Patent application number | Description | Published |
20090037738 | Digital certificates - A method for producing a certificate, the certificate including data, the method including choosing a seed s, the seed s including a result of applying a function H to the data, generating a key pair (E,D), such that E=F(s,t), F being a publicly known function, and including s and t in the certificate. Related methods, and certificates produced by the various methods, are also described. | 02-05-2009 |
20090113206 | Revocation List Improvement - A method for enforcing use of certificate revocation lists in validating certificates, the lists being associated with a series of list generation indices such that each list is assigned one index which advances according to a time of generation of the list, the lists and the indices being cryptographically signed, the method including receiving one of the lists and an associated index as an identifier of the one list, checking the certificates against the list, associating each of the certificates, which have been checked against the list, with the index, receiving an enforcement generation index (EGI) associated with a latest list in use, storing the EGI as a last known EGI, and refusing performance of an action associated with a certificate if the one index of the one certificate is earlier in the series than the last known EGI. Related apparatus and methods are also included. | 04-30-2009 |
20090154697 | DIGITAL RIGHTS MANAGEMENT SYSTEM AND METHOD - A system and a method for providing variable security mechanisms for securing digital content, in which a single security mechanism is not used for all content. Instead, at least one characteristic or feature of the security mechanism is varied between units, instances or categories of content. Therefore, even if unauthorized access is gained to a single unit of content, the overall integrity and security of the system for content distribution is not compromised. Preferably, security is provided though a general mechanism, which is then varied in order to provide variable, dissimilar security schemes for different types of content. By “type of content”, it is meant any of a single unit of content, a single instance of content or a single category of content. For example, for a category of content, the content may be characterized according to the identity of the content itself, such as the title of a movie for example, and/or according to the owner of a particular copy of the content. Thus, different security schemes may optionally and preferably be generated from a particular root structure. Related apparatus and methods are also provided. | 06-18-2009 |
20100215180 | Replacement of keys - A method and system for assigning a key to a device, the method including providing a device having a processor ID (CID) and an associated processor key (CK) and including a memory, at a first time, storing a personalization data ID (PDID) and associated personalization data (PD) in the memory, at a later time, sending the CID and the PDID to a security provider and receiving an activation value (AV) back from the security provider, the activation value AV being based, at least in part, on the CK and a personalization data key (PDK) associated with the PDID and the PD, computing, in the device, a result, based, at least in part, on the CK and the activation value, the result being produced by applying a first function g to the CK and the AV, such that the result=g(CK, AV), and storing the result in the memory, wherein a second function ƒ is used to compute the value of AV, such that AV=ƒ(CK, PDK), and ƒ includes an inverse function of function g, such that g(CK, ƒ(CK, PDK))=PDK, thereby assigning the personalization data key PDK to the device. Related methods and hardware are also described. | 08-26-2010 |
20110083194 | SECURITY WITHIN INTEGRATED CIRCUITS - A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time. Related apparatus and methods are also described. | 04-07-2011 |
20110103582 | System for securing access to data streams - A method and an apparatus for protecting digital content, in which an output format for received compressed encrypted digital content is determined based, at least in part, on a rule determining whether clear compressed output format is allowed. When the clear compressed output format is not allowed, the content is received in a form in which it has been encrypted by at least two different encryption methods, and processing of the content comprises a combination of decrypting in accordance with one of the encryption methods and decompression in an atomic operation. | 05-05-2011 |
20120128150 | PATTERN-FREE ENCRYPTION - A method is described for defining a reserved pattern of symbols, receiving in a crypto-module an input stream including sequential input symbols, applying a cipher to the input stream in the crypto-module so as to generate an intermediate stream including sequential output symbols corresponding respectively to the input symbols, and converting the intermediate stream to an output stream from the crypto-module by comparing successive groups of the input symbols and the corresponding output symbols to the reserved pattern and, upon finding a match to the reserved pattern in a given group, substituting the input symbols in the group into the intermediate stream in place of the corresponding output symbols. Related hardware and systems are also described. | 05-24-2012 |
20120278375 | Exponentiation System - A method for computation, including defining a sequence of n bits that encodes an exponent d, such that no more than a specified number of successive bits in the sequence are the same, initializing first and second registers using a value of a base x that is to be exponentiated, whereby the first and second registers hold respective first and second values, which are successively updated during the computation, successively, for each bit in the sequence computing a product of the first and second values, depending on whether the bit is one or zero, selecting one of the first and second registers, and storing the product in the selected one of the registers, whereby the first and second registers hold respective first and second final values upon completion of the sequence, and returning x | 11-01-2012 |
20120290843 | Privacy-Aware Content Protection System - A method and system are disclosed for preventing rendering of content at overlapping time periods on more rendering devices than permitted by a license associated with the content. | 11-15-2012 |
20120321085 | Data Expansion Using an Approximate Method - A method for computation is described, the method including configuring a processor to expand input seed values into respective output data values using an approximated expansion process such that the output data values are not guaranteed to satisfy a required output data criterion, selecting a seed value so that an output data value generated by the processor by application of the approximated expansion process to the selected seed value will yield an output data value that satisfies the required output data criterion, and storing the selected seed value in a non-volatile memory to be accessed by the processor. Related apparatus and systems are also described. | 12-20-2012 |
20130129090 | Efficient Multivariate Signature Generation - A cryptographic method and apparatus, including providing a public key that defines a multivariate polynomial mapping Q( ) over a finite field F, extracting a first vector Y of verification values from a message, computing over the first vector, using a processor, a digital signature X including a second vector of signature values such that application of the mapping to the digital signature gives a third vector Q(X) of output values such that each output value is equal to a corresponding element of a vector sum Y+aY | 05-23-2013 |
20130294601 | Efficient Multivariate Signature Generation - A cryptographic method and apparatus, including providing a public key that defines a multivariate polynomial mapping Q( ) over a finite field F, extracting a first vector Y of verification values from a message, computing over the first vector, using a processor, a digital signature X including a second vector of signature values such that application of the mapping to the digital signature gives a third vector Q(X) of output values such that each output value is equal to a corresponding element of a vector sum Y+aY | 11-07-2013 |
20130326632 | Security Within Integrated Circuits - A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time. Related apparatus and methods are also described. | 12-05-2013 |
20140040625 | Prevention of Playback Attacks Using OTP Memory - A method for data security includes receiving, in a processor having a one-time programmable (OTP) memory, which includes multiple bits and has a current state defined by the bits of the OTP that have been programmed, new information to be written to a data memory. Based on the new information and the current state, at least one further bit of the OTP memory is selected to be programmed, thereby defining a new state of the OTP memory. A new digital signature is computed over the new information and the new state. The new information and the new digital signature are saved in the data memory. After saving the new information and the new digital signature in the data memory, the at least one further bit of the OTP memory is programmed, whereby the new state becomes the current state. Related apparatus and methods are also disclosed. | 02-06-2014 |
20140164788 | Secure Switch Between Modes - A state sensitive device is described, the device including a state register which stores a record of the effective-state of the device, a mask field having a value which varies according to a value of the state register, and a processor which changes the value of the mask field to a new value of the mask field when there is a change in the value of the state register, wherein, the processor performs a state dependent calculation requiring the value of the mask field as an operand in the state dependent calculation which will yield an incorrect result if the value of the mask field does not properly correspond to the value of the state register. Related methods, systems and apparatus are also described. | 06-12-2014 |