incrementing an upper value and resetting the lower value when the lower value overflows, increments to update the lower counter value when the upper value is incremented as a result of writing a second data piece having the upper value in common to a memory, recalculates a first secret value calculated using the first counter values and a root secret value in response to the first counter update, writes a first data piece and the first secret value to the memory, and at reading of the first data piece and the first secret value, calculates a second secret value using the updated first counter values and the root secret value, and compares the first secret value with the second secret value to verify the first data piece. | 03-29-2012 |
20120079284 | INFORMATION PROCESSING APPARATUS, CONTROL METHOD OF INFORMATION PROCESSING APPARATUS, AND PROGRAM - An information processing apparatus includes a decryption processing unit, a backup unit, and a control unit. The decryption processing unit is configured to decrypt encrypted data read from a first storage unit storing the encrypted data. The backup unit is configured to back up the encrypted data stored in the first storage unit to a second storage unit. When the backup unit backs up the encrypted data stored in the first storage unit to a second storage unit, the control unit is configured to control the decryption processing unit to store the encrypted data read from the first storage unit, in the second storage unit without performing decrypting processing. | 03-29-2012 |
20120089849 | COOKIE MANAGEMENT SYSTEM AND METHOD - A system for managing cookies in a client device on a network includes a communication module, a cookie parser, an encryption module, and a storing module. The communication module sends an HTTP request to a web server on the network, and the cookie parser extracts any cookie data from the HTTP response by the web server. The encryption module encrypts the cookie data and the storing module stores the encrypted data in a memory area of the client device. | 04-12-2012 |
20120096280 | SECURED STORAGE DEVICE WITH TWO-STAGE SYMMETRIC-KEY ALGORITHM - A secured storage device uses a user key set by user to encrypt a primary key that is for encryption or decryption of user data, to produce a first encrypted data. In the secured storage device, neither the primary key nor the user key is stored, but the first encrypted data, and a secondary key and a second encrypted data produced from the secondary key encrypted with the user key for verifying the password inputted by user are stored. Therefore, even though a storage medium in the secured storage device is detached and read, the primary key and the user key cannot be obtained by a third party for reading out any encrypted user data from the secured storage device. | 04-19-2012 |
20120096281 | SELECTIVE STORAGE ENCRYPTION - A storage device includes encryption policies that may be applied to data stored thereon. Different encryption policies may be applied to different data on the storage device. Input/output (I/O) requests may identify the appropriate encryption policy to be applied using a data tag of the I/O request. The data tag may be applied by the file system when the I/O request is issued, or may be added by a filter driver before the I/O request is delivered to the storage device. | 04-19-2012 |
20120102333 | METHOD AND APPARATUS FOR INCLUDING ARCHITECTURE FOR PROTECTING MULTI-USER SENSITIVE CODE AND DATA - A secure execution environment for execution of sensitive code and data including a secure asset management unit (SAMU) is described. The SAMU provides a secure execution environment to run multiple instances of separate program code or data code associated with copy protection schemes established for content consumption. The SAMU architecture allows for hardware-based secure boot and memory protection and provides on-demand code execution for multiple instances of separate program code or data provided by a host processor. The SAMU may boot from an encrypted and signed kernel code, and execute encrypted, signed code. The hardware-based security configuration facilitates the prevention of vertical or horizontal privilege violations. | 04-26-2012 |
20120102334 | System and Method for Hardware Based Security - An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session. | 04-26-2012 |
20120102335 | REKEYING ENCRYPTION KEYS FOR REMOVABLE STORAGE MEDIA - Provided are a method, system, and article of manufacture for rekeying encryption keys for removable storage media. A rekey request is received for a coupled removable storage media, wherein encryption on the coupled removable storage media uses a first key and wherein the rekey request indicates a second key. The first key and the second key are accessed in response to the rekey request. The first key is used to perform decryption for the coupled removable storage media and the second key is used to perform encryption for the coupled removable storage media. | 04-26-2012 |
20120110342 | Methods and Systems for Migrating Content Licenses - A system can comprise a processor and a memory embodying an application. The application can comprise code that causes the processor to identify a client key embedded or hard-coded in the application (i.e., included as part of the code comprising the application). Additional code causes the processor to identify data to be accessed according to an encrypted license accessible through use of a machine key. The application can maintain the machine key in an encrypted state using the client key. The application can include code that causes the processor to determine if an encrypted version of the machine key accessible by the processor can actually be decrypted using the client key. If so, the client key can be used to access the machine key. If not, the processor can request a differently-encrypted version of the machine key from a migration service. | 05-03-2012 |
20120110343 | Trustworthy timestamps on data storage devices - Secure timestamps created by a data storage device are described. Metadata timestamp is created for each recorded unit of data (such as a sector) The HDD performs the time-stamping in a secure manner. The timestamp is made secure by performing a secure operation (i.e. one that can only be performed by the HDD) using the data and timestamp. The secure operation uses a secure key that is built-in to the storage device and is not readable outside of the device. In some embodiments the secure operation is encryption using the secure key. In other embodiments the secure operation is a hash code function (such as a Hash-based Message Authentication Code (HMAC) function) that uses the secure key to generate a hash code using at least the recorded data and the timestamp as input. The hash code is then included in the metadata that is recorded for the data unit. | 05-03-2012 |
20120110344 | Reporting of Intra-Device Failure Data - Methods and a computing device are disclosed. A computing device may include a managed device having embedded firmware. When a failure occurs with respect to the managed device, drivers within the computing device may collect failure data from a driver stack of the computing device and from the managed device. The computing device may send the collected failure data to one or more second computing devices to be stored and analyzed. The computing device may include a health monitor for periodically collecting telemetry data from the computing device and the managed device. When the health monitor becomes aware of conditions indicative of a possible impending failure, the health monitor may trigger collection of sickness telemetry data from the computing device and the managed device. Collected data from the managed device may be made available to a vendor of the managed device. | 05-03-2012 |
20120110345 | METHOD AND SYSTEM FOR SECURING DATA OF A MOBILE COMMUNICATIONS DEVICE - A method and system for securing data of a mobile communications device. The method includes: determining that first application data is data associated with a first server; encrypting the first application data with an encryption key stored in the mobile communications device; storing the encrypted first application data on a memory; receiving a request to access the first application data from an application or a service implemented from the mobile communications device; determining that the application or service is authorized to access the first application data; and in response to said determining, decrypting the first application data with the encryption key. | 05-03-2012 |
20120110346 | STORING DATA INTEGRITY INFORMATION UTILIZING DISPERSED STORAGE - A method begins by a processing module generating an integrity check value for each encoded data slice of a set of encoded data slices to produce a set of integrity check values. The method continues with the processing module encoding the set of integrity check values to produce encoded integrity check values. The method continues with the processing module sending the encoded integrity check values for storage in a memory system. | 05-03-2012 |
20120110347 | METHOD OF RANDOMLY AND DYNAMICALLY CHECKING CONFIGURATION INTEGRITY OF A GAMING SYSTEM - In a gaming environment, a method of periodically downloading dynamically generated executable modules at random intervals that perform system configuration integrity checks in a secure and verifiable manner is disclosed. The dynamically generated executable module returns the signature to a server from which it was downloaded and deletes itself from the system being checked. The next time such an executable module is downloaded, it will contain a different randomly chosen subset of hashing and encryption algorithms. The server that is performing the system configuration integrity check maintains a database of expected system configurations and performs subset of hashing and encryption algorithms as contained in the dynamically generated executable module. The result returned by the downloaded executable module is compared to that computed locally, and an error condition is raised if they do not match. | 05-03-2012 |
20120117388 | SYSTEM FOR SELECTIVE ENCRYPTION WITHIN DOCUMENTS - A system for selective encryption within a document. A portion of the document selected and marked for encryption is detected, the selected portion of the document including plaintext. The detected portion of the document selected for encryption is encrypted as ciphertext. The document is displayed with the selected portion of the document encrypted. An attempt by an accessor to access the encrypted portion of document is detected. The encrypted portion of the document is decrypted with a proper decryption key, wherein the decrypting includes decrypting the encrypted portion of the document in response to presentation of required data by the accessor. The required data includes the proper decryption key, a name of the accessor, and an employee number of the accessor. The portion of the document is displayed as decrypted. | 05-10-2012 |
20120124388 | Electronic-device theft-deterring systems - A method and apparatus to deter theft of electronic-devices is disclosed. Electronic-devices have locked and unlocked states that permit deny and permit use of the electronic-device. Electronic-devices are shipped from manufacturers, thorough suppliers, to retailers in the locked state. Unlocking functions are transmitted through computer networks to the retail locations and held in volatile storage. The unlocking of the electronic-device occurs subsequent to purchase. Other methods and apparatus are disclosed related to multiple distribution methods of unlocking schemes, re-locking and return validation and data structures. | 05-17-2012 |
20120124389 | Protecting images, and viewing environments for viewing protected images - A method, apparatus, and system are provided to facilitate protecting media such as images, documents, video streams, and the like, from unauthorized copying or distribution. The method is based on requiring certain conditions to be filled prior to, and during, display of the media on a user display. The conditions for display may require pointing device cursor placement, operating certain keys, and the like. Permissions are granted to users by the media owners and the permissions are checked prior to display. Thus the user is prevented from copying the media and using it illicitly, and the media owner may share media while at the same time maintaining control over the use thereof. The system may also be utilized to provide time-limited access to certain materials. | 05-17-2012 |
20120124390 | Virtual Secure Digital Card - A system (and a method) are disclosed for generating a virtual secure digital (SD) card. One embodiment detects an SD card and reads a media key block and media identification for the SD card. The system stores the media key block and the media identification. The system creates a file system for secure data on a storage device for storage of secure data corresponding to a secure data area of the SD card and creates a file system for user data on the storage device for storage of user data corresponding to a user data area of the SD card. In addition, the system uses the virtual secure digital (SD) card. The system determines if the virtual SD card is provisioned and provisions it if not. The system accesses the data stored in the secure area of the provisioned virtual SD card. The system extracts the data from the secured area of the provisioned virtual SD card. | 05-17-2012 |
20120124391 | STORAGE DEVICE, MEMORY DEVICE, CONTROL DEVICE, AND METHOD FOR CONTROLLING MEMORY DEVICE - A storage device includes a storage unit and a controller that controls the storage unit in accordance with a request provided from an upstream-side device. The storage unit includes a storage medium that stores data, an authentication processing unit that performs an authentication process, and a storage region managing unit that sets either a first region or a second region in a storage region. The first region is accessible and useable to perform data reading and data writing between the upstream-side device and the storage unit when the access authentication is successfully performed on the basis of a first password. The second region may be released when the access authentication is successfully performed on the basis of a second password. When the storage unit needs to be disconnected, the controller sets the second region in the storage region in which the first region has been previously set. | 05-17-2012 |
20120124392 | SYSTEM AND METHOD FOR STREAM/BLOCK CIPHER WITH INTERNAL RANDOM STATES - Disclosed herein are systems, methods, and computer readable-media for performing data encryption and decryption using a stream or block cipher with internal random states. The method includes splitting the input data into a predetermined number of blocks and processing each block. The processing includes creating sub-blocks, permuting the sub-blocks, replacing bytes using a lookup table, rotating bits, performing expansion and combining sets of bits. The element of randomness employed in this process allows for the same input to yield the same output, with differing internal states. | 05-17-2012 |
20120131351 | MANAGING ACCESS TO A SECURE DIGITAL DOCUMENT - In a method for managing access to a secure digital document by workflow participants, in which a respective public key is associated with each of the workflow participants, an entry table is populated with a participant entry for each of the workflow participants. Each of the participant entries includes a map entry identifier that corresponds to a map entry tag in a map file, and a first label associated with the map entry identifier. In addition, symmetric keys for the workflow participants are accessed and each of the first labels is encrypted using a respective symmetric key to generate a plurality of second labels, the entry table is populated with the plurality of second labels, each of the plurality of symmetric keys is encrypted with the public key of a respective workflow participant, and the entry table is incorporated into the digital document. | 05-24-2012 |
20120131352 | INCREMENTAL AND BULK STORAGE SYSTEM - A method for storing electronic data. A first set of electronic data may be copied from a computing device to a capsule. The capsule then may be transferred or located to a location other than that of the computing device. The capsule and the computing device may be in electronic communication. The first set of electronic data may be updated on the capsule when changes are made to the first set of electronic data on the computing device. | 05-24-2012 |
20120131353 | PERIPHERAL AUTHENTICATION - This document describes techniques ( | 05-24-2012 |
20120131354 | METHOD AND SYSTEM FOR PROVISION OF CRYPTOGRAPHIC SERVICES - An encryption service system comprises an API for receiving requests from one or more calling applications. Each request comprises information identifying the operations to be performed on data to be processed and information identifying the origin and target of the data. The encryption service system further comprises a cryptographic server for processing the requests and determining, for each request, an encryption policy to be applied. | 05-24-2012 |
20120131355 | RANGE SEARCH SYSTEM, RANGE SEARCH METHOD, AND RANGE SEARCH PROGRAM - In case of a range search to the encryption DB (database), conventionally, because there is a correlation between a value of the data and the number of search keys for the range search, the contents of the encrypted data can be inferred and are not safe. Also, it is not efficient sufficiently in case of insertion of the data, and search. In the present invention, the search keys related by the data are generated for a predetermined number without depending on the value of the data. Also, when the search keys showing a range are generated, the search keys are provided from the search key having a narrow width to the search key having a wide range, and the widths have a relation of a power series length, to suppress the number of necessary search keys. | 05-24-2012 |
20120137138 | PACKAGE AUDIT TOOL - A method and system for software package auditing is described. | 05-31-2012 |
20120137139 | DATA STORAGE DEVICE, DATA CONTROL DEVICE AND METHOD FOR ENCRYPTING DATA - According to one embodiment, a data storage device includes an encryption module, a write module, and a controller. The encryption module encrypts or decrypts data. The write module writes, on a storage medium, encrypted data of data received from a host, the encrypted data being encrypted by the encrypting module. The controller causes the encryption module to encrypt data received from a host and to transfer the encrypted data to the write module through a buffer memory, during normal encryption process, and to re-encrypt the data recorded on the storage medium, during re-encryption process. During the re-encryption process, the controller causes the encryption module to decrypt the encrypted data read from the storage medium, to store the decrypted data into the buffer memory, and to re-encrypt the decrypted data from the buffer memory by the encryption module and to transfer the re-encrypted data to the write module. | 05-31-2012 |
20120137140 | SYSTEM AND METHOD FOR PROTECTING INFORMATION AND RELATED ENCRYPTION KEYS - A system apparatus and method for protecting information are provided. Embodiments of the invention may detect inactivity related to a computing device. Information and encryption key may be removed from a memory. Subsequent activity may be detected. An authentication procedure may be performed, and, contingent on authenticating a relevant entity, a master key may be generated and installed in a memory. | 05-31-2012 |
20120144205 | Cryptographic Architecture with Instruction Masking and other Techniques for Thwarting Differential Power Analysis - An apparatus and method for preventing information leakage attacks that utilize timeline alignment. The apparatus and method inserts a random number of instructions into an encryption algorithm such that the leaked information can not be aligned in time to allow an attacker to break the encryption. | 06-07-2012 |
20120144206 | INFORMATION PROCESSING APPARATUS, REMOVABLE STORAGE DEVICE, INFORMATION PROCESSING METHOD, AND INFORMATION PROCESSING SYSTEM - An information processing apparatus includes an encrypted authentication unit that obtains, as encrypted information, the estimated total capacity of a storage medium included in a removable storage device, which is the target of encrypted authentication, a storage use unit that obtains the total capacity of a storage medium to which data is written, and a determination unit that restricts the use by the storage use unit of the storage medium to which the data is written depending on whether the difference between the estimated total capacity and the total capacity is equal to or more than a predetermined threshold. | 06-07-2012 |
20120144207 | SYSTEMS AND METHODS FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object. | 06-07-2012 |
20120151220 | PERSONALIZED DIGITAL MEDIA ACCESS SYSTEM (PDMAS) - The invention is an apparatus that facilitates access to encrypted digital media to accept verification and authentication from an excelsior enabler using at least one token and at least one electronic identification. The at least one electronic identification could be a device serial number, a networking MAC address, or a membership ID reference from a web service. Access to the product is also managed with a plurality of secondary enablers using the at least one electronic identification reference. | 06-14-2012 |
20120151221 | SYSTEMS AND METHODS FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object. | 06-14-2012 |
20120151222 | SYSTEMS AND METHODS FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object. | 06-14-2012 |
20120159182 | DRM PLUGINS - Presented is a system and methods for receiving metadata, a decryption module and encrypted content from a cable headend, decrypting the encrypted content with the decryption module and presenting the decrypted content to a user. The client device can receive, load and execute any decryption module compatible with the system framework allowing flexibility in the choice or changing of client device manufacturer and/or Digital Rights Management system vendor. | 06-21-2012 |
20120159183 | METHOD AND APPARATUS FOR SECURING A COMPUTING DEVICE - A method and apparatus for securing a computing device are provided. A state of the computing device is determined, the state associated with a protection state. The computing device is automatically switching between a plurality of security levels at based on the state. | 06-21-2012 |
20120159184 | Technique for Supporting Multiple Secure Enclaves - A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed. | 06-21-2012 |
20120159185 | Secure Digital Download Storage Device - A secure USB flash drive employing digital rights management to implement secure digital media storage such as that provided by encrypted storage utilizing content protection for recordable media (CPRM) or the like. Unlike a secure digital card which provides such protection, it does not need an SD card port which is CPRM enabled, or alternatively a reader adapted for use therewith. The form factor can be that of a standard USB flash drive and a standard USB connector is employed making the device and its use familiar and comfortable to the average consumer. | 06-21-2012 |
20120159186 | SECURING THE IMPLEMENTATION OF A CRYPTOGRAPHIC PROCESS USING KEY EXPANSION - In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of rounds, the cipher is hardened against an attack by protecting the cipher key by means of a key expansion process which obscures the cipher and/or the round keys by increasing their lengths to provide an expanded version of the keys for carrying out encryption or decryption using the cipher. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during its execution. This method and the associated computing apparatus are useful where the key is derived through a process and so is unknown when the software code embodying the cipher is compiled. This is typically the case where there are many users of the cipher and each has his own key, or where each user session has its own key. | 06-21-2012 |
20120159187 | ELECTRONIC DEVICE AND METHOD FOR PROTECTING AGAINST DIFFERENTIAL POWER ANALYSIS ATTACK - An electronic device and a method for protecting against a differential power analysis attack are disclosed herein. The electronic device includes an encryption/decryption unit, a random number generator and a countermeasure circuit. The encryption/decryption unit can provide an enable signal when encrypting or decrypting more bits of data. The random number generator can generate random data. When receiving the enable signal, the countermeasure circuit can operate according to the bits of data and the random data. | 06-21-2012 |
20120159188 | Systems and Methods for Identity-Based Encryption and Related Cryptographic Techniques - A method and system for encrypting a first piece of information M to be sent by a sender [100] to a receiver [110] allows both sender and receiver to compute a secret message key using identity-based information and a bilinear map. The sender uses a bilinear map to encrypt a message M, producing ciphertext V to be sent from the sender [100] to the receiver [110]. The receiver [110] uses the bilinear map to decrypt V and recover the original message M. According to one embodiment, the bilinear map is based on a Weil pairing or a Tate pairing defined on a subgroup of an elliptic curve. Also described are several applications of the techniques, including key revocation, credential management, and return receipt notification. | 06-21-2012 |
20120159189 | MODULAR EXPONENTIATION RESISTANT AGAINST SKIPPING ATTACKS - An exponentiation method resistant against skipping attacks. A main idea of the present invention is to evaluate, in parallel with the exponentiation such as y=g | 06-21-2012 |
20120159190 | ENCRYPTION DEVICE, DECRYPTION DEVICE, ENCRYPTING METHOD, AND DECRYPTING METHOD - An identification information setting unit of an encryption device on document data determines whether or not an encrypted area has been divided by an editing operation of document data, and sets identification information indicating any position of four corners of an undivided encrypted area at a corresponding position of each divided encrypted area when the encrypted area has been divided. | 06-21-2012 |
20120159191 | METHOD AND APPARATUS FOR TRANSITIONING BETWEEN STATES OF SECURITY POLICIES USED TO SECURE ELECTRONIC DOCUMENTS - Techniques for dynamically altering security criteria used in a file security system are disclosed. The security criteria pertains to keys (or ciphers) used by the file security system to encrypt electronic files to be secured or to decrypt electronic files already secured. The security criteria can, among other things, include keys that are required to gain access to electronic files. Here, the keys can be changed automatically as electronic files transition between different states of a process-driven security policy. The dynamic alteration of security criteria enhances the flexibility and robustness of the security system. In other words, access restrictions on electronic files can be dependent on the state of the process-driven security policy and enforced in conjunction with one or more cryptographic methods. | 06-21-2012 |
20120159192 | Optimizing Use of Hardware Security Modules - Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device. | 06-21-2012 |
20120166812 | METHOD, APPARATUS AND SYSTEM FOR SECURE COMMUNICATION OF RADIO FRONT END TEST/CALIBRATION INSTRUCTIONS - Techniques for a programmable engine to provide security mechanisms protecting information which is in support of testing and/or calibration a radio front end. In an embodiment, test/calibration information is to be communicated to, from or within the programmable engine for processing by a particular resource of the programmable engine. In another embodiment, test/calibration is exchanged along a dedicated hardware data path between a security module of the programmable engine and an execution module of the programmable engine, wherein any data exchanged in the dedicated hardware data path is only accessible from the dedicated hardware data path via one or both of the security module and the execution module. | 06-28-2012 |
20120166813 | REPRODUCING DATA FROM OBFUSCATED DATA RETRIEVED FROM A DISPERSED STORAGE NETWORK - A method begins by a processing module processing a data retrieval request that identifies data, wherein the data is stored as a plurality of sets of encoded data slices, wherein one or more encoded data slices of the plurality of sets of encoded data slices has been replaced with one or more encoded secret slices of secret data. The method continues with the processing module receiving at least a threshold number of the plurality of sets of encoded data slices and determining whether a secret data extraction process is initiated. The method continues with the processing module obtaining an inter-dispersing function to extract the one or more encoded secret slices to produce extracted encoded secret slices and decoding the extracted encoded secret slices in accordance with secret dispersed storage error encoding parameters to reproduce the secret data when the secret data extraction process is initiated. | 06-28-2012 |
20120166814 | MEMORY CARD, HOST DEVICE, CERTIFICATION ISSUING DEVICE, MEMORY CONTROLLER, MEMORY CHIP, METHOD OF PRODUCING MEMORY CARD, AND DATA READING AND WRITING METHOD - A memory card includes one or more memory chips that store memory quality data including a storage volume value; and a certification storing unit that stores a storage volume certification including a sum storage volume value of one or more memory chips. | 06-28-2012 |
20120166815 | SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. | 06-28-2012 |
20120166816 | Auxiliary Functionality for Pixel Data - The various methods and systems described herein are directed to supplying a secure channel for software executing on a host computer. The methods and systems address and provide solutions for an attack model in which rogue software executing on the host computer attempts to inappropriately obtain or otherwise manipulate data. Some embodiments can provide pixel data that can be kept confidential (in that untrusted software applications cannot read the data off of the display screen). In addition, other embodiments can preserve the integrity of the pixel data by detecting whether the pixel data has been inappropriately manipulated. Various embodiments are based on a decryption engine that is located on a video card very late in the video processing chain such that programmatic access to decrypted pixel data is denied. | 06-28-2012 |
20120173880 | System And Method For Decrypting Content Samples Including Distinct Encryption Chains - Embodiments may be configured to receive a protected version of content that includes multiple encrypted content samples. In various embodiments, each encrypted content sample includes multiple encrypted blocks. For a given encrypted content sample, different sets of encrypted blocks in that sample may form different encryption chains. The protected version of the content may further include decryption information for decrypting the encrypted content samples. The decryption information may include at least some initialization vectors generated dependent upon non-content information that is not included in the protected version of the content. The non-content information may be from a different protected version of the content. Embodiments may be configured to use the decryption information to decrypt one or more of the encrypted content samples. | 07-05-2012 |
20120173881 | Method & Apparatus for Remote Information Capture, Storage, and Retrieval - The present disclosure relates to methods and systems that restrict access to stored sensitive information. Specifically, the methods and systems of the present disclosure separate the management of access to data from the encryption and storage of the data itself. The present disclosure allows for retrieval of the access without providing such access to the data host. Further, the present disclosure provides for data ownership privileges that can grant or revoke access. The present disclosure further provides for audio-access of stored data. | 07-05-2012 |
20120173882 | SYSTEM AND METHOD FOR IN-PLACE ENCRYPTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for performing in-place encryption. A system configured to practice the method receives a request from a user to encrypt an unencrypted volume of a computing device and identifies, generates, and/or randomly selects a volume key. Then the system converts the unencrypted volume to an encryptable format divided into portions. The system then encrypts, based on the volume key, the encryptable volume, portion by portion, to enable the user to use the computing device while encrypting. The system can maintain an encryption progress status and display the encryption progress status. The system can monitor disk accesses to the encryptable volume, and, when the disk accesses exceed a first threshold, apply a back-off algorithm to stop encrypting until the disk accesses fall below a second threshold. Thus, the computing device can be used while the encryption occurs in the background. | 07-05-2012 |
20120173883 | SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. | 07-05-2012 |
20120173884 | METHOD FOR REMOTELY CONTROLLING AND MONITORING THE DATA PRODUCED ON DESKTOP ON DESKTOP SOFTWARE - According to this invention there is provided a method of controlling usage of data and prevent unauthorized usage of data that is generated by software using iso data system where data can be used only on the computer which has created the data or use and/or access the data on other computers only if the owner of such data has given access/permission to such data. | 07-05-2012 |
20120179915 | SYSTEM AND METHOD FOR FULL DISK ENCRYPTION AUTHENTICATION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for authenticating a user logging in to an operating system stored on an encrypted drive. A system configured to practice the method presents a login prompt and receives credentials from a user. The system accesses the operating system on the encrypted drive based on the credentials and starts the operating system. Then the system authenticates the user on the operating system based on the credentials, such as via login forwarding. The system can set up a unified login by receiving a request to encrypt a storage device, and based on received user credentials, generating user data associated with logging in to an operating system on the computing device and user data for encrypting the storage device. The system stores the user data in a manner to enable a unified login boot prompt. | 07-12-2012 |
20120179916 | SYSTEMS AND METHODS FOR SECURING VIRTUAL MACHINE COMPUTING ENVIRONMENTS - Systems and methods are provided for securing data in virtual machine computing environments. A request is received for a security operation from a first virtual machine operating in a host operating system of a first device. In response to receiving the request, a first security module executes the security operation, the first security module implemented in a kernel of the host operating system. The result of the security operation is provided to the first virtual machine. | 07-12-2012 |
20120179917 | CODE SIGNING SYSTEM AND METHOD - A code signing system and method is provided. The code signing system operates in conjunction with a signed software application having a digital signature and includes an application platform, an application programming interface (API), and a virtual machine. The API is configured to link the software application with the application platform. The virtual machine verifies the authenticity of the digital signature in order to control access to the API by the software application. | 07-12-2012 |
20120179918 | METHOD AND A SYSTEM FOR PROVIDING A DEPLOYMENT LIFECYCLE MANAGEMENT OF CRYPTOGRAPHIC OBJECTS - A system and a method for cryptographic objects (CO) deployment life-cycle management comprising: at least one execution unit ( | 07-12-2012 |
20120185699 | SPACE-EFFICIENT ENCRYPTION WITH MULTI-BLOCK BINDING - Exemplary embodiments include an encryption method in a computer system having a processor and a memory operatively coupled to the processor, the method including receiving a cleartext key in the memory, the encryption key having a plurality of segments including segment K | 07-19-2012 |
20120185700 | SYSTEM AND METHOD FOR SUPPORTING JIT IN A SECURE SYSTEM WITH RANDOMLY ALLOCATED MEMORY RANGES - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for processing just-in-time code at a device that enforces a code signing requirement. The disclosure includes receiving computer code, where a portion of the code includes executable just-in-time code, at a device that enforces a code signing requirement; identifying the unsigned just-in-time executable portion of code; allocating a randomly selected memory region on the device for at least some of the unsigned just-in-time executable portion; and executing the unsigned just-in-time executable portion of code in the randomly selected memory region as if the unsigned just-in-time executable portion of code was signed computer code. | 07-19-2012 |
20120191982 | NON-VOLATILE STORAGE OF ENCRYPTED DATA - Embodiments in accordance with the invention utilize the cryptographic transformation function of an SP processor to encrypt data at rest. The use of the primary processor-based cryptographic transformation function is preferable to use of an auxiliary cryptographic processor because the transformation occurs directly, and thus can be faster and more cost effective. | 07-26-2012 |
20120191983 | MANAGING INFORMATION IN A DOCUMENT SERIALIZATION - In a method for managing information comprising a reference name of an atomic unit listed in a document serialization, a new name for the atomic unit reference name is generated and occurrences of the atomic unit reference name in the document serialization are replaced with the new name for the atomic unit to conceal the atomic unit reference name. In addition, a map file containing a map file entry for each of a plurality of workflow participants is generated, in which each of the map file entries includes the new name and an access key to access the atomic unit. | 07-26-2012 |
20120191984 | DATA ENCRYPTION DEVICE AND MEMORY CARD - The invention provides a data encryption device that can perform high-speed access to an arbitrary page when encrypting data and writing it to a storage device that can be accessed in a page unit or reading data therefrom and decrypting it. The device: encrypts data and writes it to the storage device or reads data from the storage device and decrypts it by a stream cipher; uses a counter mode of a block cipher to generate pseudorandom number series; specifies a data position in the storage device based on a page number and a page block number, by dividing one page into plural page blocks having a block length of the block cipher; and uses a value determined by a function of the page number, the page block number, and an arbitrary offset value, as an initial value of a pseudorandom number to be used in the counter mode. | 07-26-2012 |
20120191985 | Managing Keys used for Encrypting Data - A method, a data processing system, and a computer program product for managing cryptographic information. A determination is made as to whether a first time stamp of when cryptographic information was created is more recent than a second time stamp of a backup of the cryptographic information in response to receiving a request for the cryptographic information from a requester. The cryptographic information is used to encrypt data. The cryptographic information is prevented from being provided to the requester in response to a determination that the first time stamp of cryptographic information creation is more recent than the second time stamp of the backup of the cryptographic information. | 07-26-2012 |
20120191986 | CRYPTOGRAPHIC PROCESSING APPARATUS AND CRYPTOGRAPHIC PROCESSING METHOD, AND COMPUTER PROGRAM - In extended Feistel type common key block cipher processing, a configuration is realized in which an encryption function and a decryption function are commonly used. In a cryptographic processing configuration to which an extended Feistel structure in which the number of data lines d is set to an integer satisfying d≧3 is applied, involution properties, that is, the application of a common function to encryption processing and decryption processing, can be achieved. With a configuration in which round keys are permuted or F-functions are permuted in the decryption processing, processing using a common function can be performed by setting swap functions for the encryption processing and the decryption processing to have the same processing style. | 07-26-2012 |
20120198241 | SYSTEMS AND METHODS FOR SECURING DATA - Systems and methods are provided for securing data. A processing device receives a data set and identifies a first subset of data from a first dimension of a multi-dimensional representation of the data set. The processing device encrypts the first subset of data using a first encryption technique to yield a first encrypted subset of data and replaces the first subset of data in the multi-dimensional representation of the data set with the first subset of encrypted data. The processing device then identifies a second subset of data from a second dimension of the multi-dimensional representation of the data set, with the second subset of data including at least a portion of the first subset of encrypted data, and encrypts the second subset of data using a second encryption technique to yield a second encrypted subset of data. | 08-02-2012 |
20120204036 | Encryption Scheme - Cryptographically converting raw data into a structured electronic document can include parsing the raw data to identify at least one raw data object. A target data object is selected from the raw data object(s). For each selected target data object, the target data object is encrypted according to a cryptographic scheme to create an encrypted data object. Each selected target data object is replaced with the respective encrypted data object, and is associated with markup data in a structured format for each respective encrypted data object, resulting in the structured electronic document. The format of the structured electronic document can be compliant with a formatting language, which can be a general-purpose or specific-purpose formatting language. | 08-09-2012 |
20120204037 | Method and apparatus for executing software applications - Consumer electronic devices, such as e.g. high-definition movie players for removable storage media such as optical discs, may provide possibilities for advanced interactivity for the user, implemented as software applications. A question arising generally with such software applications is what the life cycle of such an application is, and who may control it. The invention provides a method for executing software applications within a playback device for audio-video data, wherein data from a first removable storage medium are read for a software application to be executed within said playback device, and the data comprise an indication defining a termination condition for the application. Based on said termination code and depending on how the medium holding the application is ejected, the application is terminated or may survive. | 08-09-2012 |
20120210138 | CRYPTOGRAPHIC LOGIC CIRCUIT WITH RESISTANCE TO DIFFERENTIAL POWER ANALYSIS - This disclosure describes techniques that may prevent cryptographic devices, including both encryption devices and decryption devices, from producing a power signature that can be used by attackers to deconstruct a cryptographic algorithm and extract a cryptographic key. The techniques may include an external power supply charging an internal, dedicated power storage element; temporarily gating off the encryption device from the external power supply; configuring a cryptographic logic unit to perform a cryptographic algorithm from power stored in the power storage element while the external power source is gated off; and then recharging the power storage element upon the cryptographic logic unit completing an iteration of the cryptographic algorithm. | 08-16-2012 |
20120210140 | INFORMATION PROCESSING APPARATUS, INFORMATION RECORDING MEDIUM MANUFACTURING APPARATUS, AND INFORMATION RECORDING MEDIUM - A configuration is provided for a process in which appropriate content code corresponding to apparatuses and applications of various model types and versions is selected to be performed. In a configuration in which content code recorded on an information recording medium is obtained, and processing, such as a security check in accordance with the content code, conversion of the content data, and embedding of player information into the content, is performed, at least a portion of the content code is set as encrypted data, and as an encryption key, a node key set so as to correspond to a node of a key tree having a hierarchical structure is used. | 08-16-2012 |
20120216048 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR APPLICATION-AGNOSTIC AUDIO ACCELERATION - Methods, systems and computer system products to allow audio decryption and decoding to be performed on a graphics engine instead of on a host processor. This may be accomplished without having to modify media application software. A down codec function driver exposes a down codec to a media application, which may then send encrypted and encoded audio data to the down codec function driver. The down codec function driver may then redirect the audio data to a graphics driver. The graphics driver may then pass the audio data to a graphics engine. The graphics engine may then decrypt and decode the audio data. The decrypted and decoded audio data may be returned to the graphics driver, which may then send the decrypted and decoded audio data to the function driver. The function driver may then pass the decrypted and decoded audio data to the down codec for rendering. | 08-23-2012 |
20120216049 | SECURE OBJECT HAVING PROTECTED REGION, INTEGRITY TREE, AND UNPROTECTED REGION - A method and structure for a secure object, as tangibly embodied in a computer-readable storage medium. The secure object includes a cryptographically protected region containing at least one of code and data, an initial integrity tree that protects an integrity of contents of the cryptographically protected region; and an unprotected region that includes a loader, an esm (enter secure mode) instruction, and one or more communication buffers. | 08-23-2012 |
20120216050 | MICROCODE AUTHENTICATION - A microcode authentication unit provides access to a secure hardware unit. A microcode segment is provided to the microcode authentication unit, which generates a signature corresponding to the segment and compares the size and signature of the segment against stored values. If a match is determined, the unit enables access to the secure hardware unit. | 08-23-2012 |
20120221863 | AUTHENTICATION SYSTEM - The present invention aims to provide an authentication system that can accurately identify a genuine product. In an authentication system, a host instructs an authentication chip master to start authentication. In conjunction with the authentication start execution instruction, the host instructs a timer counter to start timer counting. In response to the authentication start execution instruction from the host, the authentication chip master outputs a challenge code to an authentication chip slave. The authentication chip slave performs an encryption process with respect to the challenge code. Then, the authentication chip slave outputs a response code obtained as the result of the encryption process, to the authentication chip master. Then, the authentication chip master performs a response code matching process, and outputs the authentication result to the host. In response to the authentication result, the host stops timer counting, and performs a verification process to accurately identify the genuine chip. | 08-30-2012 |
20120226913 | SYSTEM AND METHOD FOR CLIPBOARD SECURITY - Provided is a clipboard security system and method for improving security of data transmission made through a clipboard which is frequently used in utilization of a computer. An example of the clipboard security system includes a clipboard managing unit for storing data in a clipboard or extracting data from the clipboard in response to a request from one or more objects, in which the clipboard managing unit includes a data encrypting unit for encrypting the data for which storage is requested according to a trust relationship of an object which desires to store the data in the clipboard and a data decrypting unit for decrypting the encrypted data according to a trust relationship of an object which desires to extract the encrypted data stored in the clipboard. | 09-06-2012 |
20120226914 | Checking Data Content - A system for automated checking of data content includes content checkers ( | 09-06-2012 |
20120233471 | SENSITIVE DATA ALIASING - Database management and security is implemented in a variety of embodiments. In one such embodiment, data sets containing sensitive data elements are analyzed using aliases representing sensitive data elements. In another embodiment, the sensitive data elements are stored in an encrypted form for use from a secure access, while the alias is available for standard access. | 09-13-2012 |
20120239941 | PROGRAMMABLE CONTROLLER SYSTEM, TOOL DEVICE, TOOL PROGRAM, STORAGE MEDIUM, AND PROGRAMMABLE CONTROLLER - A programmable controller system, a tool device, a tool program, a storage medium, and a programmable controller capable of affording greater convenience in terms of preventing unauthorized use of user program running on the programmable controller. In the programmable controller system, the tool device sets up a first user program execution ID in a second non-volatile memory provided in the PLC and sets up a second user program execution ID in a project provided in the tool device. The PLC performs a matching operation to determine whether or not the first user program execution ID matches the second user program execution ID and blocks the execution of the user program if there is a mismatch. | 09-20-2012 |
20120239942 | Preservation of User Data Privacy in a Network - An example apparatus is provided that receives a pseudonym and encrypted identifier, where the pseudonym is of a user's personal data. The pseudonym has been generated using a first secret key, and the encrypted identifier has been generated by encrypting the identifier using a second secret key. The first and second secret keys are known to other user(s) authorized to access the data, and are unknown to the apparatus. The operations also include storing the personal data in a database under the pseudonym, and indexed by the encrypted identifier. The keys used for encryption and pseudorandom generation can be provided by a second apparatus (e.g. an offline security manager), which may employ a proxy re-encryption scheme to provide proper keys to the apparatus based on access policies. Only the authorized users can decrypt the keys with their private keys, thus can query the user records stored in the apparatus. | 09-20-2012 |
20120246484 | SECURE EXECUTION OF UNSECURED APPS ON A DEVICE - Given the volume of apps being developed and downloaded, performing operations to enable security for mobile devices, such as locating relevant classes and substituting different classes, can become very inefficient when done to a very high number of apps. In the invention, a device is enabled with an app security enforcement layer. The consumer can download unsecured apps and have the app execute on the phone in a secure manner, where potential data loss to the device, such as a smart phone or tablet, is minimized. To make the security wrapping process more efficient, an app template containing markers is created. This template is merged with data in an active user policy or is used to randomize or obfuscate the code to add more security. The process of security wrapping an app becomes more efficient. | 09-27-2012 |
20120246485 | ENCRYPTING METHOD, RECORDING MEDIUM OF ENCRYPTING PROGRAM, DECRYPTING METHOD, AND RECORDING MEDIUM OF DECRYPTING PROGRAM - An encrypting method including encrypting a first data segment of encryption target data on the basis of first key information, generating second key information on the basis of the first data segment by using a predetermined algorithm, and encrypting a second data segment of the encryption target data, which is different from the first data segment, on the basis of the second key information. | 09-27-2012 |
20120246486 | INFORMATION-PROCESSING DEVICE AND INFORMATION MANAGEMENT PROGRAM - [PROBLEMS] To prevent leak of information because loss or theft judgement is made whether or not read control information stored in a predetermined read control information storage area of an external storage is proper. If the judgment result shows that it is invalid, virtualized data stored in the external storage is decrypted, and genuine read control information virtualized in the virtualized data is extracted. Next judgement is made whether or not the extracted genuine read control information is proper. If the extracted genuine read control information is proper, the virtualized genuine data in the virtualized data along with the genuine read control information is made usable by decrypting and creating the virtualized data, and improper read control information is stored in the read control information storage area. | 09-27-2012 |
20120254624 | THREE PARTY ATTESTATION OF UNTRUSTED SOFTWARE ON A ROBOT - Various technologies pertaining to three-party attestation of untrusted software on a robot are described herein. A robot includes trusted firmware, which includes read-only instructions. The robot also includes untrusted software. An attestation server is in communication with the robot by way of a network stack in the untrusted software. Messages are selectively transmitted amongst the firmware, the untrusted software, and the attestation server in connection with attesting to the untrusted software. | 10-04-2012 |
20120254625 | PROTECTING STATES OF A CRYPTOGRAPHIC PROCESS USING GROUP AUTOMORPHISMS - In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of rounds, the cipher is hardened against an attack by a protection process which obscures the cipher states and/or the round keys using the properties of group field automorphisms and applying multiplicative masks (instead of conventional XOR masks) to the states of the cipher, for encryption or decryption. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during its execution. This method and the associated computing apparatus are useful for protection against known attacks on “White Box” ciphers, by eliminating XOR operations with improved masking techniques and increasing complexity of reverse engineering and of attacks. | 10-04-2012 |
20120254626 | STORAGE MEDIA DEVICE AND RECORDING APPARATUS - A storage media device includes a user-data storage section that is capable of storing encrypted user data; a key-information storage section that is capable of storing key information for decrypting the encrypted user data; a key-information deleting section that performs electrical processing for deleting the key information stored by the key-information storage section; a first switch that is manually operated by a user to issue an instruction for operating the key-information deleting section; a battery that supplies power for operating the key-information deleting section; and a display section that displays that the key-information deletion performed by the key-information deleting section is completed. | 10-04-2012 |
20120254627 | Method and System for Protecting Data - Methods and systems for protecting data may include controlling encryption and/or decryption and identifying a destination of corresponding encrypted and/or decrypted data, utilizing rules based on a source location of the data prior to the encryption or decryption and an algorithm that may have been previously utilized for encrypting and/or decrypting the data prior to the data being stored in the source location. The source location and/or destination of the data may comprise protected or unprotected memory. One or more of a plurality of algorithms may be utilized for the encryption and/or decryption. The rules may be stored in a key table, which may be stored on-chip, and may be reprogrammable. One or more keys for the encryption and/or decryption may be generated within the chip. | 10-04-2012 |
20120260101 | ENCRYPTION OF MEMORY DEVICE WITH WEAR LEVELING - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for encryption of a memory device with wear leveling. In one aspect, a method includes accessing an address map of the memory device, the address map referencing first memory locations and second memory locations of the memory device, wherein the first memory locations store data that are to be encrypted by a full disk encryption operation on the memory device; designating the second memory locations as being encrypted without performing an encryption operation on the second memory locations; and encrypting only the data stored in the first memory locations of the memory device so that the data of the first memory locations and the second memory locations are designated as being disk encrypted. | 10-11-2012 |
20120260102 | SYSTEM AND METHOD FOR EXECUTING AN ENCRYPTED BINARY FROM A MEMORY POOL - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for executing encrypted computer code. A system configured to practice the method receives a request to execute encrypted computer code. In response to the request, the system identifies a portion of the encrypted computer code for execution and decrypts the portion to yield decrypted computer code. Then the system stores the decrypted computer code in a pool of memory and executes the decrypted computer code from the pool of memory. The system can store the decrypted computer code in the pool of memory based on a randomization algorithm so that identical executions of the encrypted computer code result in selections of different available memory locations within the pool of memory. Related portions can be stored non-consecutively in the pool of memory. The pool of memory can store different portions of decrypted computer code over time. | 10-11-2012 |
20120260103 | SECURITY CIRCUIT USING AT LEAST TWO FINITE STATE MACHINE UNITS AND METHODS USING THE SAME - A security circuit using at least two finite state machine units for storing data to and reading data from a multiport memory in a pipelined manner and an intermediate memory, for facilitating transfer of data between the at least two finite state machines. The security circuit may be used to perform key setup and/or data ciphering faster. The security circuit may operate in any environment where the key is changed every frame, for example, a wireless LAN application and the security circuit may operate in conjunction with, or as part of, a MAC controller. | 10-11-2012 |
20120260104 | METHOD FOR TESTING ELECTRICAL COMPONENTS IN MAINS SUPPLY, IN PARTICULAR IN BUILDING - A test comment is transmitted by a test unit in the form of a data transmission via a mains supply to one or more electric components of a network. Each electric component that receives a transmitted test command transmits a test response that characterizes each electric component, in the form of a data transmission via the mains supply back to the test unit, the transmitted response being then evaluated in the test unit. | 10-11-2012 |
20120265999 | PROCESSING DATA STORED IN EXTERNAL STORAGE DEVICE - An external storage device connectable to an information processing apparatus is provided. The storage device includes: an input/output interface via which data is exchanged with an information processing apparatus; a first storage region where data associated with first and second validity periods is stored; and a second storage region where a control program is stored. While the first validity period is used when the external storage device is connected to one information processing apparatus, the second validity period is used when the external storage device is connected to another information processing apparatus. The control program causes a processor to execute the steps of: establishing connection of the external storage device to an information processing apparatus; identifying any one of the validity periods as a validity period to be used for the data; and executing predetermined security protection processing on the data in accordance with the identified validity period. | 10-18-2012 |
20120266000 | TRUSTED STORAGE SYSTEMS AND METHODS - Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited. | 10-18-2012 |
20120272068 | CONTENT DISTRIBUTION WITH RENEWABLE CONTENT PROTECTION - A method of renewing encryption applied to a content file in a playback device comprising determining a specified variant of at least one microcode function to be used in playing back the content file, determining if variants are stored in internal memory on the playback device to determine if the specified variant is included in the stored variants, retrieving the specified variant from a variant storage in a memory located in a media device in communication with the playback device, if the specified variant is not included in the stored variants, and using the specified variant to access the content file. A playback device has at least one memory having a variant storage, the variant storage including at least one variant of a microcode function, and a processor configured to execute instructions to determine at least one specified variant, access the variant storage of at least one memory to acquire the specified variant, and use the specified variant to decrypt a content file downloaded to a media device in communication with the playback device. | 10-25-2012 |
20120272069 | Sound definition language method with inline modifiers - A method and apparatus is shown to allow the creation of sound programmers and complementary sound decoders that may be securely downloaded with sound and IPL data and that will operate in power limited environments with resistance to power drop outs and are significant improvements beyond prior art devices. | 10-25-2012 |
20120272070 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM AND INFORMATION PROCESSING METHOD, AND PROGRAM - An apparatus and method configured to identify the type of a content to be copied and perform a copying process in a sequence according to the result of identification is provided. In an information processing apparatus configured to perform the copying process for copying recorded data in an information recording medium to other media or the like, the type of the data recorded in the recording medium of a copy source is identified. More specifically, whether the type of the content to be copied is either a reproduction-pass-specific content which sets a reproduction pass corresponding to the information processing apparatus and causes the information processing apparatus to execute the reproduction according to the reproduction pass, or a content-code-applied content which verifies the reproduction sequence to be executed in the reproducing apparatus and verifies whether the reproduction process is executed according to the correct reproduction sequence is discriminated, and an optimal sequence is applied on the basis of the result of discrimination, whereby the copying process is executed. In this configuration, a reliable copying process on the basis of the optimal process according to various data types is realized. | 10-25-2012 |
20120272071 | Gaming Security System - Verification of software to be run in a secure environment is performed by comparing a critical portion of the executable boot program code in an EPROM with code stored in a logic circuit. The comparison may be performed before the code to be verified is run or while it is running. in the event that the validation fails certain critical functions of the platform are inhibited to prevent fraudulent operation of the platform. The system is particularly applicable to gaming machines to avoid cheating. | 10-25-2012 |
20120278631 | DOCUMENT MANAGEMENT SYSTEM AND METHOD - A document management system and method are disclosed herein. An example of the document management system includes a composite document generation module that generates a composite document and a secret seed that is associated with an owner or initiator of the composite document, and a key derivation module that derives, from the secret seed and using a key derivation function, at least one of a key for encryption, a key for decryption, a key for signature, or a key for verification for a participant of a workflow associated with the composite document. | 11-01-2012 |
20120278632 | METHOD AND APPARATUS FOR SECURING PROGRAMMING DATA OF A PROGRAMMABLE DEVICE - Configuration data for a programmable integrated circuit device is at least partially encrypted according to at least one encryption scheme. A plurality of key stores store a plurality of decryption keys for the at least one encryption scheme. Control circuitry identifies a required key from the at least partially encrypted configuration data and generates a key selection signal. Key selection circuitry responsive to the key selection signal reads the plurality of key stores and provides the required key to the control circuitry. The control circuitry may include decryption circuitry that decrypts the at least partially encrypted configuration data using the required key. In some embodiments, different portions of the configuration data, which may represent separate partial reconfigurations of the device, require different decryption keys. Keys may be generated from combinations of the contents of the key stores. | 11-01-2012 |
20120278633 | METHOD AND SYSTEM FOR MANAGING INFORMATION ON MOBILE DEVICES - A system and method for protecting information on a mobile device. The method and apparatus obtain a predetermined portion of asymmetric information upon an input of the asymmetric information in the mobile device; generate an identifier by using a first generating algorithm that uses the predetermined portion of the asymmetric information as an algorithm input; generate an encryption key by using a second generating algorithm that uses the predetermined portion of the asymmetric information as an algorithm input; generate ciphered information by using an encryption algorithm that uses the encryption key and the information as algorithm inputs; associate the identifier with the ciphered information; and store the ciphered information as associated with the identifier. | 11-01-2012 |
20120278634 | METHOD AND APPARATUS FOR SECURE ACCESS TO EXECUTION CONTEXT - An approach is provided for providing secure access to execution context. An execution security platform determines an execution context of a device, the execution context including at least in part one or more computation closures. The execution security platform also processes and/or facilitates a processing of the execution context, the one or more computation closures, or a combination thereof to cause, at least in part, decomposition of the execution context, the one or more computation closures, or a combination thereof into, at least in part, one or more context criteria and content information, The execution security platform further determines to encrypt the execution context, the one or more computation closures, the content information, or a combination thereof using the one or more context criteria as a public key of an identity-based encryption. | 11-01-2012 |
20120284527 | METHODS AND SYSTEMS FOR SELECTIVE ENCRYPTION AND SECURED EXTENT QUOTA MANAGEMENT FOR STORAGE SERVERS IN CLOUD COMPUTING - Methods and systems for selective encryption and secured extent quota management for storage servers in cloud computing are provided. A method includes associating at least one secure storage disk and at least one non-secure storage disk to a virtual disk, and associating the virtual disk to an application to allow access of the at least one secure storage disk and the at least one non-secure storage disk. The method further includes accessing the at least one secure storage disk and the at least one non-secure storage disk based on the associating of the virtual disk to the application, to write or read confidential and non-confidential data associated with the application into a respective one of the at least one secure storage disk and the at least one non-secure storage disk. | 11-08-2012 |
20120284528 | MULTI-PURPOSE MULTI-DIMENSIONAL, VARIABLE AND MULTI-KEY E-MAIL AND DATA ENCRYPTION METHOD - A multi-purpose multi-dimensional, variable, and multi-key e-mail and data encryption method is disclosed. The method dynamically encrypts data strings and data files with a set of “n” of keys and dimensions. Keys manipulated and encrypted, prepared keys such as manipulated environmental variables, manipulated date stamps, manipulated user data from a database, using multiple dimensions. | 11-08-2012 |
20120284529 | SYSTEM AND METHOD FOR MANAGEMENT OF ENCRYPTED DATA - A method of using synchronized search and order data structures to access a collection of data comprising organizing the search data structure by encrypted key value, wherein the search data structure contains only references to elements in the collection and their associated encrypted keys, organizing the order data structure by unencrypted key value, wherein the order data structure contains only references to elements in the collection and their associated encrypted keys, exposing a maximum of two pieces of clear text data during operations on the collection, engaging in insert or delete operations, engaging in update operations; engaging in search operations, engaging in sort operations, engaging in merge operations, and reporting the results of those operations to the user. | 11-08-2012 |
20120284530 | CRYPTOGRAPHIC PROCESSING SYSTEM, KEY GENERATION DEVICE, KEY DELEGATION DEVICE, ENCRYPTION DEVICE, DECRYPTION DEVICE, CRYPTOGRAPHIC PROCESSING METHOD, AND CRYPTOGRAPHIC PROCESSING PROGRAM - It is an object of this invention to implement a predicate encryption scheme with delegation capability. A cryptographic process is performed using dual vector spaces (dual distortion vector spaces) of a space V and a space V* paired through a pairing operation. An encryption device generates as a cipher vector a vector in which transmission information is embedded, the cipher vector being the vector of the space V. Using a predetermined vector of the space V* as a key vector, a decryption device performs the pairing operation on the cipher vector generated by the encryption device and the key vector to decrypt the cipher vector and to extract information concerning the transmission information. | 11-08-2012 |
20120284531 | METHOD AND APPARATUS FOR CRYPTOGRAPHIC CONVERSION IN A DATA STORAGE SYSTEM - When data is encrypted and stored for a long time, encryption key(s) and/or algorithm(s) should be updated so as not to be compromised due to malicious attack. To that end, stored encrypted data is converted in the storage system with new set of cryptographic criteria. During this process, read and write requests can be serviced. | 11-08-2012 |
20120290849 | MANAGING SEQUENTIAL ACCESS TO SECURE CONTENT USING AN ENCRYPTED WRAP - In a method for managing sequential access to secure content by a plurality of workflow participants, a key-map file for each of the participants is created. Each of the key-map files contains a subset of encryption and signature keys for the content. The key-map files are sorted in an order that is the reverse of a workflow order in which the workflow participants for which the key-map files were created are to access the secure content. An encrypted later wrap including a later key-map file for a later workflow participant along the workflow order and an encrypted first wrap including a prior key-map file for a prior workflow participant and the encrypted later wrap are created. In addition, the first wrap is incorporated into a document serialization for the content. | 11-15-2012 |
20120290850 | DATA MANAGEMENT - In one implementation, encrypted data and a virtual machine are stored together as a virtual machine-data image, wherein the virtual machine is configured to EXERT management control over the data based on policies set by an owner of the data. In another implementation, metadata defining or tagging policies for usage of data is associated with the data. Control capabilities of service providers are mapped to the policies, wherein those service provider environments that best satisfy the controls mapped to the policies are identified. | 11-15-2012 |
20120297200 | POLICY BOUND KEY CREATION AND RE-WRAP SERVICE - One or more techniques and/or systems are provided for provisioning encrypted key blobs and client certificates. That is, a trusted execution environment on a first machine may provide a key service provider with a cryptographic encryption key. The key service provider may encrypt a key blob using the cryptographic encryption key and/or wrap the encrypted key blob with one or more policies, such as a platform policy. The key service provider may provision the encrypted key blob to a client on the first machine. The client may submit the encrypted key blob to the trusted execution environment for validation so that the client may perform key actions, such as sign an email or encrypt data. Because the key blob may be specific to a particular trusted execution environment and/or machine, the key service provider may re-wrap the key blob if the client “roams” to a second machine. | 11-22-2012 |
20120297201 | CONFIDENTIAL SEARCH SYSTEM AND CRYPTOGRAPHIC PROCESSING SYSTEM - A confidential search that can flexibly control searchable data depending on a role or authority of a user when the data is shared in a group. When the inner product of an attribute vector and a predicate vector is a predetermined value, the confidential search system conducts pairing computation of decrypted data generated based on the attribute vector and a decryption key generated based on the predicate vector, so as to realize confidential search by utilizing an inner-product predicate encryption process that can decrypt the encrypted data. In particular, the confidential search system enables flexible control of searchable data depending on the role or authority of the user, by devising a method of generating the attribute vector and the predicate vector. | 11-22-2012 |
20120297202 | Secure Environment Management during Switches between Different Modes of Multicore Systems - The invention relates to the switching from a first mode of operation to a second mode, of a first and a second cores of a processor of a processing device further comprising a controller. The controller sends a first message to the cores. Upon reception of the first message, sensible data handled by the cores are stored securely. The second core sends, to the first core, a second message indicating the completion of the step of storing its sensible data. Upon reception of the second message, the first core stores securely, in a storage unit, other sensible data, and, when finished, sends to the controller a third message. Upon reception of the third message, the controller sends to the first core a fourth message. Then, the first core sends a fifth message to the second core. Upon reception of the fourth and the fifth messages, the cores enter into the second mode. | 11-22-2012 |
20120303967 | DIGITAL RIGHTS MANAGEMENT SYSTEM AND METHOD FOR PROTECTING DIGITAL CONTENT - A digital content management system operative in a distributed network includes a SDP server and a client. The SDP server includes a content issuer and a right issuer. The content issuer is configured to randomly generate a first key, convert the first key to a second key by a conversion function, and encrypt a portion of a digital content item with the second key to form an encrypted portion, wherein the encrypted portion has its corresponding character code. The right issuer is configured to generate a right object, which includes the first key, and encrypt the right object. | 11-29-2012 |
20120303968 | METHOD AND SYSTEM FOR BUSINESS WORKFLOW CYCLE OF A COMPOSITE DOCUMENT - A method and system for a business workflow of a composite document are described. An integrity and authenticity of an entry table are identified and verified using a verification key, a map file corresponding to entries in the table are identified using a private user decryption key, signature verification keys and access keys are read from the map file, and authenticity of the map file and the document parts are verified. Following verification, content is delivered to a user for review, update and/or modification of the content, and then is encrypted, signed, and moved along the workflow, normally to the next workflow participant. A secure distribution version of a composite document is created from a master copy by creating a serialization including at least one part of a composite document and at least one user, creating a table listing document parts and associated users, generating encryption and decryption keys, encrypting document parts, applying signatures to encrypted document parts, updating the tables with the signed parts and updating the composite document with the updated tables. A master copy is updated from a secure distribution copy after the distribution copy has completed a workflow and a workflow wrap. | 11-29-2012 |
20120303969 | Methods and Apparatus for Efficient Computation of One-Way Chains in Cryptographic Applications - Techniques are disclosed for efficient computation of consecutive values of one-way chains and other one-way graphs in cryptographic applications. The one-way chain or graph may be a chain of length s having positions i=1, 2, . . . s each having a corresponding value v | 11-29-2012 |
20120303970 | DATA STORAGE APPARATUS, STORAGE CONTROL APPARATUS AND DATA RECOVERY METHOD - According to one embodiment, a data storage apparatus includes a read module, a data transfer module, and a table generator. The read module reads encrypted data, in specific units, from a storage medium. The data transfer module transfers the data read by the read module, to a first buffer area. The table generator acquires key generation ID data identifying a new encryption key being used and an old encryption key used before, while the data transfer module is transferring the data, and generates table data including the key generation ID data associated with the units of data, respectively. The key generation ID data identifies the new encryption key being used and the old encryption key used before. | 11-29-2012 |
20120303971 | Dual Environment Computing System and Method and System for Providing a Dual Environment Computing System - A dual environment computing system and method is disclosed. The dual computing system includes a first computing environment and a second computing environment. A data repository encodes, at any one time, at least one of the first and second computing environments in a hibernated state. The dual environment computing system is arranged, on demand, to operate one of the first and second computing environments in an active state, the dual environment computing system being further arranged, on demand, to transition the one of the first and second computing environments being operated in the active state into a hibernated state in the data repository and to transition the other of the first and second computing environments from the hibernated state into an active state. | 11-29-2012 |
20120303972 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing apparatus includes a data processor and a storage. The storage is divided into a protected area to which access is limited and a general purpose area which is freely accessible, and configured to store in the general purpose area encrypted content, and an encrypted title key obtained by encrypting a title key to be applied to decrypt the encrypted content, and store in the protected area a binding key applied to encrypt the title key, and a hash value of the encrypted title key. The data processor is configured to determine, in response to a request for access to the protected area from an external apparatus, whether or not to permit the access, and permit, only when access permission determination is made, the access to the protected area. | 11-29-2012 |
20120303973 | METHOD FOR PROTECTING SENSOR DATA FROM MANIPULATION AND SENSOR TO THAT END - In a method for protecting sensor data from manipulation, in the context of an authentication of the sensor, a number used once is sent from a control unit to the sensor, the sensor generating with the use of the number used once a cryptographic authentication message and sending at least a first part of the cryptographic authentication message to the control unit. In addition, the sensor data are provided with a cryptographic integrity protection, time-variant parameters being added to the sensor data and the sensor data being sent with the cryptographic integrity protection and the added time-variant parameters from the sensor to the control unit. For calculation of the initial parameters, at least a second part of the cryptographic authentication message is utilized. | 11-29-2012 |
20120311344 | TECHNIQUES FOR SECURITY AUDITING OF CLOUD RESOURCES - Techniques for security auditing of cloud resources are provided. A virtual machine (VM) is captured and isolated when a session indicates that a session with the VM has terminated. Security checks are executed against the VM in the isolated environment. Results from the security checks are then reported. | 12-06-2012 |
20120311345 | SECURELY REBUILDING AN ENCODED DATA SLICE - A method begins by a requesting entity issuing a rebuild request regarding an encoded data slice to at least some of a set of distributed storage (DS) units. In response to the rebuild request, the method continues with each of at least some of the DS units of the set of DS units generating a partial slice corresponding to the encoded data slice to be rebuilt based on one of a set of encoded data slices stored by the respective DS unit to produce an array of partial slices. The method continues with the at least some of the DS units encrypting the array of partial slices using a set of encryption keys to produce an array of encrypted partial slices. The method continues with the requesting entity rebuilding the encoded data slice from the array of encrypted partial slices. | 12-06-2012 |
20120311346 | SECURING A DATA SEGMENT FOR STORAGE - A method begins by a dispersed storage (DS) processing module encrypting a data segment utilizing an encryption key to produce an encrypted data segment and performing a deterministic function on the encrypted data to produce a transformed representation of the encrypted data. The method continues with the DS processing module masking the encryption key utilizing the transformed representation of the encrypted data to produce a masked key, partitioning the masked key into a plurality masked key partitions, partitioning the encrypted data segment into a plurality of encrypted data segment partitions, and combining the plurality of masked key partitions with the plurality of encrypted data segment partitions to produce a plurality of combined partitions. For a combined partition of the plurality of combined partitions, the method continues with the DS processing module encoding the combined partition using a dispersed storage error coding function to produce a set of encoded data slices. | 12-06-2012 |
20120311347 | APPARATUS AND METHOD FOR PERFORMING ENCRYPTION AND DECRYPTION OF DATA IN PORTABLE TERMINAL - An apparatus and a method for performing encryption or decryption of data in a portable terminal, which performs an encryption or decryption operation from a point where the encryption or decryption operation is not generated when power is turned off and then turned on during the encryption or decryption operation, are provided. The apparatus includes a file system analyzer for extracting information of a data block, in which actual user data is stored, through metadata of a file system, and generating a data block list, and a journaling manager for storing a data block corresponding to the data block list among data blocks stored in a memory in a journaling storage unit, and deleting the data block stored in the journaling storage unit when an encryption or decryption operation for the data block stored in the journaling storage unit is completed. | 12-06-2012 |
20120311348 | Method and System for Embedded High Performance Reconfigurable Firmware Cipher - A firmware cipher component is provided which can be configured and programmed to efficiently implement a broad range of cryptographic ciphers while accelerating their processing. This firmware cipher component allows an ASIC to support multiple cipher algorithms while accelerating the operations beyond speeds conventionally achieved by software or firmware only solutions. This system combines cryptographic specific custom instructions with hardware based data manipulation accelerators. The cryptographic specific custom instructions and hardware accelerators may support both block and stream ciphers. Thus, the system may be reconfigured, allowing the cipher algorithm to change without halting the system. Further, embedding the Firmware Programmable Cipher within an ASIC may allow future capabilities to be supported in secure applications. | 12-06-2012 |
20120311349 | Method and System for a Programmable Parallel Computation and Data Manipulation Accelerator - Methods and systems are provided for a programmable parallel computation and data manipulation accelerator that may be used, for example, in cryptographic calculations. They allow acceleration of a broad variety of cryptographic algorithms and/or portions of algorithms, and are not algorithm specific. This system comprises a butterfly and inverse butterfly multiplexing permuter network and a lookup table. This system may allow replication of input registers, “expansion,” so that an individual bit may be used in multiple calculations in parallel, accelerating completion of the cryptographic algorithm. The system may allow “diffusion” of the expanded bits through the system's butterfly and inverse butterfly network, and may provide for “confusion” of the resulting bits through the system's lookup table. In some implementations, the system may allow completion of a computation within an algorithm within one clock cycle. | 12-06-2012 |
20120317421 | Fingerprinting Executable Code - Executable code may be fingerprinted by inserting NOP codes into the executable code in a pattern that may reflect a fingerprint. The NOP codes may be single instructions or groups of instructions that perform no operation. A dictionary of NOP codes and their corresponding portion of a fingerprint may be used to create a series of NOP codes which may be embedded into executable code. The fingerprinted executable code may be fully executable and the presence of the NOP codes may not be readily identifiable. The fingerprinting mechanism may be used to authenticate executable code in various scenarios. | 12-13-2012 |
20120317422 | Method, apparatus and system for acquiring service by portable device - The disclosure provides a method, an apparatus and a system for acquiring a service by a portable device, in order to solve the problem that the security of the user information saved in the portable device is affected as the portable device uses an illegal User Interface (UI) on a Personnel Computer (PC) in the related art. The method includes: the portable device receives the data information of each slice computed by the UI according to the first algorithm in the UI itself and identification information of each slice saved, matches the received data information of each slice with the corresponding data information of each slice saved in the portable device itself, and verifies whether the UI is legal according to the matching result. When using a UI, the portable device sends slice information of a file to the UI to verify the legality of the UI, and does not acquire the service through the UI until the verification is passed, so as to prevent the portable device from using an illegal UI and ensure the security of the user information saved in the portable device. | 12-13-2012 |
20120324236 | Trusted Snapshot Generation - A hypervisor provides a snapshot protocol that generates a verifiable snapshot of a target machine. The verifiable snapshot includes a snapshot and a signed quote. In one implementation, a challenger requests a snapshot of the target machine. In response to the snapshot request, the hypervisor initiates Copy-on-Write (CoW) protection for the target machine. The hypervisor snapshots and hashes each of the memory pages and the virtual central processing unit (CPU) of the target machine. The hypervisor generates a composite hash by merging all individual memory page hashes and the CPU state hash. The hypervisor requests a quote including integrity indicators of all trusted components and the composite hash. The quote uses a cryptographic signature from a trusted platform module, which ensures that any compromise of the integrity of the snapshot is detectable. The snapshot and signed quote are returned to the challenger for verification. | 12-20-2012 |
20120324237 | CLOUD KEY DIRECTORY FOR FEDERATING DATA EXCHANGES - Embodiments are directed to facilitating data transfer using an anonymous directory and to providing attribute-based data access to identified users. In an embodiment, a computer system instantiates an anonymous directory that stores data in various client-specific directories for different clients. The anonymous directory is configured to provide data access according to access controls defined and managed by the client. The computer system receives a data request from a user that identifies the user and specifies a portion of data that is to be returned to the user. The computer system determines which of the client's data is to be returned to the user based on the client's specified access controls. The access controls grant access to specified data in some of the client-specific directories, based on the user's identity. The computer system then provides the determined data to the user. | 12-20-2012 |
20120324238 | INFORMATION PROCESSING APPARATUS, VERIFICATION METHOD, AND STORAGE MEDIUM STORING VERIFICATION PROGRAM - A novel information processing apparatus prevents unauthorized software from running with a hash value whose bit length is longer than each register in a transfer platform module | 12-20-2012 |
20120324239 | METHOD AND DEVICE FOR OPERATING A VIRTUAL MACHINE IN ACCORDANCE WITH AN ASSOCIATED INFORMATION ON ASSIGNMENT OF RIGHTS - Virtual machines are used in the utilization of distributed computer infrastructures to be able to distribute the workload to individual computers in as flexible a manner as possible. For this purpose, it is necessary to restrict the use of the virtual machine in a robust manner by regulatory or administrative defaults. A method protects a virtual machine during the migration, storage or operation thereof by way of digital rights management and encryption. For this purpose, the hypervisor or the virtual machine monitor as well as the virtual machine are expanded by corresponding functionalities. | 12-20-2012 |
20120324240 | SECURE SEARCH SYSTEM, PUBLIC PARAMETER GENERATION DEVICE, ENCRYPTION DEVICE, USER SECRET KEY GENERATION DEVICE, QUERY ISSUING DEVICE, SEARCH DEVICE, COMPUTER PROGRAM, SECURE SEARCH METHOD, PUBLIC PARAMETER GENERATION METHOD, ENCRYPTION METHOD, USER SECRET KEY GENERATION METHOD, QUERY ISSUING METHOD, AND SEARCH METHOD - In a secure search system to be used by a plurality of users, the size of a ciphertext is reduced and the need to generate a new ciphertext when a new user is added is eliminated. A public parameter generation device | 12-20-2012 |
20120324241 | SEMICONDUCTOR DEVICE - A semiconductor device in related art has a problem that security on confidential information stored is insufficient. A semiconductor device of the present invention has a unique code which is unique to a device and generates unique code corresponding information from the unique code. The semiconductor device has a memory region in which specific information obtained by encrypting confidential information is stored in a region associated with the unique code corresponding information. The specific information read from the memory region is encrypted with the unique code corresponding information to generate the confidential information. | 12-20-2012 |
20120324242 | METHOD AND SYSTEM FOR FULLY ENCRYPTED REPOSITORY - According to an embodiment of the present invention, a method for using information in conjunction with a data repository includes encrypting data associated with the information with an encryption key, sending at least the encrypted data to the data repository, and possibly deleting the information. The method also includes receiving a request for the information from a remote device, and sending a request for the encrypted data to the data repository. The method further includes receiving the encrypted data from the data repository, decrypting the encrypted data using the encryption key, and sending the information to the remote device. | 12-20-2012 |
20120324243 | CRYPTOGRAPHIC PROCESSING APPARATUS, CRYPTOGRAPHIC PROCESSING METHOD, AND COMPUTER PROGRAM THEREFOR - A processing unit transforms first input information into first nonlinear transformed information that is transformed into first linear transformed information, and transforms second input information into second nonlinear transformed information that is transformed into second linear transformed information. An exclusive- or section performs an exclusive- or operation based on the first and second linear transformed information. When the first nonlinear and linear transformed information are expressed as a first and second sequence vector, respectively, and the second nonlinear and linear transformed information are expressed as a third and fourth sequence vector, respectively, then a first row vector chosen from a first inverse matrix of a first matrix that transforms the first sequence vector to the second sequence vector, and a second row vector chosen from a second inverse matrix of a second matrix that transforms the third sequence vector to the fourth sequence vector, are linearly independent. | 12-20-2012 |
20120331303 | METHOD AND SYSTEM FOR PREVENTING EXECUTION OF MALWARE - A method and system for preventing execution of malware in a computing device. The method includes loading code into a non-executable memory of the computing device and validating an authentication signature associated with the code. Subsequently, the code is decrypted and finally, the decrypted code is executed in an executable memory upon a determination that the authentication signature is valid. | 12-27-2012 |
20120331304 | KEY BASED SECURE OPERATING SYSTEM WITH SECURE DONGLE AND METHOD, AND CRYPTOGRAPHIC METHOD - A security interface system creates plausible deniability, and consists of a security interface device having a port for a releasable connection to a PC and to a memory key containing an encrypted operating system, the interface device containing logic to decrypt the memory key and a plaintext bootloader, and a further port for a memory card containing a key. The key is entirely encrypted and appears as random data when inspected. The interface device may have a port(s) for a keyboard and mouse. An encryption and decryption method is described, for decrypting a ciphertext into one of two plaintexts by choice of a key, the choice of which plaintext depending on whether the secret is to be revealed or remain confidential. | 12-27-2012 |
20120331305 | ENCRYPTION PROCESSING APPARATUS - In order to reduce the number of data transfers and to increase parallel processing of decryption processing and authentication processing, an encryption processing apparatus is provided that includes an input/output data that processes input/output data to an encryption/decryption processing unit and an authentication processing unit, where the input/output data processing unit calculates a parameter used by the authentication processing unit from input data to the input/output data processing unit and forms input data to the authentication processing unit from the calculated parameter or a parameter calculated from data processed by the encryption/decryption processing unit and the input data to the input/output data processing unit. | 12-27-2012 |
20120331306 | Adjustable resolution media format - A play limit is set for a media file. The play limit can be, for example a date, or a number of times that the file has been played. When the file exceeds the play limit, the quality of the file playing is degraded. | 12-27-2012 |
20130007466 | PROTECTING KEYSTROKES RECEIVED FROM A KEYBOARD IN A PLATFORM CONTAINING EMBEDDED CONTROLLERS - Systems and methods of managing keystroke data in embedded keyboard environments may involve transferring a mode request from a management controller to an embedded controller of a keyboard via a dedicated communication channel. Keystroke activity can be detected at the keyboard, and keystroke data may be transferred from the embedded controller to the management controller via the dedicated communication channel in response to the keystroke activity and the mode request. In addition, the management controller may be used to encrypt the keystroke data, wherein the encrypted keystroke data can be transmitted from the management controller to an off-platform service via a network controller. | 01-03-2013 |
20130007467 | BINDING OF CRYPTOGRAPHIC CONTENT USING UNIQUE DEVICE CHARACTERISTICS WITH SERVER HEURISTICS - Systems and methods for binding of cryptographic content using unique device characteristics with server heuristics in accordance with embodiments of the invention are disclosed. One embodiment includes a processor and memory includes collecting a combination of device characteristics that uniquely identify the device using information stored on the device and accessible to the device using the device processor, generating device match data based upon the collected combination of device characteristics using the device processor, generating a device protection key using the device match data, encrypting the cryptographic data using the device protection key, and storing the encrypted cryptographic data in device memory using the device processor. | 01-03-2013 |
20130007468 | STORAGE DEVICE AND HOST DEVICE FOR PROTECTING CONTENT AND METHOD THEREOF - A storage device for protecting content, includes a Secure Area (SA) area in which a decryption key needed to decrypt encrypted content is stored, and access to which is available to a host device that has passed authentication using a secure authentication protocol. The storage device stores a security information file for mapping control information for controlling usage of the encrypted content and the decryption key to the encrypted content. | 01-03-2013 |
20130013930 | Data Encryption Management - A method, computer program product, and apparatus for managing encrypted data are provided. A respective set of sectors in each page of the volume is selected for storing data based on a respective key in a number of keys responsive to receiving a request to store the data in the volume and an identification of the number of keys with which users are allowed to store the data in the volume. Selection of the respective set of sectors is a function of a value of the respective key and a number of available sectors within a page and the volume is much larger than the data. The data is encrypted using the respective key to form the encrypted data. The encrypted data is stored in the respective set of sectors in the page in the volume. | 01-10-2013 |
20130013931 | SECURE FILE SHARING METHOD AND SYSTEM - Systems and methods are provided for securely sharing data. A processor forms two or more shares of a data set encrypted with a symmetric key, the data set associated with a first user device, and causes the encrypted data set shares to be stored separately from each other in at least one remote storage location. The processor generates first and second encrypted keys by encrypting data indicative of the symmetric key with a first asymmetric key of first and second asymmetric key pairs associated with the first user device and a second user device, respectively, and causes the encrypted key to be stored in the at least one storage location. To restore the data set, a predetermined number of the two or more encrypted data set shares and at least one of the second asymmetric keys of the first and second asymmetric key pairs are needed. | 01-10-2013 |
20130013932 | SECURITY MANAGEMENT SYSTEM AND METHOD FOR LOCATION-BASED MOBILE DEVICE - A method and a system of managing information security for a mobile device in a restricted area based on location information regarding the mobile device are provided. The method includes receiving, by the mobile device, a request for the execution of an application program in a restricted area from a server managing the restricted area, executing, by the mobile device, the application program requested for execution when the program was set to be executable according to a security policy set to the restricted area, encrypting, by the mobile device, a file, created according to the execution of the application program, based on location information regarding the mobile device, and storing the encrypted file. | 01-10-2013 |
20130013933 | System and Method for Protecting Data on a Mobile Device - Methods and systems are disclosed for protecting data on a mobile device. A data protection module on the mobile device receives a transmission including a secret key. The secret key is used in encrypting data on the device and is then deleted. Subsequent to an event detectable to the mobile device, the data protection module receives another transmission including said secret key. The secret key is then used to decrypt the encrypted data. | 01-10-2013 |
20130019104 | CELL LEVEL DATA ENCRYPTIONAANM Halas; MiroslavAACI CharlottesvilleAAST VAAACO USAAGP Halas; Miroslav Charlottesville VA USAANM Umamaheswaran; RangarajanAACI Simi ValleyAAST CAAACO USAAGP Umamaheswaran; Rangarajan Simi Valley CA US - Embodiments of the invention provide for cell level data encryption. The methods, apparatus and computer program products herein described provide for the encryption of individual data values without requiring adjacent data valued to also be encrypted. For example, in situations where individual data values are arranged in a database that is visualized as a two-dimensional representation, individual data values may be encrypted without requiring horizontally or vertically adjacent data values to also be encrypted. In situations where data values is transmitted and visualized as a sequential stream of data values, one data value may be encrypted without requiring previous or subsequent data values to be encrypted. In some such examples, an individual data value may be encrypted without requiring the entire transmission channel to be encrypted. | 01-17-2013 |
20130019105 | SECURE SOFTWARE AND HARDWARE ASSOCIATION TECHNIQUEAANM Hussain; Muhammad RaghibAACI SaratogaAAST CAAACO USAAGP Hussain; Muhammad Raghib Saratoga CA US - Authenticated hardware and authenticated software are cryptographically associated using symmetric and asymmetric cryptography. Cryptographically binding the hardware and software ensures that original equipment manufacturer (OEM) hardware will only run OEM software. Cryptographically binding the hardware and software protects the OEM binary code so it will only run on the OEM hardware and cannot be replicated or altered to operate on unauthorized hardware. In one embodiment, critical security information associated with the equipment is loaded from a memory at startup time. The critical security information is stored in the memory, in encrypted form, using a unique secret value. The secret value is used to retrieve a chip encryption key and one or more image authentication keys that can be used to associate program code with an original equipment manufacturer. These keys are used to authenticate the program code. | 01-17-2013 |
20130019106 | METHODS AND APPARATUS FOR DIGITAL STEGANOGRAPHY - A computer-implemented digital steganography method includes providing a target dataset comprising a plurality of target data elements, providing a source dataset comprising a plurality of source data elements, and creating a grille dataset configured to map each of the target data elements in the target dataset with a corresponding source data element within the source dataset in accordance with a predefined extraction method. | 01-17-2013 |
20130019107 | FEDERATED DIGITAL RIGHTS MANAGEMENT SCHEME INCLUDING TRUSTED SYSTEMS - Federated systems for issuing playback certifications granting access to technically protected content are described. One embodiment of the system includes a registration server connected to a network, a content server connected to the network and to a trusted system, a first device including a non-volatile memory that is connected to the network and a second device including a non-volatile memory that is connected to the network. In addition, the registration server is configured to provide the first device with a first set of activation information in a first format, the first device is configured to store the first set of activation information in non-volatile memory, the registration server is configured to provide the second device with a second set of activation information in a second format, and the second device is configured to store the second set of activation information in non-volatile memory. | 01-17-2013 |
20130024700 | SYSTEM AND METHOD FOR MANIPULATING AND MANAGING COMPUTER ARCHIVE FILES - Certain embodiments of the present invention provide an archive management application that operates within a host application to provide access to an archive and/or allow access to and/or modification of files in an archive using the host application's interface, instead of operating as a separate standalone archive management application. In an embodiment of the present invention, a file archiving system may include a user interface component, a file management component and a compression/extraction engine component. The user interface component may include an enhanced user interface of a host application that provides an interface for a user. The file management component may include a central directory that provides a representation of the contents of an archive. The compression/extraction engine component may include a file size module and/or a security module. The security module may be used to encrypt, decrypt, digitally sign and/or authenticate a file in an archive. | 01-24-2013 |
20130024701 | METHOD AND SYSTEM FOR MANAGING AN ENCRYPTION KEY FOR A BROADCASTING SERVICE - A system and method for managing an encryption key are provided, which include receiving, from a DRM agent, an RO request message for receiving content; generating a KSP including a first key and a second key; applying hash chains with different directions to the first key and to the second key to generate an encryption key for the content; and transmitting, to the DRM agent, a response message including a context element having an identifier of the content and a key information element. The key information element includes a first encryption key element; a rights encryption key information element; and an encryption data element. | 01-24-2013 |
20130031372 | SECURE DATA STORAGE - Methods and systems for obscuring the location of critical system files are provided. In particular, the locations of files stored within a file system are selected by applying various inputs to a hash algorithm. For system files, the inputs applied to the hash algorithm can include a user name and password. For data files, the information provided to the hash algorithm can include the file name. In addition to providing random file locations, a file system in accordance with embodiments of the present invention can homogenize other information, including file names, sizes and creation dates. | 01-31-2013 |
20130031373 | Product authentication based upon a hyperelliptic curve equation and a curve pairing function - Disclosed is a method, system, and device to authenticate a product. A plurality of public parameters and a secret master key are selected. The public parameters include a hyperelliptic curve equation and a curve pairing function. A public product activation code and a private product activation code are generated based upon the public parameters and the secret master key. The public parameters and the public product activation code are stored with the product. Further, the private product activation code is associated with the product. The product is authenticated if the private product activation code entered to a client device satisfies a mathematical formula implemented with the public parameters and the public product activation code. | 01-31-2013 |
20130031374 | FIRMWARE-BASED TRUSTED PLATFORM MODULE FOR ARM PROCESSOR ARCHITECTURES AND TRUSTZONE SECURITY EXTENSIONS - A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices. | 01-31-2013 |
20130036311 | INTELLIGENT SENSOR AND CONTROLLER FRAMEWORK FOR THE POWER GRID - Disclosed below are representative embodiments of methods, apparatus, and systems for monitoring and using data in an electric power grid. For example, one disclosed embodiment comprises a sensor for measuring an electrical characteristic of a power line, electrical generator, or electrical device; a network interface; a processor; and one or more computer-readable storage media storing computer-executable instructions. In this embodiment, the computer-executable instructions include instructions for implementing an authorization and authentication module for validating a software agent received at the network interface; instructions for implementing one or more agent execution environments for executing agent code that is included with the software agent and that causes data from the sensor to be collected; and instructions for implementing an agent packaging and instantiation module for storing the collected data in a data container of the software agent and for transmitting the software agent, along with the stored data, to a next destination. | 02-07-2013 |
20130036312 | Method and Device for Protecting Memory Content - A method of protecting digital data stored in a storage medium. The method comprises providing a first and a second addressable storage region in the storage medium, and selector means for selectively indicating one of the first and the second addressable storage regions as active; storing the digital data in the first addressable storage region of the storage medium, wherein the digital data stored in the first addressable storage region is stored encrypted with a first encryption key; and causing the selector means to indicate the first addressable storage region as being active; and, responsive to a trigger event, copying the digital data from the first to the second addressable storage region, wherein the digital data stored in the second addressable storage region is stored encrypted with a second encryption key; and causing the selector means to indicate the second addressable storage region as being active. | 02-07-2013 |
20130046994 | INTEGRATED GENOMIC AND PROTEOMIC SECURITY PROTOCOL - Apparatuses, systems, computer programs and methods for implementing a genomics-based security solution are discussed herein. In an encryption process, plaintext may be converted to DNAtext and DNAtext may be converted to a ciphergene. The ciphergene may then be converted into a pre-transcriptional complex. The pre-transcriptional complex, in turn, may then be converted into a cipherprotein. The decryption process operates in the reverse of the encryption process to obtain plaintext. | 02-21-2013 |
20130046995 | METHOD AND COMPUTER PROGRAM PRODUCT FOR ORDER PRESERVING SYMBOL BASED ENCRYPTION - A method for generating an encryption dictionary, the method includes generating a random value for each plaintext symbol of multiple plaintext symbols; and calculating a random token for each plaintext symbol based on a random value of the plaintext symbol and on random values of other plaintext symbols that have a lower lexicographic value than the plaintext symbol; wherein the calculating comprises applying a monotonic function; wherein the encryption dictionary comprises a mapping between the multiple plaintext symbols and random token of the multiple plaintext symbols. | 02-21-2013 |
20130054976 | LIGHTWEIGHT DOCUMENT ACCESS CONTROL USING ACCESS CONTROL LISTS IN THE CLOUD STORAGE OR ON THE LOCAL FILE SYSTEM - In a method for controlling access to an encrypted document, a computer receives a request to access the encrypted document, the access request comprising a user ID and a user password. The computer performs a one-way hash function on the user password to generate a hash value. The computer searches an access control table for the hash value which indicates an authorization for the user to access the encrypted document and corresponds to a document password encrypted with the user password. The computer decrypts the document password using the user password. The computer decrypts the encrypted document using the decrypted document password. | 02-28-2013 |
20130054977 | ENCRYPTED CHUNK-BASED RAPID DATA ENCRYPTION POLICY COMPLIANCE - To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, an encrypted chunks map is accessed. The encrypted chunks map identifies whether, for each chunk of sectors of a storage volume, the sectors in the chunk are unencrypted. In response to a request to write content to a sector, the encrypted chunks map is checked to determine whether a chunk that includes the sector is unencrypted. If the chunk that includes the sector is unencrypted, then the sectors in the chunk are encrypted, and the content is encrypted and written to the sector. If the chunk that includes the sector is encrypted or not in use, then the content is encrypted and written to the sector. | 02-28-2013 |
20130054978 | COMPUTING SYSTEM AND METHOD OF OPERATING COMPUTING SYSTEM - A computing system including a memory that is shared by a plurality of components of the computing system in order to exchange data between the plurality of components; and a controller configured to control the plurality of components to encrypt the data and to record the encrypted data in the memory. | 02-28-2013 |
20130061058 | PROTECTING APPLICATION PROGRAMS FROM MALICIOUS SOFTWARE OR MALWARE - An apparatus includes a memory to store a secure object comprising at least one of code and data that is encrypted when stored in the memory and a central processing unit (CPU) that is capable of executing an EnterSecureMode (esm) instruction that enables the decryption of the secure object's information when the secure object information is retrieved from the memory into the CPU. The CPU further comprises a feature to protect the secure object from code received from other software. | 03-07-2013 |
20130061059 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - An information processing apparatus including a virtual computer includes a key pair generating unit that generates a key pair of a virtual computer secret key and a virtual computer public key, a public key output unit that outputs the virtual-computer public key, a process target data retrieving unit that retrieves process target data encrypted with the virtual computer public key, a decryption unit that decrypts the retrieved process target data, a process program retrieving unit that retrieves a process program, an executing unit that executes the retrieved process program on the decrypted process target data, a public key retrieving unit that retrieves a process requester public key, an encryption unit that encrypts, with the retrieved process requester public key, process result data as a process result of the process program, and a process result data output unit that outputs the encrypted process result data. | 03-07-2013 |
20130061060 | Systems and Methods for Controlling the Use of Processing Algorithms, and Applications Thereof - Embodiments provide systems and methods for controlling the use of processing algorithms, and applications thereof. In an embodiment, authorization to use an algorithm is validated in a system having a processor capable of executing user defined instructions, by executing a user defined instruction that writes a first value to a first storage of a user defined instruction block, uses the first value to transform a second value located in a second storage of the user defined instruction block, and compares the transformed second value to a third value located in a third storage. Use of the algorithm is permitted only if the comparison of the transformed second value to the third value indicates that use of the algorithm is authorized. In another embodiment, authorization to use an at least partially decrypted algorithm is validated via a key for enablement. | 03-07-2013 |
20130067236 | SYSTEMS FOR VALIDATING HARDWARE DEVICES - A computing environment in which devices interoperate with a plurality of hardware components. Inconsistencies in user experience when operating devices that may use different components are avoided by generating a signature for the components. The signature may be computed as a function of a first key and one or more parameter values obtainable from the component. The signature and parameter values may be stored in the component's memory, and may be obtainable while the component is in operation as part of the computing device. The device may validate the component by performing at least one function based on the signature, the one or more parameter values obtainable from the component, and a second key, which may or may not be identical to the first key. The device may change its interaction with the component, depending on whether the component was successfully validated. | 03-14-2013 |
20130067237 | PROVIDING RANDOM ACCESS TO ARCHIVES WITH BLOCK MAPS - Objects of an object set stored in an archive may be randomly accessed using the addresses of the objects stored in the archive. However, archives often fail to enable random access to the data within an object, without accessing other portions of the object, due to the variable compression of respective segments of the object. Random-access capabilities within the objects may be provided by segmenting the object into segments of a segment size, generating a block map specifying the block sizes of respective blocks corresponding to respective segments of the objects, and storing the block map in the archive as an object of the object set. Additionally, hashcodes may be calculated respective blocks and included in the block map in order to expose alterations of respective blocks, and/or to update an archive to an updated version of the archive by comparing the hashcodes and retrieving and substituting the updated blocks. | 03-14-2013 |
20130067238 | SECURITY MECHANISM FOR DEVELOPMENTAL OPERATING SYSTEMS - A security technique to reduce the risk of unauthorized release of a software object. The technique allows identification of an individual responsible for the unauthorized release by marking each object with information, which acts as a fingerprint from which a person manipulating the object in a development environment can be identified. The development environment may be configured to quickly and automatically mark the object whenever a manipulation that may precede an unauthorized release occurs. To prevent circumventing the security technique, the object may be configured to enforce a requirement for a valid fingerprint such that the object is disabled if the fingerprint is removed or altered. Despite the marking, personally identifiable information is not revealed because the fingerprint is generated through a one-way cryptographic function performed on identifying information. | 03-14-2013 |
20130067239 | FRAMEWORK AND METHOD FOR SECURE DATA MANAGEMENT IN A DIVERSIFIED PLATFORM - The disclosure provides a method and a framework for secure data management, in which the method comprises: enabling, by an enterprise server, a user to download an enterprise application from the enterprise server using a computing device. User authentication credentials are provided by the enterprise server to a user when the user registers with the enterprise server. A unique client ID is assigned for the enterprise application downloaded by the computing device by the enterprise server. Keys for data encryption or decryption are generated by the enterprise server, for different services provided by the enterprise server based on a combination of the unique client ID, a user ID and/or a computing device ID. | 03-14-2013 |
20130067240 | CONTENT PROTECTION VIA ONLINE SERVERS AND CODE EXECUTION IN A SECURE OPERATING SYSTEM - A computer system comprising a processor and a memory for storing instructions, that when executed by the processor performs a copy protection method. The copy protection method comprises executing a software loop of a first software application in a first operating system. A first call is executed in the software loop to a code portion. A decrypted code portion of the first software application is executed in a second operating system in response to the first call. The code portion is decrypted in response to a successful validation of the first software application. | 03-14-2013 |
20130067241 | CONTENTS DATA UTILIZATION SYSTEM AND METHOD, AND MOBILE COMMUNICATION TERMINAL USED FOR THE SAME - The object of the present invention is to provide a contents data utilization system in which the contents data is shared between a plurality of mobile communication terminals while the copyright is protected. When the contents data downloaded via a communication network is stored into an external memory of a mobile communication terminal, an SIM data processing unit generates a cipher key, using an IMSI that is an identifier stored in an SIM card inserted into the terminal | 03-14-2013 |
20130073864 | SYSTEM AND METHOD OF AUTHENTICATING MULTIPLE FILES USING A DETACHED DIGITAL SIGNATURE - A system and method of authenticating data files is provided. The method includes providing a plurality of software part files and a manifest file associated with the software part files. The manifest file identifies each of the plurality of software part files. The method includes associating the manifest file with a manifest detached digital signature. The method also includes digitally signing the manifest file with the manifest detached digital signature. The manifest detached digital signature authenticates the manifest file. The method includes associating each of the plurality of software part files with one a plurality of unique detached digital signatures. The method includes digitally signing each of the plurality of software part files with one of the plurality of unique detached digital signatures. Each of the plurality of unique detached digital signatures authenticates one of the software part files. | 03-21-2013 |
20130073865 | Identifying peers by their interpersonal relationships - According to this disclosure, a user is identified (and selectively granted access to protected resources) by using information that describes the user's interpersonal relationships. This information typically is stored in a datastore, such as a digital address book, an online profile page, or the like. The user's digital address book carries an “acquaintance pattern” that changes dynamically in time. This pattern comprises the information in the user's contact list entries. In this approach, the entropy inherent in this information is distilled into a unique acquaintance digest (or “fingerprint”) by normalizing the contact list data, and then applying a cryptographic function to the result. | 03-21-2013 |
20130073866 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND PROGRAM - An information processing apparatus includes a data processing section for reproducing contents stored in a medium having a general purpose area in which encrypted contents and corresponding utilization controlling information are stored and a protected area including a plurality of blocks having access limitation set thereto and including a block having an encryption key for decrypting the encrypted contents stored therein. The data processing section acquires utilization controlling information corresponding to a content from the general purpose area, decides, based on the utilization controlling information, whether validity period information indicative of a content utilization permission period is to be acquired from the utilization controlling information or the encryption key storage block, acquires the validity period information based on a result of the decision and then compares the acquired validity period information and current date information to decide permission or inhibition of content reproduction. | 03-21-2013 |
20130073867 | METHOD FOR STRENGTHENING THE IMPLEMENTATION OF ECDSA AGAINST POWER ANALYSIS - A method of inhibiting the disclosure of confidential information through power analysis attacks on processors in cryptographic systems. The method masks a cryptographic operation using a generator G. A secret value, which may be combined with the generator G to form a secret generator is generated. The secret value is divided into a plurality of parts. A random value is generated for association with the plurality of parts. Each of the plurality of parts is combined with the random value to derive a plurality of new values such that the new values when combined are equivalent to the secret value. Each of the new values is used in the cryptographic operation, thereby using the secret generator in place of the generator G in the cryptographic operation. The introduction of randomness facilitates the introduction of noise into algorithms used by cryptographic systems so as to mask the secret value and provide protection against power analysis attacks. | 03-21-2013 |
20130073868 | SELECTIVE ENCRYPTION WITHIN DOCUMENTS - A method and system for selective encryption within a document. A portion of the document selected and marked for encryption is detected, the selected portion of the document including plaintext. The detected portion of the document selected for encryption is encrypted as ciphertext. The encrypted portion of the document is decrypted with a proper decryption key, wherein the decrypting includes decrypting the encrypted portion of the document in response to presentation of required data by the accessor. The required data includes the proper decryption key, a name of the accessor, and an employee number of the accessor. The portion of the document is displayed as decrypted. | 03-21-2013 |
20130080790 | Encrypted Memory Access - Various systems and methods for encrypting data are disclosed. In one aspect, the method includes receiving a memory address and a value to be written in the memory address. The method also includes encrypting the value using the memory address as an initial value for an encryption process. The method also includes storing the encrypted value in the memory address. | 03-28-2013 |
20130086390 | System and Method of Securing Private Health Information - A system and method for the secure processing of private health information. Fully homomorphically encrypted private health information, along with a request to process that information, is transmitted to a third party who performs operations on the encrypted private health information in accordance with the request, yielding an encrypted result. The encrypted result may be decrypted only by the party in possession of the corresponding private key. The invention enables encrypted private health information to be processed by third parties while preventing them from decrypting it. | 04-04-2013 |
20130086391 | SYSTEM, ARCHITECTURE AND METHOD FOR SECURE ENCRYPTION AND DECRYPTION - There is disclosed a system, architecture and method for encryption and decryption of a record. In an embodiment, a method comprises identifying a target record to be encrypted; analyzing one or more clear text linguistic attributes of the target record; generating a linguistic encryption key based on the analysis of one or more clear text linguistic attributes; and encrypting the target record with the linguistic encryption key, the linguistic encryption key operable to decrypt the encrypted target record in a reverse operation. | 04-04-2013 |
20130086392 | INCREASING DATA SECURITY IN ENTERPRISE APPLICATIONS BY USING FORMATTING, CHECKSUMS, AND ENCRYPTION TO DETECT TAMPERING OF A DATA BUFFER - A method, system, and computer program product for using hidden buffer formatting and passing obfuscated encryption key values to detect tampering with and/or prevent unauthorized inspection of a data buffer. The method comprises receiving an unencrypted sequence to be encrypted, selecting a layout version to associate to an encryption method and a checksum method, then encrypting the unencrypted sequence using the encryption method to form an encrypted sequence, and calculating, using the checksum calculation method, an unencrypted sequence checksum. Further, storing the encrypted sequence to form a hidden buffer payload, which hidden buffer has its own hidden buffer payload checksum. Encryption keys are not stored in program data, nor sent in the hidden buffers. Instead obfuscated encryption key values are used to generate keys on the fly. The receiver of a hidden buffer and obfuscated encryption key values can detect tampering or data corruption of the payload for further processing. | 04-04-2013 |
20130086393 | INCREASING DATA SECURITY IN ENTERPRISE APPLICATIONS BY OBFUSCATING ENCRYPTION KEYS - A method, system, and computer program product for using hidden buffer formatting and passing obfuscated encryption key values to detect tampering with and/or prevent unauthorized inspection of a data buffer. The method comprises receiving an unencrypted sequence to be encrypted, selecting a layout version to associate to an encryption method and a checksum method, then encrypting the unencrypted sequence using the encryption method to form an encrypted sequence, and calculating, using the checksum calculation method, an unencrypted sequence checksum. Further, storing the encrypted sequence to form a hidden buffer payload, which hidden buffer has its own hidden buffer payload checksum. Encryption keys are not stored in program data, nor sent in the hidden buffers. Instead obfuscated encryption key values are used to generate keys on the fly. The receiver of a hidden buffer and obfuscated encryption key values can detect tampering or data corruption of the payload for further processing. | 04-04-2013 |
20130097430 | ENCRYPTING DATA AND CHARACTERIZATION DATA THAT DESCRIBES VALID CONTENTS OF A COLUMN - A method, computer-readable storage medium, and computer system are provided. In an embodiment, in response to receiving a first command that specifies first data, a first cryptographic key, and a column identifier that identifies a column of rows in a database, the first data is encrypted into encrypted data using the first cryptographic key. The encrypted data is stored to a first row in the column in the database. In response to the receiving the first command, characterization data is created that specifies valid contents of the column of the rows. In response to receiving a query command that specifies a second cryptographic key and the column, the column is decrypted using the second key to create decrypted data. If the decrypted data does not satisfy the valid contents specified by the characterization data, an invalid cryptographic key action is performed. | 04-18-2013 |
20130097431 | SYSTEMS AND METHODS OF SOURCE SOFTWARE CODE MODIFICATION - Some embodiments of the present invention provide a method for modifying computer-executable instructions. In various embodiments, the method includes applying, with a processor, a data transformation to one or more value representations in the computer-executable instructions to create one or more transformed code segments; dividing the one or more transformed code segments into portions, the portions including a first portion and a second portion, the first portion including instructions for providing a first set of data for use by the second portion; altering the first portion of instructions so that it includes instructions for encrypting the first set of data; and storing the first portion of instructions with corresponding computer executable instructions on non-transient storage media. | 04-18-2013 |
20130103953 | APPARATUS AND METHOD FOR ENCRYPTING HARD DISK - An apparatus and method for encrypting a hard disk are provided. The apparatus includes a program management unit, an Internet Protocol (IP) management unit, and an encryption processing unit. The program management unit causes an allowed program or process to be executed based on a result of determination as to whether the program or process to be executed in a host terminal is allowed to gain access. The IP management unit causes data to be transmitted to an allowed destination IP address based on a result of determination as to whether the destination IP address to which the host terminal attempts to transmit the data is allowed to be accessed. The encryption processing unit encrypts and decrypts all data, exchanged between the host terminal and the hard disk by applying an algorithm, selected by a user, to the data. | 04-25-2013 |
20130103954 | KEY USAGE POLICIES FOR CRYPTOGRAPHIC KEYS - A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method. The method includes creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to usage of the key material populating one or more key usage fields that define attributes that limit actions that may be performed with the key material. | 04-25-2013 |
20130111217 | Storing user data in a service provider cloud without exposing user-specific secrets to the service provider | 05-02-2013 |
20130111218 | ENCRYPTION REDUNDANCY IN A STORAGE ELEMENT ARRAY | 05-02-2013 |
20130111219 | DELIVERING DATA FROM A SECURE EXECUTION ENVIRONMENT TO A DISPLAY CONTROLLER | 05-02-2013 |
20130117574 | MEMORY DEVICE AND SYSTEM WITH SECURE KEY MEMORY AND ACCESS LOGIC - A memory device includes a first memory area that stores a secure key, a second memory area that stores content data, memory secure logic configured to exclusively access the secure key in the first memory area, and a memory controller, physically separate from the memory secure logic, that accesses the content data in response to externally provided command, address and data (CAD) information and the secure key as accessed through the memory secure logic. | 05-09-2013 |
20130117575 | ENCRYPTION APPARATUS, ENCRYPTION METHOD, DECRYPTION APPARATUS, DECRYPTION METHOD AND SYSTEM - An encryption method includes encrypting a first portion and second portion each of which is included in data to be encrypted, encrypting first information used for decryption of the first data portion, and associating second information used for decryption of the second portion with a predetermined part of the first data portion. | 05-09-2013 |
20130117576 | CONVERTING APPARATUS, CONVERTING METHOD, AND RECORDING MEDIUM OF CONVERTING PROGRAM - A converting method includes storing correspondence of each of first-type coded information, included in a first-type coded information group, and one of second-type coded information, included in a second-type coded information group, based on input information, by a processor, and converting, when input data includes the first-type coded information, first-type coded information in the input data into second-type coded information, based on the correspondence. | 05-09-2013 |
20130124872 | Method of accessing a computer hardware device in a Metro user interface mode application - A method of accessing a hardware device in a computer includes executing a Metro user interface mode application in an operating system and executing a Desktop mode application in the operating system, the Desktop mode application corresponding to the Metro user interface mode application, and the Desktop mode application having permission to access a hardware device of the computer that the Metro user interface mode application does not have permission to access. The method also includes the Metro user interface mode application sending commands to the Desktop mode application through a network application programming interface, and the Desktop mode application sending the commands to the hardware device for controlling the hardware device with the commands, and the Desktop mode application receiving data from the hardware device and transferring the received data to the Metro user interface mode application. | 05-16-2013 |
20130124873 | STORAGE DEVICE AND ITS CONTROL METHOD - A storage device partitions data from a host into multiple partitioned data and distributes, encrypts and stores them together with a parity in multiple memory mediums. This storage device executes processing of restoring the partitioned data or the parity stored in a memory medium subjectable to encryption re-key based on decrypted data of the partitioned data or the parity stored in each memory medium other than the memory medium subjectable to encryption re-key among the multiple memory mediums, storing the restored partitioned data or the parity in a backup memory medium while encrypting the restored partitioned data or the parity with a new encryption key, and thereafter interchanging the backup memory medium and the memory medium subjectable to encryption re-key so that the backup memory medium will be a memory medium configuring the parity group and the memory medium subjectable to encryption re-key will be the backup memory medium. | 05-16-2013 |
20130124874 | SECURE SYSTEM-ON-CHIP - A secure system-on-chip for processing data, the system-on-chip comprising at least a central processing unit (CPU), an input and an output channel, an encryption/decryption engine and a memory, wherein, said input channel comprises an input encryption module to encrypt all incoming data, said output channel comprising an output decryption module to decrypt all outgoing data, said CPU receiving the encrypted data from the input encryption module and storing them in the memory, and while processing the stored data, said CPU reading the stored data from the memory, requesting decryption of same in the encryption/decryption engine, processing the data and requesting encryption of the result by the encryption/decryption engine and storing the encrypted result, outputting the result to the output decryption module for decryption purpose and exiting the decrypted result via the output channel. | 05-16-2013 |
20130124875 | DISTRIBUTED STORAGE NETWORK AND METHOD FOR ENCRYPTING AND DECRYPTING DATA USING HASH FUNCTIONS - A DS processing unit includes a grid module and a DSN interface. The grid module is operable to encrypt a data segment and to decrypt an encrypted data segment. To encrypt the data segment, the grid module partitions the data segment into portions and encrypts the portions using encryption keys generated from other portions to produce encrypted portions. The grid module then dispersed storage error encodes the encrypted portions to produce a set of encoded data slices, which the DSN interface outputs to a DSN. The DSN interface also receives a set of encoded data slices, which the grid module disperse storage error decodes to produce the encrypted data segment. The grid module then partitions the encrypted data segment into encrypted data portions and decrypts the encrypted data portions using decryption keys generated from other encrypted data portions to produce decrypted portions of a recovered data segment. | 05-16-2013 |
20130132733 | System And Method For Digital Rights Management With System Individualization - Various embodiments of a system and method for digital rights management with system individualization are described. In various embodiments, a DRM component may generate a request for machine-specific credentials specific to the system on which the DRM component is implemented. This request may include device information of component(s) of such system. The DRM component may also receive an encrypted response that includes the machine-specific credentials. This encrypted response may be encrypted with a machine-specific encryption key generated from the device information. In various embodiments the response may be generated by an individualization server that verified the request for machine-specific credentials. The DRM component may also, based on the device information of the system on which the DRM component is implemented, generate an encryption key equivalent to the machine-specific encryption key with which the received response is encrypted. The DRM component may decrypt the encrypted response with the generated encryption key. | 05-23-2013 |
20130132734 | Computing device integrity protection - A method of operating a computer system includes: obtaining, at the computer system, verification-input information associated with each of multiple hardware components of the computer system; cryptographically processing, at the computer system, the verification-input information to obtain a cryptographic result; and determining, at the computer system, whether to allow or inhibit, depending upon a comparison of the cryptographic result with a verification value, further operation of at least one of the hardware components. | 05-23-2013 |
20130132735 | APPARATUS AND METHOD FOR HARDWARE-BASED SECURE DATA PROCESSING USING BUFFER MEMORY ADDRESS RANGE RULES - Disclosed is a processor for processing data from a buffer memory. The processor, implemented in hardware, may allow writing of output data, processed based on input data from at least one secure location associated with a secure address range of the buffer memory, to one or more secure locations associated with the secure address range. Further, the processor may block writing of output data, processed based on input data from at least one secure location associated with the secure address range, to one or more insecure locations associated with an insecure address range of the buffer memory. | 05-23-2013 |
20130138970 | Deleting Encoded Data Slices in a Dispersed Storage Network - A method begins by a dispersed storage (DS) processing module receiving a request regarding at least a portion of corresponding encoded data slices, wherein a collection of encrypted and encoded data slices of a plurality of collections of encrypted and encoded data slices includes a common data aspect, wherein encrypted and encoded data slices of the collection of encrypted and encoded data slices are produced by individually encrypting corresponding encoded data slices using a common encrypting character string and representations of the corresponding encoded data slices. The method continues with the DS processing module identifying the common encrypting character string of the corresponding encoded data slices. When the request is to delete the corresponding encoded data slices, the method continues with the DS processing module obfuscating the common encrypting character string in a local memory such that the collection of encrypted and encoded data slices are effectively incomprehensible. | 05-30-2013 |
20130138971 | INTELLIGENT SECURITY CONTROL SYSTEM FOR VIRTUALIZED ECOSYSTEMS - Resources of a virtualized ecosystem are intelligently secured by defining and analyzing object handling security control information for one or more logical resources in the virtualized ecosystem and deriving therefrom object properties for each of the logical resources involved in the execution of a virtual machine in any given context within the virtualized ecosystem. | 05-30-2013 |
20130138972 | PROTECTION OF SECURITY PARAMETERS IN STORAGE DEVICES - Security parameters used to encrypt data stored on a storage device may be protected using embodiments of systems and methods described herein. During a resize operation, data stored on a memory unit in the storage device may be altered prior to communicating an updated partition size to a host computer. In some examples, data is altered prior to storing the updated partition sizes in the storage device. In this manner, a host system may not receive the updated partition sizes until after the data is altered. Altering data may avoid exposure encrypted data, information about one or more security parameters used to encrypt data on the memory unit or decrypt data retrieved from the memory unit, or combinations thereof. | 05-30-2013 |
20130145174 | INFRASTRUCTURE INDEPENDENT RECOVERY KEY RELEASE - Aspects of the subject matter described herein relate to recovering locked data. In aspects, stakeholders of locked volume(s) are identified. Security data of the volume(s) that can be used to unlock the volume(s) is collected from one or more computing devices hosting the volume(s). The security data and stakeholder data is stored on a recovery store. If a stakeholder needs to unlock a volume, the stakeholder may communicate with a recovery manager, provide certain data, and receive data that may be used to unlock the volume. Auditing may be performed for attempts to obtain the unlocking data from the recovery store. | 06-06-2013 |
20130145175 | METHOD AND APPARATUS FOR ENCIPHERING/DECIPHERING DIGITAL RIGHTS MANAGEMENT OBJECT - A method and an apparatus for enciphering/deciphering digital rights management object are provided. The DRM enciphering method includes the following steps: A plurality of content objects which are divided from a digital content are received. A plurality of DRM vectors are generated according to tacit information between the DRM enciphering apparatus and the DRM deciphering apparatus. The content objects are respectively enciphered according to the DRM vectors to generate a plurality of DRM objects. | 06-06-2013 |
20130145176 | CIRCUIT PERSONALIZATION - A method distributes personalized circuits to one or more parties. The method distributes a generic circuit to each party, encrypts a unique personalization value using a secret encryption key, and transmits each encrypted personalization value to the corresponding party. Each party then stores the encrypted personalization value in their circuit. The stored encrypted personalization value allows a piece of software to be properly executed by the circuit. A semiconductor integrated circuit is arranged to execute a piece of software that inputs a personalization value as an input parameter. The circuit comprises a personalization memory arranged to store an encrypted personalization value; a key memory for storing a decryption key; a control unit comprising a cryptographic circuit arranged to decrypt the encrypted personalization value using the decryption key; and a processor arranged to receive the decrypted personalization value and execute the software using the decrypted personalization value. | 06-06-2013 |
20130151861 | SYSTEM AND METHOD TO PROTECT COMPUTER SOFTWARE FROM UNAUTHORIZED USE - A system and method encrypt a license file associated with computer software using a private key. The license file includes one or more license keys, and each license key is associated with a feature of the computer software. The license file associated with the computer software is decrypted at runtime using a public key. A module determines whether a user is permitted to execute the computer software. The module is authenticated by one or more of a determination of whether a hash code included within the module matches a hash code generated by a user of the computer software at run time of the computer software, and an encryption of the module prior to run time of the computer software using the private key and a decryption of the module at run time of the computer software using the public key. | 06-13-2013 |
20130151862 | SYSTEMS AND METHODS FOR DIGITAL EVIDENCE PRESERVATION, PRIVACY, AND RECOVERY - Systems and methods for preserving digital evidence using a self-protecting storage device are provided, by copying digital evidence from a source drive to a self-protecting storage device, writing and storing metadata relating to the copying such as date, time, and those present, and engaging the self-protecting features of the storage device such that the copied digital evidence cannot be altered. | 06-13-2013 |
20130151863 | INTERFACES FOR COMBINING CALLS IN AN EMULATED ENVIRONMENT - Calls from an application in an emulated environment to a module in the operating system hosting the emulated environment may be combined to reduce the overhead of accessing the module. An application handling secure shell (SSH) communications may execute multiple calls to a cryptographic module in the host operating system. Because many calls to the cryptographic module during SSH communications follow patterns, two or more related calls may be combined into a single combined call to the cryptographic module. For example, a call to generate a server-to-client key and a call to generate a client-to-server key may be combined into a single call. | 06-13-2013 |
20130151864 | CLIPBOARD PROTECTION SYSTEM IN DRM ENVIRONMENT AND RECORDING MEDIUM IN WHICH PROGRAM FOR EXECUTING METHOD IN COMPUTER IS RECORDED - Disclosed are a clipboard protection system in a DRM environment and a recording medium in which a program for executing the method in a computer is recorded. An identification information management unit changes first identification information of data, which is to be stored in a clipboard, into second identification information when data stored in the clipboard is requested by a reliable object, and outputs the second identification information corresponding to identification information of the reading target data if the reliable object requests extraction of the data stored in the clipboard. A data protection unit encodes the data, which is to be stored in the clipboard, and decodes the encoded data which is read from the clipboard. If the extraction request for the data stored in the clipboard is inputted from the reliable object, a control unit delivers to a clipboard management system the second identification information corresponding to the identification information of the reading target data, and requests the encoded security data to be read and provided from the clipboard. According to the present invention, the access to the security data by a non-reliable object can be blocked. | 06-13-2013 |
20130159725 | FPGA APPARATUS AND METHOD FOR PROTECTING BITSTREAM - An FPGA apparatus and a method for protecting bitstreams are provided. The FPGA apparatus includes: a key storage unit, which is configured to be accessed only from within the FPGA, and having stored therein the encryption/decryption key and the initial key generated by the random number generator; a setting bitstream storage unit, which is an internal non-volatile memory stored with bitstreams for setting authentication and encryption/decryption; and an authentication and encryption/decryption setting unit, which is configured to call the encryption and decryption key and the initial value stored in the key storage unit to store encrypted bitstreams and authentication codes generated as a result of performing encryption on the bitstreams stored in the setting bitstream storage unit in external non-volatile memory, and verity the integrity of the encrypted bitstreams stored in the external non-volatile memory at the time of designing of the FPGA using the encrypted bitstreams. | 06-20-2013 |
20130159726 | METHOD AND APPARATUS TO PROVIDE SECURE APPLICATION EXECUTION - A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed. | 06-20-2013 |
20130159727 | SECURE REPLAY PROTECTED STORAGE - Embodiments of the invention create an underlying infrastructure in a flash memory device (e.g., a serial peripheral interface (SPI) flash memory device) such that it may be protected against user attacks—e.g., replacing the SPI flash memory device or a man-in-the-middle (MITM) attack to modify the SPI flash memory contents on the fly. In the prior art, monotonic counters cannot be stored in SPI flash memory devices because said devices do not provide replay protection for the counters. A user may also remove the flash memory device and reprogram it. Host platforms alone cannot protect against such hardware attacks. | 06-20-2013 |
20130159728 | SYSTEM AND METHOD THAT USES CRYPTOGRAPHIC CERTIFICATES TO DEFINE GROUPS OF ENTITIES - A system and method for issuing a cryptographic certificate comprises describing one or more prerequisite condition on the cryptographic certificate. The one or more prerequisite conditions comprise membership in one or more prerequisite group of entities. An entity may be a participant, a resource or a privilege, etc. One or more target groups of entities may be named on the cryptographic certificate. One or more prerequisite group stakeholder that authorizes an entity in the one or more prerequisite group of entities to be added as members in another group of entities sign the cryptographic certificate. The cryptographic certificate may also be signed by one or more target group stakeholders that authorizes an entity to be added as a member of the one or more target groups. Exemplary prerequisite conditions relate to one or more of a membership in another group of entities, a physical characteristic, a temporal characteristic, a location characteristic or a position characteristic, among others. | 06-20-2013 |
20130159729 | SOFTWARE-BASED TRUSTED PLATFORM MODULE - A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices. | 06-20-2013 |
20130159730 | ATTRIBUTE-BASED DIGITAL SIGNATURES - An attribute-based digital signature system is disclosed. A first signature generating unit ( | 06-20-2013 |
20130159731 | ENCRYPTED DATABASE SYSTEM, CLIENT TERMINAL, ENCRYPTED DATABASE SERVER, NATURAL JOINING METHOD, AND PROGRAM - A client terminal is provided with: a column encryption unit that, from an encryption key, a table identifier, and a column identifier, generates a column private key, a column public key, and a comparison value, from which the unit generates a concealed comparison value and a ciphertext, thus encryption a particular column; and an encrypted table natural joining request unit that issues a natural joining request text that requests natural joining related to the column encrypted from the encryption key, table identifier, and column identifier. The natural joining request text contains as a table joining key the column public key and column private key that were generated by the encryption key from the table identifier of a first and second tables and the column identifier of the a-th column and b-th column. Then, an encrypted database server executes natural joining using the table joining key, and returns the result. | 06-20-2013 |
20130166919 | SECURE DATA DELETION IN A DATABASE - A data storage application encrypts one or more data pages using a first initialization vector and one or more encryption keys. In addition, the data storage application encrypts one or more converter pages using a second initialization vector and the encryption key(s). The first initialization vector uses the converter page(s) to encrypt the data page(s). The encrypted data page(s) and the converter page(s) are stored to physical storage. Related apparatus, systems, techniques and articles are also described. | 06-27-2013 |
20130166920 | MOBILE DATA VAULT - A portable electronic device is provided. The portable electronic device includes a data interface module that processes files associated with a user, the data interface module receives and validates a password from a user of the portable electronic device before the user is allowed access to files processed by the data interface module, an encryption key formed by the data interface module upon validation of the password, the encryption key further comprising the password, a hard coded private string and a serial number of the portable electronic device and a data storage area that stores files received from the data interface module the stored files are encrypted using the encryption key and where neither the encryption key or the password are stored in an unencrypted format anyplace within the portable electronic device. | 06-27-2013 |
20130173928 | CRYPTOGRAPHIC DEVICE WITH RESISTANCE TO DIFFERENTIAL POWER ANALYSIS AND OTHER EXTERNAL MONITORING ATTACKS - Techniques usable by devices to encrypt and decrypt sensitive data to in a manner that provides security from external monitoring attacks. The encrypting device has access to a base secret cryptographic value (key) that is also known to the decrypting device. The sensitive data are decomposed into segments, and each segment is encrypted with a separate encryption key derived from the base key and a message identifier to create a set of encrypted segments. The encrypting device uses the base secret cryptographic value to create validators that prove that the encrypted segments for this message identifier were created by a device with access to the base key. The decrypting device, upon receiving an encrypted segments and validator(s), uses the validator to verify the message identifier and that the encrypted segment are unmodified, then uses a cryptographic key derived from the base key and message identifier to decrypt the segments. | 07-04-2013 |
20130173929 | CRYPTOGRAPHIC PROCESSING SYSTEM, KEY GENERATION DEVICE, ENCRYPTION DEVICE, DECRYPTION DEVICE, CRYPTOGRAPHIC PROCESSING METHOD, AND CRYPTOGRAPHIC PROCESSING PROGRAM - The object is to provide a secure functional encryption scheme having many cryptographic functions. An access structure is constituted by applying the inner-product of attribute vectors to a span program. The access structure has a degree of freedom in design of the span program and design of the attribute vectors, thus having a large degree of freedom in design of access control. A functional encryption process is implemented by imparting the access structure to each of a ciphertext and a decryption key. | 07-04-2013 |
20130179694 | SYSTEM AND METHOD FOR ELECTRONIC CERTIFICATION AND AUTHENTICATION OF DATA - A system and method for authenticating data. Data may be received that is individually encrypted in a first encryption layer by each of a plurality of users using user-specific private keys. The received data may be encrypted together in a second encryption layer to create multi-layered encrypted data. The multi-layered encrypted data may be transferred to a beneficiary device to determine if the encrypted data is authentic. At the beneficiary device, the second encryption layer may be decrypted to expose the first encryption layer. Then, the first encryption layer may be decrypted using public keys that only decrypt data encrypted by private keys assigned to a plurality of authorizers pre-designated to authenticate the data. If the first encryption layer is properly decrypted using the authorizers' decryption keys, it may be determined that the users are the pre-designated authorizers. | 07-11-2013 |
20130179695 | VERIFYING AUTHENTICITY OF PLAYBACK DEVICE - One embodiment of the invention sets forth a mechanism for verifying the authenticity of a device before transmitting digital content to the device. In operation, the device stores a device key that is generated at manufacture-time using a pre-determined cryptographic key and the device identifier. In operation, the device generates a proof of possession from the application data and the stored device key. When verifying the device authenticity, a device key is derived from the master key and the device identifier then a proof of possession is derived from the derived device key and the application data obtained from the device. If the derived proof of possession matches the received proof of possession, then the authenticity of the device can be verified. | 07-11-2013 |
20130179696 | Secure Removable Drive System - A data storage system comprises a removable drive with memory for storing data, and an identifier for identifying the removable data cartridge. A host computer can be coupled in data communication with the removable data cartridge, with a driver for performing data operations thereon. The driver is configured to perform the data operations with encryption, in the presence of the identifier, and to perform the data operations without the encryption, in the absence of the identifier. | 07-11-2013 |
20130185569 | DATA PROTECTION SYSTEM AND METHOD BASED ON CLOUD STORAGE - A data protection system implemented by a data protection device divides original data of a user into a plurality of data packets, and allots a sequential number to each second data. The system encrypts each of the data packets in sequence according to the allotted number of each of the data packets. After each of the data packets has been encrypted, the system moves each encrypted data packet from the data protection device to a cloud storage device in communication with the data protection device through a network. | 07-18-2013 |
20130191648 | Storage Encryption - Storage associated with a virtual machine or other type of device may be migrated between locations (e.g., physical devices, network locations, etc.). To maintain the security of the storage, a system may manage the encryption of the storage area such that a storage area is encrypted with a first encryption key that may be maintained through the migration. A header of the storage area, on the other hand, may be encrypted using a second encryption key and the first encryption key may be stored therein. Upon transfer, the header may be re-encrypted to affect the transfer of security. | 07-25-2013 |
20130198524 | OBJECT WITH IDENTITY BASED ENCRYPTION - A workflow order is created for the object. Public parameters are received from a key generation center at a computer associated with an object master. A public key is generated at the computer system based on a user identifier and the public parameters, wherein the user identifier is comprised of user related information. The object is encrypted using the public key such that the object cannot be opened without the a private key, wherein the object is a composite document comprising multiple elements of documents of different formats, and wherein the private key is generated in response to a request from an authenticated user using the user identifier at the key generation center. Access to the multiple elements of the object is controlled based on workflow order. | 08-01-2013 |
20130198525 | SYSTEMS FOR STRUCTURED ENCRYPTION USING EMBEDDED INFORMATION IN DATA STRINGS - A data processing system is provided that includes applications, databases, encryption engines, and decryption engines. Encryption and decryption engines may be used to perform format-preserving encryption on data strings stored in a database. Encryption and decryption engines may include embedded-format-preserving encryption and decryption engines. Embedded-format-preserving encryption engines may be used to encrypt data strings and embed information in data strings. Information corresponding to a format-preserving encryption operation of a data string may be embedded in an associated data string. The associated data string may be encrypted before or after embedding the information in the associated data string. The embedded information may include key management data that corresponds to a managed encryption key that was used to encrypt the data string. | 08-01-2013 |
20130198526 | SECURE PROCESSOR - A secure hardware comprises a secure pipe, a secure DMA, a secure assist and a secure bus, which connects between those blocks. The secure pipe stores a common encryption key in an encryption key table so as not to be able to access from software. The secure DMA comprises a data common key system process function and a hashing process function. The secure assist comprises a common key system process function and an authentication process function, receives an issued command from a program executed by the processor core via a public IF, and performs setting/control of the secure pipe and the secure DMA via the secure bus. | 08-01-2013 |
20130198527 | EXECUTION METHOD OF .NET PROGRAM AFTER ENCRYPTION - The present invention provides an execution method of a .NET program after encryption. An operating system allocates a process address space to a .NET program process and maps PE files into the process address space respectively. After the .NET program process runs, it is judged whether a currently running program module is encrypted. The .NET program process continues to run after the encrypted program module is decrypted. If the current program module calls a subroutine module, it is judged whether the subroutine module is encrypted. If the subroutine module is encrypted, a decryption operation is performed, and the .NET program process continues to run. With the method, encryption management can be performed on the .NET program based on modules, thereby providing diversified functions for protecting .NET software. | 08-01-2013 |
20130198528 | Modifying a Length of an Element to Form an Encryption Key - A length of an element used as part of an encryption key for encrypting data is modified. Data is encrypted using the encryption key, and the encrypted data is provided for storing in a storage device ( | 08-01-2013 |
20130198529 | SAMPLE CARRIER UNIT HAVING SAMPLE DATA ENCRYPTION AND METHOD FOR USE THEREOF - A sample carrier unit ( | 08-01-2013 |
20130212403 | Electronic content rights with and-or expression - Methods and apparatus for creating a license defining permissions to use electronic content. The methods include selecting a plurality of habitat types, each an aspect of a user environment to which a license can be bound; determining one or more habitat values and relations for each selected type; and creating a license to use the electronic content, the license including an and or logic expression of habitat terms, each term containing one of the selected types and its set of corresponding values and relations. | 08-15-2013 |
20130212404 | DOCUMENT MODIFICATION DETECTION AND PREVENTION - Methods and apparatus, including computer program products, implementing and using techniques for document authentication. An electronic document is presented to a user. The electronic document has data representing a signed state and a current state. A disallowed difference between the signed state and the current state is detected, based on one or more rules that are associated with the electronic document. A digital signature associated with the electronic document is invalidated in response to the detecting. | 08-15-2013 |
20130212405 | SECURE DATA PARSER METHOD AND SYSTEM - The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity. | 08-15-2013 |
20130212406 | TECHNIQUE FOR PROVIDING SECURE FIRMWARE - A technique to verify firmware. One embodiment of the invention uses a processor's micro-code to verify a system's firmware, such that the firmware can be included in a trusted chain of code along with the operating system. | 08-15-2013 |
20130219187 | CIRCUIT ARRANGEMENT, A METHOD FOR FORMING A CIRCUIT ARRANGEMENT, AND METHOD FOR INTEGRITY CHECKING - A circuit arrangement is provided, the circuit arrangement including a processor; a memory circuit connected to the processor, wherein the processor is configured to access the memory circuit; a blocking circuit configured to generate one or more random wait state signals which prevent the processor from accessing the memory circuit; and an integrity checking circuit configured to check the memory circuit during a wait state period of the one or more random wait state signals. | 08-22-2013 |
20130219188 | APPARATUS AND METHOD FOR REPRODUCING CONTENTS IN ELECTRONIC DEVICE - An apparatus and a method for outputting contents where an Output Protection Level (OPL) has been set to an extension device in an electronic device are provided. The apparatus includes a secure processor for decrypting and decoding contents where a right to use the contents has been set using a secure Operating System (OS). When receiving an external output request for contents whose external output is not allowed, the secure processor stops generating of decoded data transmitted to an extension device. | 08-22-2013 |
20130219189 | Cryptographic Transmission System - A microcontroller includes on-chip key storage slots stored in a non-volatile memory, wherein selecting which key is to be used is restricted to software, wherein a predetermined key storage slot stores a Key Encrypt Key (KEK), and a register flag is provided for determining whether the predetermined key storage slot stores a key for encrypting/decrypting data or the KEK for encrypting/decrypting a key | 08-22-2013 |
20130219190 | Determine Authorization of a Software Product Based on a First and Second Authorization Item - Embodiments disclosed herein relate to determining authorization of a software product based on a first authorization item and a second authorization item. Each authorization item may be a file or a registry key. A processor | 08-22-2013 |
20130219191 | PLATFORM FIRMWARE ARMORING TECHNOLOGY - A method, apparatus, machine-readable medium, and system are disclosed. In one embodiment the method includes a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure. | 08-22-2013 |
20130227301 | USING STORAGE CONTROLLER BUS INTERFACES TO SECURE DATA TRANSFER BETWEEN STORAGE DEVICES AND HOSTS - The disclosed embodiments provide a system that secures data transfer between a storage device and a host. During operation, the system obtains an input/output (I/O) command and an encryption context associated with the I/O command from a device driver executing on the host. Next, the system uses a storage controller bus interface between the host and the storage device to apply the encryption context to data associated with the I/O command, wherein the encryption context enables transmission of an encrypted form of the data between the storage device and the host. Finally, the system uses the storage controller bus interface to issue the I/O command to the storage device, wherein the I/O command is processed by the storage device. | 08-29-2013 |
20130227302 | METHOD AND SYSTEM FOR A RECURSIVE SECURITY PROTOCOL FOR DIGITAL COPYRIGHT CONTROL - Systems and methods are described which utilize a recursive security protocol for the protection of digital data. These may include encrypting a bit stream with a first encryption algorithm and associating a first decryption algorithm with the encrypted bit stream. The resulting bit stream may then be encrypted with a second encryption algorithm to yield a second bit stream. This second bit stream is then associated with a second decryption algorithm. This second bit stream can then be decrypted by an intended recipient using associated keys. | 08-29-2013 |
20130232341 | SYSTEM AND METHOD FOR INITIALIZING TOKENS IN A DICTIONARY ENCRYPTION SCHEME - Computer systems and applications are provided for encrypting data in a manner which preserves the ability to process the encrypted data. The method includes arranging a plurality of plaintext symbols in lexicographical order; defining respective first and second subsets of the lexicographically arranged symbols; defining a first and a second set of random tokens for use with the first and second subsets of symbols, respectively; adding a first random constant value to each token in the first set of random tokens; adding a second random constant value to each token in the second set of random tokens; defining the first set of random tokens comprises establishing a first average distance between tokens; and defining the second set of random tokens comprises establishing a second average distance between tokens; wherein the second average distance is different than the first average distance, and the second random constant value is greater than the first random constant value. | 09-05-2013 |
20130232342 | SYSTEM FOR PROCESSING FEEDBACK ENTRIES RECEIVED FROM SOFTWARE - A system for processing feedback entries received from software provided by a vendor to an end user machine. The end user machine includes the software, a feedback module, and a database. The feedback module: establishes a secret key k(0) and a secret key n(0; generates an identification tag FE(0); generates a secret key s(0); generates an encryption E | 09-05-2013 |
20130238905 | DATA SHIELDING SYSTEM AND METHOD - A processor-based system and method comprising a display engine that creates a virtual space on a user device. An interface engine is operable to sense an interaction with a user, and in response to that interaction, receive a key from a remote server and apply a cipher. The interaction may be a user dragging or dropping a file or other data into the virtual space. The interface may then detect the file, query a remote server to retrieve a key and apply the cipher to the data using the key. The ciphers may be dynamically changed for different files. Display indicia show encrypted and non-encrypted files in a format that indicates their state. In certain embodiments the system may act as a server delivering secure and non-secure information to other processes. | 09-12-2013 |
20130246802 | Collusion-Resistant Outsourcing of Private Set Intersection - Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving an encrypted first data set from a first entity, storing the encrypted first data set in computer-readable memory, receiving an encrypted second data set from a second entity, storing the encrypted second data set in computer-readable memory, receiving public encryption information associated with the encrypted first data set and the encrypted second data set, storing the public encryption information in computer-readable memory, and processing, using the one or more processors, the encrypted first data set and the encrypted second data set to provide the set intersection, wherein an advantage of a first adversary in guessing data elements of the encrypted first data set is negligible in a security parameter. | 09-19-2013 |
20130246803 | ENABLING DELIVERY OF PROTECTED CONTENT USING UNPROTECTED DELIVERY SERVICES - Disclosed are an apparatus and method configured to perform media file encryption. One example method may include retrieving a media file stored in a memory during a play time operation, executing the media file and receiving additional portions of the media file during the play time operation. The method may also include processing the media file and the additional portions of the media file to generate an output media and displaying the output media on a display of a user device. | 09-19-2013 |
20130246804 | DELIVERY POINT VALIDATION SYSTEM - A computer-implemented method represents a list of informational items using a bit array. The method converts an informational item to a cryptographic value using a cryptographic algorithm and extracts a plurality of n-bit samples from the cryptographic value. The n-bit samples includes at least a first field and a second field. The first field identifies a group of bits of the bit array and the second field identifies one or more individual bits within the group of bits. The individual bits are set to a pre-determined value according to the first field identifying the group of bits and the second field identifying the individual bits within the group of bits. | 09-19-2013 |
20130246805 | SECURE INTERFACE FOR VERSATILE KEY DERIVATION FUNCTION SUPPORT - Improper re-use of a static Diffie-Hellman (DH) private key may leak information about the key. The leakage is prevented by a key derivation function (KDF), but standards do not agree on key derivation functions. The module for performing a DH private key operation must somehow support multiple different KDF standards. The present invention provides an intermediate approach that neither attempts to implement all possible KDF operations, nor provide unprotected access to the raw DH private key operation. Instead, the module performs parts of the KDF operation, as indicated by the application using the module. This saves the module from implementing the entire KDF for each KDF needed. Instead, the module implements only re-usable parts that are common to most KDFs. Furthermore, when new KDFs are required, the module may be able to support them if they built on the parts that the module has implemented. | 09-19-2013 |
20130246806 | INFORMATION PROCESSING APPARATUS, FILE ENCRYPTION DETERMINATION METHOD AND AUTHORITY DETERMINATION METHOD - An information processing apparatus includes an application operation file information holding unit | 09-19-2013 |
20130246807 | SYSTEMS AND METHODS FOR SECURING DATA IN MOTION - The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise communities of interest to leverage a common enterprise infrastructure. Because security is already woven into the data, this common infrastructure can be used without compromising data security and access control. In some applications, data is authenticated, encrypted, and parsed or split into multiple shares prior to being sent to multiple locations, e.g., a private or public cloud. The data is hidden while in transit to the storage location, and is inaccessible to users who do not have the correct credentials for access. | 09-19-2013 |
20130246808 | SYSTEMS AND METHODS FOR SECURING DATA IN MOTION - The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise communities of interest to leverage a common enterprise infrastructure. Because security is already woven into the data, this common infrastructure can be used without compromising data security and access control. In some applications, data is authenticated, encrypted, and parsed or split into multiple shares prior to being sent to multiple locations, e.g., a private or public cloud. The data is hidden while in transit to the storage location, and is inaccessible to users who do not have the correct credentials for access. | 09-19-2013 |
20130246809 | DIFFERENTIAL UNCLONEABLE VARIABILITY-BASED CRYPTOGRAPHY - Differential uncloneable variability-based cryptography techniques are provided. The differential cryptography includes a hardware based public physically uncloneable function (PPUF) to perform the cryptography. The PPUF includes a first physically uncloneable function (PUF) and a second physically uncloneable function. An arbiter determines the output of the circuit using the outputs of the first and second PUFs. Cryptography can be performed by simulating the PPUF with selected input. The output of the simulation, along with timing information about a set of inputs from where the corresponding input is randomly selected for simulation, is used by the communicating party that has the integrated circuit with the PPUF to search for an input that produces the output. The input can be configured to be the secret key or a part of the secret key. | 09-19-2013 |
20130254548 | DIGITAL DATA AUTHENTICATION AND SECURITY SYSTEM - The present invention includes a system and process for generating secured, marked digital files. A cryptographic token is inertly embedded in markup language tags of digital files. | 09-26-2013 |
20130254549 | DIGITAL DATA AUTHENTICATION AND SECURITY SYSTEM - The present invention includes a system and process for monitoring the transmission of secured, marked digital files. A cryptographic token inertly embedded in markup language tags of digital files is sought at a transmission gateway. | 09-26-2013 |
20130254550 | DIGITAL DATA AUTHENTICATION AND SECURITY SYSTEM - The present invention includes a system and process for monitoring the existence of secured, marked digital files. A cryptographic token inertly embedded in markup language tags of digital files is sought in relation to external, third-party databases, e.g. files over the Internet. | 09-26-2013 |
20130254551 | DIGITAL DATA AUTHENTICATION AND SECURITY SYSTEM - The present invention includes a system and process for monitoring the existence of secured, marked digital files. A cryptographic token inertly embedded in markup language tags of digital files is sought at via an internal databases, e.g. within memory on an electronic device. | 09-26-2013 |
20130254552 | DIGITAL DATA AUTHENTICATION AND SECURITY SYSTEM - The present invention includes a system and process for monitoring the existence of secured, marked digital files. A cryptographic token inertly embedded in markup language tags of digital files is sought in relation to external, third-party databases, e.g. files over the Internet. Instances of files lacking the cryptographic token are identified. | 09-26-2013 |
20130254553 | DIGITAL DATA AUTHENTICATION AND SECURITY SYSTEM - The present invention includes a secured, marked digital file and the software system for creating the digital file. A cryptographic token is inertly embedded in markup language tags of digital file. | 09-26-2013 |
20130254554 | DIGITAL DATA AUTHENTICATION AND SECURITY SYSTEM - The present invention includes a secured, marked digital file and a security system for utilizing the digital file to control actions in connection with the digital file, and process that permits interactions between a software product utilizing the digital file and a monitor program with access to a database with records related to a token with the digital file. The digital file may seek instructions from a record database to restrict file actions. | 09-26-2013 |
20130254555 | DIGITAL DATA AUTHENTICATION AND SECURITY SYSTEM - The present invention includes a secured, marked digital file and a security system for utilizing the digital file to control actions in connection with the digital file, and process that permits interactions between a software product utilizing the digital file and a monitor program with access to a database with records related to a token with the digital file. The digital file may include portable instructions within the file that restrict file actions. | 09-26-2013 |
20130254556 | NON-TRANSITORY COMPUTER READABLE MEDIUM, PROGRAM PROTECTION APPARATUS, AND PROGRAM PROTECTION METHOD - Provided is a non-transitory computer readable medium causing a computer to function as a designation receiving unit that receives designation of a protection target section, a movement arranging unit that moves and arranges the protection target section of a program to a second arrangement location different from a first arrangement location, and a changing unit that changes the protection target section of the program to a substitution code, wherein the substitution code causes a native environment to function as a reconstruction unit that reconstructs context of the native environment as virtual context for a virtual machine in a memory of the native environment, and a virtual machine execution unit that executes the virtual machine, and delivers information indicative of an address in the memory of the virtual context to the virtual machine, so that the virtual machine executes the protection target section using the virtual context. | 09-26-2013 |
20130262874 | SYSTEMS AND METHODS FOR CONTROLLING ACCESS TO SUPPLEMENTAL CONTENT INTEGRATED INTO EXISTING CONTENT - Methods and systems to allow for selective access to supplemental content that is associated with more generally distributed original content. In an embodiment, supplemental content may be encrypted, then integrated with original content using a steganographic technique. The resulting aggregated content may then be made available to users. Users may then extract the encrypted supplemental content from the original content. Those users having the proper privilege level may be given a cryptographic key to allow decryption of the supplemental content. Those without the necessary privilege will not be given this decryption key, and will therefore be unable to access the supplemental content. | 10-03-2013 |
20130262875 | Binary Data Store - A method for storing binary data, preferably in the form of Binary Large Objects (BLOBs), in more than one location. The method includes the steps of producing a processing thread corresponding to each location where the data is to be stored and verifying whether each thread has completed successfully after a predetermined time period. Information relating to the storage of the binary data is stored in an access token. | 10-03-2013 |
20130262876 | Method, Apparatus, and System for Performing Authentication on Bound Data Card and Mobile Host - Embodiments of the present invention provide a method, an apparatus, and a system for performing authentication on a bound data card. The method includes receiving identifier information sent by a mobile host. The identifier information is used to identify products of the same model or the same batch and is located in an OEM information area of a basic input output system in the mobile host. It is determined whether the identifier information is consistent with identifier information in data card software. If the identifier information is consistent with the identifier information in the data card software, the authentication on the data card succeeds. | 10-03-2013 |
20130262877 | APPARATUS, SYSTEM, AND METHOD FOR PROVIDING MEMORY ACCESS CONTROL - Described herein are apparatus, system, and method for providing memory access control to protect software (e.g., firmware backup) and other data. The method comprises providing, by a processor, a protected storage area in a memory for storing backup image of software; detecting corruption in the software; accessing the backup image of the software from the protected storage area; and updating the corrupted software using the backup image, wherein the protected storage area is a reserved storage area of the memory. | 10-03-2013 |
20130268769 | Methods, Systems, and Product for Hashing Using Twisted Tabulation - Methods, systems, and products describe a robust solution for the dictionary problem of data structures. A hash function based on tabulation is twisted to utilize an additional xoring operation and a shift. This twisted tabulation offers strong robustness guarantees over a set of queries in both linear probing and chaining. | 10-10-2013 |
20130268770 | CRYPTOGRAPHIC HASH DATABASE - A method for bursting a hash table of a key-value database comprises receiving a key and a value, traversing trie nodes of the key-value database from a root node to a leaf node by recursively dividing the key into a prefix and a suffix, reaching the leaf node, the leaf node being the hash table, determining that the key is not stored in the hash table, determining that the hash table is not able to store the key and the value, removing the hash table, associating a new trie node with a parent trie node of the hash table, associating two or more new hash tables with the new trie node, moving all keys and associated values from the hash table into one of the two or more new hash tables, and inserting the key and the associated value into one of the two or more new hash tables. | 10-10-2013 |
20130268771 | DIGITAL RIGHTS MANAGEMENT SYSTEM AND METHODS FOR ACCESSINGCONTENT FROM AN INTELLIGENT STORAG - The present invention relates to accessing content stored on a storage device and protecting the content with a digital rights management (DRM) scheme. The storage device may be a disk drive, or network attached storage. The storage device can perform cryptographic operations and provide a hardware root of trust. The DRM employs a binding key, a content key, and an access key. The binding key binds the content to the storage device and is based on a key concealed on the storage device. The binding key itself is not stored anywhere on the storage device. The content key is a key assigned to the content. The access key is determined based on a cryptographic combination of the content key and binding key. In one embodiment, the content is encrypted based on the access key and stored in encrypted form in the storage device. | 10-10-2013 |
20130268772 | Computer-Implemented System And Method For Providing Private Stable Matchings Through A Re-encryption Mix Network - A computer-implemented system and method for providing private stable matchings through a re-encryption mix network is presented. Preferences are encrypted. Bids are created. An initial mixing is performed. A set of unmatched bids and a set of matched bids are externally mixed independently. A union of the set of unmatched bids and the set of matched bids are internally mixed. For the number of participants in a set of active participants, a stable match for one of passive participants is determined, while the set of unmatched bids remains non-empty. The set of matched bids for the last stable match is externally mixed. The preferences in the set of matched bids are decrypted to identify the passive participants stably matched to the active participants. | 10-10-2013 |
20130268773 | COMPUTATIONAL SYSTEMS AND METHODS FOR PREPARING DATA FOR DOUBLE-ENCRYPTION AND ANONYMOUS STORAGE - Methods, apparatuses, computer program products, devices and systems are described that carry out accepting at least one identifier corresponding to a user having at least one instance of data for encryption; encrypting the at least one identifier corresponding to the user to produce at least one encrypted identifier, wherein the at least one encrypted identifier also corresponds to the at least one instance of data for encryption; and transmitting the encrypted identifier to an encryption entity. | 10-10-2013 |
20130268774 | SYSTEMS AND METHODS FOR SECURING AND RESTORING VIRTUAL MACHINES - Systems and methods are provided for securing a virtual machine by causing a plurality of shares of virtual machine files to be separately stored in response to a stop command. Systems and methods are also provided for restoring a data set with a cryptographic restoration application in response to a series of user inputs received when no visual indicator of the cryptographic restoration algorithm is displayed, and for restoring a data set with data shares received from another computer device in response to detecting a communication link with the device. | 10-10-2013 |
20130268775 | METHOD AND DEVICE FOR GENERATING A CODE - Methods and devices arranged to provide functions for generating a security code are described. These functions include defining a set of locations in the one or more images on the basis of one or more user-selected locations, and generating a security code based on values determined and derived from display parameters associated with imaging elements having locations corresponding to the defined set of locations. This enables a security code to be generated that contains a high level of entropy, and is therefore capable of providing high levels of security, based on user input that is easy for the user to remember. | 10-10-2013 |
20130268776 | CRYPTOGRAPHIC PROCESSING APPARATUS AND IC CARD - A cryptographic processing apparatus according to embodiments includes a cryptographic operation processing section that can execute cryptographic processor of encryption operation and decryption operation, and a control section. The control section controls the execution of the cryptographic operation processing section such that a first operation for converting a first value, which is input data to be subjected to cryptographic processor, or intermediate data during cryptographic processor, into a second value, and a second operation for converting the second value into the first value are performed successively at least one time. | 10-10-2013 |
20130268777 | Securing Inputs from Malware - A series of touch panel key entries may be secured by shuffling touch entry coordinates. In one embodiment, the entries may be secured by applying a shuffling algorithm that replaces the true coordinates with other incorrect coordinates. Then the correct data may be reassembled in a secure environment. | 10-10-2013 |
20130275765 | SECURE DIGITAL DOCUMENT DISTRIBUTION WITH REAL-TIME SENDER CONTROL OF RECIPIENT DOCUMENT CONTENT ACCESS RIGHTS - A system, method, and computer program product for automatically providing a document sender with full real-time control over a recipient's document content access rights, even after delivery is completed. A sender creates original content and defines access rights for a selected recipient identified by username or email address. The document and rights are encrypted and sent to a server, which transmits a notification to the recipient including instructions on how to acquire the content. The recipient downloads the document content with an embodiment, and may use the received document according to the current access rights, which are verified with a server upon opening the document and may control document viewing, printing, and usage time limits. The sender may alter or revoke access rights at any time, and may monitor recipient document usage in detail. Secondary authentication, electronic commerce, and Bates stamping are enabled for application, enterprise, and point-to-point embodiments. | 10-17-2013 |
20130275766 | Microcontroller Configured for External Memory Decryption - In an advanced metering infrastructure environment, software program statements and/or data may be encrypted. A microcontroller unit may include a first cache configured to store a block of encrypted data obtained from an external memory device. A decryption engine may decrypt the block of encrypted data for storage in a second cache. An address alignment module may be configured to receive input from a program counter and to calculate an offset pointer. The offset pointer may indicate a particular word in the block of decrypted data within the second cache for transmission to an instruction register for use by an application program. An address generator may be configured to receive input from the address alignment module and to indicate a block of data in the external memory device to be loaded into the first cache, to thereby replacing the encrypted data sent to the decryption engine. | 10-17-2013 |
20130275767 | MAGNETIC DISK DEVICE AND DATA READ AND WRITE METHOD - According to one embodiment, a magnetic disk device includes a read and write channel transfers data to/from a magnetic disk; a data processor cancels an inter-track interference in data read; an encryption decode processor which is provided in common through a write data path and a read data path in the read and write channel and executes an encryption processing and a decode processing for the data to be transferred to/from the magnetic disk; and an encryption decode processing bypass module bypasses the encryption processing or the decode processing through the encryption decode processor in a cancellation of the inter-track interference in the data processor. | 10-17-2013 |
20130275768 | SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. | 10-17-2013 |
20130275769 | METHOD, DEVICE, AND SYSTEM FOR PROTECTING AND SECURELY DELIVERING MEDIA CONTENT - A method, device, and system for protecting and securely delivering media content includes configuring a memory controller of a system-on-a-chip (SOC) to establish a protected memory region, authenticating a firmware of a hardware peripheral using a security engine of the SOC, and storing the authenticated firmware in the protected memory region. The security engine may authenticate the firmware by authenticating a peripheral cryptographic key used to encrypt the firmware. Only authenticated hardware peripherals may access the protected memory region. | 10-17-2013 |
20130275770 | ALWAYS-AVAILABLE EMBEDDED THEFT REACTION SUBSYSTEM - A platform including an always-available theft protection system is described. In one embodiment, the platform comprises a storage including full disk encryption, a risk behavior logic to detect a potential problem when the platform is armed, and a core logic component to provide logic to analyze the potential problem and to trigger a security action logic to perform the security action, when the potential problem indicates a theft suspicion. The system, in one embodiment, further includes the security action logic, to send an alert to another device regarding the theft suspicion, and to trigger the storage to encrypt data, and an encryption logic to encrypt the data when the platform is in an OFF or low power state. | 10-17-2013 |
20130283058 | PRESERVING REDUNDANCY IN DATA DEDUPLICATION SYSTEMS BY ENCRYPTION - Various embodiments for preserving data redundancy in a data deduplication system in a computing environment are provided. A selected data segment, to be written through the data deduplication system, is encrypted such that the selected data segment is not subject to a deduplication operation. Other system and computer program product embodiments are disclosed and provide related advantages. | 10-24-2013 |
20130283059 | DATA MASKING - Method, device, and storage medium to receive test data including multiple test strings, wherein the test data is a data set that includes all possible values of input strings to be data masked; encrypt each of the test strings; select a portion of the encrypted test string; compare each portion to the corresponding test string; determine, for each portion, whether the portion of is equal to the corresponding test string; assign the portion as a replacement string when the portion is not equal to the corresponding test string; determine whether each replacement string is unique; store each replacement string that is not unique; generate, for each replacement string that is not unique, an alternate replacement string; and output an alternate replacement string, as a masked string in response to a determination that art input string matches one of the stored test strings associated with one of the alternate replacement strings. | 10-24-2013 |
20130283060 | Seamless Remote Synchronization and Sharing of Uniformly Encrypted Data for Diverse Platforms and Devices - A way of sharing privately encrypted user data that is stored remotely from an owner of the user data is provided. A request to share the privately encrypted data with a set of authorized persons may be received. A private encryption key may be received, where the private encryption key is managed by the owner of the user data. The privately encrypted user data may be decrypted using the private encryption key, where the decrypted user data is share data. The share data may be encrypted using a default encryption key. The encrypted share data may be stored at the remote storage. The set of authorized persons may be provided access to the encrypted share data. | 10-24-2013 |
20130283061 | IMAGE PROCESSING METHOD AND APPARATUS FOR PRIVACY PROTECTION OF CAPTURED IMAGE - Provided are an image processing method and method for privacy protection of a captured image. The image processing method divides an original image into a plurality of regions, assigns access privileges to the respective regions, and encrypts the regions, and provides an image by performing masking to each region or provides an image without performing masking, based on the access privilege of an image access request, and achieving privacy protection from the leakage of an original image. Accordingly, when storing a captured PC screen image and providing the stored image, an image region having no relation to a user's activities is stored after hierarchical encryption, preventing privacy infringement. | 10-24-2013 |
20130283062 | PRESERVING REDUNDANCY IN DATA DEDUPLICATION SYSTEMS BY ENCRYPTION - Various embodiments for preserving data redundancy in a data deduplication system in a computing environment are provided. In one embodiment, a method for such preservation is disclosed. A selected data segment, to be written through the data deduplication system, is encrypted such that the selected data segment is not subject to a deduplication operation. | 10-24-2013 |
20130283063 | DIGITAL IDENTITY DEVICE - A digital identity device for uniquely identifying legal entities. The digital identity device is used for secure electronic communications. | 10-24-2013 |
20130290730 | SYSTEMS AND METHODS FOR DATA ACCESS PROTECTION - Systems and methods are provided for data access protection. The disclosed computing system can provide an adjusted iteration count to a dynamic key stretching module. The computer system can determine whether the adjusted iteration count is to be used to enhance a passphrase for data encryption or data decryption. When the adjusted iteration count is to be used for data encryption, the computing system is configured to compute the adjusted iteration count by modifying a base iteration count according to an adjustment configuration; when the adjusted iteration count is to be used for data decryption, the computing system is configured to retrieve the adjusted iteration count that was used to encrypt the data. Once the adjusted iteration count is determined, the computing system is configured to provide the adjusted iteration count to the dynamic key stretching module. | 10-31-2013 |
20130290731 | SYSTEMS AND METHODS FOR STORING AND VERIFYING SECURITY INFORMATION - Systems and methods are provided for storing and verifying security information. A method can include receiving a request to access an encrypted file from a storage medium, wherein the request includes security information, performing key stretching on the security information to compute a key associated with the security information, computing a first check value associated with the key, receiving at least one of a header, metadata, or filename of the encrypted file from the storage medium, retrieving a second check value stored in the at least one of the header, metadata, or filename of the encrypted file, comparing the first check value with the second check value, and receiving the encrypted file from the storage medium only when the first check value matches the second check value. | 10-31-2013 |
20130290732 | SYSTEMS AND METHODS FOR STORING AND VERIFYING SECURITY INFORMATION - Systems and methods are provided for storing and verifying security information. A method can include receiving security information for encrypting a file, performing key stretching on the security information to compute a key associated with the security information, encrypting the file using the key, computing a check value associated with the key, wherein at least a portion of the check value is stored in at least one of a header, metadata, or filename of the encrypted file, and storing the encrypted file in a storage medium. | 10-31-2013 |
20130290733 | SYSTEMS AND METHODS FOR CACHING SECURITY INFORMATION - Systems and methods are provided for caching security information. A method can include receiving security information for a file, performing a first hash function on the security information using a first salt and a first mixer to compute a key associated with the security information, performing a second hash function on the key using a second salt and a second mixer to compute an index associated with the key, wherein the second mixer is different from the first mixer, caching at least one of the security information and the key in a storage medium, and storing the index with the file, wherein the index is associated with the at least one of the security information and the key stored in the storage medium. | 10-31-2013 |
20130290734 | SYSTEMS AND METHODS FOR CACHING SECURITY INFORMATION - Systems and methods are provided for caching security information. A method can include receiving security information for a file to be accessed at a device, performing a first hash function on the security information using a salt and a first mixer to compute a key associated with the security information, generating a device identifier (ID) unique to the device, performing a second hash function on the key using the device ID and a second mixer to compute an index associated with the key, wherein the second mixer is different from the first mixer, caching at least one of the security information and the key in a storage medium, wherein the index refers to the at least one of the security information and the key cached in the storage medium, and storing the index with the file. | 10-31-2013 |
20130290735 | AUTHENTICATION DEVICE AND SYSTEM - A public key architecture ( | 10-31-2013 |
20130290736 | DATA STORAGE DEVICE, DATA CONTROL DEVICE AND METHOD FOR ENCRYPTING DATA - According to one embodiment, a data storage device includes an encryption module, a write module, and a controller. The encryption module encrypts or decrypts data. The write module writes, on a storage medium, encrypted data of data received from a host, the encrypted data being encrypted by the encrypting module. The controller causes the encryption module to encrypt data received from a host and to transfer the encrypted data to the write module through a buffer memory, during normal encryption process, and to re-encrypt the data recorded on the storage medium, during re-encryption process. During the re-encryption process, the controller causes the encryption module to decrypt the encrypted data read from the storage medium, to store the decrypted data into the buffer memory, and to re-encrypt the decrypted data from the buffer memory by the encryption module and to transfer the re-encrypted data to the write module. | 10-31-2013 |
20130290737 | METHOD OF DISTRIBUTING A DECRYPTION KEY IN FIXED-CONTENT DATA - Secondary content in encrypted for distribution to client terminals by selecting at least a portion of raw encrypted audio-video data (REAVD) that is provided on a media article as an encryption key, encrypting secondary content using the encryption key, and storing encrypted secondary content at a remotely located host. The media article can then be used for providing access to the encrypted secondary content to client terminals by receiving encrypted secondary content at a client terminal, extracting a decryption key from a media article encoded with REAVD, the decryption key being determined by at least a portion of the REAVD, using the decryption key to decrypt the secondary content, and outputting the decrypted secondary content from the client terminal. | 10-31-2013 |
20130297946 | SELECTIVE AUTHORIZATION OF THE LOADING OF DEPENDENT CODE MODULES BY RUNNING PROCESSES - Systems and methods for selective authorization of dependent code modules are provided. According to one embodiment, responsive to a monitored file system or operating system event initiated by an active process, a real-time authentication process is performed or bypassed on a code module to which the monitored event relates with reference to a multi-level whitelist. The multi-level whitelist includes a global whitelist database remote from the computer system, maintained by a trusted service provider and which contains cryptographic hash values of approved code modules; and a local whitelist database that includes cryptographic hash values of a subset of the approved code modules. The active process is allowed to load the code module when the authentication process is bypassed or when the cryptographic hash value of the code module matches one of the cryptographic hash values of approved code modules within the multi-level whitelist. | 11-07-2013 |
20130297947 | STORING DATA INTEGRITY INFORMATION UTILIZING DISPERSED STORAGE - A method begins by a processing module generating an integrity check value for each encoded data slice of a set of encoded data slices to produce a set of integrity check values. The method continues with the processing module encoding the set of integrity check values to produce encoded integrity check values. The method continues with the processing module sending the encoded integrity check values for storage in a memory system. | 11-07-2013 |
20130305057 | CRYPTOGRAPHIC ERASURE OF SELECTED ENCRYPTED DATA - Exemplary method, system, and computer program product embodiments for cryptographic erasure of selected encrypted data are provided. In one embodiment, by way of example only, data files are configured with a derived key. The derived keys adapted to be individually shredded in a subsequent erasure operation. The derived key allows for cryptographic erasure of the selected encrypted data in the data files without necessitating at least one of removal and rewrite of retained data. Additional system and computer program product embodiments are disclosed and provide related advantages. | 11-14-2013 |
20130305058 | CONTROLLING ENTERPRISE DATA ON MOBILE DEVICE VIA THE USE OF A TAG INDEX - A method, system and computer program product for controlling enterprise data on mobile devices. Data on a mobile device is tagged as being associated with either enterprise data or with personal data. Upon identifying the storage location of the tagged data and the identifier of the application that generated the tagged data, the tag, the storage location of the tagged data and the identifier of the application are stored in an index. A mobile agent residing on the mobile device may be directed by a mobile device management server of the enterprise to perform various actions (e.g., deleting, encrypting, backing-up) on the enterprise data using the index. In this manner, the enterprise has the ability to control their applications and data that resides on employees' mobile devices to ensure that such data is not lost or used in a manner that is contrary to the wishes of the employer. | 11-14-2013 |
20130305059 | Airport Security Check System and Method Therefor - A decryption system for decrypting user identification information encrypted on a storage device associated with a user identity document is disclosed. The system comprises: a server configured to collect user identity document data from the user and to construct a token including the user identity document data encoded in a machine readable form; a key construction unit communicatively coupled to a reader configured to read the data from the token and configured to read the data encoded on the storage device. The key construction unit uses the user identity document data read from the token to construct a key which enables the identity document reader to decrypt the user identification information stored on the storage device. | 11-14-2013 |
20130311785 | SYSTEM AND METHOD FOR PROVIDING ENCRYPTION IN STORAGE OPERATIONS IN A STORAGE NETWORK, SUCH AS FOR USE BY APPLICATION SERVICE PROVIDERS THAT PROVIDE DATA STORAGE SERVICES - In accordance with embodiments of the invention, a method is provided for performing a storage operation in a pipeline storage system in which one or more data streams containing data to be stored are written into data chunks. The method includes generating an encryption key associated with a first archive file to be stored when encryption is requested for the storage operation, encrypting the archive data from the data stream using the encryption key to create an encrypted data chunk when a data stream containing the archive file is processed in the pipeline storage system, storing the encrypted data chunk on a storage medium, and storing the encryption key in a manner accessible during a restore operation of the encrypted data chunk. | 11-21-2013 |
20130311786 | Cryptographic Key Attack Mitigation - Cryptographic keys and, subsequently, the data they are intended to protect, are safeguarded from unwarranted attacks utilizing various systems and methodologies designed to minimize the time period in which meaningful versions of cryptographic keys exist in accessible memory, and therefore, are vulnerable. Cryptographic keys, and consequently the data they are intended to protect, can alternatively, or also, be protected from attackers utilizing systems and a methodology that employs a removable storage device for providing authentication factors used in the encryption and decryption processing. Cryptographic keys and protected data can alternatively, or also, be protected with a system and methodology that supports data separation on the storage device(s) of a computing device. Cryptographic keys and the data they are intended to protect can alternatively, or also, be protected employing a system and methodology of virtual compartmentalization that effectively segregates key management from protected data. | 11-21-2013 |
20130311787 | METHODS AND APPARATUS FOR EFFICIENT COMPUTATION OF ONE-WAY CHAINS IN CRYPTOGRAPHIC APPLICATIONS - Techniques are disclosed for efficient computation of consecutive values of one-way chains and other one-way graphs in cryptographic applications. The one-way chain or graph may be a chain of length s having positions i=1, 2, . . . s each having a corresponding value v | 11-21-2013 |
20130311788 | SYSTEM PROVIDING AN IMPROVED SKIMMING RESISTANCE FOR AN ELECTRONIC IDENTITY DOCUMENT - The invention relates to a secured identity document ( | 11-21-2013 |
20130318360 | PROXY COMPUTING SYSTEM, COMPUTING APPARATUS, CAPABILITY PROVIDING APPARATUS, PROXY COMPUTING METHOD, CAPABILITY PROVIDING METHOD, PROGRAM, AND RECORDING MEDIUM - A computing apparatus outputs τ | 11-28-2013 |
20130326230 | METHODS AND APPARATUS FOR DATA HASHING BASED ON NON-LINEAR OPERATIONS - A method and an apparatus that provides a hard problem based hashing mechanism to improve security of hash functions are described. The hashing mechanism can include a custom padding and/or a post processing to a hashed value strengthened via operations specifying a hard problem. In one embodiment, a new hash function may be provided or defined directly without introducing or relying on existing hash functions to embed security features based on this hard problem. The new hash functions can be used in usual constructions implying hash functions. For example, the standard HMAC construction could be applied on these hash functions, standard signature algorithms or authentication protocol, etc. | 12-05-2013 |
20130326231 | System and Method for Downloading Electronic Information to a Video Lottery - This invention relates to reprogramming of in-circuit programmable chips installed in video lottery terminals (VLTs) by downloading electronic information (software) to such chips. Encrypted electronic information is downloaded from a host device to a gaming terminal through a communications link. The terminal comprises a decryption component configured for decrypting the encrypted electronic information using at least two security keys, at least one said key being resident in the terminal and at least another said key being delivered to the terminal at the time of the downloading (the downloading facilitating a replacement of existing software in terminal with corresponding decrypted software obtained from decrypting the encrypted information). The encrypted information transmitted to the terminal comprises at least one next version key for later use by the decryption component in decrypting a next version of encrypted electronic information. The non-resident key may be provided to the terminal by means of an electronic plug-in security key or provided through a secure network. | 12-05-2013 |
20130326232 | DEVICE FOR CARRYING OUT A CRYPTOGRAPHIC METHOD, AND OPERATING METHOD FOR SAME - A device for carrying out a cryptographic method has an input interface for receiving input data, an output interface for outputting output data, and a cryptographic unit for carrying out the cryptographic method. A first functional unit is provided which is designed to convert at least a portion of the input data into transformed input data using a first deterministic method, and to supply the transformed input data to the cryptographic unit, and/or a second functional unit is provided which is designed to convert at least a portion of output data of the cryptographic unit into transformed output data using a second deterministic method, and to supply the transformed output data to the output interface. | 12-05-2013 |
20130326233 | LOCATING CRYPTOGRAPHIC KEYS STORED IN A CACHE - Example embodiments provide various techniques for locating cryptographic keys stored in a cache. The cryptographic keys are temporarily stored in the cache until retrieved for use in a cryptographic operation. The cryptographic key may be located or found through reference to its cryptographic key identifier. In an example, a particular cryptographic key may be needed for a cryptographic operation. The cache is first searched to locate this cryptographic key. To locate the cryptographic key, the cryptographic key identifier that is associated with this cryptographic key is provided. In turn, the cryptographic key identifier may be used as an address into the cache. The address identifies a location of the cryptographic key within the cache. The cryptographic key may then be retrieved from the cache at the identified address and then used in the cryptographic operation. | 12-05-2013 |
20130326234 | INFORMATION PROCESSING DEVICE AND INFORMATION PROCESSING PROGRAM - A long-term signature group has a package of long-term signature data and an information file. The package of long-term signature data is obtained by compressing original data and XAdES as long-term signature data of original data into a single file. In the information file, the hash value of the package of long-term signature data, the expiration date of ATS to be used in XAdES, a distribution point of expiration information, the serial number of ATS, and the like are recorded. Non-destruction of the package of long-term signature data can be confirmed by the hash value, the expiration date of ATS can be confirmed by the expiration date, and the expiration information can be obtained from the distribution point of the expiration information to confirm the validity of ATS. Therefore, the validity of the long-term signature is efficiently confirmed. | 12-05-2013 |
20130326235 | CRYPTOGRAPHIC METHOD - In a cryptographic method between a portable data carrier and a terminal device there are employed a public data-carrier key and a secret data-carrier key of the data carrier as well as a public terminal key and a secret terminal key of the terminal device. The data carrier employs as a public data-carrier key a static public key. As a secret data-carrier key the data carrier employs a secret key that is derived from a secret basic key associated with the public data-carrier key. Within the framework of the method, the terminal device checks an authentication parameter associated with the data carrier and different from the data-carrier keys. | 12-05-2013 |
20130332742 | SPEED UP SECURE HASH ALGORITHM (SHA) USING SINGLE INSTRUCTION MULTIPLE DATA (SIMD) ARCHITECTURES - A processing apparatus may comprise logic to preprocess a message according to a selected secure hash algorithm (SHA) algorithm to generate a plurality of message blocks, logic to generate hash values by preparing message schedules in parallel using single instruction multiple data (SIMD) instructions for the plurality of message blocks and to perform compression in serial for the plurality of message blocks, and logic to generate a message digest conforming to the selected SHA algorithm. | 12-12-2013 |
20130332743 | SPEED UP SECURE HASH ALGORITHM (SHA) USING SINGLE INSTRUCTION MULTIPLE DATA (SIMD) ARCHITECTURES - A processing apparatus comprises logic to, according to a selected secure hash algorithm (SHA) algorithm, generate hash values by preparing message schedules for a plurality of message blocks in parallel using single instruction multiple date (SIMD) instructions and performing compression in serial, and logic to generate a message digest conforming to the secure hash algorithm (SHA) algorithm. | 12-12-2013 |
20130332744 | METHOD AND SYSTEM FOR ACCELERATING CRYPTOGRAPHIC PROCESSING - A method, an apparatus, and a non-transitory computer readable medium for accelerating cryptographic processing are presented. A cryptographic algorithm is parallelized, which includes breaking the cryptographic algorithm into components, parallelizing an entire component if the component is fully parallelizable, parallelizing part of a component if the component is partially parallelizable, and sequentially executing a component if the component is not parallelizable. Processing of the parallelizable component or the partially parallelizable component is distributed to one or more parallelized devices. The parallelized devices include at least one of: a graphics processing unit or a cryptographic processing device, which may include an integrated cryptographic processor or a cryptographic co-processor. | 12-12-2013 |
20130332745 | SECURE FIELD-PROGRAMMABLE GATE ARRAY (FPGA) ARCHITECTURE - A method and system for configuring a field-programmable gate array (FPGA) includes receiving an encrypted FPGA load-decryption key at an FPGA from a remote key-storage device. The remote key-storage device may be external to and operatively connected with the FPGA. The encrypted FPGA load-decryption key is decrypted using a session key, which may be stored at both the FPGA and the remote key-storage device. Encrypted FPGA-configuration data is received at the FPGA, and decrypted and authenticated using the decrypted FPGA load-decryption key. The decryption of the FPGA-configuration data may indicate a cryptographic state associated with the FPGA-configuration data, which may be used in recurring authentication of the FPGA-configuration data. For recurring authentication, a challenge message may be received at the FPGA from an authentication device, which may be encrypted using the cryptographic state and the session key to generate a response message. The response message may then be sent to the authentication device to determine authenticity of the FPGA-configuration data. | 12-12-2013 |
20130339750 | REDUCING DECRYPTION LATENCY FOR ENCRYPTION PROCESSING - In a storage system, using a pool of encryption processing cores, the encryption processing cores are assigned to process either encryption operations, decryption operations, and decryption and encryption operations, that are scheduled for processing. A maximum number of the encryption processing cores are set for processing only the decryption operations, thereby lowering a decryption latency. A minimal number of the encryption processing cores are allocated for processing the encryption operations, thereby increasing encryption latency. Upon reaching a throughput limit for the encryption operations that causes the minimal number of the plurality of encryption processing cores to reach a busy status, the minimal number of the plurality of encryption processing cores for processing the encryption operations is increased. | 12-19-2013 |
20130339751 | Method for Querying Data in Privacy Preserving Manner Using Attributes - A client queries a set of encrypted data instances located at a server with a query attribute of the client. The set of encrypted data instances is associated with a set of ciphertexts, wherein a ciphertext is an encrypted function of a representation of a corresponding data instance and a data instance attribute extracted from the corresponding data instance. The client decrypts the ciphertext from the set of ciphertexts based on a distance function of the query attribute and the data instance attribute to produce the representation, and accesses the corresponding data instance using the representation. | 12-19-2013 |
20130339752 | REMOTE CIRCUIT LOCKING SWITCH SYSTEM - A method and apparatus for remotely controlling access to the components of an optically interconnected information processing infrastructure is presented. Access to the infrastructure is controlled independently of the infrastructure operating system. | 12-19-2013 |
20130339753 | ENCRYPTION PROCESSING DEVICE, ENCRYPTION PROCESSING METHOD, AND PROGRAM - Miniaturization of an encryption processing configuration is achieved. Included is an encryption processing unit configured to divide and input configuration bits of data to be data processed into a plurality of lines, and to repeatedly execute data conversion processing of data for each line, wherein the encryption processing unit includes an F function execution unit to input data from one line configuring the plurality of lines and generate converted data, an XOR calculation unit to execute an XOR calculation with other lines of data corresponding to the output from the F function, an intermediate data storage register to store intermediate data during the process of generating converted data in the F function execution unit, and an inverse calculation executing unit to calculate input data regarding the F function execution unit on the basis of the data stored in the intermediate storage register. The input values for the F function execution unit are calculable by the inverse calculation in the inverse calculation executing unit, which enables a reduction in registers for storing this data. | 12-19-2013 |
20130339754 | CRYPTOGRAPHIC PROCESSING SYSTEM, KEY GENERATION DEVICE, ENCRYPTION DEVICE, DECRYPTION DEVICE, CRYPTOGRAPHIC PROCESSING METHOD, AND CRYPTOGRAPHIC PROCESSING PROGRAM - A decentralized multi-authority functional encryption according to which the security of the whole system does not depend on a single party. Among a plurality of key generation devices, arbitrary one key generation device generates gparam, and each key generation device generates an authority public key and an authority secret key based on gparam. At least some key generation devices among the plurality of key generation devices generate a part of a decryption key of the user based on the authority secret key ask. The user forms one decryption by putting together the decryption keys generated by at least some of the key generation devices, and decrypts a ciphertext. | 12-19-2013 |
20130346756 | BRANDING A COMMODITY DRIVE - A computer implemented method for branding a commodity drive may include reading a unique identifier from a drive, partitioning the drive into a first partition and a second partition, combining the unique identifier with a secret to form an encoded value, and writing the encoded value to the first partition. | 12-26-2013 |
20130346757 | ROLLBACK PROTECTION FOR LOGIN SECURITY POLICY - In one embodiment, an encryption system may protect user login metadata from hammering attacks. A data storage | 12-26-2013 |
20140006797 | MEMORY AUTHENTICATION WITH REDUNDANT ENCRYPTION | 01-02-2014 |
20140006798 | DEVICE, SYSTEM, AND METHOD FOR PROCESSOR-BASED DATA PROTECTION | 01-02-2014 |
20140006799 | METHODS AND APPARATUS FOR A SECURE SLEEP STATE | 01-02-2014 |
20140006800 | METHOD AND APPARATUS FOR PROVIDING PROVABLY SECURE USER INPUT/OUTPUT | 01-02-2014 |
20140006801 | Start Method for Application Cryptographic Keystores | 01-02-2014 |
20140006802 | ORDERED DELETION OF CONTENT IN STORAGE SYSTEMS | 01-02-2014 |
20140006803 | System And Method For Securely Binding And Node-Locking Program Execution To A Trusted Signature Authority | 01-02-2014 |
20140013122 | CIPHER TEXT TRANSLATION - A computer system includes memory configured to store information regarding predetermined conditions of an encryption operation and a processor configured to analyze an inbound key and an outbound key of the encryption operation. The processor is also configured to determine that the encryption operation includes a translation from a first class of encryption to a second class of encryption based on the analyzing the inbound key and the outbound key, and to determine whether the translation is permitted based on the predetermined conditions. | 01-09-2014 |
20140013123 | DATA SECURITY USING INTER-ZONE GATE CIRCUITS - A circuit for secure operation includes a plurality of mutually exclusive circuit zones including a first circuit zone having a first level of security and a second circuit zone having a second level of security less than the first level of security and one or more gate circuits each providing limited transfer of data between the circuit zones, the gate circuits providing all data connectivity between the first circuit zone and the second circuit zone and statically configured to prevent unmodified transfer of data from the first circuit zone to the second circuit zone. | 01-09-2014 |
20140013124 | ON-CHIP STORAGE, CREATION, AND MANIPULATION OF AN ENCRYPTION KEY - A system and method for encrypting data provides for retrievial of an encryption key; identification of the address in memory of a first portion of the data to be encrypted; derivation of a first unique key from the encryption key and the address of the first portion of data; encryption of the first portion of data using the first unique key; identification of the address in memory of a second portion of data to be encrypted; derivation of a second unique key from the encryption key and the address of the second portion of data; and encryption of the second portion of data using the second unique key. | 01-09-2014 |
20140019769 | ENCRYPTION/DECRYPTION FOR DATA STORAGE SYSTEM WITH SNAPSHOT CAPABILITY - A method for managing access to encrypted data of a data storage system storing snapshot data, a snapshot providing a previous point-in-time copy of data in a volume of the data storage system, wherein the data storage system utilizes changing encryption keys for write data. For each snapshot, the method stores at least one decryption key identifier for each decryption key corresponding to an encryption key utilized to encrypt data written to a volume since a previous snapshot was committed to disk, and associates the at least one decryption key identifier with the snapshot. A key table associating decryption key identifiers with corresponding decryption keys is provided, and based on the key table and the at least one decryption key identifier associated with the snapshot, one or more decryption keys required for accessing encrypted data associated with the snapshot are determined. Decryption key identifiers may be stored in snapshot metadata. | 01-16-2014 |
20140019770 | PRE-EVENT REPOSITORY ASSOCIATED WITH INDIVIDUAL PRIVACY AND PUBLIC SAFETY PROTECTION VIA DOUBLE ENCRYPTED LOCK BOX - A method substantially as shown and described the detailed description and/or drawings and/or elsewhere herein. A device substantially as shown and described the detailed description and/or drawings and/or elsewhere herein. | 01-16-2014 |
20140019771 | Method and System for Protecting Execution of Cryptographic Hash Functions - A method of protecting the execution of a cryptographic hash function, such as SHA-256, in a computing environment where inputs, outputs and intermediate values can be observed. The method consists of encoding input messages so that hash function inputs are placed in a transformed domain, and then applying a transformed cryptographic hash function to produce an encoded output digest; the transformed cryptographic hash function implements the cryptographic hash function in the transformed domain. | 01-16-2014 |
20140019772 | TECHNIQUES FOR SECURE DATA MANAGEMENT IN A DISTRIBUTED ENVIRONMENT - Techniques for secure data management in a distributed environment are provided. A secure server includes a modified operating system that just allows a kernel application to access a secure hard drive of the secure server. The hard drive comes prepackaged with a service public and private key pair for encryption and decryption services with other secure servers of a network. The hard drive also comes prepackaged with trust certificates to authenticate the other secure servers for secure socket layer (SSL) communications with one another, and the hard drive comes with a data encryption key, which is used to encrypt storage of the secure server. The kernel application is used during data restores, data backups, and/or data versioning operations to ensure secure data management for a distributed network of users. | 01-16-2014 |
20140019773 | METHOD AND SYSTEM FOR PROTECTING DATA - Methods and systems for protecting data may include controlling encryption and/or decryption and identifying a destination of corresponding encrypted and/or decrypted data, utilizing rules based on a source location of the data prior to the encryption or decryption and an algorithm that may have been previously utilized for encrypting and/or decrypting the data prior to the data being stored in the source location. The source location and/or destination of the data may comprise protected or unprotected memory. One or more of a plurality of algorithms may be utilized for the encryption and/or decryption. The rules may be stored in a key table, which may be stored on-chip, and may be reprogrammable. One or more keys for the encryption and/or decryption may be generated within the chip. | 01-16-2014 |
20140019774 | PROCESSING INFORMATION - A method and system for processing information. An apparatus divides target information into N pieces of divided data using a secret sharing scheme in which a predetermined number (K) of pieces of the N pieces of divided data is required to restore the target information, wherein N>K, and wherein the apparatus is an information processing device or an external storage device. The apparatus selects M pieces from the N pieces, wherein KM−K. | 01-16-2014 |
20140025958 | IMPLEMENTING SECURITY MEASURES FOR AUTHORIZED TOKENS USED IN MOBILE TRANSACTIONS - Security measures for tokens comprise storing security rules associated with a generated token in a memory. A processor, communicatively coupled to the memory, accesses the security rules associated with the generated token and determines whether to encrypt the generated token by applying at least a portion of the security rules to the generated token. The processor encrypts the generated token. An interface, communicatively coupled to the processor, communicates the encrypted token to a mobile device associated with a user. | 01-23-2014 |
20140025959 | SECURED CRITICAL INFORMATION STORAGE AND TRANSACTION - An enterprise system includes a storage having stored thereon a private key and a processor that is configured to receive a data object including an encrypted datum; decrypt the encrypted data based on the private key to generate a first string of digits, each digit including N bits, wherein N is a positive integer; shuffle the N bits of the each digit according a pre-determined pattern of bit positions to generate a second string of digits; and substitute a subset of the N bits of the each digit with pre-determined bits to generate a third string of digits. | 01-23-2014 |
20140025960 | METHOD AND APPARATUS FOR DETERRING A TIMING-BASED GLITCH ATTACK DURING A SECURE BOOT PROCESS - Disclosed is a method for deterring a timing-based glitch attack during a secure boot process of a device having a device-specific number. In the method, the device generates a pseudorandom number specific to a particular execution of a secure boot process. The device combines the device-specific number and the pseudorandom number to generate a diversity value. The device may change a timing of at least one process step of the secure boot process based on the diversity value. Also, the device may change an order of process steps of the secure boot process based on the diversity value. | 01-23-2014 |
20140025961 | VIRTUAL MACHINE VALIDATION - A system, method, and computer program product for providing validation of the compliance of a trusted host environment with a requirement of a virtual machine (VM). The system includes: a store component for cryptographically storing configuration data associated with the trusted host environment in at least one cryptographic data structure; a send component, responsive to the store component storing the configuration data, for sending the at least one cryptographic data structure to a control component; an analyse component, responsive to the control component receiving the at least one cryptographic data structure, for analysing the at least one cryptographic data structure; a compare component, responsive to the analyse component determining the configuration data, for comparing the configuration data with the requirement; and a verify component, responsive to the compare component determining that the configuration data matches the requirement, for allowing verification of the VM. | 01-23-2014 |
20140032925 | SYSTEM AND METHOD FOR COMBINING DEDUPLICATION AND ENCRYPTION OF DATA - The embodiments herein relate to data management and, more particularly, to global deduplication and encryption of data in data management systems. The user equipments (UE) are grouped under certain deduplication groups based on certain parameters such as rate of data exchange, frequency of data exchange, social closeness, work closeness, similarity of data and interests and so on, between those UEs. Further, specific deduplication and encryption parameters such as encryption method, encryption key, signature computation method, block computation method and so on are assigned to each group. Further, deduplication and encryption of data in each group is performed using the deduplication and encryption modes and parameters assigned to each group. The deduplication and encryption of data is performed in at least one of the UEs and/or a server. Further, the parameters used for deduplication and encryption are stored in specific databases and are encrypted for better security. | 01-30-2014 |
20140032926 | SYSTEM, METHOD AND COMPUTER PRODUCT FOR FAST AND SECURE DATA SEARCHING - A system for fast secured searching may include a user interface, a web layer configured for executing application logic and configured for interacting with a user via the user interface and configured to perform user authentication, and a database layer in communication with and accessible by the web layer and comprising a database configured for storing data, and a search engine configured for searching the database, wherein, communication to and from the database layer from and to the web layer is controlled by secure socket layer certificate authorization. The database layer may also include an inverted index in communication with the database and the search engine and configured for maintaining updated snapshots relating to the data in the database and an encryption/decryption layer for selective encryption of the data and configurable for field level, document level, and/or chunk level encryption. | 01-30-2014 |
20140032927 | ARCHIVING ELECTRONIC CONTENT HAVING DIGITAL SIGNATURES - In various embodiments, a computerized method includes receiving electronic content to be archived. The electronic content comprises a digital signature. The method may include archiving the digital signature, by determining a validity status of the digital signature and storing the validity status in the electronic content. The method may also include archiving the electronic content after the validity status has been stored in the electronic content. | 01-30-2014 |
20140032928 | SECURE LOOKUP - A method for secure data transformation and lookup is executed by a computer system. A data value to create an encrypted value is encrypted by the computer system. A hash value based on the encrypted value is generated by the computer system. A modulo operation is performed by the computer system on the hash value to create a modulo value. A transformed value from a lookup table is retrieved by the computer system by using the modulo value as an index for the look up table. The transformed value is provided by the computer system. | 01-30-2014 |
20140032929 | METHOD, DEVICE, AND SYSTEM FOR ENCRYPTING AND DECRYPTING IMAGE - The present invention relates to the field of computers, and disclosed are a method, device, and system for encrypting and decrypting an image. The method for encrypting an image includes: encrypting a preset size of header data of a to-be-encrypted image, and obtaining an encrypted data corresponding to the header data; determining a storage location for saving the encrypted data, saving the encrypted data in the storage location, and acquiring an offset for saving the encrypted data; and placing the encryption identifier and the offset in a storage area of the preset size of the to-be-encrypted image, so as to encrypt the to-be-encrypted image. The system includes: a device for encrypting an image and a device for decrypting an image. The present invention is capable of improving the speed and efficiency of encrypting and decrypting an image. | 01-30-2014 |
20140032930 | Secure data scanning method and system - A method of scanning secure data in a data store is performed in a manner that does not expose the scan data, the files being searched, or information about when matches occur between the scan data and the files. During the scan process, encrypted versions of searched files are compared to encrypted versions of match strings, and any resulting match data is encrypted before being written into a results file. In addition, to disguise when match entries are written, during the scan one or more encrypted dummy items are written into the results file. | 01-30-2014 |
20140032931 | CRYPTOGRAPHIC EQUIPMENT IMPLEMENTING RED/BLACK COMMUNICATION MODES - The invention relates to cryptographic equipment which comprises an input interface, a red module, a cryptographic module, a black module, and an output interface. The cryptographic module includes a cryptographic unit, which interacts with the red module and with the black module, and a management device, which interacts with the input interface and with either the red module or the black module, but not with both simultaneously. The cryptographic unit and the management device are physically and logically separate from one another and independent, and have identical protection means capable of protecting the integrity of the management device so as to detect any attempt at tampering. | 01-30-2014 |
20140040631 | MEMORY CONTROLLER, NONVOLATILE MEMORY DEVICE, NONVOLATILE MEMORY SYSTEM, AND ACCESS DEVICE - A memory device includes a memory configured to store a secret key, an interface configured to communicate with an the external apparatus in a first communication method and a second communication method that is faster than the first communication method, and a controller configured to control the memory and the interface. The controller is configured to decrypt an encrypted management data encryption key, an encrypted management data, an encrypted individual data encryption key and an encrypted individual data according to communication method, record the decrypted individual data in the memory, decrypt an encrypted application key and an encrypted application according to communication method, and record the decrypted application in the memory. | 02-06-2014 |
20140040632 | LOW-OVERHEAD CRYPTOGRAPHIC METHOD AND APPARATUS FOR PROVIDING MEMORY CONFIDENTIALITY, INTEGRITY AND REPLAY PROTECTION - A method and system to provide a low-overhead cryptographic scheme that affords memory confidentiality, integrity and replay-protection by removing the critical read-after-write dependency between the various levels of the cryptographic tree. In one embodiment of the invention, the cryptographic processing of a child node can be pipelined with that of the parent nodes. This parallelization provided by the invention results in an efficient utilization of the cryptographic pipeline, enabling significantly lower performance overheads. | 02-06-2014 |
20140040633 | SECURE TRANSACTION METHOD FROM A NON-SECURE TERMINAL - The invention relates to a transaction method, the method including the steps of: providing a terminal including a main processor, a graphic processor controlling a display, and a control member, the graphic processor including a memory bank which cannot be accessed from the outside; creating a link between the graphic processor and a secure processor, the link being secured by means of an encryption key shared only by the graphic processor and the secure processor; presenting first data to the user; collecting second data from commands entered by the user by means of the control member, in connection with the first data; transmitting the second data to the secure processor; and, if the user has been authenticated from the second data, carrying out the transaction, the secure link being used to transmit the first and/or second data, and/or to carry out the transaction. | 02-06-2014 |
20140040634 | RECORDING DEVICE, AND CONTENT-DATA PLAYBACK SYSTEM - A recording device configured to store content data in an encrypted manner, the recording device comprises a memory unit which stores various data, and a controller which controls the memory unit. The controller possesses a controller key and unique identification information, and is configured to generate a controller-unique key unique for each controller in accordance with the controller key and the identification information. The memory unit stores an MKB generated by encrypting a medium key with a device key set that is a collection of a plurality of device keys, an encrypted device key set generated by encrypting the device key set with the controller-unique key, and a device-key-set index which uniquely identifies the device key set. | 02-06-2014 |
20140040635 | METHODS AND APPARATUS FOR SECURING KEYSTROKES FROM BEING INTERCEPTED BETWEEN THE KEYBOARD AND A BROWSER - The invention described herein provides a method and system for foiling a keylogger by creating a custom keyboard driver and passing the keystrokes directly to the browser in an encrypted format. The browser (which is used to access the Internet) has a component that decrypts the keystroke before it is sent to the website. Thus the present invention enables the user to go to any website and enter sensitive information (passwords, credit card numbers, etc.) without the keystrokes being intercepted by Keyloggers. | 02-06-2014 |
20140040636 | EMBEDDED CONTROLLER TO VERIFY CRTM - In one embodiment a computing system includes an embedded controller to verify the provider of the core root of trust for measurement (CRTM). | 02-06-2014 |
20140047243 | System and Method for Pre-Boot Authentication of a Secure Client Hosted Virtualization in an Information Handling System - A client hosted virtualization system (CHVS) includes a processor to execute code, a component, and a non-volatile memory. The non volatile memory includes BIOS code and code to implement a virtualization manager. The virtualization manager is operable to initialize the CHVS, launch a virtual machine on the CHVS, and assign the component to the virtual machine, such that the virtual machine has control of the component. The CHVS is configurable to execute the BIOS and not the virtualization manager, or to execute the virtualization manager and not the BIOS. | 02-13-2014 |
20140052996 | EXTENDING THE NUMBER OF APPLICATIONS FOR ACCESSING PROTECTED CONTENT IN A MEDIA USING MEDIA KEY BLOCKS - Embodiments of the invention relate to digital content protection for recordable media using encryption and decryption based on device keys in the media. The invention increases the number of extended applications supported the media key blocks and facilitates the assignment of the applications to the media key blocks. One aspect of the invention concerns a method that comprises assigning a first media key block in a protected area of the media for extended applications accessing protected content, processing the first media key block with a first device key set to generate a first media key, and for each extended application, creating a second media key block in a protected area of the media. The second media key block is processed to generate a second media key. A content-accessing device processes the first and second media keys in order to access protected content. | 02-20-2014 |
20140052997 | SECURITY MODEL FOR ACTOR-BASED LANGUAGES AND APPARATUS, METHODS, AND COMPUTER PROGRAMMING PRODUCTS USING SAME - An application includes: a programming model including a service provider, first components, second components, and sinks communicating via messages. Each of the second components is assigned a unique capability. A given one of the first components routes a message from the given first component to second component(s) and then to a sink. Each of the second component(s) sends the message to the service provider. The service provider creates a token corresponding at least to a received message and a unique capability assigned to an associated one of the second component(s) and sends the token to the associated one of the second component(s). The selected sink receives the message and a token corresponding to each of the second component(s), verifies each received token, and either accepts the message if each of the received tokens is verified or ignores the message if at least one of the received tokens is not verified. | 02-20-2014 |
20140052998 | SECURITY MODEL FOR ACTOR-BASED LANGUAGES AND APPARATUS, METHODS, AND COMPUTER PROGRAMMING PRODUCTS USING SAME - An application includes: a programming model including a service provider, first components, second components, and sinks communicating via messages. Each of the second components is assigned a unique capability. A given one of the first components routes a message from the given first component to second component(s) and then to a sink. Each of the second component(s) sends the message to the service provider. The service provider creates a token corresponding at least to a received message and a unique capability assigned to an associated one of the second component(s) and sends the token to the associated one of the second component(s). The selected sink receives the message and a token corresponding to each of the second component(s), verifies each received token, and either accepts the message if each of the received tokens is verified or ignores the message if at least one of the received tokens is not verified. | 02-20-2014 |
20140052999 | Searchable Encrypted Data - Embodiments of the invention broadly described, introduce systems and methods for enabling the searching of encrypted data. One embodiment of the invention discloses a method for generating a searchable encrypted database. The method comprises receiving a plurality of sensitive data records comprising personal information of different users, identifying one or more searchable fields for the sensitive data records, wherein each searchable field is associated with a subset of the personal information for a user, generating a searchable field index for each of the one or more searchable fields, and encrypting the sensitive data records using a database encryption key. | 02-20-2014 |
20140053000 | INSTRUCTIONS TO PERFORM JH CRYPTOGRAPHIC HASHING - A method is described. The method includes executing one or more JH_SBOX_L instruction to perform S-Box mappings and a linear (L) transformation on a JH state and executing one or more JH_Permute instruction to perform a permutation function on the JH state once the S-Box mappings and the L transformation have been performed | 02-20-2014 |
20140059355 | Data Protection Compliant Deletion of Personally Identifiable Information - The disclosure generally describes computer-implemented methods, software, and systems for modeling and deploying decision services. One computer-implemented method includes encrypting, by operation of a computer, personally-identifiable information (PII) data using a first cryptographic key, wherein the PII data is associated with non-encrypted associated data, encrypting the encrypted first cryptographic key with a second cryptographic key, determining that the occurrence of a PII data disassociation event associated with the second cryptographic key has occurred, and rendering the PII data inaccessible by disassociating the second cryptographic key from the encrypted first cryptographic key. | 02-27-2014 |
20140059356 | TECHNIQUE FOR RECONFIGURABLE DATA STORAGE MEDIA ENCRYPTION - A technique for managing encryption keys includes encrypting the contents of a piece of media with a first encryption key, encrypting the first encryption key with a second encryption key, and storing the encrypted first encryption key on or in connection with the piece of media. Encrypted data may be recovered by receiving the encrypted first encryption key from the piece of media, receiving the second encryption key (e.g., from a user to whom the key is assigned), recovering the first encryption key using the second encryption key, and decrypting the data from the piece of media using the first encryption key. | 02-27-2014 |
20140059357 | System and Method for Providing Secure Inter-Process Communications - A user device provides a mechanism for securing messages communicated between trusted processes along an established Inter-Process Communication (IPC) channel. The mechanism permits the trusted processes to determine which messages to protect, and executes independently of platform-dependent IPC mechanisms. | 02-27-2014 |
20140068273 | Secure App Ecosystem with Key and Data Exchange According to Enterprise Information Control Policy - Multiple apps of an ecosystem on a computer securely exchange encrypted data according to an information control policy of an enterprise, without allowing unauthorized access from outside of the ecosystem. An ecosystem agent creates an ecosystem directory, which contains policy information and identification information concerning each specific app in the ecosystem, including the ecosystem agent. Each ecosystem app generates an asymmetric key pair, the public key of which it shares only with apps in the ecosystem through the directory. The ecosystem agent's private key is used to encrypt the directory. Data is securely communicated between apps in the ecosystem, by encrypting and decrypting messages and data objects with the appropriate ecosystem app keys. Each specific app in the ecosystem complies with enterprise information control policy. Ecosystem apps can read a policy from the directory, and receive policy updates from the enterprise. | 03-06-2014 |
20140068274 | MECHANISM FOR FACILITATING ENCRYPTION-FREE INTEGRITY PROTECTION OF STORAGE DATA AT COMPUTING SYSTEMS - A mechanism is described for facilitating encryption-free integrity protection of storage data at computing systems according to one embodiment. A method of embodiments of the invention includes receiving a read request, from a software application at a computing device, to perform a read task relating to a first data block of data stored at a storage device coupled to the computing device. The read task may include reading the first data block. The method may further include accessing a first reference cryptographic code at a first metadata cache associated with the first data block, calculating a first new cryptographic code relating to the first data block, comparing the first new cryptographic code with the first reference cryptographic code, and accepting the read request if the first new cryptographic code matches the first reference cryptographic code. The accepting may further include facilitating the read task | 03-06-2014 |
20140075203 | METHOD FOR TESTING THE SECURITY OF AN ELECTRONIC DEVICE AGAINST AN ATTACK, AND ELECTRONIC DEVICE IMPLEMENTING COUNTERMEASURES - A method of testing security of an electronic device against a combination of a side-channel attack and a fault-injection attack implemented during a method of cryptographic processing that includes: delivering a message signature based on a secret parameter and implementing a recombination of at least two intermediate values according to the Chinese remainder theorem; and verifying the signature on the basis of at least one public exponent. The method of testing includes: transmitting a plurality of messages to be signed by said electronic device; disturbing each message, including modifying the message by inserting an identical error for each message, before executing a step of determining one of the intermediate values; and analyzing physical measurements, obtained during the step of verifying the signature as a function of the message to be signed, the identical error for each message, and an assumption of a value of part of the secret parameter. | 03-13-2014 |
20140075204 | REMOVABLE DEVICES - An embodiment of a method of operating a storage system includes combining a password, a first number, and a number of iterations to produce a first key, encrypting the first key, receiving a second number, and encrypting the second number with the first key to produce an encrypted second key. | 03-13-2014 |
20140075205 | METHOD OF PROCESSING DATA TO ENABLE EXTERNAL STORAGE THEREOF WITH MINIMIZED RISK OF INFORMATION LEAKAGE - A method is provided to process data so that the data can be externally stored with minimized risk of information leakage. A framework (virtual execution framework) based on virtual machines (VMs) is utilized as a substitute for a trusted institution. Encryption of consolidated data can reduce risk of information leakage and enhance security. Since the virtual execution framework can control connection and direction of communication, financial institutions are allowed to apply encryption to data on their own, which makes the data further appropriate for external storage. By allowing financial institutions to apply their own decryption, it is possible to prevent one of two financial institutions from retrieving externally stored data into the external execution framework without intervention of the other. Additionally, associated acting subjects can be provided with freedom depending on the degree of information leakage risk. | 03-13-2014 |
20140082369 | Method and System For Object Access and Usage Control Using Location and Access Boundary Shape Information - A method and a system for shape based encrypted object usage control using a querying device includes receiving location coordinates information and requesting an access to the encrypted object based on the received location coordinates information. The granting or denying access to the object is based on a determination of whether the received location coordinates information lies within at least one spatial access boundary. The at least one spatial access boundary is defined by an arbitrary physical object shape with at least two dimensional (2D) physical measurements in direct reference to designated location coordinates information. The received location coordinates information and the designated location coordinates information each includes longitude, latitude and optionally elevation values which provide the ability to identifying a specific location in a 3D space. | 03-20-2014 |
20140089674 | ENCRYPTION IN THE CLOUD WITH CUSTOMER CONTROLLED KEYS - A system and method for encryption in a cloud computing platform with customer controlled keys is disclosed. A cloud-based encryption key is uploaded from a customer computing platform to a key store of the cloud computing platform, based on a customer-based encryption key. The cloud-based encryption key and customer-based encryption key is able to encrypt or decrypt customer data used by an application server running on the cloud computing platform. Next, the cloud-based encryption key is unlocked from the key store, and then stored in a secure store of a main memory associated with the customer computing platform. Then, according to encryption or decryption mechanism, the unlocked cloud-based encryption key is accessed to encrypt or decrypt customer data stored on a database of the main memory and used by the application server. | 03-27-2014 |
20140089675 | AUTHENTICATOR, AUTHENTICATEE AND AUTHENTICATION METHOD - According to one embodiment, an authenticator which authenticates an authenticatee, which stores first key information (NKey) that is hidden, includes a memory configured to store second key information (HKey) which is hidden, a random number generation module configured to generate random number information, and a data generation module configured to generate a session key (SKey) by using the second key information (HKey) and the random number information. The authenticator is configured such that the second key information (HKey) is generated from the first key information (NKey) but the first key information (NKey) is not generated from the second key information (HKey). | 03-27-2014 |
20140089676 | SECURE PROCESSOR AND A PROGRAM FOR A SECURE PROCESSOR - The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside. | 03-27-2014 |
20140089677 | METHOD AND APPARATUS FOR SECURING PROGRAMMING DATA OF A PROGRAMMABLE DEVICE - Configuration data for a programmable integrated circuit device is at least partially encrypted according to at least one encryption scheme. A plurality of key stores store a plurality of decryption keys for the at least one encryption scheme. Control circuitry identifies a required key from the at least partially encrypted configuration data and generates a key selection signal. Key selection circuitry responsive to the key selection signal reads the plurality of key stores and provides the required key to the control circuitry. The control circuitry may include decryption circuitry that decrypts the at least partially encrypted configuration data using the required key. In some embodiments, different portions of the configuration data, which may represent separate partial reconfigurations of the device, require different decryption keys. Keys may be generated from combinations of the contents of the key stores. | 03-27-2014 |
20140089678 | ORDER-PRESERVING ENCRYPTION SYSTEM, DEVICE, METHOD, AND PROGRAM - An order-preserving encryption system has an encryption means which generates a ciphertext as a sum of data which complies with a distribution X determined in advance, and the encryption means generates the ciphertext using the distribution X represented in a format that data of a bit length determined at random is selected at random according to a distribution matching the bit length. | 03-27-2014 |
20140095887 | METHOD AND APPARATUS FOR MAINTAINING TRUSTED TIME AT A CLIENT COMPUTING DEVICE - In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for maintaining trusted time at a client computing device including, for example, executing a computer program within a client device; initiating a call from the computer program to a secure time service of the client device requesting a trusted time stamp; retrieving, via the secure time service of the client device, a protected time from protected clock hardware of the client device; generating, at the secure time service of the client device, the trusted time stamp by signing the protected time retrieved from the protected clock hardware of the client device; and returning the trusted time stamp to the computer program. Other related embodiments are disclosed. | 04-03-2014 |
20140095888 | MATRIX CODE FOR ENCRYPTION, STORAGE, AND TRANSMISSION OF DATA - A computer utilizes a matrix code to securely communicate information. To utilize the matrix code, the computer receives a scan of the matrix code, and identifies a first mask within a data region of the matrix code, wherein the first mask includes public user data, and identifies a second mask within the data region of the matrix code, wherein the second mask include private user data. The computer decodes the public user data and the private user data from the matrix code, and decrypts one or both of the public user data and the private user data. The computer also removes a distortion operation from the second mask, wherein removing the distortion operation includes reversing a transformation, rotation, skew, shear, reflection, or projection operation. | 04-03-2014 |
20140095889 | ENCRYPTED SEARCH DATABASE DEVICE, ENCRYPTED SEARCH DATA ADDING/DELETING METHOD AND ADDING/DELETING PROGRAM - The encrypted search result adding module of the encrypted search database device includes: a search result generating unit which generates a linear list as a list of search results for newly registered document data; an initial point information generating unit which generates initial point information as address of first data corresponding to a keyword; an initial point information encrypting unit which encrypts and adds/stores generated initial point information with an encryption key; and an encrypted linear list adding unit which generates and adds/stores an encrypted linear list by encrypting the linear list with the encryption key, and stores each keyword and final point information as the address of last data in the encrypted linear list for the keyword as adding information. | 04-03-2014 |
20140095890 | SYSTEMS AND METHODS FOR MANIPULATING SENSITIVE INFORMATION IN A SECURE MOBILE ENVIRONMENT - Methods and devices for protecting and manipulating sensitive information in a secure mobile environment are disclosed. Methods and devices for processing secure transactions and secure media processing up to rendering in human readable form using abstract partitioning between non-secure and secure environments are disclosed. | 04-03-2014 |
20140101455 | IMPLEMENTING DYNAMIC BANDING OF SELF ENCRYPTING DRIVE - A method and controller for implementing dynamic banding of a storage device, such as a Self Encrypting Device (SED) in a data storage array, and a design structure on which the subject controller circuit resides are provided. The controller dynamically identifies band boundaries for the storage device at the time a data storage array is created, when one or more devices are added into an existing data storage array, and when a replacement device is rebuilt into an exposed array, or an array with a failed device. A storage device band definition is provided based upon the dynamically identified band boundaries for the storage device. | 04-10-2014 |
20140101456 | CONFIDENTIALITY PRESERVING DOCUMENT ANALYSIS SYSTEM AND METHOD - A method and system for document processing allow a service provider to process a document without having access the textual content of the document. The system includes memory which receives an encoded source document from an associated client system. The encoded source document includes structural information and encoded content information. The encoded content information includes a plurality of encoded tokens generated by individually encoding each of a plurality of text tokens of the source document. The structural information includes location information for each of the plurality of text tokens. A processing module processes the encoded document to generate a modified document, without decoding the encoded tokens. A transmission module transmits the modified document to an associated client system whereby the client system is able to generate a transformed document based on the modified document and the plurality of text tokens. | 04-10-2014 |
20140101457 | METHOD AND SYSTEM FOR PROVIDING DOCUMENT RETENTION USING CRYPTOGRAPHY - Techniques for utilizing security criteria to implement document retention for electronic documents are disclosed. The security criteria can also limit when, how and where access to the electronic documents is permitted. The security criteria can pertain to keys (or ciphers) used to secure (e.g., encrypt) electronic files (namely, electronic documents), or to unsecure (e.g., decrypt) electronic files already secured. At least a portion of the security criteria can be used to implement document retention, namely, a document retention policy. After a secured electronic document has been retained for the duration of the document retention policy, the associated security criteria becomes no longer available, thus preventing subsequent access to the secured electronic document. In other words, access restrictions on electronic documents can be used to prevent access to electronic documents which are no longer to be retained. | 04-10-2014 |
20140108813 | DATA PROCESSING SYSTEMS WITH FORMAT-PRESERVING ENCRYPTION AND DECRYPTION ENGINES - A data processing system is provided that includes format-preserving encryption and decryption engines. A string that contains characters has a specified format. The format defines a legal set of character values for each character position in the string. During encryption operations with the encryption engine, a string is processed to remove extraneous characters and to encode the string using an index. The processed string is encrypted using a format-preserving block cipher. The output of the block cipher is post-processed to produce an encrypted string having the same specified format as the original unencrypted string. During decryption operations, the decryption engine uses the format-preserving block cipher in reverse to transform the encrypted string into a decrypted string having the same format. | 04-17-2014 |
20140108814 | CRYPTOGRAPHIC KEY MANAGEMENT - Cryptographic key management techniques are described. In one or more implementations, an access control rule is read that includes a Boolean expression having a plurality of atoms. The cryptographic keys that corresponds each of the plurality of atoms in the access control rule are requested. One or more cryptographic operations are then performed on data using one or more of the cryptographic keys. | 04-17-2014 |
20140108815 | SECURELY REBUILDING AN ENCODED DATA SLICE - A method begins by a requesting entity issuing a rebuild request regarding an encoded data slice to at least some of a set of distributed storage (DS) units. In response to the rebuild request, the method continues with each of at least some of the DS units of the set of DS units generating a partial slice corresponding to the encoded data slice to be rebuilt based on one of a set of encoded data slices stored by the respective DS unit to produce an array of partial slices. The method continues with the at least some of the DS units encrypting the array of partial slices using a set of encryption keys to produce an array of encrypted partial slices. The method continues with the requesting entity rebuilding the encoded data slice from the array of encrypted partial slices. | 04-17-2014 |
20140108816 | KEY GENERATION METHOD - A computer-implemented method to generate a key to provide access to a software product, where the product key is embedded with product information, such as product title, distribution channel, geographic region of sale or other product data. | 04-17-2014 |
20140108817 | METHOD FOR PROCESSING AND VERIFYING REMOTE DYNAMIC DATA, SYSTEM USING THE SAME, AND COMPUTER-READABLE MEDIUM - A method for processing and verifying remote dynamic data is provided. The method includes providing a radix tree structure having N levels, obtaining and recording N initial values for representing the empty radix tree structure, wherein all nodes at the same level are assigned an identical initial value. When performing a data processing operation to the radix tree structure, determining a first leaf node and calculating and recording the value of each node in a shortest path from the first leaf node to the root node. When performing a verification of a specific data, obtaining a second leaf node corresponding to the specific data, a sibling node of each node in a shortest path from the second leaf node to the root node, and generating a verification result according to a digital signature for verifying the root node, the value of each obtained sibling node, and the specific data. | 04-17-2014 |
20140108818 | METHOD OF ENCRYPTING AND DECRYPTING SESSION STATE INFORMATION - In a method of encrypting session state information, the value of a counter corresponding to session state information to be encrypted is calculated based on the ID of a cryptographic session corresponding to the session state information to be encrypted and the value of a session termination counter for the cryptographic session. The session state information to be encrypted is encrypted based on the calculated value of the counter and a preset key. | 04-17-2014 |
20140108819 | System and Method Providing Permission Based Access to Automotive Computers - A Link device has a processor connected to an internal Link bus, a non-transitory memory, a digital device ID, one or both of firmware or software executing from non-transitory media, a first communication port enabled to communicate with a vehicle bus coupling computerized devices in a vehicle, and a second communication port enabled to communicate with one or more digital devices external to the vehicle. The firmware or software enables the Link device to communicate with the vehicle bus, and to accomplish a variety of tasks including pulling data from data stores in the vehicle and operating specific vehicle functions, and wherein the firmware or software manages communication with the one or more external digital devices, accepting only requests for cooperation with the Link device using the unique device ID with a request that is cryptographically secure. | 04-17-2014 |
20140108820 | Secure Communication Architecture - Secure communication of user inputs is achieved by isolating part of an endpoint device such that certificates and encryption keys are protected from corruption by malware. Further, the communication is passed through a trusted data relay that is configured to decrypt and/or certify the user inputs encrypted by the isolated part of the endpoint device. The trusted data relay can determine that the user inputs were encrypted or certified by the protected certificates and encryption keys, thus authenticating their origin within the endpoint device. The trusted data relay then forwards the inputs to an intended destination. In some embodiments, the isolated part of the endpoint device is configured to detect input created by auto-completion logic and/or spell checking logic. | 04-17-2014 |
20140108821 | Trusted Data Relay - Secure communication of user inputs is achieved by isolating part of an endpoint device such that certificates and encryption keys are protected from corruption by malware. Further, the communication is passed through a trusted data relay that is configured to decrypt and/or certify the user inputs encrypted by the isolated part of the endpoint device. The trusted data relay can determine that the user inputs were encrypted or certified by the protected certificates and encryption keys, thus authenticating their origin within the endpoint device. The trusted data relay then forwards the inputs to an intended destination. In some embodiments, the isolated part of the endpoint device is configured to detect input created by auto-completion logic and/or spell checking logic. | 04-17-2014 |
20140115344 | APPARATUS AND METHOD FOR OPERATING AND SWITCHING A SINGLE CONDUCTOR INTERFACE - This application discusses, among other things, communication apparatus and methods, and more particularly, a single conductor or single wire communication scheme. In an example, a method for communicating between a master device and a slave device using a first single conductor can include transmitting a first ping on the first single conductor using a master device, the first single conductor configured to couple the master device to a slave device, receiving a slave ping on the first single conductor at the master device during a ping interval, toggling a logic level of the first single conductor prior to sending a first data packet using pulses having a duration of less than one half of a unit interval, such as a unit interval associated with a bit interval. | 04-24-2014 |
20140115345 | METHODS AND DEVICES FOR OPTIMISING RENDERING OF AN ENCRYPTED 3D GRAPHICAL OBJECT - The graphical characteristics of 3D graphical objects encrypted using format-preserving encryption makes rendering of such objects quite inefficient by non-authorized devices. To optimise the rendering of a three-dimensional graphical object represented by a list of points and a list of surfaces defined by points in the list of points, a device receives the graphical object; encrypts the graphical object using a format-preserving encryption method to obtain an encrypted graphical object; encapsulates the encrypted graphical object to obtain an encapsulated graphical object by adding at least one encapsulation by adding for each encapsulation, to the list of surfaces, a plurality of surfaces that together enclose the encrypted graphical object and, in an embodiment, at least one point to the list of points; and outputs the encapsulated graphical object. Decryption is performed by essentially reversing the encryption. | 04-24-2014 |
20140122895 | Providing Security Support for Digital Rights Management in Different Formats - In accordance with some embodiments, technologies may be provided that is adaptable to any existing and potentially future digital rights management application. Thus, it is not necessary to provide duplicate systems to handle disparate digital rights formats in some embodiments. | 05-01-2014 |
20140122896 | DATA ENCRYPTION METHOD - A data encryption method, adapted to a node computing device in a cloud server system comprises following steps. A primary data is received. A dimension of an encrypted matrix is computed. An encryption length is computed, and data segments matching the encryption length are extracted from the primary data sequentially according to the encryption length. A plurality of encrypted segments is obtained by encrypting the extracted data segments respectively through the encrypted matrix. | 05-01-2014 |
20140122897 | SECURING DEVICE ENVIRONMENT FOR TRUST PROVISIONING - Integrity management architecture is extended with trusted hash provisioning. The trusted hash provisioning ensures the integrity of a computing device. Thus, a multipurpose device can be as secure as a dedicated single-purpose device. The trusted hash provisioning includes determining a hash mask, and computing a trusted hash computation based on signatures of components identified as included within the scope of the hash. The computed trusted hash computation is used to determine integrity of the computing device. | 05-01-2014 |
20140122898 | HASH VALUE GENERATION APPARATUS - For enabling improvement in throughput for generating a hash value, a hash value generation apparatus comprises: a θ operation unit configured to execute a θ operation included in a round process of a SHA-3 algorithm; a ρ operation unit configured to execute a ρ operation included in the round process; a π operation unit configured to execute a π operation included in the round process; a χ operation unit configured to execute a χ operation included in the round process; and an τ operation unit configured to execute an τ operation included in the round process, wherein the θ operation unit receives data for each sheet structure, and starts to execute the θ operation upon receiving data of three sheet structures. | 05-01-2014 |
20140122899 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, COMPUTER PROGRAM, AND INFORMATION PROCESSING SYSTEM - There is provided an information processing apparatus including circuitry configured to generate, in a state in which a function F which can calculate a same result for a plurality of different values x | 05-01-2014 |
20140122900 | PROVIDING SEARCHING OVER ENCRYPTED KEYWORDS IN A DATABASE - The present invention relates to a computer-implemented method, system and computer readable medium for providing a searching over encrypted keywords in a database. The method comprises the steps of generating at least one keyword, generating a plurality of different encrypted keywords corresponding to said keyword, storing said at least one encrypted keyword in said database; generating a plurality of different trapdoors for said keyword, verifying said plurality of different trapdoors with said plurality of different encrypted keywords corresponding to said keyword and determining said keyword if said plurality of different trapdoors match with one said encrypted keyword corresponding to said keyword else determining said keyword is not found. | 05-01-2014 |
20140129844 | STORAGE SECURITY USING CRYPTOGRAPHIC SPLITTING - Methods and systems for storing data securely in a secure data storage network are disclosed. One method includes receiving at a secure storage appliance a block of data for storage on a volume, the volume associated with plurality of shares distributed across a plurality of physical storage devices. The method also includes cryptographically splitting the block of data received by the secure storage appliance into a plurality of secondary data blocks. The method further includes encrypting each of the plurality of secondary data blocks with a different session key, each session key associated with at least one of the plurality of shares. The method also includes storing each data block and associated session key at the corresponding share, remote from the secure storage appliance. | 05-08-2014 |
20140129845 | ATTRIBUTE BASED ENCRYPTION USING LATTICES - A master public key is generated as a first set of lattices based on a set of attributes, along with a random vector. A master secret key is generated as a set of trap door lattices corresponding to the first set of lattices. A user secret key is generated for a user's particular set of attributes using the master secret key. The user secret key is a set of values in a vector that are chosen to satisfy a reconstruction function for reconstructing the random vector using the first set of lattices. Information is encrypted to a given set of attributes using the user secret key, the given set of attributes and the user secret key. The information is decrypted by a second user having the given set of attributes using the second user's secret key. | 05-08-2014 |
20140129846 | Method and System for Protecting a Driver - Various examples of the present disclosure provide a method and a system for protecting a driver. The method includes encrypting a program file, and sending an Input/Output Request Package (IRP) and the encrypted program file; receiving the IRP and the encrypted program file, decrypting the encrypted program file, verifying the decrypted program file; and, if verification is passed, returning a handle, otherwise, not returning the handle. In the examples of the present disclosure, the program file of the application layer is encrypted, and the encrypted program file is sent when the IRP is sent; the driver layer decrypts and verifies the encrypted program file, and returns the handle to the application layer when the verification is passed, so that the application layer can access the driver layer through the handle; if the verification is not passed, the driver layer rejects the access of the application layer. Therefore, a legitimate application layer can communicate with the driver layer, a suspicious program is prevented from accessing the driver layer, and the security of the driver layer is improved. | 05-08-2014 |
20140136852 | SECURE CIRCUIT INTEGRATED WITH MEMORY LAYER - A secure integrated circuit comprises a lower logic layer, and one or more memory layers disposed above the lower logic layer. A security key is provided in one or more of the memory layers for unlocking the logic layer. | 05-15-2014 |
20140136853 | APPARATUS AND METHOD FOR PERFORMING DIFFERENT CRYPTOGRAPHIC ALGORITHMS IN A COMMUNICATION SYSTEM - A communication apparatus performs encryption on data transmitted from another communication apparatus by using first or second cryptographic algorithm, or performs decryption on the data that has been encrypted using the first or second cryptographic algorithm, by using one of the first and second cryptographic algorithms used for the encryption, where the second cryptographic algorithm provides a higher security level than the first cryptographic algorithm. The communication apparatus includes an encryption unit configured to perform, upon receiving the data including a cryptographic class identifying a parameter to be used for performing the encryption or the decryption, the encryption or the decryption by using one of the first and second cryptographic algorithms, based on the cryptographic class. | 05-15-2014 |
20140136854 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND COMPUTER PROGRAM - Provided is an information processing apparatus including a program execution unit configured to read, interpret and execute a code of a computer program that is created in a procedural language, and a backup unit configured to create a backup in a format in which a variable definition and a function definition in the code being executed by the program execution unit are interpretable as a code in the procedural language. | 05-15-2014 |
20140143550 | SECURING SPEECH RECOGNITION DATA - Methods and apparatus for reducing security vulnerabilities in a client/server speech recognition system including one or more client computers and one or more server computers connected via a network. Decryption of sensitive information, such as medical dictation information, is performed on designated servers to limit the attack surface of unencrypted data. Management of encryption and decryption keys to restrict the storage and/or use of decryption keys on the server side of the client/server speech recognition system, while maintaining encrypted data on the server side is also described. | 05-22-2014 |
20140143551 | ENCODING BIOMETRIC IDENTIFICATION INFORMATION INTO DIGITAL FILES - A device, system and method for combining, by a processor, a digital content file with a first set of biometric data to create a combined file. The combined file is transmitted for reception at a destination. The first set of biometric data is compared against a second set of biometric data to verify a user. The system accesses the digital content file in response to verification of the user. | 05-22-2014 |
20140143552 | Glitch Resistant Device - A system and method for device security is described, the system and method including at least one integrated circuit including a CPU, a key register storing a hardware enabling key, the key including a large number of bits, such that each bit of the large number of bits has a correct value, and if any one bit of the large number of bits is set to an incorrect value the key will not function correctly a combination circuit for performing a function, f, the function f being essential for correct functionality of the CPU, such that the combination circuit is activated by the key, the combination circuit only performing function f if each of the large number of bits of the key is set to the correct value, and there exists no set of intermediate or output bits derived from the large number of bits of the key, which determine if the combination circuit performs function f, the set intermediate or output bits including fewer bits than are included in the key. Related apparatus, methods, and systems are also described. | 05-22-2014 |
20140149748 | Methods and Systems for Securely Transferring Embedded Code And/Or Data Designed for a Device to a Customer - The invention relates to methods and systems for securely transferring embedded code or data to a customer, in particular to methods and systems for securely transferring embedded code, data files or program files designed for a device to a customer in order to prevent the embedded code, data files or program files from being used on unauthorized devices. | 05-29-2014 |
20140149749 | METHOD AND DEVICE FOR PREVENTING LOGGING OF COMPUTER ON-SCREEN KEYBOARD - A method and device for preventing logging of a computer on-screen keyboard includes an application software set into the computer, allowing to input words via on-screen keyboard. A pointer device has an encryption module. The application software is used to obtain push-button or coordinate data of an encrypted pointer device via encryption module set into the pointer device. The application software is also used to obtain real push-button or coordinate data of the pointer device by means of decryption. With this design, the on-screen logging software cannot obtain real push-button or coordinate data of the pointer device by means of logging, so the on-screen logging cannot be activated or enabled for logging of on-screen keyboard. | 05-29-2014 |
20140157000 | SECURE DELIVERY OF PROCESSING CODE - An apparatus may comprise a secure portion of a chip and an external memory device. The secure portion of the chip may be configured to receive an encryption key, and the memory device may be configured to receive an encrypted processing code. The secure portion of the chip may be configured to verify the encrypted processing code by decrypting the encrypted processing code using the encryption key. A non-secure portion of the chip may be configured to write the encrypted processing code on the memory device while the memory device is coupled to the chip. The encryption key may be associated with an identifier of the chip. | 06-05-2014 |
20140157001 | SECURE TESTING OF SEMICONDUCTOR DEVICE - A method includes testing, by a processor, a secure portion of a semiconductor device through a first interface between the processor and the semiconductor device; and sending, by the processor, a pass or fail indication of a result of the testing of the secure portion of the semiconductor device to the tester through a second interface between the processor and the tester. | 06-05-2014 |
20140157002 | SYSTEMS AND METHODS FOR PROTECTING SYMMETRIC ENCRYPTION KEYS - Systems and methods for protecting symmetric encryption keys when performing encryption are described. In one embodiment, a computer-implemented method includes retrieving at least one real key from a secure area and executing, with a processor, a key transform instruction to generate at least one transformed key based on receiving the at least one real key. The at least one transformed key is an encrypted version of at least one round key that is encrypted by the processor using the at least one real key. The processor is able to decrypt the at least one transformed key and encrypt the at least one round key. | 06-05-2014 |
20140157003 | DEVICE FOR PREVENTING LOGGING OF COMPUTER ON-SCREEN KEYBOARD - A device for preventing logging of computer on-screen keyboard has a pointer device and tandem device. The pointer device comprises a first transmission interface to connect the host computer, and an encryption module to encrypt and transfer data of the pointer device to the first transmission interface. This data contains pointer coordinates. A pointer data module is used to obtain, convert and save the coordinate data of the pointer device. A push-button data module is used to obtain, convert and save the push-button data of the existing pointer device. A physical interface module is used to obtain coordinates of the pointer device and original data of key events, The original data is converted into coordinates or push-button data of the pointer device by the pointer and push-button data modules. Then the encryption module decides if it is necessary to transfer the coordinate or push-button data in the form of encryption. | 06-05-2014 |
20140157004 | APPARATUS AND METHOD FOR ENCRYPTION IN VIRTUALIZED ENVIRONMENT USING AUXILIARY MEDIUM - An apparatus and method for encryption in a virtualized environment using an auxiliary medium. The apparatus for encryption in a virtualized environment using an auxiliary medium includes a hypervisor unit for acquiring data for encryption from an auxiliary medium, and encrypting and providing protection target data of an application program using the data for encryption in response to an encryption request from the application program. A hypercall unit provides a virtualization interface between the application program and the hypervisor unit. | 06-05-2014 |
20140164783 | METHOD AND APPARATUS FOR SECURELY STORING DATA IN A DATABASE - A method of securely storing data in a memory on a computer including a processor is provided. The method includes receiving unencrypted data; randomly selecting a key, wherein the key is a character of an alphabet of a data type of the unencrypted data; creating partially encrypted data by encrypting the unencrypted data by randomly mapping each character of the alphabet of the data type of the unencrypted data to a character of an alphabet of a data type of encrypted data, except each character of the unencrypted data matching the key is not encrypted; and storing the partially encrypted data in the memory. | 06-12-2014 |
20140164784 | INTEGRATED HEALTH CARE SYSTEMS AND METHODS - Systems and methods described herein may store and analyze patient data sets. A processor in communication with a database may generate a plurality of patient data sets, each of the patient data sets being associated with one of a plurality of patients and comprising an attribute. The processor may de-identify each of the patient data sets so that they are not associated with the patients. The processor may encrypt each of the de-identified data sets to generate a plurality of encrypted data sets and store the encrypted data sets in the database. The processor may analyze one of the patient data sets to determine a relationship between the one of the patient data sets and the other of the patient data sets based on the attribute of the one of the patient data sets and the attributes of the other of the patient data sets. | 06-12-2014 |
20140164785 | ENCRYPTION PROCESSING DEVICE AND AUTHENTICATION METHOD - An encryption processing device includes a memory configured to store a common key, and a processor configured to generate a random number which is an integer, to perform a bit transposition on the common key, the bit transposition being determined at least by the random number, to transmit the random number to another encryption processing device and to receive a response from the other encryption processing device, the response obtained by encryption using a common key stored in the other encryption processing device and a second randomized key generated by performing the bit transposition determined by the random number; and to authenticate the other encryption processing device either by comparing the response with the random number by decrypting the response with the common key, or by comparing the random number with the response by encrypting the random number with the common key. | 06-12-2014 |
20140164786 | COMMUNICATION BETWEEN KEY MANAGER AND STORAGE SUBSYSTEM KERNEL VIA MANAGEMENT CONSOLE - System, computer program product, and method embodiments for communication between a kernel operational on a storage subsystem and a key manager (KM) through a hardware management console (HMC) to provide encryption support are provided. In one embodiment, an event request is initiated by the kernel to the KM to execute an event flow. Pursuant to a communication request by the kernel to the HMC, a socket of the HMC is opened along a communication path between the KM and the kernel according to an event flow type selected by the KM for the event flow. Data including a data payload is sent by the KM to the kernel, the data payload corresponding to the selected event flow type. | 06-12-2014 |
20140173290 | RETURN ADDRESS TRACKING MECHANISM - A processor, a method and a computer-readable storage medium for tracking a return address are provided. The processor comprises a hardware register and logic configured to receive a call instruction. The logic is further configured to, based on the call instruction, encrypt a return address, store the encrypted return address onto a first address in a stack and store the first address on the hardware register. | 06-19-2014 |
20140173291 | ENCRYPTION KEY GENERATION IN ENCRYPTED STORAGE DEVICES - A system and method of generating an encryption key in a self-encrypting mass storage device that includes using a manual input device as input for a micro-controller that contains a cyclic counter. An input device event triggers the micro-controller to read the current state of the cyclic counter. An accumulation of cyclic counter values is used as a source of entropy to seed a deterministic random number generator. The output of the deterministic random number generator is used as an encryption key for encryption/decryption processes within the mass storage device. | 06-19-2014 |
20140173292 | ENHANCING USEABILITY OF MOBILE DEVICES THAT SECURELY STORE DATA - Methods, computer-readable media, and systems for enhancing useability of mobile devices that securely store data. An input to transfer a computer software application executing on a mobile device from a foreground state of the mobile device to a background state of the mobile device is received. In response, noise data based on application data associated with the application is generated. Both the application data and the noise data are encrypted using the same encryption mechanism, but using different keys. When another input to transfer the application from the background state to the foreground state is received, then the encryption mechanism is executed on the application data and the noise data using a key requested in response to the other input. The application is transferred to the foreground state if the received key matches the key with which the application data was previously encrypted. Other items of data are discarded. | 06-19-2014 |
20140181531 | SYSTEMS AND METHODS FOR QUEUE LEVEL SSL CARD MAPPING TO MULTI-CORE PACKET ENGINE - The present invention is directed towards systems and methods for distributed operation of a plurality of cryptographic cards in a multi-core system. In various embodiments, a plurality of cryptographic cards providing encryption/decryption resources are assigned to a plurality of packet processing engines in operation on a multi-core processing system. One or more cryptographic cards can be configured with a plurality of hardware or software queues. The plurality of queues can be assigned to plural packet processing engines so that the plural packet processing engines share cryptographic services of a cryptographic card having multiple queues. In some embodiments, all cryptographic cards are configured with multiple queues which are assigned to the plurality of packet processing engines configured for encryption operation. | 06-26-2014 |
20140189363 | SEPARATE CRYPTOGRAPHIC KEYS FOR PROTECTING DIFFERENT OPERATIONS ON DATA - The disclosed embodiments provide a system that processes data. During operation, the system uses a first key to protect a write operation on the data. Next, the system uses a second key to protect a read operation on the data. | 07-03-2014 |
20140189364 | Privacy-Preserving Database System - A database system includes a server, index server and client. In one embodiment the server randomly permutes the order of database records. The server provides to the index server an array of encryption keys by generating a random encryption key corresponding to each permuted database record. The server encrypts each permuted database record with its corresponding encryption key. The index server computes and encrypts a sum of each encryption key and a corresponding random mask and sends a permuted array of masked keys to the server. The index server provides to the client an encrypted database record, and the mask and key corresponding to the encrypted record. The client sends the encrypted sum of the mask and key to the server. The server decrypts the masked key with a public key and sends the decrypted key to the client. The client then recovers the record key and decrypts the record. | 07-03-2014 |
20140189365 | SECURE KEY DERIVATION AND CRYPTOGRAPHY LOGIC FOR INTEGRATED CIRCUITS - A processor of an aspect includes root key generation logic to generate a root key. The root key generation logic includes a source of static and entropic bits. The processor also includes key derivation logic coupled with the root key generation logic. The key derivation logic is to derive one or more keys from the root key. The processor also includes cryptographic primitive logic coupled with the root key generation logic. The cryptographic primitive logic is to perform cryptographic operations. The processor also includes a security boundary containing the root key generation logic, the key derivation logic, and the cryptographic primitive logic. Other processors, methods, and systems are also disclosed. | 07-03-2014 |
20140189366 | Obfuscating Transformations on Data Array Content and Addresses - In a first computer (digital) data obfuscation process, data which is conventionally arranged in a data structure called an array (e.g., a table) and conventionally stored in computer or computer device memory is obfuscated (masked) by logically or mathematically combining the data, entry-by-entry, with a masking value which is computed as a logical or mathematical function of the entry itself or its index in the array, modulo a security value. The complementary unmasking value is a pointer to the entry's address in the table modulo the security value. In a second computer (digital) data obfuscation process, the addresses (location designations) in memory of a data array are themselves obfuscated (masked) by partitioning the array into blocks of entries and shuffling the order of the data entries in each block by a predetermined algorithm, resulting in a shuffled array also differing from the original array in terms of its size (the total number of entries). | 07-03-2014 |
20140189367 | DIGITAL-ENCRYPTION HARDWARE ACCELERATOR - An electronic device for encrypting and decrypting data blocks of a message having n data blocks in accordance with the data encryption standard (DES) has a first data processing channel having a first processing stage for performing encryption and decryption of data blocks of a predefined length, and a second data processing channel having a second processing stage for performing encryption and decryption of data blocks. The electronic device also has a control stage (FSM) for controlling the first processing stage and the second processing stage, so as to perform an encryption or decryption step with the second processing stage on an encrypted/decrypted data block output from the first processing stage, and to control the second processing stage to compute a message authentication code over the encrypted or decrypted message received from the first processing stage block-by-block. | 07-03-2014 |
20140195816 | Plaintext Injection Attack Protection - A system including a memory having regions including a first and second region, the first region being different from the second region, and a digital rights management engine to receive a plurality of ciphertext cipher blocks, decrypt the ciphertext cipher blocks yielding plaintext cipher blocks, output the plaintext cipher blocks to the first region of the memory over a period of time, provide a plurality of decoy cipher blocks in addition to the plaintext cipher blocks, the decoy cipher blocks having a pattern in which: a first one of the decoy cipher blocks consists of data, and a second one of the decoy cipher blocks consists of data which is the same as the data of the first one of the decoy cipher blocks, and output the decoy cipher blocks to the second region of the memory during the period of time. Related apparatus and methods are also included. | 07-10-2014 |
20140195817 | THREE INPUT OPERAND VECTOR ADD INSTRUCTION THAT DOES NOT RAISE ARITHMETIC FLAGS FOR CRYPTOGRAPHIC APPLICATIONS - A method is described that includes performing the following within an instruction execution pipeline implemented on a semiconductor chip: summing three input vector operands through execution of a single instruction; and, not raising any arithmetic flags even though a result of the summing creates more bits than circuitry designed to transport the summation is able to transport. | 07-10-2014 |
20140195818 | METHOD AND DEVICE FOR PRIVACY RESPECTING DATA PROCESSING - A user device encrypts data and privacy attributes associated with the data. A processing device receives the encrypted data and privacy attributes, receives a signed script from a requester and verifies the signature. If successfully verified, the private key is unsealed and used to decrypt the privacy attributes and script attributes, which are compared to determine if the script respects the privacy attributes. If so, the encrypted data are decrypted and the script processes the private data to generate a result that is encrypted using a key of the requester and the encrypted result is then output. The device is preferably configured to inhibit the output of any information while the data is unencrypted. This way, the user can be ensured that the processing of the private data respects the privacy attributes set by the user. | 07-10-2014 |
20140195819 | BONDING CONTENTS ON SEPARATE STORAGE MEDIA - Local storage on player instruments provides the ability for adding further amendments and most recent supplements to the optical disc content. A problem arising with this technically applicable possibility is the protection of copyrights bound to disc and supplement data. The present invention describes a technique to ensure a security framework that is able to handle this, by creating a virtual file system (VFS) by merging optical disc data and local storage data based upon a common identifier. | 07-10-2014 |
20140201538 | SYSTEMS AND METHODS FOR SECURING DATA - Systems and methods are provided for securing data. A processing device receives a data set and identifies a first subset of data from a first dimension of a multi-dimensional representation of the data set. The processing device encrypts the first subset of data using a first encryption technique to yield a first encrypted subset of data and replaces the first subset of data in the multi-dimensional representation of the data set with the first subset of encrypted data. The processing device then identifies a second subset of data from a second dimension of the multi-dimensional representation of the data set, with the second subset of data including at least a portion of the first subset of encrypted data, and encrypts the second subset of data using a second encryption technique to yield a second encrypted subset of data. | 07-17-2014 |
20140208123 | PRIVILEGED CRYPTOGRAPHIC SERVICES IN A VIRTUALIZED ENVIRONMENT - A privileged cryptographic service is described, such as a service running in system management mode (SMM). The privileged service is operable to store and manage cryptographic keys and/or other security resources in a multitenant remote program execution environment. The privileged service can receive requests to use the cryptographic keys and issue responses to these requests. In addition, the privileged service can measure the hypervisor at runtime (e.g., either periodically or in response to the requests) in an attempt to detect evidence of tampering with the hypervisor. Because the privileged service is operating in system management mode that is more privileged than the hypervisor, the privileged service can be robust against virtual machine escape and other hypervisor attacks. | 07-24-2014 |
20140208124 | HIGH PRIVACY OF FILE SYNCHRONIZATION WITH SHARING FUNCTIONALITY - Systems and methods for providing privacy of file synchronization with sharing functionality are presented. In embodiments, a file synchronization system comprises one or more folders associated with one or more non-shared encryption keys, which may be a managed key shared across an organization, and/or a personal key that is not shared or has limited third-party sharing. The one or more non-shared encryption keys are not known to the data storage service. The file synchronization system may also include one or more folders associated with a shared encryption key that is shared with the data storage service, and in embodiments, with a set of users of the service. The system may include a mapping correlating folders to encryption type so items in each folder can be handled appropriately. The system may have additional folders, such as one or more public folders that may be available with limited or no restrictions. | 07-24-2014 |
20140223192 | Method for protecting the integrity of a fixed-length data structure - One feature pertains to a mechanism to secure a data structure by using a computationally efficient algorithm. A plurality of keys and/or masks may be pre-generated upon boot-up or initiation of a session. An authentication code may be computed for each data structure (e.g., memory block or header block) by selecting a subset of the plurality of pre-generated keys and/or a mask from the plurality of pre-generated masks. The authentication code may be stored within the data structure for future verification of the integrity of the data structure. The keys and/or masks used for all authentication codes (e.g., for other data structures) may be selected from the same plurality of keys and/or masks during the same cycle or session. | 08-07-2014 |
20140223193 | SIGNATURE VERIFICATION APPARATUS, SIGNATURE VERIFICATION METHOD, PROGRAM, AND RECORDING MEDIUM - A signature verification apparatus including a signature acquisition unit configured to acquire a digital signature including first information generated based on a pair of multi-order multivariate polynomials F=(f | 08-07-2014 |
20140223194 | Cryptographic System of Symmetric-Key Encryption using Large Permutation Vector Keys - A method for use in encrypting data using a computer. The method comprises receiving data to be encrypted, defining a set of byte codes comprising user byte codes, storing a transformation vector defined from the set of byte codes, retrieving the transformation vector from the memory, transforming a block of the data from the data to be encrypted, translating values of the user byte codes from the block of data across the transformation vector, randomly selecting one or more reversible operations to perform, performing the reversible operations during the translation of the values of the user byte codes from the block of data, and inserting the translated values of the user byte codes into an encrypted block of data. | 08-07-2014 |
20140237257 | SCALABLE PRECOMPUTATION SYSTEM FOR HOST-OPAQUE PROCESSING OF ENCRYPTED DATABASES - A method, system, and computer program product to generate results for a query to an encrypted database stored on a host are described. The method includes generating indexes from the encrypted database, each index identifying records of the encrypted database associated with a range of data for at least one field stored in the records of the encrypted database, and generating index metadata associated with each index, the index metadata indicating the range of data identified by the associated index. The method also includes generating a sub-query from the query for each field associated with the query and determining a subspace of search within the encrypted database based on sub-query results obtained through the index metadata. The method further includes searching the subspace of the encrypted database to generate the results of the query. | 08-21-2014 |
20140237258 | DEVICE AND AUTHENTICATION METHOD THEREFOR - According to one embodiment, an authentication method includes generating, by the memory, first authentication information by calculating secret identification information with a memory session key in one-way function operation, transmitting encrypted secret identification information, a family key block, and the first authentication information to a host, and generating, by the host, second authentication information by calculating the secret identification information generated by decrypting the encrypted secret identification information with the host session key in one-way function operation. The method further includes comparing, by the host, the first authentication information with the second authentication information. | 08-21-2014 |
20140237259 | SYSTEMS/METHODS OF ENCRYPTION - Encryption is provided via an algorithm that maps a block of N input bits onto a block of M output bits, wherein M≧N. Encryption also may be provided in accordance with bit/bandwidth expansion, wherein M>N. At least one bit of the block of M output bits may be pseudo-randomly generated in accordance with a key and a statistical distribution. The statistical distribution may be any desired/preferred statistical distribution (including Gaussian or truncated Gaussian) and the key may be of any desired length that is deemed appropriate to satisfy un-breakability. | 08-21-2014 |
20140237260 | TELECOMMUNICATIONS DEVICE SECURITY - A mobile terminal for use with a cellular or mobile telecommunications network includes a normal execution environment and a secure execution environment The mobile terminal enables the software of the terminal in the secure execution environment to be updated. The terminal may be provided with minimal software initially in the secure execution environment, and is operable to subsequently update the software by over the air transmission of software. Also disclosed is a method for managing rights in respect of broadcast, multicast and/or unicast (downloaded) data. The method defines a service protection platform implemented on mobile terminals having both normal execution environment and secure execution environment. Service protection is provided by separating the operation of service protection application components into those that operate in the normal environment and those that are adapted to execute only in the secure execution environment. | 08-21-2014 |
20140237261 | PROCESS AUTHENTICATED MEMORY PAGE ENCRYPTION - A memory controller encrypts contents of a page frame based at least in part on a frame key associated with the page frame. The memory controller generates a first encrypted version of the frame key based at least in part on a first process key associated with a first process, wherein the first encrypted version of the frame key is stored in a first memory table associated with the first process. The memory controller generates a second encrypted version of the frame key based at least in part on a second process key associated with a second process, wherein the second encrypted version of the frame key is stored in a second memory table associated with the second process, the first process and the second process sharing access to the page frame using the first encrypted version of the frame key and the second encrypted version of the frame key, respectively. | 08-21-2014 |
20140237262 | SYSTEM AND METHOD FOR ESTABLISHING PERPETUAL TRUST AMONG PLATFORM DOMAINS - A method may include generating a first shared secret for a present boot session of the information handling system and determining if a second shared secret existed for a prior boot session of the information handling system. If the second shared secret existed for the prior boot session, the method may include encrypting the first shared secret with the second shared secret and communicating the first shared secret encrypted by the second shared secret from a first information handling resource to a second information handling resource. If the second shared secret did not exist for the prior boot session, the method may include communicating the first shared secret unencrypted from the first information handling resource to the second information handling resource. The method may additionally include securely communicating between the first information handling resource and the second information handling resource using the first shared secret for encryption and decryption. | 08-21-2014 |
20140245023 | DEVICE AND AUTHENTICATION METHOD THEREFOR - According to one embodiment, an authentication method includes generating, by the memory, first authentication information by calculating secret identification information with a memory session key in one-way function operation, transmitting encrypted secret identification information, a family key block, and the first authentication information to a host, and generating, by the host, second authentication information by calculating the secret identification information generated by decrypting the encrypted secret identification information with the host session key in one-way function operation. The method further includes comparing, by the host, the first authentication information with the second authentication information. | 08-28-2014 |
20140245024 | DEVICE AND AUTHENTICATION METHOD THEREFOR - According to one embodiment, an authentication method includes generating, by the memory, first authentication information by calculating secret identification information with a memory session key in one-way function operation, transmitting encrypted secret identification information, a family key block, and the first authentication information to a host, and generating, by the host, second authentication information by calculating the secret identification information generated by decrypting the encrypted secret identification information with the host session key in one-way function operation. The method further includes comparing, by the host, the first authentication information with the second authentication information. | 08-28-2014 |
20140245025 | SYSTEM AND METHOD FOR STORING DATA SECURELY - Systems, methods, and media may provide secure data storage. A request may be transmitted for a requested container to a database, the request comprising a requested container identifier of the requested container. The database may comprise containers, wherein each container is identified by a container identifier and comprises at least one record, a container session key table configured to store the container identifiers of the containers, a container session key share table configured to store encrypted user keys, and a container session key table configured to store session key shares, wherein each session key share corresponds to at least one encrypted user key. The requested container may be received from the database, and the database may provide the requested container by using the container session key table to identify the requested container. An encrypted user key corresponding to the requested container may be received from the database, and the requested container and the encrypted user key may be transmitted to an application framework. | 08-28-2014 |
20140250305 | REDUCING DECRYPTION LATENCY FOR ENCRYPTION PROCESSING - In a compression processing storage system, using a pool of encryption processing cores, the encryption processing cores are assigned to process either encryption operations, decryption operations, and decryption and encryption operations, that are scheduled for processing. A maximum number of the encryption processing cores are set for processing only the decryption operations, thereby lowering a decryption latency. A minimal number of the encryption processing cores are allocated for processing the encryption operations, thereby increasing encryption latency. Upon reaching a throughput limit for the encryption operations that causes the minimal number of the plurality of encryption processing cores to reach a busy status, the minimal number of the plurality of encryption processing cores for processing the encryption operations is increased. | 09-04-2014 |
20140250306 | DECISION SERVICE MANAGER - A decision service manager authenticating at a managed system hosting a decision service, in case of a successful authentication, the decision service manager sending a first status request to the managed system and receiving, in response to the first status request, a first indication of a current status of the managed system and authenticating at a target managed system, in case of a successful authentication at the target managed system, the decision service manager sending a second status request to the target managed system and receiving a second indication of a current status of the target managed system, the decision service manager performing a deployment readiness check comprising comparing the first and the second indication, and if a current status of the target managed system allows the target managed system to host the decision service, automatically deploying the decision service to the target managed system. | 09-04-2014 |
20140250307 | METHOD AND APPARATUS FOR SECURING KEYSTROKES FROM BEING INTERCEPTED BETWEEN THE KEYBOARD AND A BROWSER - The invention described herein provides a method and system for foiling a keylogger by creating a custom keyboard driver and passing the keystrokes directly to the browser in an encrypted format. The browser (which is used to access the Internet) has a component that decrypts the keystroke before it is sent to the website. Thus the present invention enables the user to go to any website and enter sensitive information (passwords, credit card numbers, etc.) without the keystrokes being intercepted by Keyloggers. | 09-04-2014 |
20140258729 | Stored Authorization Status for Cryptographic Operations - A hardware authentication device is disclosed that uses a cryptographic signature verification operation to authorize a subsequent cryptographic operation to be performed using the same or different keys and stores that authorization status in protected memory. The cryptographic algorithm may be an ECDSA signature, SHA-based Message Authentication Code (MAC) or any other cryptographic algorithm. The authorization status may be stored for a number of uses for a period of time or until a certain event occurs. In some implementations, the authorization status and the key that was authorized are stored in the same protected location in memory to preserve their relation to each other and prevent modification of either of them. Depending on system policy, the authorization mechanism might be a static stored external token that authorizes key use or an authorization process that is regenerated using a random (e.g., unique) number. | 09-11-2014 |
20140258730 | DATA PROTECTION USING PROGRAMMATICALLY GENERATED KEY PAIRS FROM A MASTER KEY AND A DESCRIPTOR - Systems and methods are disclosed for allowing an authority to monitor a computer user's information in a most palatable manner for the computer user. The authority is provided access to information with encrypted user identification information and the user is notified if decryption is facilitated. The systems and methods also include a novel key production system whereby large numbers of deterministic key pairs may be created for use in the monitoring system. | 09-11-2014 |
20140258731 | DATA ENCRYPTION SYSTEM AND METHOD - A data encryption method is implemented by a data encryption system including a processing unit and a plurality of operating units which are electrically connected to the processing unit. Each operating unit includes an encryption element and a memory element storing a plurality of encryption programs. Each encryption program has a different combination of encryption algorithm and encryption mode. The data encryption method includes steps of: selecting one of the encryption programs randomly by each encryption element; receiving, by each encryption element, one of a plurality of keys randomly generated; inputting an unencrypted data; dividing the unencrypted data into a plurality of unencrypted data blocks by the processing unit; and encrypting the unencrypted data blocks according to the selected encryption programs and received keys by the encryption elements, respectively, to generate an encrypted data. A data encryption system is also disclosed. | 09-11-2014 |
20140258732 | SOURCE IDENTIFICATION FOR UNAUTHORIZED COPIES OF CONTENT - Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content. | 09-11-2014 |
20140281570 | METHOD OF PERFORMING AN AUTHENTICATION PROCESS BETWEEN DATA RECORDING DEVICE AND HOST DEVICE - A method of performing an authentication process between a data recording device and a host device includes generating second controller identification information based on the first controller identification information, performing an authentication/key exchange process using the encrypted medium device key, the medium device key certificate, the host device key and the host device certificate to obtain medium device key certificate ID contained in the medium device key certificate, generating data recording device identification information based on the second controller identification information and the medium device key certificate ID, and generating a medium unique key based on the data recording device identification information. | 09-18-2014 |
20140281571 | Systems, Methods, and Devices for Encrypted Data Management - Key management for and automount of encrypted files, including recovering a master vault key file from an encoded vault key file, storing the vault key file within a previously mounted crypto key management virtual drive so as to provide a secure scratch pad area for temporary storage of the master vault key file. An open and mount module may then invoke a file mounting procedure by providing the vault key file name and a path corresponding to the crypto key management virtual drive to a virtual drive mounting module. The method of passing the vault key file to the file mounting utility module may comprise passing command line arguments equal to a pathname and filename to the file mounting utility. | 09-18-2014 |
20140281572 | Privacy Preserving Statistical Analysis on Distributed Databases - Aggregate statistics are securely determined on private data by first sampling independent first and second data at one or more clients to obtain sampled data, wherein a sampling parameter substantially smaller than a length of the data. The sampled data are encrypted to obtain encrypted data, which are then combined. The combined encrypted data are randomized to obtain randomized data. At an authorized third-party processor, a joint distribution of the first and second data is estimated from the randomized encrypted data, such that a differential privacy requirement of the first and second is satisfied. | 09-18-2014 |
20140281573 | ASYMMETRICALLY MASKED MULTIPLICATION - Methods and systems for masking certain cryptographic operations in a manner designed to defeat side-channel attacks are disclosed herein. Squaring operations can be masked to make squaring operations indistinguishable or less distinguishable from multiplication operations. In general, squaring operations are converted into multiplication operations by masking them asymmetrically. Additional methods and systems are disclosed for defeating DPA, cross-correlation, and high-order DPA attacks against modular exponentiation. | 09-18-2014 |
20140281574 | MULTI-RING ENCRYPTION APPROACH TO SECURING A PAYLOAD USING HARDWARE MODULES - Disclosed are systems and methods of employing a multi-ring encryption approach to secure a data payload. Each ring of encryption may be encrypted from a key derived from a password, such that each subsequent ring of protection is protected by a key derived from the key used to encrypt the previous ring of protection. Further, hardware-based encryption may be employed in one or more of the rings of protection to bind the encrypted payload to the hardware. Such systems and methods may be used to reduce the ability to parallelize an attack on encrypted data while also permitting password-related data to be synchronized across a network. | 09-18-2014 |
20140281575 | PRE-BOOT AUTHENTICATION USING A CRYPTOGRAPHIC PROCESSOR - An apparatus for cryptographic pre-boot authentication includes a cryptographic processor configured to perform cryptographic operations. The cryptographic processor includes a portion dedicated to the boot interface. The apparatus also includes a storage device storing machine readable code and a processor executing the machine readable code. The machine readable code includes a storage module storing a first cryptographic key on the cryptographic processor. The machine readable code further includes an encryption module encrypting an electronic message with a second cryptographic key. The machine readable code also includes a decryption module decrypting the electronic message with the first cryptographic key where an authorized user is granted access to a device upon successful decryption of the electronic message. | 09-18-2014 |
20140281576 | INFORMATION PROVIDING SYSTEM, INFORMATION PROCESSING APPARATUS, COMPUTER READABLE MEDIUM, AND INFORMATION PROVIDING METHOD - An information providing system includes first and second apparatuses. The first apparatus includes a memory storing a shared random number R | 09-18-2014 |
20140281577 | SYSTEM AND METHOD FOR MANAGING AND DIAGNOSING A COMPUTING DEVICE EQUIPPED WITH UNIFIED EXTENSIBLE FIRMWARE INTERFACE (UEFI)-COMPLIANT FIRMWARE - A computing device equipped with UEFI-compliant firmware is provided with added functionality via an extended firmware interface. The variable interface is called with special parameters, which redirect handling of firmware service calls. Embodiments use authenticated variables to provide security properties to the special interface, use the firmware interface to provide access to diagnostics, and use the firmware interface to provide access to system management. | 09-18-2014 |
20140281578 | SYSTEM AND METHOD FOR SECURE DATABASE QUERIES - Disclosed are a system and method of performing secure computations on a protected database. Embodiments of the method provide, in a secure processor, a database of cryptographically hashed values based on a database of cleartext values, receive a cryptographically hashed query value as input into the secure processor wherein the query value is a hash of a cleartext value that corresponds to a cleartext query, perform a comparison operation within the secure processor to determine the presence of the hashed query value within the database of cryptographically hashed values and provide the results of the comparison operation to an external interface of the secure processor, wherein the contents of the database of cryptographically hashed values and the comparison operations are encapsulated within the secure processor and unexposed externally therefrom. | 09-18-2014 |
20140281579 | Systems and Methods for Decrypting Digital Art and Imaging for Display of the Same - System and method for securing digital content comprising one or more display devices, each comprising a processing controller, a first memory, and a display screen, and configured to display digital content, an application, configured to run on a computer with a second memory and second processor, and configured to communicate via the internet with the processing controller of each display device, and a service cloud, comprising a server, a third memory, and a third processor, configured to store and manage digital content to be displayed on the display devices. The processing controller is configured to segment at least one digital content item into a plurality of segments, encrypt one or more of the segments, send a small portion of each of the encrypted segments to the third memory in the service cloud for storage, and store the remainder of the encrypted segments in the first memory. | 09-18-2014 |
20140281580 | REWARDING SYSTEM - An information processing method of convenience and an information processing system are disclosed. In some embodiments, the system includes acquiring a 1st attribute information from a person with a personal digital assistant that contains a 2nd attribute information; acquiring the 2nd attribute information from two or more personal digital assistants; comparing the acquired 1st attribute information with the acquired 2nd attribute information to form countervalue information; and storing the countervalue information in the personal digital assistant of the person from which the 1st attribute information was acquired. | 09-18-2014 |
20140289535 | Cryptographic System and Methodology for Securing Software Cryptography - A cryptosystem having a secure Cryptographic Virtual Machine (CVM) protected by a Tamper-Proof Virtual Layer (TPVL) for performing cryptography in software is described. The CVM and TPVL allow software applications to store and process cryptographic keys and data in a secure and tamper-proof manner, without requiring the use of a Hardware Security Module (HSM). | 09-25-2014 |
20140289536 | DEVICE, SYSTEM AND METHOD FOR SECURING AND COMPARING GENOMIC DATA - The present disclosure presents methods, systems, and devices for encrypting and comparing genomic data. The comparison of genomic data allows the owner of the data to ensure security of the data even when the party conducting the comparison is beyond the control of the owner of the data. The encryption of the genomic data enables the transmission, storage, and use of the genomic data in a secure media. | 09-25-2014 |
20140298038 | GENERATION OF RANDOMIZED MESSAGES FOR CRYPTOGRAPHIC HASH FUNCTIONS - Method(s) and system(s) for generation of randomized messages for cryptographic hash functions are described herein. The method includes obtaining a random value based on a randomization criterion to randomize a message. Further, a last data block of the message is populated with a randomization parameter to obtain a randomized message. The randomization parameter populated in the last block is computed using the random value. | 10-02-2014 |
20140304521 | TAMPERPROOF REGULATION OF A PROCESS, PRODUCTION, AND ACTUATING INSTALLATION - A method for regulating process, production, and/or actuating installation includes recording observation data records at installation components of the installation by respective recording units of the installation. The method also includes transmitting the observation data records to a central control apparatus of the installation via a field bus. The method further includes forming, at the control apparatus, associated actuating data record based on the transmitted observation data records. The method also includes transmitting the actuating data records to actuating units of the installation via filed buses. The method also includes adjusting the installation components from the actuating units based on the transmitted actuating data records. The observation data records are encrypted at the respective recording units before transmitted to the control apparatus The actuating data records are formed from the encrypted observation data records without decrypting the encrypted observation data records during the process of forming the actuating data records. | 10-09-2014 |
20140304522 | METHOD AND APPARATUS OF SECURELY PROCESSING DATA FOR FILE BACKUP, DE-DUPLICATION, AND RESTORATION - Disclosed are an apparatus and method of de-duplicating at least one data file. One example method may include requesting a list of data rows stored in a database to be de-duplicated, receiving the list of the data rows based on a single filekey associated with the at least one data file, copying the at least one data file to a data storage memory, and deleting the data rows entries from a file registry of the database. | 10-09-2014 |
20140304523 | Protecting Computers Using an Identity-Based Router - A router is placed between a protected computer and devices with which the computer communicates, including peripherals and other computers. The router includes a list of authorized devices that are permitted to send data to the protected computer, against which requests to send data are checked. The router also communicates with a remote authentication service to authenticate devices requesting such permission. The authentication service may be a cloud-based identity service. | 10-09-2014 |
20140310532 | UNLOCKING A STORAGE DEVICE - An electronic device has a lower power state in which power to a storage device is disabled. Predetermined information stored in a memory is useable to unlock the storage device during a procedure to transition the electronic device from the lower power state to a higher power state. The predetermined information is different from a credential for use in unlocking the storage device. | 10-16-2014 |
20140317417 | Generation of working security key based on security parameters - Techniques for improving security of an electronics device are disclosed. In one aspect of the present disclosure, security of a device may be improved by generating a working key based on a hardware secret key and at least one security parameter of the device, e.g., with a key derivation function. The security parameter(s) may be related to software to be authenticated on the device and/or other aspects of security for the wireless device. The security parameter(s) may indicate whether the software is authorized and/or at least one operating function authorized for the software. At least one security function may be performed for the device based on the working key. For example, the working key may be used to encrypt, sign, decrypt, or verify data for the device. The working key may be used directly or indirectly by the software for the at least one security function. | 10-23-2014 |
20140325235 | DECRYPT AND ENCRYPT DATA OF STORAGE DEVICE - Data read from a volume is decrypted using a first key. The decrypted data is encrypted using a second key. The encrypted data is written back to the volume. An access request to a location of the volume is received from a host. Data is encrypted to or decrypted from the location using the first or second key, in response to the access request. The first key is used for the access request if the location has not been decrypted using the first key and encrypted using the second key. The second key is used for the access request if the location has been decrypted using the first key and encrypted using the second key. | 10-30-2014 |
20140325236 | VEHICULAR IMAGE PROCESSING APPARATUS AND DATA PROCESSING METHOD USING THE SAME - Provided is a vehicular image processing apparatus for applying a different encryption scheme and access authority for each of a channel and a type of data with respect to an image recorded in a black box mounted in a vehicle, and a data processing method using the same. | 10-30-2014 |
20140325237 | PHYSICALLY UNCLONABLE FUNCTION (PUF) WITH IMPROVED ERROR CORRECTION - A cryptographic system for reproducibly establishing a reliable data string, such as a cryptographic key, from a noisy physically unclonable function (PUF, | 10-30-2014 |
20140331061 | DRIVE LEVEL ENCRYPTION KEY MANAGEMENT IN A DISTRIBUTED STORAGE SYSTEM - Disclosed are systems, computer-readable mediums, and methods for receiving an input/output operation regarding data associated with a distributed storage system that includes a plurality of storage devices. A key identifier associated with the I/O operation is determined. The key identifier identifies a key that has been divided into a number of key pieces. Two or more storage devices of the plurality of storage devices that contain one or more of the key pieces are determined and at least a threshold number of key pieces are requested from the two or more storage devices. The minimum number of key pieces needed to reconstruct the key is the threshold number. The key is reconstructed from the requested key pieces. A cryptographic function is performed on data associated with the I/O operation using the reconstructed key and the I/O operation is completed based upon the performed cryptographic function. | 11-06-2014 |
20140331062 | SYSTEM AND APPARATUS FOR SECURELY STORING DATA - Certain aspects of the invention pertain to the field of networked computing, and in particular to the field of data file security. Methods, systems and apparatuses are disclosed for encrypting and decrypting data stored and shared on networked data file storage devices such that the data may be accessed and manipulated by multiple users. | 11-06-2014 |
20140337637 | METHODS AND SYSTEMS FOR EXECUTING PROTECTED CONTENT - Various embodiments for enabling and protecting execution of encrypted electronic content in a client system. In various embodiments, there is a method for managing the state of the cache memory of the client system. In various embodiments, there is a method for protocol stack validation to confirm readiness of the client system to execute encrypted electronic content. In various embodiments, there is a method for protocol stack execution. | 11-13-2014 |
20140337638 | Systems and Methods for Secure Storage on a Mobile Device - In one embodiment the present invention includes a computer-implemented method for a mobile device. An application security status is detected. When the application security status is active an application passcode is required to access functionality of a mobile application operating on the mobile device. A first encryption of data associated with the mobile application is performed, where the first encryption uses a first encryption key when the application security status is active, and the first encryption uses a second encryption key when the application security status is not active. A mobile device passcode status is detected. When the mobile device passcode status is active a mobile device passcode is required to access functionality of the mobile computing device. A second encryption of the data is performed when the mobile device passcode status is active, where the second encryption uses a third encryption key. | 11-13-2014 |
20140337639 | STEGANOGRAPHIC EMBEDDING OF EXECUTABLE CODE - A method for digital immunity includes identifying a call graph of an executable entity, and mapping nodes of the call graph to a cipher table of obscured information, such that each node based on invariants in the executable entity. A cipher table maintains associations between the invariants and the obscured information. Construction of an obscured information item, such as a executable set of instructions or a program, involves extracting, from the cipher table, ordered portions of the obscured information, in which the ordered portions have a sequence based on the ordering of the invariants, and ensuring that the obscured information matches a predetermined ordering corresponding to acceptable operation, such as by execution of the instructions represented by the obscured information, or steganographic target program (to distinguish from the executable entity being evaluated). The unmodified nature of the executable entity is assured by successful execution of the steganographic target program. | 11-13-2014 |
20140344583 | METHODS FOR SECURE ENROLLMENT AND BACKUP OF PERSONAL IDENTITY CREDENTIALS INTO ELECTRONIC DEVICES - A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device. | 11-20-2014 |
20140344584 | SYSTEMS AND METHODS FOR CONTROLLING ACCESS TO SUPPLEMENTAL CONTENT INTEGRATED INTO EXISTING CONTENT - Methods and systems to allow for selective access to supplemental content that is associated with more generally distributed original content. In an embodiment, supplemental content may be encrypted, then integrated with original content using a steganographic technique. The resulting aggregated content may then be made available to users. Users may then extract the encrypted supplemental content from the original content. Those users having the proper privilege level may be given a cryptographic key to allow decryption of the supplemental content. Those without the necessary privilege will not be given this decryption key, and will therefore be unable to access the supplemental content. | 11-20-2014 |
20140351602 | APPARATUS AND METHOD FOR CONTROLLING TRANSPARENT TUNNEL MODE OPERATION IN COMMUNICATION SYSTEM SUPPORTING WIRELESS DOCKING PROTOCOL - A method for controlling a transparent tunnel mode operation in a Wireless Dockee (WD) in a communication system supporting a wireless docking protocol is provided. The method includes performing a group join process and a provisioning process for security keys with a Wireless Docking Center (WDC); accessing services of a Wireless Docking Environment (WDN); selecting an operating mode between the WD and the WDC as a transparent tunnel mode; performing a process of getting information related to a peripheral with the WDC; requesting the WDC to enable a monitor mode and a promiscuous mode; and transmitting/receiving a data packet using the information related to the peripheral with the peripheral if a Miracast connection and a docking session are established between the WD and the peripheral. | 11-27-2014 |
20140351603 | ENCRYPTION PROCESS PROTECTED AGAINST SIDE CHANNEL ATTACKS - The invention relates to a symmetric encryption process executed by a microcircuit to transform a message into an encrypted message from a secret key, the process including a first round, intermediary rounds, and a last round. According to the invention, the process includes several executions of the first round and of the last round, and a number of executions of at least one intermediary round, the number of executions being less than the number of executions of the first and last rounds. The invention is particularly applicable to DES, Triple DES, and AES processes. | 11-27-2014 |
20140359302 | System and Method for Intercept of UEFI Block I/O Protocol Services for BIOS Based Hard Drive Encryption Support - An information handling system and method performs Unified Extensible Firmware Interface (UEFI) interception and pre-processing of data associated with block input/output (I/O) commands targeting encrypted storage devices. A UEFI interceptor block (IB) I/O driver intercepts each block I/O command targeting block addresses on a storage device and identifies whether any of the target block addresses is encrypted. In response to identifying an encrypted block address among the target block addresses, the UEFI IB I/O driver forwards data associated with the encrypted block address to an encryption-decryption module to perform one of an encryption and a decryption of the data. Final handling of the block I/O command is performed using a block I/O driver chained to the UEFI IB I/O driver. Data associated with I/O commands targeting encrypted block addresses is first processed by the encryption-decryption module before final handling of the I/O command is performed by the block I/O driver. | 12-04-2014 |
20140359303 | Secure Original Equipment Manufacturer (OEM) Identifier for OEM Devices - An authorized information handling system (IHS) generates unique identifier codes for an OEM (programmable) device designed as a component for an IHS. An identifier generation and validation (IGV) controller in the authorized IHS generates a unique encrypted sequence by encrypting identification (ID) data read from the OEM device. The IGV controller generates a unique OEM identifier code by further encrypting the encrypted sequence using a first OEM proprietary code. The IGV controller writes the first identifier code to a pre-specified storage location of the OEM device. According to one embodiment, the IGV controller generates the unique OEM identifier code using a second reversible encryption-decryption component that comprises an Exclusive-OR (XOR) scrambler engine and generates the unique encrypted sequence using a first reversible encryption-decryption component that comprises an LFSR based scrambler, which utilizes polynomial coefficients that are securely generated and maintained. | 12-04-2014 |
20140359304 | TRUSTED MANAGER BRIDGE - A system and method for securing processing devices includes a police bridge disposed in one or more data busses between a central processing and input/output peripherals, components or components. The police bridge is suitably disposed between northbridge logic and southbridge logic. Alternatively, or in addition to such placement, a police bridge is suitably place between southbridge logic and super I/O logic. A police bridge is suitably a system-on-chip or fixed or programmable hardware. The police bridge monitors or controls its associated bus to determine whether acceptable data, with an associated certificate in other embodiments, is being communicated and signaling is generated accordingly. | 12-04-2014 |
20140359305 | APPLICATION INTEGRITY PROTECTION VIA SECURE INTERACTION AND PROCESSING - The present disclosure is directed to application integrity protection via secure interaction and processing. For example, interaction with a user interface in a device may result in input information being generated. Following encryption, the input information may be conveyed to an application executing in a secure processing environment. The encrypted input information may be received, decrypted and processed by the application. An example application may include a secure controller component, a secure model component and a secure view component. The secure controller component may, for example, provide change instructions to the secure model component based on the decrypted input information. The secure model component may then, if necessary, provide a change notification to the secure view component based on the change instructions. The secure view component may then generate output information, which may be encrypted prior to being provided to the user interface for decryption, processing and presentation. | 12-04-2014 |
20140359306 | SYSTEM, INFORMATION PROCESSING APPARATUS, SECURE MODULE, AND VERIFICATION METHOD - A system includes a secure module structured to prevent information stored therein from being externally referenced; and an information processing apparatus configured to enable communication with the secure module. The information processing apparatus includes a first computer configured to execute a first verification process of verifying whether an application under execution by the information processing apparatus is in a secure state. The secure module includes a second computer, and a storage unit configured to store at least any one among a first feature amount obtained by extracting a feature of execution code of the first verification process, and execution code of an authentication process of authenticating the first verification process. The second computer is configured to execute a second verification process of verifying whether the first verification process under execution by the first computer is in a secure state, based on stored contents of the storage unit. | 12-04-2014 |
20140359307 | IMAGE FORMING APPARATUS PERFORMING CONTROL OF BROWSING OF A FILE BY A TERMINAL, TERMINAL, FILE BROWSING CONTROL SYSTEM, IMAGE FORMING METHOD, AND RECORDING MEDIUM - There is provided an image forming apparatus that eliminates the need for separately preparing an encrypted file for each user. To achieve this, the image forming apparatus performs control of browsing of a browsing file that is browsed at a terminal. The document acquisition portion of the image forming apparatus acquires document data. The document encryption portion encrypts the document data with a public key as the browsing file. The position information setting portion sets position information to permit browsing of the browsing file encrypted by the document encryption portion in a viewer for causing the browsing file to be browsed at the terminal. In the case where it has been determined that the position information coincides with a current position, a browsing execution portion at the terminal uses a secret key to decrypt the browsing file for causing it to be browsed. | 12-04-2014 |
20140359308 | DISPLAY DEVICE WITH MOBILE HIGH-DEFINITION LINK PORT AND SIGNAL PROCESSING METHOD THEREOF - A signal processing method for a display device is provided. The display device is capable of connecting a portable consumer electronic device via a high-definition link (MHL) port. Via the communication bus (CBUS) in the MHL port, a set of encryption codes is provided to the portable consumer electronic device. Based on an encrypted identification fed back from the portable consumer electronic device, it is determined whether the portable consumer electronic device passes authentication. If the portable consumer electronic device passes the authentication, when a human interface device provides a user command to the display device, the user command is encrypted according to the set of encryption codes to generate an encrypted user command compliant to the CBUS specification. Via the CBUS of the MHL port, the encrypted user command is provided to the portable consumer electronic device. | 12-04-2014 |
20140359309 | DELETION OF CONTENT IN STORAGE SYSTEMS - The invention notably relates to a computerized system ( | 12-04-2014 |
20140365783 | METHOD AND SYSTEM FOR VERIFYING AUTHENTICITY OF AT LEAST PART OF AN EXECUTION ENVIRONMENT FOR EXECUTING A COMPUTER MODULE - A system for verifying authenticity of at least part of an execution environment for executing a computer program module. The system includes a processor and a storage for storing the computer program module and the execution environment. The computer program module is operative to cause the processor to process digital input data in dependence on a plurality of predetermined digital parameters. The system includes means for deriving at least part of one of the plurality of predetermined digital parameters from the at least part of the execution environment. | 12-11-2014 |
20140365784 | SETTING-DATA ENCRYPTING APPARATUS, INFORMATION PROCESSING APPARATUS, AND SETTING CHANGING METHOD - A setting-data encrypting apparatus includes an input device, a processor, and an output device. Setting data is input from the input device. The setting data indicates a detail to be newly set to an information processing apparatus whose performance-related setting is to be changed. The processor encrypts the setting data input via the input device. And the output device outputs encrypted data in a character string format. | 12-11-2014 |
20140372767 | Pooling entropy to facilitate mobile device-based true random number generation - A mobile device operating system pools any available entropy. The resulting entropy pool is stored in device memory. When storing entropy in memory, preferably memory addresses are randomly allocated to prevent an attacker from capturing entropy that might have already been used to create a random number. The stored entropy pool provides a readily-available entropy source for any entropy required by the operating system or device applications. Then, when a cryptographic application requests a true random number, the operating system checks to determine whether the pool has available entropy and, if so, a portion of the entropy is provided to enable generation (e.g., by a TRNG) of a true random number that, in turn, may then be used for some cryptographic operation. After providing the entropy, the operating system clears the address locations that were used to provide it so that another entity cannot re-use the entropy. | 12-18-2014 |
20140372768 | MULTI-LAYER DATA SECURITY - Data may be encrypted using a public key. From a plurality of functions executable on the data, one or more functions may be selected. The selected one or more functions may be associated with the encrypted data. The selected one or more functions may provide exclusive access to the data. A data structure specifying conditions for access to the one or more functions may be created. An exclusive interface to provide access to the one or more functions may be created. The interface, upon determining that one or more conditions from the conditions are satisfied, may grant access to the one or more functions. The encrypted data, the associated one or more functions, the data structure, and the interface may be included into an object. | 12-18-2014 |
20140372769 | Automatic Protocol Selection in Mixed-Protocol Secure Computation - Secure multi-party computation may be performed utilizing mixed protocols in order to improve performance. In particular, embodiments implementing mixed protocols can reduce run time and thereby lower the cost of performing secure computation. Algorithms for optimizing selection from mixed protocols are disclosed, including an algorithm based on integer programming or an efficient heuristic algorithm for the selection problem. According to certain embodiments a selection engine is configured to receive as inputs, a function description and cost parameter(s). Based upon execution of the integer programming algorithm and the application of heuristics, the selection engine is configured to generate an output comprising a single cryptographic protocol (e.g. garbled circuit or homomorphic encryption). By employing mixed protocol selection according to embodiments, a compiler responsible for implementing secure computations can identify and select the fastest underlying mixed cryptographic protocols. | 12-18-2014 |
20140372770 | SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. | 12-18-2014 |
20140380061 | Implementation Method of a Multifunctional MCU and such Multifunctional MCU - A method comprises steps of: acquiring a function operation instruction input by a user; and scanning a fingerprint of the user and performing identity authentication on the user according to the fingerprint, if an operation corresponding to the function operation instruction is authentication; storing data information into a preset storage space, if an operation corresponding to the function operation instruction is data information storage; charging a preset device, if an operation corresponding to the function operation instruction is charging. The multifunctional MCU comprises an acquisition module, an authentication module, a storing module and a charging module. | 12-25-2014 |
20140380062 | INFORMATION PROCESSING APPARATUS, IMAGE PROCESSING METHOD, AND PROGRAM - Provided is an information processing apparatus including a number acquisition unit configured to acquire a number used for a coefficient of each term constituting a set of a multi-order multivariate polynomial F=(f | 12-25-2014 |
20150012756 | DEVICE WITH PRIVILEGED MEMORY AND APPLICATIONS THEREOF - A device includes a key store memory, a rule set memory, a plurality of cryptographic clients, and a key store arbitration module. The key store memory stores a plurality of cryptographic keys and the rule set memory stores a set of rules for accessing the cryptographic keys. A cryptographic client is operable to issue a request to access a cryptographic key(s) and, when access to the cryptographic key is granted, execute a cryptographic function regarding at least a portion of the cryptographic key to produce a cryptographic result. The key store arbitration module is operable to determine whether the request to access the cryptographic key is valid; when the request is valid, interpret the request to produce an interpreted request; access the rule set memory based on the interpreted request to retrieve a rule of the set of rules; and grant access to the cryptographic key in accordance with the rule. | 01-08-2015 |
20150019874 | APPARATUS AND METHOD FOR GENERATING ELECTRONIC BOOK, AND APPARATUS AND METHOD FOR VERIFYING INTEGRITY OF ELECTRONIC BOOK - Disclosed are an apparatus and method for generating an electronic book (e-book) and an apparatus and method for verifying integrity of an e-book. An e-book including information for verifying the integrity of the e-book is generated, and the integrity of an e-book is verified from information included in the e-book to determine whether or not the e-book has been falsified. Accordingly, an e-book is generated to conform to the electronic publication (EPUB) standard and to include information for protecting the copyright of the e-book, so that the e-book market can be activated. | 01-15-2015 |
20150019875 | PORTABLE DEVICE FOR DATA ENCRYPTION/DECRYPTION AND/OR COMPRESSION/DECOMPRESSION - Portable integrated device ( | 01-15-2015 |
20150019876 | SUPPORT FOR SECURE OBJECTS IN A COMPUTER SYSTEM - A method and structure in a computer system, including a mechanism supporting a Secure Object that includes code and data that is cryptographically protected from other software on the computer system. | 01-15-2015 |
20150019877 | SCALABLE PRECOMPUTATION SYSTEM FOR HOST-OPAQUE PROCESSING OF ENCRYPTED DATABASES - A method, system, and computer program product to generate results for a query to an encrypted database stored on a host are described. The system includes a host comprising a storage device to store the encrypted database, and a a secure processor to generate indexes and index metadata from the encrypted database, each index identifying records of the encrypted database associated with a range of data for at least one field stored in the records of the encrypted database and the metadata indicating the range of data identified by the associated index. The system also includes an interface of the host to receive the query, and a host processor to generate a sub-query form the query for each field associated with the query. Based on sub-query results obtained through the index metadata, the secure processor searches a subspace of the encrypted database to generate the results of the query. | 01-15-2015 |
20150026481 | Computation Protected Against Spying - The invention provides a method for executing a cryptographic computation comprising a plurality of blocks while employing secret data in a processor, said executing being protected against spying out of secret data. To achieve a computational result of the computation, there is executed a multiple computation in which the computation is executed several times, at least twice. Within the multiple computation, blocks of the several, at least two, executions of the computation are executed in interlaced order. | 01-22-2015 |
20150026482 | SYSTEMS, METHODS, SOFTWARE, AND COMPONENTS USING TAMPER-PROOF REAL-TIME CLOCK - The write-access control line for an RTC is combined with a clear line for an RTC signature register, so that changes to the RTC will cause subsequent reads to return an invalidity flag. | 01-22-2015 |
20150033032 | ENCRYPTED DATABASE SYSTEM, CLIENT TERMINAL, DATABASE SERVER, DATA LINKING METHOD AND PROGRAM - An encrypted database system or the like, which make it possible to perform linking between a plurality of tables without decrypting them and further to reduce a risk of the data correlation leaking out, is provided. A client terminal ( | 01-29-2015 |
20150033033 | Efficient Homomorphic Encryption Scheme for Bilinear Forms - In one exemplary embodiment, a computer readable storage medium tangibly embodying a program of instructions executable by a machine for performing operations including: receiving information B to be encrypted as a ciphertext C in accordance with an encryption scheme having an encrypt function; and encrypting B in accordance with the encrypt function to obtain C, the scheme utilizes at least one public key A, where B, C, and A are matrices, the encrypt function receives as inputs A and B and outputs C as C←AS+pX+B(mod q), S is a random matrix, X is an error matrix, p is in integer, q is an odd prime number. In other exemplary embodiments, the encryption scheme includes a decrypt function that receives as inputs at least one private key T (a matrix) and C and outputs B as B=T | 01-29-2015 |
20150039901 | FIELD LEVEL DATABASE ENCRYPTION USING A TRANSIENT KEY - Embodiments of the present invention disclose a method, system, and computer program product for implementing user specific encryption in a database system. A computer receives a query statement including a user specific key and data, the data including data needing encryption and non-encrypted data. The computer encrypts the data needing encryption using the user specific key. The computer inserts both the encrypted data and the non-encrypted data into a table row in a database. The computer creates a hash of the user specific key, and stores the hash of the user specific key in the table row with the data. | 02-05-2015 |
20150039902 | DIGEST OBFUSCATION FOR DATA CRYPTOGRAPHY - Execution of an obfuscation application may cause a computing device to translate bits of a hashed value according to a sparse bit selection pattern, the sparse bit pattern including a translation of bits of the hashed value into reordered bit unit groupings sized according to a numeric base of a digit cypher; and generate an obfuscated value using the translated bit unit groupings of the hashed value as indices into the digit cypher, the digit cypher including a mapping of the indices to output values in the numeric base. The obfuscation application may further cause the device to receive a target value to be obfuscated in data records received from a data source, hash the target value using a hashing module to create the hashed value, in some cases truncate the hashed value, and replace the target value in the data records with the obfuscated value. | 02-05-2015 |
20150039903 | MASKING QUERY DATA ACCESS PATTERN IN ENCRYPTED DATA - A method for encrypting a database includes the following step. Keywords in the database are encrypted to obtain encrypted search tags for the keywords. A table of reverse indices is generated for the encrypted search tags. A table of cross keyword indices is generated. A method for searching in an encrypted database includes the following steps. A search is formulated as a conjunct of two or more atomic search queries. One of the conjuncts is selected as a primary atomic search query. Search capabilities are generated for a secondary atomic search query using the primary atomic search query and the secondary atomic search query. Such methods mask query data and the actual composition of the database to reduce computation complexity and privacy leakage. | 02-05-2015 |
20150039904 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - Speed-up of a cryptographic process by software (program) is realized. A data processing unit which executes a data process according to a program defining a cryptographic process sequence is included, and the data processing unit, according to the program, generates a bit slice expression data based on a plurality of plain text data items which are encryption process targets and a bit slice expression key based on a cryptographic key of each plain text data item, generates a whitening key and a round key based on the bit slice expression key, executes the cryptographic process including operation and movement processes of a block unit of the bit slice expression data, and an operation using the round key, as a process according to a cryptographic algorithm Piccolo, and generates the plurality of encrypted data items corresponding to the plurality of plain text data items by the reverse conversion of the data with respect to the cryptographic process results. | 02-05-2015 |
20150046718 | DETERMINING AN IDENTIFIER - A method for determining an identifier on the basis of a multiplicity of cells is proposed, wherein the cells are subdivided into subsets, wherein the fact of whether a reconstructable information item is determinable is ascertained for each of the subsets, wherein, if a reconstructable information item is determinable for a subset, the reconstructable information item is determined and stored, wherein, if a reconstructable information item is not determinable for a subset, an error information item is determined and stored for this subset. | 02-12-2015 |
20150046719 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing device including: a data processing unit that generates an encryption key of content; and a communication unit that transmits an encryption key generated by the data processing unit, wherein the data processing unit generates, as the encryption key, individual keys that are different for each new content recording prates sing on a recording medium in a content recording device, and transmits the individual keys through the communication unit. | 02-12-2015 |
20150046720 | HOST DEVICE, SEMICONDUCTOR MEMORY DEVICE, AND AUTHENTICATION METHOD - According to one embodiment, encrypted secret identification information (E-SecretID) and the key management information (FKB) are read from a memory device. Encrypted management key (E-FKey) is obtained using the key management information (FKB) and index information (k). The index information (k) and the encrypted management key (E-FKey) are transmitted to the semiconductor memory device. An index key (INK) is generated using the first key information (NKey) and the received index information (k). The encrypted management key (E-FKey) is decrypted using the index key (INK) to obtain management key (FKey), which is transmitted to the host device. | 02-12-2015 |
20150052366 | EFFICIENT DATA REHYDRATION - A system for an efficient data rehydration comprises a server, one or more reader device managers, a writer device manager, and a verifier. The server is for receiving a restore list comprising a plurality of storage locations and lengths for performing a data rehydration. The one or more reader device managers is for reading a data set indicated by the restore list by reading the plurality of storage locations for the lengths from one or more storage nodes. The plurality of storage locations and lengths indicate chunks from a client system stored as part of a full or as an incremental backup session on a storage device attached to a storage node. The writer device manager is for transferring the data set to a save node. A verifier is for verifying transfer of the data set. | 02-19-2015 |
20150052367 | APPARATUS AND METHOD FOR PROVIDING HARDWARE SECURITY - A technique to provide a hardware security module that provides a secure boundary for retention of a secure key within the secure boundary and prevention of unauthorized accesses from external sources outside of the secure boundary to obtain the secure key. The hardware security module includes a security processor to unwrap and authenticate a secure key within the secure boundary to decrypt or encrypt data and to provide data through a single interface that communicates with external sources, so that all data transfers between the secure boundary, formed by the hardware security module, and external sources are transferred only through the interface. The hardware security module ensures no unwrapped key leaves the secure boundary established by the hardware security module. | 02-19-2015 |
20150058637 | METHOD AND APPARATUS FOR TRANSPARENTLY ENCRYPTING AND DECRYPTING COMPUTER INTERFACE DATA - In general, embodiments of the invention include methods and apparatuses for securing otherwise unsecured computer interfaces by performing transparent data encryption and decryption. According to certain transparency aspects, the encryption and decryption functionality of the invention do not require any changes to the software layers such as file systems, device drivers, operating systems, or applications. Embodiments of the invention offload encryption key management to a centralized key management system that can be remotely located from the secured computer. Alternative embodiments perform key management locally. | 02-26-2015 |
20150058638 | Data Transcription in a Data Storage Device - A method of protecting information in a data storage device is provided. The method includes receiving, in the data storage device, encrypted data via a host computer in which the data storage device is employed. The encrypted data is then decrypted, and re-encrypted, in the data storage device, either before storage or just before data is transferred back to the host computer. The decryption and re-encryption (transcription) is performed substantially independently of the host computer. In addition, a data storage device, readable by a computer system, for implementing the above method for protecting information is provided. | 02-26-2015 |
20150067349 | VIRTUAL BANDS CONCENTRATION FOR SELF ENCRYPTING DRIVES - An apparatus includes a storage device and a host device. The storage device may be configured to encrypt and decrypt user data during write and read operations, respectively. The host device is communicatively coupled to the storage device. The host device may be configured to execute the write and read operations by concentrating a first number of virtual bands into a second number of real bands, wherein said second number is smaller than said first number. | 03-05-2015 |
20150067350 | FIELD-BUS DATA TRANSMISSION - A communication subscriber for a field-bus system for transmitting data, comprises a safety layer with an error-safety layer protecting the data against random data transmission errors and an information-security layer protecting against manipulation of data and/or against unauthorized reading of data. The communication subscriber is configured during transmission mode to process the data to be transmitted first by means of the error-safety layer and then by means of the information-security layer, and during receipt mode to process the data first by means of the information-security layer and then by means of the error-safety layer. | 03-05-2015 |
20150067351 | Method and Device for Data Confidentiality Protection Based on Embedded Universal Integrated Circuit Card - Embodiments of the present invention provide a method and device for data confidentiality protection based on an embedded universal integrated circuit card. An embodiment method includes determining that a terminal device is not held by an authorized user; setting an eUICC in the terminal device to an unavailable state; and instructing the eUICC to perform confidentiality protection processing on data in the eUICC. | 03-05-2015 |
20150074421 | SECURITY SYSTEM - A security system includes a controller manufacturer, a key issuer, and a medium manufacturer. The controller manufacturer writes a controller key Kc and a controller unique ID (IDcu) in the controller at the time of manufacturing the controller, and transmits the controller key Kc to the key issuer. The key issuer generates a medium device key Kmd_i and a medium device key certificate Cert | 03-12-2015 |
20150074422 | ELECTRONIC CIRCUIT AND METHOD FOR MONITORING A DATA PROCESSING - According to one embodiment, an electronic circuit is described comprising a processing circuit configured to perform a data processing including a plurality of successive operations, wherein in at least some of the plurality of operations, a predetermined input value is processed; a check value memory; a controller configured to check, for each operation of the data processing performed by the processing circuit, whether the predetermined input value is processed in the operation, and, if the predetermined input value is processed in the operation, combine the predetermined input value to the content of the check value memory and a detector configured to check, when the processing is complete, whether the content of the check value memory is equal to a predetermined value. | 03-12-2015 |
20150074423 | Digitizing Documents - The present embodiments disclose methods and devices for digitizing documents. The device includes a document-scanning device designed to digitize at least one document existing as a hard copy, and having a security device that is designed to protect the at least one digitize document against unauthorized access on the basis of an identifier that is only valid once. | 03-12-2015 |
20150074424 | AVIONICS GATEWAY INTERFACE, SYSTEMS AND METHODS - Systems and methods are provided for FAA-certified avionics devices to safely interface with non-certified mobile telecommunications devices before, during, and after flight. Data transmitted to the certified devices do not affect functionality of the certified device unless and until a user acknowledges and/or confirms the data on the certified device. Thus, the integrity of the certified device is maintained. | 03-12-2015 |
20150082047 | EFFICIENT MULTIPLICATION, EXPONENTIATION AND MODULAR REDUCTION IMPLEMENTATIONS - In one embodiment, the present disclosure provides a method that includes segmenting an n-bit exponent e into a first segment e | 03-19-2015 |
20150082048 | KEYING INFRASTRUCTURE - A keying infrastructure may generate and/or manage cryptographic keys. The cryptographic keys may include identity keys, encryption keys, and a variety of other types of keys. The cryptographic keys may be derived or created with a key derivation function (KDF) or other one-way function. The cryptographic keys may include keys that are accessible to a boot loader, keys that are accessible to particular components of a Trusted Execution Environment (TrEE), and so on. In some examples, a key may be derived from a preceding key in a sequence of keys. The preceding key may be deleted when the key is derived. | 03-19-2015 |
20150082049 | ACCESSORY AUTHENTICATION FOR ELECTRONIC DEVICES - Improved techniques to control utilization of accessory devices with electronic devices are disclosed. The improved techniques can use cryptographic approaches to authenticate electronic devices, namely, electronic devices that interconnect and communicate with one another. One aspect pertains to techniques for authenticating an electronic device, such as an accessory device. Another aspect pertains to provisioning software features (e.g., functions) by or for an electronic device (e.g., a host device). Different electronic devices can, for example, be provisioned differently depending on different degrees or levels of authentication, or depending on manufacturer or product basis. Still another aspect pertains to using an accessory (or adapter) to convert a peripheral device (e.g., USB device) into a host device (e.g., USB host). The improved techniques are particularly well suited for electronic devices, such as media devices, that can receive accessory devices. One example of a media device is a media player, such as a hand-held media player (e.g., music player), that can present (e.g., play) media items (or media assets). | 03-19-2015 |
20150082050 | Anonymous Links to Protect Consumer Privacy - A method and system for bringing together online and offline advertising uses anonymous links that are associated with consumer data. The anonymous links allow processing without personally identifiable information (PII) in a secure environment. Data is matched using the anonymous links. The method and system allows a marketer to utilize offline data to precisely target advertisements without the use of PII, and to perform analytics concerning the use of the online advertisements to more precisely determine the effectiveness of multichannel marketing efforts. | 03-19-2015 |
20150082051 | Method for Formatting and Distributing Electronic Data - A method for formatting and distributing electronic data through a middleware system. A data unit received by the middleware system from an originating system is converted into a formatted data unit and forwarded to a primary destination system. A primary destination identification is retrieved from an information table of the data unit. The primary destination identification is compared to a destination identification in a register of destination systems for a plurality of destination systems. If the primary destination identification matches the destination identification of one of the plurality of destination systems, then formatting specifics for the primary destination system are retrieved from the register of destination systems. The data unit is then converted into the formatted data unit according to the formatting specifics of the primary destination system and the formatted data unit is sent to the primary destination system. Methods for encrypting, decrypting, and authenticating data are also employed. | 03-19-2015 |
20150082052 | ENCRYPTION-ENABLED INTERFACES - Decryption apparatus includes an input memory ( | 03-19-2015 |
20150089242 | ENTROPY STORAGE RING HAVING STAGES WITH FEEDBACK INPUTS - An entropy storage ring includes an input node, a plurality of serial-connected stages, and an output node. Each stage includes an XOR (or XNOR) circuit, a delay element having an input coupled to the XOR output, and a combinatorial circuit having an output coupled to a second input of the XOR. The combinatorial circuit may be a NAND, NOR, AND or OR gate. A first input of the XOR is the data input of the stage. The output of the delay element is the data output of the stage. A first input of the combinatorial circuit is coupled to receive an enable bit from a configuration register. A second input of the combinatorial circuit is coupled to the ring output node. In operation, a bit stream is supplied onto the ring input node. Feedback of multiple stages are enabled so that the bit stream undergoes complex permutation as it circulates. | 03-26-2015 |
20150095655 | APPARATUS AND METHOD FOR IMPLEMENTING ZERO-KNOWLEDGE PROOF SECURITY TECHNIQUES ON A COMPUTING PLATFORM - An apparatus and method for zero knowledge proof security techniques within a computing platform. One embodiment includes a security module executed on a processing core to establish a domain of trust among a plurality of layers by sending a challenge from a verification layer to a first prover layer, the challenge comprising an indication of at least one selected option; in response to receiving the challenge, generating first verification information at the first prover layer based on the secret and the indication of the selected option; sending the first verification information to at least a second prover layer, the second prover layer generating second verification information based on the first verification information and the indication of the selected option; and performing a verification operation at the verification layer using the second verification information based on the selected option. | 04-02-2015 |
20150095656 | APPARATUS FOR CODE OBFUSCATION AND METHOD THEREOF - Disclosed is an apparatus for code obfuscation includes: an input unit that receives execution codes for android applications; a code analyzer that separates the input execution codes into sensitive codes that needs to be protected from application forgery attack and general codes except for the sensitive codes by analyzing the input execution codes; a dalvik to C code converter that creates native codes by converting the sensitive codes into a C code; an obfuscator that obfuscates the native codes and the general codes; a self code protector that encrypts the obfuscated native codes by adding a tamper-detection code to the obfuscated native codes and then creates self-modified native codes by adding a loading routine; and a code combiner that combines the self-modified native codes with the obfuscated general codes. | 04-02-2015 |
20150095657 | Processing Extensible Markup Language Security Messages Using Delta Parsing Technology - Markup language security messages are processed. A template corresponding to a markup language security message is identified. The markup language security message is parsed for variable values using the template. A transition sequence is generated that represents the entire markup language security message. Each transition in the transition sequence is associated with a portion of the markup language security message. A lightweight data model of the markup language security message is populated using the transition sequence. The lightweight data model includes nodes for the variable values and a set of selected constant values. | 04-02-2015 |
20150100791 | CRYPTOGRAPHIC MULTI-SHADOWING WITH INTEGRITY VERIFICATION - A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided. | 04-09-2015 |
20150100792 | SEMICONDUCTOR DEVICE AND A METHOD OF MANUFACTURING A SEMICONDUCTOR DEVICE - A semiconductor device having a plurality of on-chip processors, a plurality of key RAMs, a plurality of key RAM controllers, a fuse bank, a fuse bank controller and a boot controller is described. The boot controller is arranged to, in a first programming stage, allocate a first array of fuses in the fuse bank in dependence on the size of a first device key for storing the first device key in the fuse bank, and, during boot-time, provide the first device key to a first key RAM controller. The fuse bank controller is arranged to program the first array of fuses with the first device key in the first programming stage, provide the first device key to the boot controller during boot-time, and prevent access to the first device key in the fuse bank during run-time. The first key RAM controller is arranged to, during boot-time, store the first device key in the first key RAM, and, during run-time, restrict access to the first device key in the first key RAM to exclusive access by the first on-chip processor. The first on-chip processor is arranged to, during run-time, retrieve the first device key from the first key RAM ( | 04-09-2015 |
20150100793 | Method of Improving FPGA Security Using Authorization Codes - A method for securely programming a population of authorized FPGAs includes defining the population of authorized FPGAs, generating an encrypted configuration bitstream for the population of authorized FPGAs, generating an individual Authorization Code for each FPGA in the population of authorized FPGAs, feeding the individual Authorization Codes into the FPGAs in the population of FPGAs, feeding the encrypted configuration bitstream into all of the FPGAs in the population of FPGAs, and in each FPGA using the Authorization Code to decrypt the encrypted configuration bitstream to program the FPGA. | 04-09-2015 |
20150100794 | METHOD FOR SIGNING A SET OF BINARY ELEMENTS, AND UPDATING SUCH SIGNATURE, CORRESPONDING ELECTRONIC DEVICES AND COMPUTER PROGRAM PRODUCTS - In one embodiment, it is proposed a method for signing a set of binary element comprising n elements, where n is an integer, by an electronic device. Such method is remarkable in that it outputs a signature associated to the set, that can be derived by the use of the public key when one or several new elements are added to the set. | 04-09-2015 |
20150106626 | SHARED ENCRYPTED STORAGE - An improved key encryption system is provided for encrypting sensitive data on a shared data store. Various embodiments contemplate a system where a plurality of data clients are connected to one or more shared data stores. A secure data storage facility is provided on one or more of the shared data stores by using an encryption scheme. Encryption keys for decrypting the sensitive data are stored on the same data store as sensitive data which may be decrypted using the encryption keys in question. To provide another layer of protection, the data encryption keys are themselves encrypted using a key encryption key (KEK), which is generated by, and stored in a local persistent data store associated with the data clients. | 04-16-2015 |
20150106627 | DEVICES, METHODS, AND SYSTEMS FOR ANALYZING CAPTURED IMAGE DATA AND PRIVACY DATA - Computationally implemented methods and systems include acquiring a block of encrypted data that corresponds to an image that has been encrypted through use of a unique device code associated with an image capture device configured to capture the image that includes a representation of a feature of an entity, obtaining a privacy metadata that corresponds to a detection of a privacy beacon in the image, said at least one image captured by the image capture device, said privacy beacon associated with the entity, and determining, at least partly based on the obtained privacy metadata, and partly based on a calculation related to the block of encrypted data that corresponds to the whether to allow one or more processes related to the encrypted data block. In addition to the foregoing, other aspects are described in the claims, drawings, and text. | 04-16-2015 |
20150106628 | DEVICES, METHODS, AND SYSTEMS FOR ANALYZING CAPTURED IMAGE DATA AND PRIVACY DATA - Computationally implemented methods and systems include acquiring a block of encrypted data that corresponds to an image that has been encrypted through use of a unique device code associated with an image capture device configured to capture the image that includes a representation of a feature of an entity, obtaining a privacy metadata that corresponds to a detection of a privacy beacon in the image, said at least one image captured by the image capture device, said privacy beacon associated with the entity, and determining, at least partly based on the obtained privacy metadata, and partly based on a calculation related to the block of encrypted data that corresponds to the whether to allow one or more processes related to the encrypted data block. In addition to the foregoing, other aspects are described in the claims, drawings, and text. | 04-16-2015 |
20150106629 | METHODS AND SYSTEMS FOR COMPLIANCE MONITORING IN SECURE MEDIA-BASED CONFERENCING - Methods and apparatuses, including computer program products, are described for compliance management of media-based (e.g., video and/or audio) conference sessions. A compliance module of a server computing device joins a conference session between a first end point device and a second end point device, wherein the first device is associated with a first entity and the second device is associated with a second entity. The compliance module determines compliance profiles associated with the first device and the second device. The compliance module monitors the conference session to identify session content to be archived according to the first compliance profile and the second compliance profile. The compliance module transmits the session content to data stores associated with the first entity and the second entity. | 04-16-2015 |
20150106630 | APPARATUS AND METHOD FOR HARDWARE-BASED SECURE DATA PROCESSING USING BUFFER MEMORY ADDRESS RANGE RULES - Disclosed is a processor for processing data from a buffer memory. The processor, implemented in hardware, may allow writing of output data, processed based on input data from at least one secure location associated with a secure address range of the buffer memory, to one or more secure locations associated with the secure address range. Further, the processor may block writing of output data, processed based on input data from at least one secure location associated with the secure address range, to one or more insecure locations associated with an insecure address range of the buffer memory. | 04-16-2015 |
20150113285 | MULTIPLE APPLICATION PLATFORM OWNER KEYS IN A SECURE OBJECT COMPUTER SYSTEM - The computer system includes a first memory to store an executable file of a first application platform owner (APO). The executable file includes an owner identification object and an encrypted secure object payload. The computer system includes a key store having one nonvolatile key slot for each of two or more APOs. Each key slot stores one or more keys of a respective APO. The computer system further includes a processor configured upon receiving the executable file to identify a first key slot in the key store corresponding with the owner identification object. The first key slot is associated with the first APO. The processor is configured to determine whether the executable file is authentic using an APO key. Furthermore the processor decrypts the encrypted secure object payload using a first key of the first APO if the executable file is determined to be authentic. | 04-23-2015 |
20150113286 | METHOD AND SYSTEM FOR CHAIN TRANSFORMATION - A method and system for secure data protection is provided. The method and system includes carrying out a transform on structured data comprising a fixed data field for implementing an application, the structured data having n segments, each having m bits, including: encoding each of the n segments subsequently to provide n coded segments, including: encoding each of the (n−1) segments depending on a previous segment value; and changing at least one of the n encodings to the n segments such that the fixed data field of a first structured data is encoded differently from the fixed data field of a second structured data, and the transformed first structure data and the transformed second structure data are further processed in the same operation for implementing the application. | 04-23-2015 |
20150113287 | Decrypting Content Samples Including Distinct Encryption Chains - Embodiments may be configured to receive a protected version of content that includes multiple encrypted content samples. In various embodiments, each encrypted content sample includes multiple encrypted blocks. For a given encrypted content sample, different sets of encrypted blocks in that sample may form different encryption chains. The protected version of the content may further include decryption information for decrypting the encrypted content samples. The decryption information may include at least some initialization vectors generated dependent upon non-content information that is not included in the protected version of the content. The non-content information may be from a different protected version of the content. Embodiments may be configured to use the decryption information to decrypt one or more of the encrypted content samples. | 04-23-2015 |
20150113288 | Method and Apparatus for Secure Execution Using a Secure Memory Partition - A processor capable of secure execution. The processor contains an execution unit and secure partition logic that secures a partition in memory. The processor also contains cryptographic logic coupled to the execution unit that encrypts and decrypts secure data and code. | 04-23-2015 |
20150113289 | Method and Apparatus for Secure Execution Using a Secure Memory Partition - A processor capable of secure execution. The processor contains an execution unit and secure partition logic that secures a partition in memory. The processor also contains cryptographic logic coupled to the execution unit that encrypts and decrypts secure data and code. | 04-23-2015 |
20150113290 | CONTAINERLESS DATA FOR TRUSTWORTHY COMPUTING AND DATA SERVICES - A digital escrow pattern and trustworthy platform is provided for data services including mathematical transformation techniques, such as searchable encryption techniques, for obscuring data stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Using the techniques of a trustworthy platform, data (and associated metadata) is decoupled from the containers that hold the data (e.g., file systems, databases, etc.) enabling the data to act as its own custodian through imposition of a shroud of mathematical complexity that is pierced with presented capabilities, such as keys granted by a cryptographic key generator of a trust platform. Sharing of, or access to, the data or a subset of that data is facilitated in a manner that preserves and extends trust without the need for particular containers for enforcement. | 04-23-2015 |
20150121086 | SYSTEMS AND METHODS FOR SECURE PROCESSING WITH EMBEDDED CRYPTOGRAPHIC UNIT - Processor system with a general purpose processor and a cryptographic processor dedicated to performing cryptographic operations and enforcing the security of critical security parameters. The cryptographic processor prevents exposure of critical security parameters outside the cryptographic processor itself, and instead implements a limited scripting engine, which can be used by the general purpose processor to execute operations that require the critical security parameters. | 04-30-2015 |
20150121087 | Method and Apparatus for Secure Execution Using a Secure Memory Partition - A processor capable of secure execution. The processor contains an execution unit and secure partition logic that secures a partition in memory. The processor also contains cryptographic logic coupled to the execution unit that encrypts and decrypts secure data and code. | 04-30-2015 |
20150127952 | METHOD AND APPARATUS FOR CONTROLLING ACCESS TO ENCRYPTED DATA - A method and apparatus for controlling access to encrypted data is provided. The device comprises: a processor and a memory, the processor configured to: control access to encrypted data, stored at the memory, the encrypted data categorized according to a plurality of categories, using a respective encryption key for each category in the plurality of categories; and, control access to a given encryption key according to given criteria associated with a given category, respective criteria different for each respective category, access to the given encryption key including one or more of, when the respective criteria are met: generating the given encryption key and decrypting the given encryption key. | 05-07-2015 |
20150127953 | ENCODING APPARATUS AND METHOD - Provided is an encoding apparatus including a communication unit configured to receive data from an outside, a memory configured to store an instruction for encoding the data, and a processor configured to encode the data according to the instruction, in which the instruction includes an instruction for encoding the data using a first table for looking up and calculating a result value obtained by encoding according to a predetermined pattern in an a-th round, and when among first to fourth data included in data obtained by encoding through the first table, an i-th bit of exclusive OR of the second to fourth data and a j-th bit of the first data are different, an instruction for encoding the data using a second table for looking up and calculating a result value calculated by performing additional encoding on exclusive OR of the first to fourth data. | 05-07-2015 |
20150127954 | OPERATING SYSTEM - An example server-based system is provided, which includes at least one server configured with a clinical operating system having a plurality of application services, the application services configured to provide at least one of authoritative information and demographic information associated with a clinical operating system context, and with their respective services, and a services module configured with an application services layer that is configured to handle security of the plurality of application services via a security module configured to encrypt messages provided by the application services based on a public key infrastructure standard. | 05-07-2015 |
20150134971 | APPARATUS AND METHOD FOR DECRYPTING ENCRYPTED FILE - An apparatus and method for decrypting an encrypted MS Office file using a key other than a password used for encryption, based on a time-memory trade-off (TMTO) technique. The apparatus for decrypting an encrypted file includes a table generation unit for generating a table corresponding to an encryption algorithm used in an encrypted file. A data extraction unit extracts an encryption header from the encrypted file, and extracts encrypted fixed plaintext of a block corresponding to the extracted encryption header. A data search unit generates a key chain based on the encrypted fixed plaintext, generates final key candidates corresponding to the generated key chain, and searches for a start key using the final key candidates and the table. A key verification unit verifies validity of an encryption key using the start key. A reencryption unit reencrypts the encrypted file using the encryption key. | 05-14-2015 |
20150134972 | FORMAT PRESERVING ENCRYPTION SYSTEMS FOR DATA STRINGS WITH CONSTRAINTS - Format preserving encryption (FPE) cryptographic engines are provided for performing encryption and decryption on strings. A plaintext string may be converted to ciphertext by repeated application of a format preserving encryption cryptographic algorithm. Following each application of the format preserving cryptographic algorithm, the resulting version of the string may be analyzed to determine whether desired string constraints have been satisfied. If the string constraints have not been satisfied, further applications of the format preserving cryptographic algorithm may be performed. If the string constraints have been satisfied, the current version of the string may be used as an output for the cryptographic engine. | 05-14-2015 |
20150143130 | INTEGRATED CIRCUIT PROVISIONING USING PHYSICAL UNCLONABLE FUNCTION - A one-time programmable (OTP) memory of an integrated circuit is provisioned based on identifier data generated by a physical unclonable function (PUF) of the integrated circuit. The identifier data is used as part of cryptographic operations to secure provisioning of security information at an OTP memory of at the integrated circuit. Because of the physical characteristics of the PUF and its incorporation in the integrated circuit, the identifier information is unique to the integrated circuit. Accordingly, the provisioned security information is also unique to the integrated circuit. The OTP memory can therefore be securely provisioned at later stages of the integrated circuit manufacturing and configuration process, such as after the integrated circuit has been packaged or attached to a printed circuit board. | 05-21-2015 |
20150143131 | INFORMATION PROCESSING DEVICE, INFORMATION STORAGE DEVICE, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM - According to a first aspect of the present disclosure, there is provided an information storage device including a storage unit that stores encrypted content, usage control information of the encrypted content, and a revocation list in which revocation information of a content reproduction device is recorded, and a data processing unit that determines whether content reproduction of an information processing device which performs decoding of the encrypted content is permitted. The data processing unit acquires an entry identifier which is designation information for a registration entry of the revocation list recorded in the usage control information, executes an identifier registration determination process for determining whether an identifier of the information processing device which performs decoding of the encrypted content is registered in the entry of the revocation list identified according to the acquired entry identifier, and determines whether a subkey which is a generation key for a title key applied to the decoding of the encrypted content is to be provided to the information processing device based on a result of the identifier registration determination process. | 05-21-2015 |
20150143132 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT - According to an embodiment, an information processing device includes a first manager, a second manager, and a generator. The first manager loads a first class of a first object that requests execution of methods contained in a second object and a third class of a limiter configured to limit access from the first object to the methods. The second manager loads a second class of the second object. The generator generates the second object from the second class upon receiving a generation request for generating the second object from the first object, generates the limiter from the second object and the third class, and transmits the limiter to the first object. | 05-21-2015 |
20150143133 | Systems For Embedding Information In Data Strings - A data processing system is provided that includes applications, databases, encryption engines, and decryption engines. Encryption and decryption engines may be used to perform format-preserving encryption on data strings stored in a database. Applications may be used to embed information in data strings. Information may be embedded by using a character set that is larger than a character set being used by a data string. A data string may be converted into a larger character set, analogous to converting a number from a lower base to higher base. Such a conversion may shorten a data string, allowing information to be embedded as appended characters. | 05-21-2015 |
20150149788 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR OPTIMIZING DATA ENCRYPTION AND DECRYPTION BY IMPLEMENTING ASYMMETRIC AES-CBC CHANNELS - A system, method, and computer program product are provided for implementing asymmetric AES-CBC (Advanced Encryption Standard-Cipher Block Chaining) channels usage between encryption and decryption of data. In operation, data to be written to memory is identified. In addition, the data is encrypted utilizing a first AES-CBC channel. Additionally, at least one of a plurality of AES-CBC channels is utilized to decrypt the data to achieve a determined performance target. | 05-28-2015 |
20150294117 | SECURE DATA PROCESSING - A technique for secure data processing includes a trusted domain comprising a trusted bus coupled with a trusted data processing apparatus adapted to process incoming user data received over the trusted bus and to generate outgoing user data. A trusted domain controller couples the trusted bus with an untrusted bus of an untrusted domain. The trusted domain controller ensures that encrypted incoming user data received over the untrusted bus is decrypted and provided over the trusted bus, and ensures that outgoing user data is encrypted and provided over the untrusted bus. A data store access controller couples the trusted domain controller and the trusted data processing apparatus with a memory bus of a data store. The data store access controller restricts successful requests to use the data store received from the trusted domain controller and the trusted data processing apparatus to those addressed to a trusted region of the data store. | 10-15-2015 |
20150295718 | METHOD AND SYSTEM FOR IMPLEMENTING DIGITAL SIGNATURE IN MOBILE OPERATING SYSTEM - A method and a system for implementing a digital signature in a mobile operating system. The method comprises: an application program coding to-be-signed data to obtain a first data packet; calling a preset system function by using an address character string of a service program, an address character string of an application program and the first data packet as parameters; when the service program is called by the preset system function, parsing function parameters, and storing the address character string of the service program; decoding the first data packet; if the decoding succeeds, sending the to-be-signed data and a preset signature type to an intelligent key device; otherwise, using decoding failure information as a returned value, and calling the preset system function by using the address character string of the application program and the returned value as parameters; receiving information returned by the intelligent key device; calling the preset system function by using the information returned by the intelligent key device, the address character string of the application program and the returned value as parameters; and the application program parsing the parameters of the preset system function to obtain a signature result and a returned value, and the operations end. | 10-15-2015 |
20150304102 | NON-LINEAR PROCESSOR, STREAM-CIPHER ENCRYPTING DEVICE, STREAM-CIPHER DECRYPTING DEVICE, MASK PROCESSING METHOD, STREAM-CIPHER ENCRYPTING METHOD, STREAM-CIPHER DECRYPTING METHOD, AND PROGRAM - A non-linear processor, which subjects an input value from a feedback shift register storing an internal state of a stream cipher to non-linear processing to output a key stream, is connected to internal registers, which store output values from a non-linear substitution circuit which subjects the input value to non-linear substitution processing. The non-linear processor is provided with an exclusive-OR unit, which is at an input end of each of the internal registers and carries out an operation of a random number generated from part of values stored in the feedback shift register and the output value of the non-linear substitution circuit to mask the output value of the non-linear substitution circuit, and another exclusive-OR unit, which is provided at an output end of the internal register and performs an operation to unmask the value stored in the internal register. | 10-22-2015 |
20150310087 | Method and Apparatus for Record Pivoting to Accelerate Processing of Data Fields - Various methods and apparatuses are described for performing high speed translations of data. In an example embodiment, record layout detection can be performed for data. In another example embodiment, data pivoting prior to field-specific data processing can be performed. | 10-29-2015 |
20150310191 | SECURITY THROUGH LAYERS IN AN INTELLIGENT ELECTRONIC DEVICE - The present disclosure provides for improving security in a meter or an intelligent electronic device (IED) through the use of a security key which is unique to each meter or IED. Such a key may be used to prevent password reuse among multiple meters. Such a key may also be used to encrypt critical components of the software, such that only when running on the correct meter can the components of the software be decrypted. Such a key may also be used to uniquely identify the device in a larger data collection and management system. The security key can also be used to prevent the direct copying of meters. The present disclosure also provides for a meter or IED that stores functional software separately from core software. | 10-29-2015 |
20150310220 | CLIPBOARD MANAGEMENT - Embodiments provide methods, devices and computer program arranged to control access to clipboards by applications. In one embodiment a user device comprises: at least one processor; and at least one memory comprising computer program code and an application that has been provisioned by an application provisioning entity, the application having access to a first clipboard of a first type, to which data can be transferred and/or from which data can be retrieved by a further, different, application on the user device, wherein the application is configured with an encryption key for the transfer of data to and/or retrieval of data from a second clipboard of a second, type, clipboard, the encryption key being associated with the application provisioning entity. The user device can control the transfer of data to and/or retrieval of data from the second clipboard by the application via the encryption key. | 10-29-2015 |
20150310230 | CRYPTOGRAPHIC PROCESSING APPARATUS, CRYPTOGRAPHIC PROCESSING SYSTEM, AND CRYPTOGRAPHIC PROCESSING METHOD - A process mode of either of an encryption process and a decryption process is set for at least one of a plurality of pieces of key data, in association with the key data. Then, a mode specifying command for specifying a process mode in association with key data is received from another apparatus, and if the received process mode and the process mode associated with the key data coincide with each other, the process in the process mode using the key data is permitted. | 10-29-2015 |
20150310231 | Multi-Core Processor Based Key Protection Method And System - A multi-core processor based key protection method and system is described. An Operating System (OS) supporting Symmetric Multi-Processing (SMP) is set up on a multi-core processor. One core of the multi-core processor is configured as a cryptographic operation core, which is prohibited from running other processes of the OS and dedicated to perform a public-key cryptographic operation. The private key and an intermediate variable in a process of the public-key cryptographic operation are stored in a cache exclusively occupied by the cryptographic operation core. | 10-29-2015 |
20150312028 | HOMOMORPHIC ENCRYPTION AND DECRYPTION METHODS USING RING ISOMORPHISM, AND APPARATUSES USING THE SAME - A homomorphic encryption method using ring isomorphism is provided. The homomorphic encryption method includes: randomizing a plaintext (m) by adding an error (e) to the plaintext (m); and converting randomized data (r) to r′ using the following equation: Ψ:R→R′, where r∈R, r′∈R′, and the function (Ψ) is ring isomorphism. | 10-29-2015 |
20150317256 | SECURE OBJECT HAVING PROTECTED REGION, INTEGRITY TREE, AND UNPROTECTED REGION - A method and structure for a secure object, as tangibly embodied in a computer-readable storage medium. The secure object includes a cryptographically protected region containing at least one of code and data, an initial integrity tree that protects an integrity of contents of the cryptographically protected region; and an unprotected region that includes a loader, an esm (enter secure mode) instruction, and one or more communication buffers. | 11-05-2015 |
20150317462 | Application-Driven Playback of Offline Encrypted Content with Unaware DRM Module - Application-driven interceptor module enables offline playback of Digital Rights Management (DRM) protected content to work in a same way as online playback. Communications with the DRM module are intercepted by the application-driven interceptor that is aware of the client device's network connection status. When the interceptor application determines that the client device is offline, requests for the protected content, and license/key to the protected content may then be managed by the interceptor application. In one embodiment, the interceptor application may retrieve requests for the key/license from a locally protected data store, and provide the key/license to the DRM module. In this manner, the DRM module may be unaware that its messages are being intercepted, and may then operate the same, unaware of whether or not the client device is online or offline. | 11-05-2015 |
20150317487 | SECURE FILE SHARING METHOD AND SYSTEM - Systems and methods are provided for securely sharing data. A processor forms two or more shares of a data set encrypted with a symmetric key, the data set associated with a first user device, and causes the encrypted data set shares to be stored separately from each other in at least one remote storage location. The processor generates first and second encrypted keys by encrypting data indicative of the symmetric key with a first asymmetric key of first and second asymmetric key pairs associated with the first user device and a second user device, respectively, and causes the encrypted key to be stored in the at least one storage location. To restore the data set, a predetermined number of the two or more encrypted data set shares and at least one of the second asymmetric keys of the first and second asymmetric key pairs are needed. | 11-05-2015 |
20150317494 | RANDOM BIT GENERATOR BASED ON NANOMATERIALS - The present invention relates to a method of generating an array of random bits. The method generates unique arrays of random bits using carbon nanotube field effect transistor fabrication technology and can be used for security applications. The method includes: modifying a substrate to form a modified surface having a pattern selected from a group including: trenches, rigs, and a combination thereof; depositing a compound on the trenches and/or the rigs; and applying a dispersion of carbon nanomaterials onto the modified surface to form an array of random bits. The first system includes setting an array of random bits based on carbon nanomaterials as a digital signature by measuring electric charge flowing through each individual bit. The second system includes protecting an array of random bits against iterative unauthorized accessing mechanisms. | 11-05-2015 |
20150318986 | Secure Transport of Encrypted Virtual Machines with Continuous Owner Access - Managing encrypted datasets is illustrated. A method includes obtaining a first decryption key. The first decryption key is configured to be used to decrypt an encrypted dataset that has been encrypted using a first encryption mechanism. The first encryption mechanism is associated with the first decryption key that can be used to decrypt the dataset. The method further includes encrypting the first decryption key with a second encryption mechanism. The method further includes encrypting the first decryption key with a third encryption mechanism. The method further includes creating a package including at least the first decryption key encrypted with the second encryption method and the first decryption key encrypted with the third encryption method. The method further includes signing the package with a guardian signature and signing the package with a signature created from the first decryption key. | 11-05-2015 |
20150318999 | Derivation of a Device-Specific Value - A method and an apparatus for deriving a device-specific value from a physical unclonable function realized on a circuit unit are provided. Response values from a physical unclonable function (PUF) are categorized with respect to a statistical property, such as a bit error characteristic, and the device-specific value is derived therefrom. | 11-05-2015 |
20150319000 | Derivation of a Device-Specific Value - A method and an apparatus for deriving a device-specific value from a physical unclonable function realized on a device are provided. Categorization information items are allocated to responses derived from challenges. The categorization information items are derived from statistical variations. The device-specific value may be processed further as a key bit or as an identifier. | 11-05-2015 |
20150324611 | LAYOUT-OPTIMIZED RANDOM MASK DISTRIBUTION SYSTEM AND METHOD - A data processing system includes a module for generating and distributing random masks to a number of cryptographic accelerators while providing for fewer total interconnects among the components generating the random masks. The module segments the tasks associated with generating random masks across a number of modules and blocks such that routing and timing problems can be minimized and layout can be optimized. A method for generating and distributing random masks to a number of cryptographic accelerators is also provided. The random masks are utilized by cryptographic accelerators to protect secret keys, and data associated with those keys, from discovery by unauthorized users. | 11-12-2015 |
20150324612 | SYSTEM AND METHOD FOR RECOVERING FROM AN INTERRUPTED ENCRYPTION AND DECRYPTION OPERATION PERFORMED ON A VOLUME - Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. An information handling system may include a processor, a memory communicatively coupled to the processor, and a computer-readable medium communicatively coupled to the processor. The computer-readable medium may have instructions stored thereon, the instructions configured to, when executed by the processor: (i) periodically store, during an encryption or decryption operation performed on the computer-readable medium, one or more variables indicative of an encryption status of a volume of the computer-readable medium; (ii) determine, based on the one or more variables, whether the volume is in a partially encrypted or decrypted state; and (iii) in response to a determination that the volume is in a partially encrypted or decrypted state, boot from the volume and continue the encryption or decryption operation. | 11-12-2015 |
20150347553 | Object Storage System with Local Transaction Logs, a Distributed Namespace, and Optimized Support for User Directories - The present invention relates to object storage systems that support hierarchical directories within a namespace manifest stored as an object. The namespace manifest is stored as namespace manifest shards that are determined based on a partial key derived from the full name of the referenced version manifest in each directory entry. Each storage server maintains a local transaction log that keeps track of changes to the namespace manifest in response to put transactions. The namespace manifest can be updated after each put transaction is acknowledged, which minimizes the number of write operations required for a put transaction. Updates to the namespace manifest are batched, distributed, and processed concurrently and in parallel by the storage servers that store the corresponding shards. This reduces the latency that would otherwise exist in the object storage cluster as a result of a put transaction. Updates to namespace manifest shards optionally occur in a batch process using MapReduce techniques. | 12-03-2015 |
20150347758 | METHODS AND SYSTEMS FOR SECURELY TRANSFERRING EMBEDDED CODE AND/OR DATA DESIGNED FOR A DEVICE TO A CUSTOMER - The invention relates to methods and systems for securely transferring embedded code or data to a customer, in particular to methods and systems for securely transferring embedded code, data files or program files designed for a device to a customer in order to prevent the embedded code, data files or program files from being used on unauthorized devices. | 12-03-2015 |
20150347763 | IMPLEMENTATION OF SECURE COMMUNICATIONS IN A SUPPORT SYSTEM - A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials. | 12-03-2015 |
20150349950 | CONSTRUCTION AND USES OF VARIABLE-INPUT-LENGTH TWEAKABLE CIPHERS - Innovations in the construction and use of variable-input-length tweakable ciphers (“VILTCs”). In some cases, a VILTC uses an initialization vector that is protected from exposure outside an encryption/decryption system in order to provide enhanced security with efficient performance. For example, a system for encryption and/or decryption includes two fixed-input-length tweakable block ciphers (“FIL TBCs”) and a VILTC. The first FIL TBC is adapted to produce a fixed-length initialization vector. The VILTC is adapted to produce a variable-length output string using the fixed-length initialization vector as a tweak. The second FIL TBC is adapted to produce a fixed-length output string. In this way, the first FIL TBC and the second FIL TBC protect the fixed-length initialization vector from exposure outside the system. In other cases, a VILTC is used for a reliable and efficient implementation of authenticated encryption/decryption with associated data. | 12-03-2015 |
20150349961 | SYSTEM AND METHOD FOR CIRCULAR LINK RESOLUTION WITH COMPUTABLE HASH-BASED NAMES IN CONTENT-CENTRIC NETWORKS - One embodiment of the present invention provides a system for constructing a linked object. During operation, the system constructs a first portion of the linked object. The first portion includes at least one or more data items and a computable identifier calculated based on the one or more data items, and the first portion is referenced by a self-certified name associated with the linked object. The system constructs a second portion of the linked object. The second portion includes at least the computable identifier and an external link that references a second linked object using a self-certified name associated with the second linked object. | 12-03-2015 |
20150350213 | SELECTIVELY PROTECTING VALID LINKS TO PAGES OF A WEB SITE - In an embodiment, a method comprises intercepting, using a server computer, a first set of instructions that define a user interface and a plurality of links, wherein each link in the plurality of links is associated with a target page, and the plurality of links includes a first link; determining that the first link, which references a first target page, is protected; in response to determining the first link is protected: generating a first protected link that is different than the first link and includes first data that authenticates a first request that has been generated based on the first protected link and that references the first target page; and generating a first decoy link that includes second data that references a first decoy page and not the first target page; rendering a second set of instructions comprising the first protected link and the first decoy link, but not the first link, and which is configured to cause a first client computer to present the first protected link in the user interface and hide the first decoy link from the user interface; sending the second set of instructions to the first client computer. | 12-03-2015 |
20150356307 | SAFE INPUT METHOD AND SYSTEM - A safe input method and system are provided. The method includes: starting a virtual machine mode of a central processing unit when safe input is to be performed; in the virtual machine mode, switching a guest operating system into a non-root mode, and switching a virtual machine monitor allocated for a safe input protection program into a root mode; receiving, by the guest operating system, input data of a user, and transmitting the input data of the user to the virtual machine monitor; encrypting and saving, by the virtual machine monitor, the input data to be retrieved by an authorized program; generating, by the virtual machine monitor, false input data, and returning the false input data to the guest operating system; and shutting down the virtual machine mode of the central processing unit when it is confirmed that the safe input is completed. | 12-10-2015 |
20150356311 | MOBILE DATA VAULT - A portable electronic device is provided. The portable electronic device includes a data interface module that processes files associated with a user, the data interface module receives and validates a password from a user of the portable electronic device before the user is allowed access to files processed by the data interface module, an encryption key formed by the data interface module upon validation of the password, the encryption key further comprising the password, a hard coded private string and a serial number of the portable electronic device and a data storage area that stores files received from the data interface module the stored files are encrypted using the encryption key and where neither the encryption key or the password are stored in an unencrypted foiniat anyplace within the portable electronic device. | 12-10-2015 |
20150356320 | ELECTRONIC APPLIANCE COMPRISING A SECURE ELECTRONIC ENTITY AND METHOD IMPLEMENTED IN SUCH AN ELECTRONIC APPLIANCE - An electronic appliance includes a first processor and a secure electronic entity equipped with a second processor, the electronic appliance being designed to operate by the execution by the first processor of a trusted operating system. An element situated outside the secure electronic entity and distinct from the trusted operating system is designed to trigger the execution of an application by the second processor; the application executed by the second processor is designed to request the implementation of a service of the trusted operating system. A method implemented in such an electronic appliance is also described. | 12-10-2015 |
20150358155 | SECRET COMPUTATION SYSTEM, ARITHMETIC UNIT, SECRET COMPUTATION METHOD AND PROGRAM - Each of at least three arithmetic units includes: a random number generator determining shared value [r] obtained by performing secret sharing of random number r; a randomizator using shared value [a | 12-10-2015 |
20150358162 | DECRYPTION SERVICE PROVIDING DEVICE, PROCESSING DEVICE, SAFETY EVALUATION DEVICE, PROGRAM, AND RECORDING MEDIUM - A private key is held which conforms to an ElGamal encryption system on a semigroup, calculation of an order of an element of the semigroup being computationally difficult, information corresponding to ciphertext conforming to the ElGamal encryption system is input, a private key s is used to decrypt the information corresponding to the ciphertext in conformance to the ElGamal encryption system, and information corresponding to a result of decrypting the ciphertext is obtained and output. Alternatively, whether it is computationally difficult or easy to calculate the order of the element of the semigroup is determined, and the safety of a decryption service providing device is evaluated based on the determination result. | 12-10-2015 |
20150371058 | META-COMPLETE DATA STORAGE - The invention described herein generally relates to systems and methods of securely storing data so that the data contains information about the data and/or the encryption of the data, systems and methods of providing secure access to real world data through data transformations, and systems and methods of managing security parameters for data. | 12-24-2015 |
20150371061 | ENCRYPTION KEY GENERATION IN ENCRYPTED STORAGE DEVICES - A system and method of generating an encryption key in a self-encrypting mass storage device that includes using a manual input device as input for a micro-controller that contains a cyclic counter. An input device event triggers the micro-controller to read the current state of the cyclic counter. An accumulation of cyclic counter values is used as a source of entropy to seed a deterministic random number generator. The output of the deterministic random number generator is used as an encryption key for encryption/decryption processes within the mass storage device. | 12-24-2015 |
20150372806 | ENCRYPTING OPERATING SYSTEM - A method of and system for encrypting and decrypting data on a computer system is disclosed. In one embodiment, the system comprises an encrypting operating system (EOS), which is a modified UNIX operating system. The EOS is configured to use a symmetric encryption algorithm and an encryption key to encrypt data transferred from physical memory to secondary devices, such as disks, swap devices, network file systems, network buffers, pseudo file systems, or any other structures external to the physical memory and on which can data can be stored. The EOS further uses the symmetric encryption algorithm and the encryption key to decrypt data transferred from the secondary devices back to physical memory. In other embodiments, the EOS adds an extra layer of security by also encrypting the directory structure used to locate the encrypted data. In a further embodiment a user or process is authenticated and its credentials checked before a file can be accessed, using a key management facility that controls access to one or more keys for encrypting and decrypting data. | 12-24-2015 |
20150372816 | SEMICONDUCTOR DEVICES AND METHODS OF PROTECTING DATA OF CHANNELS IN THE SAME - A semiconductor device may include: a bus; first and second function modules configured to communicate via the bus; a first encryption module configured to encrypt first data output from the first function module using a first encryption key to generate first encrypted data; and/or a second encryption module configured to decrypt the first encrypted data using the first encryption key, to output the decrypted first data to the second function module, and to encrypt second data output from the second function module using a second encryption key to generate second encrypted data. A semiconductor device may include: a bus; first and second modules configured to communicate via the bus; and/or an encryption module configured to use different encryption policies for first data, which is output from the first module and stored in a memory, and second data, which is output from the second module and stored in the memory. | 12-24-2015 |
20150372817 | Network-based Service Content Protection - Network-based service content protection techniques are described. In one or more implementations, content is edited locally by a computing device. The edited content is automatically encrypted without any user intervention by the computing device using an encryption credential, e.g., encryption key or other secret. The automatic encryption is performed responsive to a request to store the content at a network-based service provider such that the encrypted content can only be decrypted and accessed with the encryption credential and the encrypted content is uploaded to the network-based service provider. | 12-24-2015 |
20150372819 | METHOD AND APPARATUS FOR PROVIDING IDENTITY BASED ENCRYPTION IN DISTRIBUTED COMPUTATIONS - An approach is provided for providing identity based encryption in distributed computations. An identity based encryption platform causes, at least in part, a segmentation of a computation closure into at least a first part and one or more second parts. The identity based encryption platform also causes, at least in part, an encryption of the one or more second parts using the first part as a public key of an identity-based encryption. | 12-24-2015 |
20150379277 | Encryption Architecture - For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections. | 12-31-2015 |
20150379278 | Method and Apparatus for Differently Encrypting Different Flows - For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections. | 12-31-2015 |
20150379279 | Method and Apparatus for Encrypting Data Messages after Detecting Infected VM - For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections. | 12-31-2015 |
20150379280 | Method and Apparatus for Dynamically Creating Encryption Rules - For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections. | 12-31-2015 |
20150379281 | Method and Apparatus for Encrypting Messages based on Encryption Group Association - For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections. | 12-31-2015 |
20150379282 | Encryption System in a Virtualized Environment - For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections. | 12-31-2015 |
20150381349 | PRIVACY-PRESERVING RIDGE REGRESSION USING MASKS - A method and system for privacy-preserving ridge regression using masks is provided. The method includes the steps of requesting a garbled circuit from a crypto service provider, collecting data from multiple users that has been formatted and encrypted using homomorphic encryption, summing the data that has been formatted and encrypted using homomorphic encryption, applying prepared masks to the summed data, receiving garbled inputs corresponding to prepared mask from the crypto service provider using oblivious transfer, and evaluating the garbled circuit from the crypto service provider using the garbled inputs and masked data. | 12-31-2015 |
20150381351 | CRYPTOGRAPHIC PROCESSOR, METHOD FOR IMPLEMENTING A CRYPTOGRAPHIC PROCESSOR AND KEY GENERATION CIRCUIT - A cryptographic processor is described comprising a processing circuit configured to perform a round function of an iterated cryptographic algorithm, a controller configured to control the processing circuit to apply a plurality of iterations of the round function on a message to process the message in accordance with the iterated cryptographic algorithm and a transformation circuit configured to transform the input of a second iteration of the round function following a first iteration of the round function of the plurality of iterations and to supply the transformed input as input to the second iteration wherein the transformation circuit is implemented using a circuit camouflage technique. | 12-31-2015 |
20150381354 | HASH VALUE GENERATING DEVICE - A hash value generating device for generating a hash value based on the KECCAK algorithm includes a θ processing unit, a ρ processing unit, a π processing unit, a χ processing unit, and an ι processing unit for performing processing of five steps θ, ρ, π, χ, and ι, included in round processing of the KECCAK algorithm. The θ processing unit includes a θ | 12-31-2015 |
20150381358 | SYSTEMS AND METHODS FOR PROTECTING SYMMETRIC ENCRYPTION KEYS - Systems and methods for protecting symmetric encryption keys when performing encryption are described. In one embodiment, a computer-implemented method includes retrieving at least one real key from a secure area and executing, with a processor, a key transform instruction to generate at least one transformed key based on receiving the at least one real key. The at least one transformed key is an encrypted version of at least one round key that is encrypted by the processor using the at least one real key. The processor is able to decrypt the at least one transformed key and encrypt the at least one round key. | 12-31-2015 |
20150381362 | Encryption System in a Virtualized Environment - For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections. | 12-31-2015 |
20150381582 | SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths. | 12-31-2015 |
20160004873 | ELECTRONIC SYSTEM WITH PRIVACY MECHANISM AND METHOD OF OPERATION THEREOF - An electronic system includes: a control unit configured to: generate an encrypted information based on encrypting an information type, generate a mapping table including the encrypted information, the information type, or a combination thereof, generate a restored information based on mapping a decomposed information of the encrypted information, categorized according to a decomposition rule, to a corresponding instance of the information type in the mapping table, and a user interface, coupled to the control unit, configure to display the restored information on an activity dashboard for receiving a user entry to calibrate the decomposition rule. | 01-07-2016 |
20160006568 | TAG GENERATION DEVICE, TAG GENERATION METHOD, AND TAG GENERATION PROGRAM - Provided are a tag generation device, method and program which are capable of parallel execution, need no precomputation, and are capable of reducing block-cipher calls to the minimum necessary using one block cipher key when a tag to be attached to a message is generated. A tag generation device is provided with: an input means ( | 01-07-2016 |
20160012237 | AES IMPLEMENTATION WITH ERROR CORRECTION | 01-14-2016 |
20160012238 | A METHOD AND SYSTEM FOR PRIVACY-PRESERVING RECOMMENDATION TO RATING CONTRIBUTING USERS BASED ON MATRIX FACTORIZATION | 01-14-2016 |
20160012253 | METHOD FOR GENERATING COORDINATE POINT IN EMBEDDED SYSTEM | 01-14-2016 |
20160012255 | METHOD FOR ENCODING DATA ON A CHIP CARD BY MEANS OF CONSTANT-WEIGHT CODES | 01-14-2016 |
20160026807 | SYSTEM AND METHOD FOR CRYPTOGRAPHIC SUITE MANAGEMENT - Systems and methods for cryptographic suite management are described. A system for cryptographic suite management has a cryptographic suite management unit comprising a series of APIs enabling diverse applications to call cryptographic functions. The system enables: multiple applications on an interface to access shared cryptographic resources; applications across multiple devices to share and license cryptographic resources between devices; encryption, decryption and sharing of data between devices having different cryptographic implementations; the definition, distribution and enforcement of policies governing the terms of use for cryptographic implementations, systems and methods to secure and protect shared and dynamically loaded cryptographic providers; use by an application of multiple cryptographic resources and the management of cryptographic provider bundles and associated policies across one or many cryptographic suite management unit instances. | 01-28-2016 |
20160028540 | Multiple encrypting method and system for encrypting a file and/or a protocol - The present invention relates to a multiple encrypting method, for encrypting a file and/or a protocol and generating encryption keys. Comprising the steps of: uploading at least one of a file and a protocol by a file uploading unit; generating random numbers by a random number generation unit; arranging the random numbers to form at least one key and at least one initialization vector respectively by a key generation unit and an initialization vector generation unit; encrypting the file and/or the protocol from the file uploading unit via using AES encryption by an encryption unit, so as to generate an encrypted file and/or an encrypted protocol; saving the key and the initialization vector respectively in a first storage unit and a second storage unit; Repeating the above steps at least one time. | 01-28-2016 |
20160034693 | CERTIFICATE AUTHORITY OPERATION APPARATUS AND METHOD - A certificate authority operation apparatus includes a storage unit that retains a plurality of private keys that correspond to a plurality of cryptosystems with different generations, respectively, encryption strength of each of the plurality of cryptosystems being different according with the generations, and a processor which executes a process. The process includes, when acquiring an issuance instruction, performing a control so as to issue a public key certificate by utilizing a first private key that corresponds to a cryptosystem of a generation whose encryption strength is highest. | 02-04-2016 |
20160034714 | APPARATUS AND METHOD FOR DATA MATCHING AND ANONYMIZATION - A method includes receiving a plurality of data sets. Each data set includes a customer identifier field specifying a unique customer identifier associated with each entry in each data set. The plurality of data sets includes a first group of data sets and a second group of data sets. The method further includes storing the plurality of data sets, and generating a key map including the customer identifier field including unique customer identifiers of the first group of data sets of the plurality of data sets, and an anonymous identifier field including unique anonymous identifiers. Each anonymous identifier corresponds to a customer identifier of the key map. The method further includes replacing each unique customer identifier in the second group of data sets with the corresponding anonymous identifier. | 02-04-2016 |
20160042160 | APPARATUS AND METHOD FOR PREVENTING CLONING OF CODE - An apparatus and corresponding method for preventing cloning of code. The apparatus includes a memory, an authentication module, and a device. The memory is configured to store the code, which includes unencrypted code and a fragment of encrypted code. The authentication module is configured to receive and decrypt the fragment of encrypted code from the memory into a fragment of decrypted code, and to store the fragment of decrypted code in an authentication module buffer. The device configured to execute the unencrypted code from the memory and to execute the fragment of decrypted code from the authentication module buffer, wherein the fragment of encrypted code is personalized to the device. | 02-11-2016 |
20160042187 | SYSTEM AND METHOD FOR INITIALIZING TOKENS IN A DICTIONARY ENCRYPTION SCHEME - Computer systems and applications are provided for encrypting data that preserves the ability to process the encrypted data. The method includes receiving data in unencrypted form. The method further includes encrypting the data in accordance with an encryption dictionary generated by arranging the plurality of plaintext symbols in lexicographical order; defining a first subset comprising a first plurality of the lexicographically arranged symbols; defining a second subset comprising a second plurality of the lexicographically arranged symbols; defining a first set with a first plurality of unique random tokens within a first token space for use with the first plurality of symbols; and defining a second set with a second plurality of unique random tokens within a second token space for use with the second plurality of symbols such that the second plurality of unique random tokens is non-linear with respect to the first plurality of unique random tokens. | 02-11-2016 |
20160048689 | TAMPER RESISTANT CRYPTOGRAPHIC ALGORITHM IMPLEMENTATION - There is provided a method of performing a cryptographic algorithm in software, the cryptographic algorithm comprising one or more processing steps, wherein each processing step is arranged to process a respective input to the processing step so as to generate an output corresponding to the input, characterized in that, for each of at least one of the one or more processing steps, the method comprises: providing a respective input for the processing step as an input to a plurality of implementations of the processing step, wherein each implementation is arranged to output a corresponding intermediate result represented using a respective predetermined output representation; and using the representation of the intermediate results to generate a result for the processing step that is based on each of the intermediate results, wherein, if each intermediate result is the output that corresponds to the input for the processing step then the result for the processing step is the output that corresponds to the input for the processing step. Additionally provided is a method of enabling a data processor to perform a cryptographic algorithm in software, the method comprising: generating an implementation of the cryptographic algorithm, the implementation being arranged such that execution of the implementation by a processor causes the processor to carry out a method according to any one of the preceding claims; and configuring the data processor to execute the implementation of the cryptographic algorithm. There is further provided a system and computer program for carrying out such methods, as well as a computer readable medium for storing such a computer program. | 02-18-2016 |
20160048693 | TEMPORALLY ISOLATING DATA ACCESSED BY A COMPUTING DEVICE - Embodiments of the present invention provide a method to temporally isolate data accessed by a computing device so that the data accessed by the computing device is limited to a single set of data. The method includes removing any data that is accessed by the computing device when operating in different modes so that the data is inaccessible by the computing device when operating in the mode. The method also includes switching to the mode after the data associated with the modes different from the mode have been removed. The method also includes operating in the mode based on a plurality of rules associated with the security policy in temporal isolation from any other mode associated with the computing device. The computing device is limited to operating in the mode and is prevented from accessing any data that is distinct from the single set of data of the mode. | 02-18-2016 |
20160050069 | METHOD AND SYSTEM FOR MEDIA PATH SECURITY - The present disclosure provides a system for media path security includes an authoring system having a content stream transform and corrupter for corrupting content data and providing decorrupting data, a media container for conveying the corrupted content data and decorrupting data, and a client system having a fix-up component for fixing the corrupted content data in dependence upon the decorrupting data. A client system is also provided as having an input for receiving a media container and a fix-up component for fixing the corrupted content data in dependence upon the decorrupting data. | 02-18-2016 |
20160055339 | Encryption Processing Method and Device for Application, and Terminal - Provided are an encryption processing method and device for an application, and a terminal. In the method, a first application to be encrypted is acquired, wherein the first application to be encrypted is selected by a user of the terminal; the user is prompted to input first information; a first key is generated according to the first information; the first application is encrypted by using the first key and the first key is stored in the first application. The technical solution can encrypt an application. | 02-25-2016 |
20160056953 | DATA GENERATING DEVICE, COMMUNICATION DEVICE, MOBILE OBJECT, DATA GENERATING METHOD, AND COMPUTER PROGRAM PRODUCT - According to an embodiment, a data generating device includes a first generator, an obtainer, a second generator, a verifier, and an operation selector. The first generator generates device-specific first data. The obtainer obtains second data from outside of the data generating device. The second generator generates third data based on the first data and the second data. The verifier verifies correctness of the third data. When the third data is determined to be incorrect, the operation selector selects at least one of regenerating the first data, re-obtaining the second data, and disabling the data generating device according to a predetermined selection rule. | 02-25-2016 |
20160056960 | SYSTEM AND METHOD FOR EXECUTION OF A SECURED ENVIRONMENT INITIALIZATION INSTRUCTION - A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations. | 02-25-2016 |
20160056964 | HANDLING SENSOR DATA - An apparatus, a system and a method for securing sensor data by a security engine circuitry of a system on chip (SoC). For example, the security engine may receive from a processor circuitry of the SoC an inter processor communication (IPC) request to secure sensor data, and may send to an integrated sensor hub (ISH) of the SoC an IPC request to receive sensor data. The ISH may collect sensor data from one or more internal and/or external sensors, and may send the collected sensor data to the security engine. The security engine may receive the collected sensor data from the ISH, may secure the collected sensor data, and may send secured sensor data to the processor circuitry. | 02-25-2016 |
20160063258 | METHODS AND SYSTEMS FOR ENFORCING, BY A KERNEL DRIVER, A USAGE RESTRICTION ASSOCIATED WITH ENCRYPTED DATA - A method of providing a restricted set of application programming interfaces includes decrypting, by a secure object information reader executing on a computing device, an encrypted data object using information associated with the encrypted data object to generate a decrypted data object, the information received from an access control management system. The method includes intercepting, by a kernel driver executing on the computing device, from a process executing on the computing device, a request to access the decrypted data object. The method includes identifying, by the kernel driver, using the information associated with the encrypted data object, a usage requirement restricting a set of operations available to the process in accessing the decrypted data object. The method includes providing, by the kernel driver, to the process, a restricted set of application programming interfaces with which to interact with the decrypted data object, as permitted by the restricted set of operations. | 03-03-2016 |
20160065375 | DYNAMIC INTEGRITY VALIDATION OF A HIGH LEVEL OPERATING SYSTEM - Techniques for dynamically validating the integrity of a High Level Operating System (HLOS) stored on a data processing device are provided. The techniques include a method for execution on a data processing device including initiating a boot sequence on the data processing device, reading a code partition from a memory unit in the data processing device, such that the code partition is associated with a HLOS stored in the memory unit, performing a cryptographic function on the code partition, storing a result of the cryptographic function in a secure memory, continuing the boot sequence to load at least a portion of the HLOS into a non-secure memory unit, cryptographically signing the result of the cryptographic function stored in the secure memory unit, and sending the encrypted result of the cryptographic function to a remote server. | 03-03-2016 |
20160065379 | PHYSICAL UNCLONABLE FUNCTION USING AUGMENTED MEMORY FOR CHALLENGE-RESPONSE HASHING - A technique is presented for performing a physical unclonable function (PUF) using an array of SRAM cells. The technique can be viewed as an attempt to read multiple cells in a column at the same time, creating contention that is resolved according to process variation. An authentication challenge is issued to the array of SRAM cells by activating two or more wordlines concurrently. The response is simply the value that the SRAM produces from a read operation when the challenge condition is applied. The number of challenges that can be applied the array of SRAM cells grows exponentially with the number of SRAM rows and these challenges can be applied at any time without power cycling. | 03-03-2016 |
20160070887 | MEDIA DECODING CONTROL WITH HARDWARE-PROTECTED DIGITAL RIGHTS MANAGEMENT - Innovations in the area of hardware-protected digital rights management (“DRM”) systems are presented. For example, a hardware-protected DRM system includes a trusted layer and untrusted layer. In the untrusted layer, a control module receives source media data that includes encrypted media data. The control module processes metadata about the media data. The metadata, possibly exposed by a module in the trusted layer, is not opaque within the untrusted layer. In the trusted layer, using key data, a module decrypts encrypted media data, which can be the encrypted media data from the source media data or a transcrypted version thereof. A module in the trusted layer decodes the decrypted media data. A host decoder in the untrusted layer uses the metadata to manage at least some aspects of the decoding, rendering and display in the trusted layer, without exposure of decrypted media data or key data within the untrusted layer. | 03-10-2016 |
20160072626 | CRYPTOGRAPHICALLY-VERIFIABLE ATTESTATION LABEL - A label includes a first readable object encoding a trust anchor. The trust anchor is encrypted with a cryptographic key. The attestation label further includes a second readable object encoding attestation service information and encoding an identification code. The identification code is encrypted using the trust anchor. The attestation label further includes a non-encoded representation of the identification code. | 03-10-2016 |
20160072632 | Methods and Systems for Achieving System-Level Counterfeit Protection in Integrated Chips - According to embodiments of the present invention are systems and methods for using scan chains for the creation of unique physically uncloneable function (PUF). In particular, the present invention uses existing circuitry on an integrated circuit and the internal-scan or boundary-scan register to create a unique identifier for each integrated chip. The unique nature of the scan chains results from the inherent variability of the manufacturing process. | 03-10-2016 |
20160078212 | HYPERVISOR AND VIRTUAL MACHINE PROTECTION - A method, according to one embodiment, includes receiving a request for a hypervisor to run a virtual machine, determining using a processor whether the virtual machine is authorized to run using a data structure having metadata about properties of the virtual machine, determining using a processor whether the hypervisor is authorized to run the virtual machine using a digital signature of the data structure, receiving a decryption key from a key authority when it is determined that the virtual machine is authorized to be run and it is determined that the hypervisor is authorized to run the virtual machine, unlocking and/or decrypting the virtual machine using the decryption key, and running the virtual machine on a computer system. Other systems, methods, and computer program products are described in additional embodiments. | 03-17-2016 |
20160078223 | Hardware Isolated Secure Processing System Within A Secure Element - Systems and methods are provided that allow a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The SPS and the PPS, combination, may form a secure element that can be used in conjunction with a host device and a connectivity device to allow the host device to engage in secure transactions, such as mobile payment over a near field communications (NFC) connection. As a result of the SPS being implemented as a hard macro isolated from the PPS, the SPS may be certified once, and re-used in other host devices without necessitating re-certification. | 03-17-2016 |
20160078244 | SECURED FILE SYSTEM MANAGEMENT - Systems and methods for accessing data secured and encrypted using a file system manager are disclosed. One method includes determining whether a community of interest (COI) key obtained from a security appliance matches a COI key associated with a file structure managed by the file system manager that is the subject of a file system request issued by a caller. The method further includes identifying an entry included in a key bank associated with the COI key and the file structure that is the subject of the file system request, the key bank storing encrypted versions of a metadata key. The method also includes decrypting the metadata key using the COI key, decrypting at least one block encryption key using the metadata key, and decrypting a block of data associated with the at least one block encryption key. | 03-17-2016 |
20160078250 | REMAPPING CONSTANT POINTS IN A WHITE-BOX IMPLEMENTATION - A non-transitory machine-readable storage medium encoded with instructions for execution by a keyed cryptographic operation by a cryptographic system mapping an input message to an output message, wherein the cryptographic operation includes at least one round including a non-linear mapping function configured to map input data to output data, including: instructions for determining that the input data has a diversification number less than a diversification level threshold number; instructions for remapping the input data to a remapped input data, wherein the remapped input data corresponds to an input data having a diversification number greater than or equal to the diversification threshold value, and instructions for inputting the remapped input data into the non-linear mapping function to obtain output data. | 03-17-2016 |
20160085973 | METHOD AND APPARATUS FOR PROVIDING PROVABLY SECURE USER INPUT/OUTPUT - A method, non-transitory computer readable medium and apparatus for securing user input and/or output on a mobile endpoint device. For example, the method receives an input on the mobile endpoint device, encrypts and authenticates the input in a trusted domain of the mobile endpoint device executing an application and sends the input that is encrypted and authenticated to an untrusted domain of the mobile endpoint device over a secure channel. | 03-24-2016 |
20160085974 | SECURE TRANSACTION METHOD FROM A NON-SECURE TERMINAL - The invention relates to a transaction method, the method including the steps of: providing a tenninal including a main processor, a graphic processor controlling a display, and a control member, the graphic processor including a memory bank which cannot be accessed from the outside; creating a link between the graphic processor and a secure processor, the link being secured by means of an encryption key shared only by the graphic processor and the secure processor; presenting first data to the user; collecting second data from commands entered by the user by means of the control member, in connection with the first data; transmitting the second data to the secure processor; and, if the user has been authenticated from the second data, carrying out the transaction, the secure link being used to transmit the first and/or second data, and/or to carry out the transaction. | 03-24-2016 |
20160085993 | GENERIC ENCRYPTION SYSTEM FOR NONSECURE DATAPATHS - A secure generic encryption system for nonsecure datapaths comprises a format-specific adaptation layer/data path for receiving and processing nonsecure content data; an authentication engine located within a security perimeter and coupled to an external communication interface for authentication and supplying the format-specific adaptation layer/data path, located outside the security perimeter, with an output signal indicating whether authentication is successful; and a generic encryption module located within the security perimeter and coupled (1) to the authentication engine for receiving from the authentication engine initialization vectors, encryption keys, and the output signal indicating whether authentication is successful, and (2) to the format-specific adaptation layer/data path for (a) receiving a read signal from the format-specific adaptation layer/data path, and (b) providing the format-specific adaptation layer/data path with a data-available signal to indicate whether data is available to be read. | 03-24-2016 |
20160092701 | METHODS AND APPARATUS TO ENABLE RUNTIME CHECKSUM VERIFICATION OF BLOCK DEVICE IMAGES - A method for verifying data integrity of a block device is provided. The method includes providing a secure world execution environment configured to monitor changes to data blocks of a block device, within the secure world execution environment, generating a hash for changed data blocks of the block device, and within the secure world execution environment, verifying and generating a cryptographic signature. | 03-31-2016 |
20160094338 | SECURING AUDIO COMMUNICATIONS - Systems and methods include establishing a cryptographically secure communication between an application module and an audio module. The application module is configured to execute on an information-handling machine, and the audio module is coupled to the information-handling machine. The establishment of the cryptographically secure communication may be at least partially facilitated by a mutually trusted module. | 03-31-2016 |
20160094340 | INSTRUCTIONS AND LOGIC TO PROVIDE SIMD SM4 CRYPTOGRAPHIC BLOCK CIPHER FUNCTIONALITY - Instructions and logic provide for a Single Instruction Multiple Data (SIMD) SM4 round slice operation. Embodiments of an instruction specify a first and a second source data operand set, and substitution function indicators, e.g. in an immediate operand. Embodiments of a processor may include encryption units, responsive to the first instruction, to: perform a slice of SM4-round exchanges on a portion of the first source data operand set with a corresponding keys from the second source data operand set in response to a substitution function indicator that indicates a first substitution function, perform a slice of SM4 key generations using another portion of the first source data operand set with corresponding constants from the second source data operand set in response to a substitution function indicator that indicates a second substitution function, and store a set of result elements of the first instruction in a SIMD destination register. | 03-31-2016 |
20160098568 | CLIENT-SIDE ENCRYPTION IN A DEDUPLICATION BACKUP SYSTEM - Client-side encryption in a deduplication backup system. In one example embodiment, a method includes a backup phase in which various steps are performed for each allocated plain text block stored in a source storage. One step includes hashing, using a first cryptographic hash function, the plain text block to generate a first hash. Another step includes hashing, using a second cryptographic hash function, the first hash to generate a second hash. Another step includes searching a key-value table of a deduplication storage to determine whether the second hash matches any key in the key-value table. Another step includes, upon determining that the second hash does not match any key in the key-value table, encrypting, using an encrypt/decrypt function, the plain text block using the first hash as an encryption password and inserting a key-value pair into the key-value table with the key being the second hash and the value being the encrypted block. | 04-07-2016 |
20160098580 | BUS PROTECTION WITH IMPROVED KEY ENTROPY - An apparatus includes a processor and a bus encryption unit. The processor is configured to communicate information over a secured data bus, and to communicate respective addresses over an address bus. The bus encryption unit is configured to generate an encryption key based on multiple addresses that appeared on the address bus, and to encrypt the information communicated between the processor and the secured data bus with the encryption key. | 04-07-2016 |
20160103998 | METHODS AND SYSTEMS OF SECURELY STORING DOCUMENTS ON A MOBILE DEVICE - A method of encrypting information using a computational tag may include, by a mobile electronic device, detecting a computational tag within a near field communication range of the mobile electronic device, identifying a document to be encrypted by the mobile electronic device, transmitting the document to the computational tag by the mobile electronic device, receiving, from the computational tag, an encrypted document, wherein the encrypted document comprises an encrypted version of the document that was to be encrypted, and storing the encrypted document in a memory of the mobile electronic device. | 04-14-2016 |
20160110295 | SECURE DATA ENCRYPTION IN SHARED STORAGE USING NAMESPACES - A data storage device in a distributed computing system has physical block addresses that are each allocated to multiple namespaces. To access the data storage device, a host system issues a command to the data storage device that includes an access key and a virtual block address to be accessed. The data storage device converts the virtual block address to a physical block address of the data storage device using a mapping associated with the access key. Access to a physical data block associated with a particular namespace is granted only if an access key for that namespace is provided to the data storage device. | 04-21-2016 |
20160110500 | SECURE AND SCALABLE MAPPING OF HUMAN SEQUENCING READS ON HYBRID CLOUDS - System and methods are provided for performing privacy-preserving, high-performance, and scalable DNA read mapping on hybrid clouds including a public cloud and a private cloud. The systems and methods offer strong privacy protection and have the capacity to process millions of reads and allocate most of the workload to the public cloud at a small overall cost. The systems and methods perform seeding on the public cloud using keyed hash values of individual sequencing reads' seeds and then extend matched seeds on the private cloud. The systems and methods are designed to move the workload of read mapping from the extension stage to the seeding stage, thereby ensuring that the dominant portion of the overhead is shouldered by the public cloud. | 04-21-2016 |
20160110564 | HOLOGRAPHIC ENCRYPTION OF MULTI-DIMENSIONAL IMAGES - Cryptographic techniques for encrypting images, and decrypting and reconstructing images, are provided to facilitate preventing unauthorized access to images. A holographic cryptographic component (HCC) can generate a global image comprising a scaled version of a source image and random content, generate a phase hologram representing the global image, and encrypt the phase hologram to generate an encrypted hologram based on a random phase mask, which can be the private encryption key. To reconstruct the source image, an HCC can overlay a phase mask, which can be a conjugate of the random phase mask, on the encrypted hologram to decrypt it, and can illuminate the decrypted hologram with a coherent light source. The source image is only reconstructed properly if the correct phase mask is used. If HCC applies the encryption process repetitively to the same source image, HCC can generate a different encrypted hologram in each run. | 04-21-2016 |
20160112190 | SEARCHABLE ENCRYPTED DATA - Embodiments of the invention broadly described, introduce systems and methods for enabling the searching of encrypted data. One embodiment of the invention discloses a method for generating a searchable encrypted database. The method comprises receiving a plurality of sensitive data records comprising personal information of different users, identifying one or more searchable fields for the sensitive data records, wherein each searchable field is associated with a subset of the personal information for a user, generating a searchable field index for each of the one or more searchable fields, and encrypting the sensitive data records using a database encryption key. | 04-21-2016 |
20160112191 | DATA STORAGE ARRANGEMENT AND KEY DISTRIBUTION - A data storage arrangement comprising a data transfer device and a removable data storage item, the removable data storage item storing an encryption key, and the data transfer device being operable to read the encryption key from the removable data storage item, encrypt data using the encryption key; and transfer the encrypted data to the removable data storage item. Additionally, a method of distributing a key for use in encrypting data to be stored on a removable data storage item, the method comprising: storing an encryption key to a removable data storage item, the removable data storage item having a unique identifier; storing an association of the unique identifier and a decryption key, the decryption key for use in decrypting data encrypted using the encryption key; receiving from a user a unique identifier of a removable data storage item; and returning to the user a decryption key associated with the received unique identifier. | 04-21-2016 |
20160112195 | PROTECTION OF SOFTWARE MODELS - An encryption method is provided that has a software model of a technical system, the model including software components is encrypted by a public key and a decryption structure, wherein the latter includes definitions of component groups of the software model. The decryption structure is integrated at least partially into the encrypted software model. Correspondingly, in a decryption method according to the invention, via a secret key that likewise comprises definitions of component groups, only the particular component groups are decrypted whose definitions the secret key includes in agreement with the definitions of the encrypted software model. The definitions of the secret key can be extended after the fact by a key extension, so that additional component groups can be decrypted with an extended secret key. | 04-21-2016 |
20160112196 | PARALLELIZABLE CIPHER CONSTRUCTION - A method of providing security in a computer system includes producing an output block of data from an input block of data, which may be performed by one or more logic circuits. The output block of data may be produced by a cipher that includes a plurality of parallel, different mixing functions and a combination function. In this regard, producing the output block of data includes applying the plurality of parallel, different mixing functions to the input block of data to produce a plurality of updated blocks of data, with each mixing function mapping the input block of data to a respective one of the plurality of updated blocks of data. And producing the output block of data includes combining the plurality of updated blocks of data in the combination function to produce the output block of data. | 04-21-2016 |
20160117262 | Hybrid Cryptographic Key Derivation - Cryptographic key management and usage is accomplished by employing a hybrid symmetric/asymmetric security context wherein seed values are associated with randomly generated cryptographic keys. A security context environment is maintained wherein cryptographic keys are reliably reproduced when needed. | 04-28-2016 |
20160117510 | Computer Security System and Method to Protect Against Keystroke Logging - Static security credentials are replaced by pseudonyms and session-specific passwords to increase security associated with user login attempts, and specifically to defeat keylogging attacks. For each login event, the system generates unique, session-specific credentials by randomly replacing characters within a given username and password. The random character generation ensures that system login attempts use different combinations of characters, thereby producing a new username and password for every user session. The client side of the system requires only the capability to display an image file, with specialized software/hardware limited to the server side, thereby facilitating the use of the system by a wide range of client devices. | 04-28-2016 |
20160117511 | DIGITAL CONTENT EXECUTION CONTROL MECHANISM - The present disclosure provides a method and system for generating digital content for a computing device which will function on the computing device only after successful validation. The system installs one or more checks in the digital content that restrict the execution of the digital content to a specific device for which the digital content is generated. The checks pertain to at least one or more parameters of a device including without limitation, a device ID, a device model, or any device specific feature. In addition, the system generates a protected version of the digital content with the one or more installed checks to be transmitted to a client. | 04-28-2016 |
20160119127 | FLEXIBLE ARCHITECTURE AND INSTRUCTION FOR ADVANCED ENCRYPTION STANDARD (AES) - A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a “one round” pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers. | 04-28-2016 |
20160125141 | METHOD FOR PRIVACY-PRESERVING MEDICAL RISK TEST - A privacy-preserving method for performing a disease susceptibility test on a patient, said method comprising:
| 05-05-2016 |
20160127123 | Systems And Methods For Dynamic Data Masking - Systems and methods for dynamic data masking are disclosed. The disclosed methods and systems can be used to dynamically mask data in cryptographic operations, such as advanced encryption standard (AES) operations, data encryption standard (DES) operations or triple DES operations. Specifically, data in cryptographic operations can be covered with unlimited and continuously changing masks. As an example, the Substitution table, key schedule, and state register in AES, or key schedule and selection functions in a DES or triple DES can be covered with unlimited and constantly changing masks. In an aspect, dynamic masking operations can be combined with orbital RAM algorithm and no-operation clocks to make power signature analysis in cryptographic attacks even more difficult. | 05-05-2016 |
20160127128 | MANAGEMENT OF CRYPTOGRAPHIC KEYS - An electronic device for management of cryptographic keys, and a corresponding method implemented in a computing device comprising a physical processor, transmit feature data of the device to a key generation module, wherein the feature data comprises information corresponding to an identifier or an attribute of the device, and receive, by the device from the key generation module, a digital signature of the transmitted feature data. The device installs the received digital signature as a cryptographic private key for communication, and performs a cryptographic operation using the installed digital signature as the cryptographic private key. | 05-05-2016 |
20160127129 | System and method for providing massage related services - A method of providing massage related services comprises providing a massage apparatus, establishing a connection between a terminal device and a server computer, transferring a massage program executable on the massage apparatus from the server computer to the terminal device, establishing a connection between the terminal device and the massage apparatus, and transferring the massage program from the terminal device to the massage apparatus. Once the new massage program is downloaded in the massage apparatus, a graphical user interface displayed by a remote controller of the massage apparatus can be updated with a new icon associated with the new massage program. The new massage program then can be executed either from the remote controller or the terminal device. In some embodiments, a massage apparatus and a system including the massage apparatus are also described. | 05-05-2016 |
20160132497 | DATA PROTECTION COMPLIANT VERSION CONTROL - In a data protection compliant version control system, a change committed by a user in a version is stored. A cryptographic hash value generated based on a set of parameters corresponding to the user and the version is computed. The cryptographic hash value along with the change committed by the user is stored. The cryptographic hash value is associated with the change committed by the user by a redirection pointer. The redirection pointer is deleted to disassociate the change committed by the user from the cryptographic hash value, thereby disassociating the change committed by the user from the user. The change committed by the user is displayed in a user interface associated with the version control system. | 05-12-2016 |
20160132667 | WEB APPLICATION PROTECTION - A method and system for generating a protected version of the digital content is disclosed. The method includes obfuscating the digital content to yield a functionally equivalent obfuscated digital content, encrypting the obfuscated digital content using at least one device or non-device parameter, generating a decryption logic to be used for generating a decryption key based upon the at least one device or non-device parameter, and concatenating the encrypted digital content and the decryption logic to generate the protected version of the digital content. | 05-12-2016 |
20160132692 | SEARCHABLE ENCRYPTION FOR INFREQUENT QUERIES IN ADJUSTABLE ENCRYPTED DATABASES - Methods, systems, and computer-readable storage media for selecting columns for selecting encryption to perform an operator during execution of a database query. Implementations include actions of determining a current encryption type of a column that is to be acted on during execution of the database query, the column storing encrypted data, determining a minimum encryption type for performance of the operator on the column, selecting a selected encryption type based on the current encryption type, the minimum encryption type, and a budget associated with the column, and performing the operator based on the selected encryption type. | 05-12-2016 |
20160133164 | DECODING APPARATUS, DECODING CAPABILITY PROVIDING APPARATUS, METHOD THEREOF AND PROGRAM - A decoding apparatus performs self-correcting processing with a decoding capability providing apparatus holding a decoding key for decoding first ciphertext which can be decoded by homomorphic operation to obtain a decoding value of the first ciphertext, and performs non-homomorphic operation using a value corresponding to or deriving from the decoding value of the first ciphertext and an addition value to output plaintext. | 05-12-2016 |
20160140056 | METHODS TO IMPROVE SECURE FLASH PROGRAMMING - Methods are provided for securely loading software objects into an electronic control unit. The methods include receiving a first software object comprising a second level public key certificate, a first encryption signature and a first set of software. Once the first software object is received, validating the first second level public key is validated with the embedded root public key, the first encryption signature with the first second level public key certificate, and the first set of software with the first encryption signature. When the first set of software is valid, then the first second level public key certificate and the first set of software are stored to non-volatile memory. Once stored, a consecutive software object is received comprising only a consecutive encryption signature and a consecutive set of software from the programming source. The consecutive encryption signature is validated with the stored second level public key certificate, and the consecutive set of software is validated with the consecutive encryption signature. | 05-19-2016 |
20160140349 | SYSTEMS AND METHODS FOR ENCRYPTING INFORMATION DISPLAYED ON A USER INTERFACE OF A DEVICE - Embodiments of the present disclosure relate to a device having a display component that displays encrypted information. In an embodiment, a system includes a user interface of a device comprising a display module, wherein the user interface receives information entered by a user of the device. The system also includes a detector that detects surroundings around the device or the user of the device. The system further includes at least one hardware processor in communication with the user interface and the detector that automatically encrypts all or portions of the information based on the detected surroundings and causes the automatically encrypted information to be displayed on the display module. | 05-19-2016 |
20160148001 | PROCESSING A GUEST EVENT IN A HYPERVISOR-CONTROLLED SYSTEM - Method of processing a guest event in a hypervisor-controlled system, which includes: triggering a first firmware service specific for the guest event; the firmware processing information associated with the guest event, and presenting only a subset of the information of a guest state and memory in decrypted form to a hypervisor, where the subset of the information is selected to allow the hypervisor to process the guest event; the firmware retaining a part of the information of the guest state and memory not sent to the hypervisor; the hypervisor processing the guest event based on the received subset of the information, and sending a process result to the firmware, triggering a second firmware service; the firmware processing the received process result together with the part of the information of the guest state and memory not sent to the hypervisor, and generates and performs a state and/or memory modification. | 05-26-2016 |
20160148002 | KEY STORAGE APPARATUS, KEY STORAGE METHOD AND PROGRAM THEREFOR - A key storage apparatus which prevents a service from being resumed with the same configuration as a configuration during an arithmetic processing provision period, a key storage method, and a program therefor. The key storage apparatus is such that it is assumed that, before expiration of a period for providing arithmetic processing using a key, the key is secretly managed, and that the key is outputted when the period expires, and the key storage apparatus comprises: a one-way function section causing a one-way function to act on first information to generate the key; a storage section secretly storing the first information during the period; and an expiration judging section eliminating the first information from the storage section and outputting the key when the period expires. | 05-26-2016 |
20160149697 | METHOD AND APPARATUS FOR SECURING ACCESS TO AN INTEGRATED CIRCUIT - A method and apparatus are described securely testing an integrated circuit (IC). When the IC is powered on, a first bit stream including unencrypted data bits and encrypted data bits is received by the IC, a second bit stream is generated based on a pseudorandom pattern, a third bit stream is generated by convolving the first bit stream with the second bit stream, the third bit stream is fed to at least one selected test data register (TDR), (i.e., a shift register), in the IC, a fourth bit stream is generated by delaying the second bit stream, and a fifth bit stream is generated by convolving a sixth bit stream output by the at least one selected TDR with the fourth bit stream. The fifth bit stream includes the same unencrypted data bits and encrypted data bits as the first bit stream. | 05-26-2016 |
20160154963 | REDUNDANT KEY MANAGEMENT | 06-02-2016 |
20160154967 | METHODS OF DATA TRANSFER IN ELECTRONIC DEVICES | 06-02-2016 |
20160154979 | APPARATUS AND METHOD FOR GENERATING IDENTIFICATION KEY | 06-02-2016 |
20160156459 | METHOD FOR ENCRYPTION AUTHENTICATION AND DECRYPTION VERIFICATION AND ELECTRONIC APPARATUS SUITABLE FOR SMALL MEMORY IMPLEMENTATION ENVIRONMENT | 06-02-2016 |
20160164683 | DELETION OF CONTENT IN DIGITAL STORAGE SYSTEMS - A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree. | 06-09-2016 |
20160171221 | INTELLIGENT KEY SELECTION AND GENERATION | 06-16-2016 |
20160171223 | SYSTEMS AND METHODS FOR SECURE PROVISIONING OF PRODUCTION ELECTRONIC CIRCUITS | 06-16-2016 |
20160171239 | ENCRYPTION OF MEDIA BASED ON CONTENT | 06-16-2016 |
20160171249 | Decryption Systems And Related Methods For On-The-Fly Decryption Within Integrated Circuits | 06-16-2016 |
20160171250 | SYSTEM AND METHOD FOR SUPPORTING SECURE OBJECTS USING A MEMORY ACCESS CONTROL MONITOR | 06-16-2016 |
20160171251 | INTELLIGENT KEY SELECTION AND GENERATION | 06-16-2016 |
20160180061 | TECHNOLOGIES FOR ENHANCED USER AUTHENTICATION USING ADVANCED SENSOR MONITORING | 06-23-2016 |
20160180065 | APPARATUS FOR TAMPER PROTECTION OF APPLICATION CODE AND METHOD THEREOF | 06-23-2016 |
20160180066 | Using Single White-Box Implementation With Multiple External Encodings | 06-23-2016 |
20160180097 | RELATIONAL DATABASE FINGERPRINTING METHOD AND SYSTEM | 06-23-2016 |
20160180099 | UPDATING PROCESSOR MICROCODE | 06-23-2016 |
20160180114 | SECURITY PLUGIN FOR A SYSTEM-ON-A-CHIP PLATFORM | 06-23-2016 |
20160188887 | System And Method Of Determining User-Defined Permissions Through A Network - The proliferation of personal computing devices in recent years, especially mobile personal computing devices, combined with a growth in the number of widely-used communications formats has led to increased concerns regarding the safety and security of documents and messages that are sent over networks. Users desire a system that provides for the setting of custom, content-agnostic, permissions at a message, document, and/or sub-document-level through a communications network. Such a system would allow customized privacy settings to be specified at various levels of social distance from the user sending the document or message (e.g., public, private, followers, groups, Level-1 contacts, Level-2 contacts, Level-3 contacts, etc.). Such a system may also allow the user to apply customized privacy settings and encryption keys differently to particular parts of a document. Customized encryption keys may further be applied to particular parties or groups of parties to enhance the security of the permissioning settings. | 06-30-2016 |
20160188889 | CREATING SECURE CHANNELS BETWEEN A PROTECTED EXECUTION ENVIRONMENT AND FIXED-FUNCTION ENDPOINTS - Embodiments of an invention for establishing secure channels between a protected execution environment and fixed-function endpoints are disclosed. In one embodiment, and system includes an architecturally protected memory, a processing core communicatively coupled to the architecturally protected memory, and a key distribution engine. The processing core is to implement an architecturally-protected execution environment by performing at least one of executing instructions residing in the architecturally protected memory and preventing an unauthorized access to the architecturally protected memory. The key distribution engine is to provide a secure channel between an application executing within the architecturally-protected execution environment and a fixed-function endpoint by generating a decrypted content encryption key by decrypting an encrypted content encryption key using a key wrapping key shared between the processing core and the key distribution engine and providing the decrypted content encryption key to the fixed-function endpoint. | 06-30-2016 |
20160188893 | SYSTEM AND METHOD OF APPLYING ADAPTIVE PRIVACY CONTROLS TO LOSSY FILE TYPES - The proliferation of personal computing devices in recent years, especially mobile personal computing devices, combined with a growth in the number of widely-used communications formats has led to increased concerns regarding the safety and security of documents and messages that are sent over networks. Users desire a system that provides for the setting of custom access permissions at a file-level or sub-file-level. Such a system may allow the user to apply customized privacy settings (and, optionally, encryption keys) differently to particular portions of a document—even if the document is of a ‘lossy’ file type, e.g., a JPEG image. According to some embodiments, the custom access permission settings may be implemented by obfuscating portions of the original file and then embedding “secret,” e.g., hidden and/or encrypted, versions of the obfuscated portions in parts of the data structure of the original lossy file before transmitting the file to the desired recipients. | 06-30-2016 |
20160191233 | MANAGED SECURE COMPUTATIONS ON ENCRYPTED DATA - The subject disclosure is directed towards secure computations of encrypted data over a network. In response to user desired security settings with respect to the encrypted data, software/hardware library components automatically select parameter data for configuring a fully homomorphic encryption scheme to secure the encrypted data items while executing a set of computational operations. A client initiates the set of computational operations via the library components and if requested, receives secure computation results in return. | 06-30-2016 |
20160196436 | SECURE FUNCTION EVALUATION OF TREE CIRCUITS | 07-07-2016 |
20160196437 | METHOD OF USING TOUCH SCREEN DEVICE FOR SYSTEM ENCRYPTION AND PROTECTION | 07-07-2016 |
20160197720 | FLEXIBLE ARCHITECTURE AND INSTRUCTION FOR ADVANCED ENCRYPTION STANDARD (AES) | 07-07-2016 |
20160197725 | INTEGRATION OF VERIFICATION TOKENS WITH MOBILE COMMUNICATION DEVICES | 07-07-2016 |
20160197728 | SYSTEM AND METHOD FOR SECURE DATABASE QUERIES | 07-07-2016 |
20160203076 | Secure Garbage Collection on a Mobile Device | 07-14-2016 |
20160203297 | SYSTEMS AND METHODS FOR PAYLOAD ENCODING AND DECODING | 07-14-2016 |
20160203322 | DECOUPLED NAME SECURITY BINDING FOR CCN OBJECTS | 07-14-2016 |
20160253485 | SUPPORT FOR SECURE OBJECTS IN A COMPUTER SYSTEM | 09-01-2016 |
20160253519 | APPARATUS AND METHOD FOR TRUSTED EXECUTION ENVIRONMENT FILE PROTECTION | 09-01-2016 |
20160253525 | IMPLEMENTATION METHOD FOR DRIVING OF SOFTWARE AND HARDWARE SUPPORTING OPENSC | 09-01-2016 |
20160378707 | Vehicular intra network apparatus and client-host method of operation - A networking apparatus couples a plurality of vehicle nodes to improve bandwidth, security, and subsystem independence. The networking apparatus couples a plurality of thin client units to a single virtualized master control unit container host. Each thin client unit transforms CAN protocol messages to encrypted packets for a real time Ethernet interconnect. Vehicle subsystem modules connect via a personalized thin client unit which will filter, correct, and authenticate messages at the periphery of the networking apparatus. Between thin client units, the host encrypts and decrypts a message, directs the message to the proper recipient, authenticates each message, and centrally provides the functionality of a plurality of electronic control units. The virtualized master control unit container host may be updated over the air and perform installation and validation checks of a new version of one or more electronic control unit images while the vehicle is in operation using a previous version. | 12-29-2016 |
20160379014 | SMS4 ACCELERATION PROCESSORS HAVING ENCRYPTION AND DECRYPTION MAPPED ON A SAME HARDWARE - A processing system includes a processing core and a hardware accelerator communicatively coupled to the processing core. The hardware accelerator includes a data register having a plurality of data bits and a key register having a plurality of key bits. The hardware accelerator also includes a data mode selector module to select one of an encrypt mode or a decrypt mode for processing the plurality of data bits. The hardware accelerator further includes a key mode selector module to select one of the encrypt mode or the decrypt mode for processing the plurality of key bits. | 12-29-2016 |
20170235930 | CONTENT PROTECTION VIA ONLINE SERVERS AND CODE EXECUTION IN A SECURE OPERATING SYSTEM | 08-17-2017 |
20170235961 | TRUST ARCHITECTURE AND RELATED METHODS | 08-17-2017 |
20170237551 | PROVIDING ACCESS TO CONTENT | 08-17-2017 |
20180025166 | VALIDATING COMPUTER RESOURCE USAGE | 01-25-2018 |
20180025182 | Phosphor-Loaded Waveguide | 01-25-2018 |
20180026782 | MODULAR EXPONENTIATION WITH TRANSPARENT SIDE CHANNEL ATTACK COUNTERMEASURES | 01-25-2018 |
20190147169 | ELECTRONIC DEVICE INCLUDING DISPLAY AND METHOD OF ENCRYPTING AND DECRYPTING INFORMATION | 05-16-2019 |
20190147170 | PROCESSING DATA QUERIES IN A LOGICALLY SHARDED DATA STORE | 05-16-2019 |
20190147190 | SYSTEM AND METHOD FOR INTERACTION OBJECT MANAGEMENT IN A BLOCKCHAIN ENVIRONMENT | 05-16-2019 |
20190149319 | METHOD FOR PROCESSING AN IMAGE EXECUTED BY A TERMINAL FORMING A "WHITE BOX" ENVIRONMENT | 05-16-2019 |
20220140993 | SECURING AUDIO COMMUNICATIONS - Systems and methods include establishing a cryptographically secure communication between an application module and an audio module. The application module is configured to execute on an information-handling machine, and the audio module is coupled to the information-handling machine. The establishment of the cryptographically secure communication may be at least partially facilitated by a mutually trusted module. | 05-05-2022 |