| Entries |
| Document | Title | Date |
|---|
| 20080205654 | Method and Security System for the Secure and Unequivocal Encoding of a Security Module - The present invention relates to a method and a security system for the secure and unequivocal encoding of a security module, in particular a chip card. To this end, a security module ( | 08-28-2008 |
| 20080205655 | CONTACT MANAGEMENT SYSTEM AND METHOD - In an embodiment of a method of providing contact information, the method includes creating a contact record in a contact management system, where a process associated with a subject of the contact record and/or a recipient of data associated with the contact record is included in creating the contact record. A unique serial number is generated corresponding to the contact record and the serial number is conveyed to the recipient. A request by an application is received for the contact record from the contact management system corresponding to the serial number and data associated with the contact record is transmitted to the application. | 08-28-2008 |
| 20080212783 | KERBERIZED HANDOVER KEYING IMPROVEMENTS - A media-independent handover key management architecture is disclosed that uses Kerberos for secure key distribution among a server, an authenticator, and a mobile node. In the preferred embodiments, signaling for key distribution is based on re-keying and is decoupled from re-authentication that requires EAP (Extensible Authentication Protocol) and AAA (Authentication, Authorization and Accounting) signaling similar to initial network access authentication. In this framework, the mobile node is able to obtain master session keys required for dynamically establishing the security associations with a set of authenticators without communicating with them before handover. By separating re-key operation from re-authentication, the proposed architecture is more optimized for a proactive mode of operation. It can also be optimized for reactive mode of operation by reversing the key distribution roles between the mobile node and the target access node. | 09-04-2008 |
| 20080232598 | System, Method and Apparatus to Obtain a Key for Encryption/Decryption/Data Recovery From an Enterprise Cryptography Key Management System - A technique for obtaining a key for encryption/decryption/data recovery from an enterprise key management system. In one example embodiment, this is accomplished by connecting a client mobile device to a cryptography key management using a UID, a UDID, the names of one or more data files to encrypt, a password Pswd, and a KeyID to obtain the key for encryption/decryption/data recovery. | 09-25-2008 |
| 20080240446 | INTRUDER TRACEABILITY FOR SHARED SECURITY ASSOCIATIONS - Various embodiments are directed to systems and techniques for shared security associations. In one or more embodiments, a key distribution server provides shared security associations for clients and servers by assigning a group key to a particular client according to a time-based group key assignment schedule. The key distribution server may comprise a recursive codebook including multiple entries corresponding to group key assignments to be selected by the key distribution server with respect to time intervals. Other embodiments are described and claimed. | 10-02-2008 |
| 20080240447 | SYSTEM AND METHOD FOR USER AUTHENTICATION WITH EXPOSED AND HIDDEN KEYS - The present invention relates to a system and method for digitally authenticating users both online and offline. In one embodiment, a hardware token assigned by a trusted token provider to the user is employed to ensure the identity of the user. In the online authentication, the token is adapted for generating an exposed key EK and a hidden key HK based on a noise code NC and a time code TC of the token, a space code SC of a service server, and an owner code OC of the user. A login session is initialized by entering a user identifier at the service server and the generated EK from a computing device. The service server computes an expose key CEK and a hidden key CHK based one an authentication license generated by the token provider. The service server authenticates the user if the CEK is same as the EK, and sends a response message encrypted the CHK to the computing device. Then, the user provides the HK to the computing device to decrypt the encrypted response message so as to access his/her account. In the offline authentication, the token is adapted for generating a license exposed key LEK used to render the encrypted digital content on an offline compliant device. The compliant device authenticates the user if a license exposed key computed by the compliant device based on a content license of which the user bought is same as LEK, so as to render the protected digital content after authentication. | 10-02-2008 |
| 20080260163 | COMMUNICATION ENCRYPTION PROCESSING APPARATUS - A communication encryption processing apparatus is provided in which a dedicated signal line is provided between a key management module and an encryption and decryption processing module to perform a key delivery via the dedicated signal line from the key management module to the encryption and decryption processing module, and as a result, transmission and reception of raw key data on a bus is no longer performed. | 10-23-2008 |
| 20080260164 | Method and Application for Authentication of a Wireless Communication Using an Expiration Marker - Systems and methods of securing wireless communications between a network and a subscriber station are disclosed. One embodiment creates authentication triplets due to expire after a certain amount of time such that they may not be used indefinitely by an attacker who intercepts them. | 10-23-2008 |
| 20080267411 | Method and Apparatus for Enhancing Security of a Device - A method is provided that authenticates a data transfer module. Further, the method establishes a secure tunnel between a first processor, which receives a copy protection key from the data transfer module, and a second processor, which receives the copy protection key from the first processor through the secure tunnel. In addition, the method receives, at the second processor, encrypted content from the data transfer module. The method also decrypts, at the second processor, the encrypted content with the copy protection key to generate decrypted content. | 10-30-2008 |
| 20080273706 | System and Method for Controlled Access Key Management - Embodiments of the present invention provide controlled access to key management servers using store and forward protocols. A computer-implemented method for providing controlled key management includes generating a request indicative of a key management function. The request is received at the first of a number of intermediate parties capable of relaying the request toward a key management server. The key management function is performed subsequent to receiving the request from the last of the intermediate parties which is authorized to provide the request to the key management server. A response to the request is then generated. | 11-06-2008 |
| 20080279387 | Propagating Keys from Servers to Clients - A method for key distribution includes steps or acts of: deprecating a first key on a server; receiving a request from a client wherein the client request includes the deprecated key; verifying the client request by using the deprecated key provided in the client request to decrypt the client request; and sending a communication to the client advising that the first key has been updated. An additional step of sending instructions to the client on obtaining the updated key may also be provided. Additionally, instructions on obtaining the updated key may be sent to the client. | 11-13-2008 |
| 20080310638 | Storage Medium Processing Method, Storage Medium Processing Device, and Program - A situation where accesses concentrate on a release day is eased. A user terminal | 12-18-2008 |
| 20080317250 | Contents distribution system, contents distribution method, terminal apparatus, and recording medium on which program thereof is recorded - To prevent a preview of contents by a person who does not have a right to view or listen, by distributing encoded contents data which are difficult for a third person to decode. A new participation terminal apparatus, as well as transmitting a participation request to a parent terminal apparatus of a connection destination candidate, transmits a participation disclosure key for encoding a contents decoding key. The parent terminal of the connection destination candidate which receives the participation disclosure key from the new participation terminal apparatus generates an encoded decoding key, which is a contents decoding key encoded using the participation disclosure key received, and transmits it to the new participation terminal apparatus. The new participation terminal apparatus decodes the encoded decoding key received, using a participation secret key stored in a participation key storage section, acquiring a contents decoding key. Using the contents decoding key, the new participation terminal apparatus decodes distributed encoded contents data, and carries out a reproduction process. | 12-25-2008 |
| 20090016538 | Delivery of Messages to A Reciever Mobile Device - A system for delivering messages to a receiver mobile device and a method and memory storing instructions therefor are described. The system comprises a key server arranged to: transmit a first signal responsive to receipt of a message from a sender mobile device; transmit a delivery confirmation notice responsive to receipt of a second signal from the receiver mobile device; transmit a key to the receiver mobile device responsive to receipt of the second signal from the receiver mobile device; and a message server communicatively coupled with the key server and arranged to: transmit a third signal to the receiver mobile device responsive to receipt of the first signal from the key server; transmit a fourth signal to the sender mobile device responsive to receipt of the delivery confirmation notice from the key server. | 01-15-2009 |
| 20090022323 | SECRET KEY PREDISTRIBUTION METHOD - A secret key predistribution method is provided. The secret key predistribution method includes the steps of: performing a tree structure establishment process by causing a center to release a tree structure and causing sensor nodes to store the released tree structure; performing a seed key and hashed key generation process by causing the center to select a seed key and extract hashed keys by applying a hash function according to the tree structure; and performing a key predistribution process by causing the center to select key id sequences and causing the sensor nodes to store the selected sequences and corresponding hashed keys. Accordingly, the secret key distribution method can provide excellent resiliency and efficiency in terms of hash computational complexity. | 01-22-2009 |
| 20090022324 | INFORMATION PROCESSING APPARATUS, CONTENT PROVIDING SYSTEM, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM - Disclosed herein is an information processing apparatus that serves as a server that performs data transmission in response to receipt of media information from a user device. The information processing apparatus includes: an encrypted transmission data storage database that stores a transmission data identifier and encrypted transmission data such that the transmission data identifier and the encrypted transmission data are associated with each other; and a control section configured to acquire, from a key management server, an encrypted unit key obtained by encrypting a unit key that is used to encrypt the transmission data, and transmit the acquired encrypted unit key and the encrypted transmission data to the user device. | 01-22-2009 |
| 20090028342 | Systems, Methods, and Media for Adding an Additional Level of Indirection to Title Key Encryption - Systems, methods and media for encrypting and decrypting content files are disclosed. More particularly, hardware and/or software for adding an additional level of indirection to a title key encryption scheme are disclosed. Embodiments may include generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key. | 01-29-2009 |
| 20090034741 | ASYMMETRIC KEY WRAPPING USING A SYMMETRIC CIPHER - A method of asymmetric key wrapping in a system is disclosed. The method generally includes the steps of (A) transferring a shared key from a key storage to a cipher operation, wherein the cipher operation comprises a symmetric-key cipher utilizing a cipher key, (B) generating an encrypted key by encrypting a decrypted key with the cipher operation using the shared key as the cipher key in a wrap-encrypt mode and (C) presenting the encrypted key external to the system in the wrap-encrypt mode. | 02-05-2009 |
| 20090034742 | IDENTITY-BASED ENCRYPTION SYSTEM - A system is provided that uses identity-based encryption to support secure communications. Messages from a sender to a receiver may be encrypted using the receiver's identity and public parameters that have been generated by a private key generator associated with the receiver. The private key generator associated with the receiver generates a private key for the receiver. The encrypted message may be decrypted by the receiver using the receiver's private key. The system may have multiple private key generators, each with a separate set of public parameters. Directory services may be used to provide a sender that is associated with one private key generator with appropriate public parameters to use when encrypting messages for a receiver that is associated with a different private key generator. A certification authority may be used to sign directory entries for the directory service. A clearinghouse may be used to avoid duplicative directory entries. | 02-05-2009 |
| 20090060201 | Secure Peer-to-Peer Distribution of an Updatable Keyring - A distributed peer-to-peer document archive system provides version-control, security, access control, linking among stored documents and remote access to documents usually associated with centralized storage systems while still providing the simplicity, personalization and robustness to network outages associated with personal and peer-to-peer storage systems. A “keyring” is an encrypted repository that allows a user to recover and access a user's entire digital archive with a single master key. After the key is created, it does not need to be updated, and can be stored in a safe, safety-deposit box or other secure location. In the event the user's computer is stolen or destroyed, the user need only install the system on a new machine and import the master key. The system will then use that key to browse nearby servers to find and decrypt all files necessary to recreate the full digital archive in its most recent state. | 03-05-2009 |
| 20090067633 | CONFIGURING HOST SETTINGS TO SPECIFY AN ENCRYPTION SETTING AND A KEY LABEL REFERENCING A KEY ENCYRPTION KEY TO USE TO ENCRYPT AN ENCRYPTION KEY PROVIDED TO A STORAGE DRIVE TO USE TO ENCRYPT DATA FROM THE HOST - Provided are a method, system, and article of manufacture for configuring host settings to specify encryption and a key label referencing a key encrypting key to use to encrypt an encryption key provided to a storage drive to use to encrypt data from the host. User settings are received to configure a data class having data attributes with encryption settings. The data class is stored with the received user encryption settings. A job is received indicating a data set to store to a removable storage medium. A data class is determined having data class attributes matching data attributes of the data set indicated in the job. A determination is made from the determined data class whether to encrypt the data. The data set and a command to encrypt the data set are transmitted to a storage drive in response to determining that the determined data class indicates to encrypt the data, wherein the command to encrypt the data set causes the storage drive to encrypt the data sets written to the removable storage medium with an encryption key. | 03-12-2009 |
| 20090080660 | PROCESSORLESS MEDIA ACCESS CONTROL ARCHITECTURE FOR WIRELESS COMMUNICATION - To provide greater flexibility in wireless communication design and implementation, a device and method for implementing media access control (MAC) layer functionality without using an embedded processor for MAC layer functions. A key table stores connection identification data and communicates the connection identification data to a transmit control module and a receive control module to configure and control data transmission and reception, respectively. This use of dedicated hardware, rather than an processor, to implement MAC functions simplifies the design and construction of devices which wirelessly communicate with each other. | 03-26-2009 |
| 20090080661 | SYSTEM AND METHOD FOR CONTROLLING MESSAGE ATTACHMENT HANDLING FUNCTIONS ON A MOBILE DEVICE - A system and method for controlling message attachment handling functions on a mobile device is described herein. An attachment handling control can be set to identify one of a number of selected attachment handling control modes. Depending on the attachment handling control mode identified, a request for the attachment structure that includes a decrypted session key for an encrypted message received at the mobile device may or may not be automatically sent to a remote server. This may provide the user with increased control over the content of an encrypted message that the remote server may access when determining the attachment structure for a message. | 03-26-2009 |
| 20090086977 | SYSTEM AND METHOD TO PASS A PRIVATE ENCRYPTION KEY - A method includes receiving, via a network, a request to provision and provide a private key, the private key being for use with a public and private key system. The method further includes identifying a requester that has made the request via the network and initiating a secure session with the requester. The method also includes providing the private key using the secure session, and provisioning the private key. | 04-02-2009 |
| 20090086978 | SYSTEM AND METHODS FOR DIGITAL CONTENT DISTRIBUTION - Method and system for transferring encrypted content from a server to a storage device are provided. The method includes encrypting the content using a first key, wherein the server encrypts the content; establishing a secure communication channel between the server and the storage device using a random session key; sending the first key to the storage device via the secure communication channel; replacing the random session key with the first key; sending the encrypted content to the storage device after the random session key is replaced with the first key; decrypting the encrypted content using the first key, wherein the storage device decrypts the encrypted content; re-encrypting the decrypted content using a second key generated by the storage device; and storing the re-encrypted content at the storage device. | 04-02-2009 |
| 20090086979 | VIRTUAL TPM KEYS ROOTED IN A HARDWARE TPM - The present subject matter related to trusted computing, and more particularly, to virtual trusted platform module keys rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module operable to capture virtual machine trusted platform module calls and operates to generate, maintain, and utilize hardware trusted platform module keys on behalf of the one or more virtual machines. Some embodiments include virtual trusted platform module keys having a public portion on top of an private portion including an encrypted hardware trusted platform module key. | 04-02-2009 |
| 20090092255 | Dynamic Authentication in Secured Wireless Networks - Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required. | 04-09-2009 |
| 20090097660 | MULTI-FACTOR CONTENT PROTECTION - Protecting content. A recipient receives content from a publisher. Some content is managed by an access server. The access server controls the recipient's use of managed content through interaction with a trusted agent at the recipient. The content is encrypted to a content key, and the content is associated with policy information. The policy information includes the content key for decrypting the content. The policy information is encrypted to an access server key allowing the policy information to be decrypted by the access server. The content key is received from the access server. The content key is encrypted to a trusted agent key. The content key is further encrypted to additional factor(s) defining additional content protection beyond that provided by trusted agent. The content key is decrypted using the trusted agent key and the at least one additional factor. The content is decrypted using the content key. | 04-16-2009 |
| 20090097661 | SYSTEMS AND METHODS FOR MANAGING CRYPTOGRAPHIC KEYS - A common interface for managing cryptographic keys is provided. A request to manage a cryptographic key may be received in a first interface format, translated to a common interface format, and then executed remotely from the first interface. Return arguments may then be translated from the common interface format to a format compatible with the first interface and communicated securely to the first interface. The cryptographic keys may be used in connection with a secure data parser that secures data by randomly distributing data within a data set into two or more shares. | 04-16-2009 |
| 20090110199 | Toolbar Signature - A method and system are provided for a web browser toolbar signature. In one example, the method includes receiving a submission of user content from a source webpage, receiving a producer identity of a producer who submitted the user content, receiving identifying information about the destination webpage, coding signed content using the user content and the producer identity, wherein the signed content includes a signature, and submitting the signed content to a server hosting the destination webpage. | 04-30-2009 |
| 20090110200 | SYSTEMS AND METHODS FOR USING EXTERNAL AUTHENTICATION SERVICE FOR KERBEROS PRE-AUTHENTICATION - Systems and methods for providing Kerberos pre-authentication are presented. According to a method embodiment, a request for authentication is received from a principal of an authentication service. The principal in the authentication service is authenticated. A key associated with the authenticated principal in the authentication service is provided to a Kerberos Key Distribution Center (KDC). | 04-30-2009 |
| 20090129599 | HIERARCHICAL DETERMINISTIC PAIRWISE KEY PREDISTRIBUTION SCHEME - A security system for a hierarchical network ( | 05-21-2009 |
| 20090136042 | APPLICATION LAYER AUTHORIZATION TOKEN AND METHOD - An authorization token may provide security for operations. The authorization token may be encrypted by a key manager of a head end system so that only a target device may decrypt the authorization token and perform an operation. | 05-28-2009 |
| 20090141902 | APPARATUS AND METHOD FOR SECURING DATA IN COMPUTER STORAGE - Apparatus, and an associated method, for maintaining data, such as a data file, in secure form. Security keys are stored and maintained at a central location. The security key is downloaded to a device that is to operate upon the data. When the security key is authorized to be downloaded to a computer device, a time boundary is associated with the security key. The time boundary defines the period of usability of the security key. The security key is used at the computer device to encrypt the data each time the data is written to storage and to decrypt the data each time the data is read from storage. Thereby, at all times, when the data is stored at storage, the data is maintained in secure form. | 06-04-2009 |
| 20090154708 | SYMMETRIC KEY DISTRIBUTION FRAMEWORK FOR THE INTERNET - A method, device, and system are disclosed. In one embodiment the method includes receiving measured health information from a client on a key distribution server. Once the measured health information is received the server is capable of validating the measured health information to see if it is authentic. The server is also capable of sending a session key to the client when the measured health information is validated. When the client receives the session key, the client is capable of initiating an encrypted and authenticated connection with an application server in the domain using the session key. | 06-18-2009 |
| 20090169021 | Content distribution system, information processing method and terminal apparatus in content distribution system, and recording medium on which is recorded program thereof - In a terminal apparatus configuring the content distribution system, when a user's content data acquisition request operation is detected, content data corresponding to the acquisition request operation are acquired, via the network, from another terminal apparatus, and stored. Subsequently, when there is a request from another terminal apparatus for a transmission of the stored content data, the content data corresponding to the transmission request are transmitted to the another terminal apparatus. Meanwhile, a reproduction of the content data being restricted when a reservation period of the acquired content data is not finished, the reproduction of the content data is possible when the reservation period is finished. | 07-02-2009 |
| 20090185691 | METHOD AND SYSTEM FOR PROVIDING A MOBILE IP KEY - A method for providing an IP key, for encoding messages between a user terminal MS or a PMIP client and a home agent HA, wherein an authentication server only provides the mobile IP key when the authentication server recognizes, by a correspondingly encoded parameter, that the user terminal MS itself is not using mobile IP (PMIP). | 07-23-2009 |
| 20090202079 | Method, apparatus and computer program product for providing mobile broadcast service protection - An apparatus for providing mobile broadcast service protection may include a processor. The processor may be configured to receive an indication of device groupings defining at least a first group of devices and a second group of devices in which the first and second groups are defined on the basis of a device characteristic, communicate a first security key providing access to a first message stream associated with a mobile broadcast service to the first group of devices, and communicate a second security key providing access to a second message stream associated with the same mobile broadcast service to the second group of devices. Methods and computer program products corresponding to the apparatus are also provided from the perspective of a network device and mobile terminal. | 08-13-2009 |
| 20090202080 | Method and system for managing encryption key - Conventionally, an encryption key for encrypting data to be backed up in a tape cannot be allocated for each logical data management unit. To solve the problem, provided is a storage system including: a disk storage device; a tape storage device in which a tape storage medium is loaded; and a controller for controlling the disk storage device and the tape storage device, in which the controller is configured to: generate, upon reception of a request for setting a tape group including one or more tape storage media, a first encryption key used for encrypting data stored in the tape group set by the request; and hold information for correlating the generated first encryption key with the tape group. | 08-13-2009 |
| 20090214043 | KEY DISTRIBUTION METHOD AND AUTHENTICATION SERVER - A method of and an authentication server for distributing a key are disclosed. According to an embodiment of the present invention, the method of distributing a key, which is distributed by an authentication server connected with wireless terminals through a communication network, for encrypting and decrypting data in accordance with providing a service can include: obtaining characteristic information by decrypting encrypted characteristic information that has been received from each of n number of wireless terminals; generating a random key; generating a group key used for encrypting and decrypting data in accordance with providing a service; and generating a distribution key by using the random key, the group key and the characteristic information, and transmitting the distribution key to each wireless terminal. | 08-27-2009 |
| 20090238367 | DIRECT DELIVERY OF CONTENT DESCRAMBLING KEYS USING CHIP-UNIQUE CODE - Systems and methods of direct delivery of content descrambling keys using chip-unique code are described herein. One such method includes receiving a unique chip identifier from a digital subscriber communications terminal; determining a chip key associated to the chip identifier; encrypting a service instance using the chip key; and transmitting the encrypted service instance. One such system includes a chip key server configured to store a plurality of chip identifiers, each identifier associated with a chip key, and configured to receive a unique chip identifier from a digital subscriber communications terminal; and an encryptor configured to encrypt a service instance using the chip key associated with the unique chip identifier, the chip key provided by the chip key server. | 09-24-2009 |
| 20090245520 | DIGITAL CONTENT PROTECTION METHODS - An digital content protection method and device are disclosed. In the method, digital content to be delivered from a content provider to a consumer terminal is retrieved. The digital content is encoded to prevent unauthorized playback. The encoded digital content and a key for decoding the content are separately transmitted from the content provider to the consumer terminal, playback of the encoded digital content requires decoding with the key. | 10-01-2009 |
| 20090245521 | METHOD AND APPARATUS FOR PROVIDING A SECURE DISPLAY WINDOW INSIDE THE PRIMARY DISPLAY - In some embodiments, the invention involves securing sensitive data from mal-ware on a computing platform and, more specifically, to utilizing virtualization technology and protected audio video path technologies to prohibit a user environment from directly accessing unencrypted sensitive data. In an embodiment a service operating system (SOS) accesses sensitive data requested by an application running in a user environment virtual machine, or a capability operating system (COS). The SOS application encrypts the sensitive data before passing the data to the COS. The COS makes requests directly to a graphics engine which decrypts the data before displaying the sensitive data on a display monitor. Other embodiments are described and claimed. | 10-01-2009 |
| 20090252329 | IPTV FOLLOW ME CONTENT SYSTEM AND METHOD - Tools are provided for distributing access-restricted content in an internet protocol television (“IPTV”) environment based on portable entitlement keys. Such tools can include a decoder, an encoder, and a network entitlement handler. The decoder may be configured to receive a key associated with entitlement information, and transmit the entitlement information over a network. The encoder may be configured to receive content from content providers, and to encode the content to create IP-compatible content, with access restrictions based on entitlement. The network entitlement handler may be configured to receive a request for requested content from the decoder; receive the access-restricted content including (including the requested content) from the encoder; and transmit the requested content over the network to the decoder using IP, when the decoder is entitled to receive the requested content. | 10-08-2009 |
| 20090252330 | DISTRIBUTION OF STORAGE AREA NETWORK ENCRYPTION KEYS ACROSS DATA CENTERS - Efficient mechanisms are provided for transferring key objects associated with disk logical unit numbers and tape cartridges from one data center to another data center. A request is received to transfer a source data center key object from a source data center to a destination data center. The source data center key object corresponds to a data block, such as a disk logical unit number (LUN) or a tape cartridge, maintained in a storage area network (SAN) and includes a unique identifier, an encrypted key, and a wrapper unique identifier. The encrypted key is decrypted using a source data center key hierarchy. Key information is transmitted from the source data center to the destination data center. A destination data center key object is generated using a destination data center key hierarchy. | 10-08-2009 |
| 20090257596 | Managing Document Access - Methods, computer program products and systems for protecting a document from access by one or more users based on one or more document access rules. In one embodiment, the method includes creating a data set representing the one or more document access rules, storing the document and the associated data set, determining and storing a key for opening the document when one or more document access rules from the data set are met, and releasing the key to open the document to one or more users in response to a request from a user which meets one or more document access rules, thereby enabling the user to access the document. | 10-15-2009 |
| 20090268914 | Securing Wireless Body Sensor Networks Using Physiological Data - A computer implemented method, apparatus, and computer program product for securing wireless body sensor networks with a three party password protocol. The password protocol combines the Bellare-Rogaway 3PKDP (three-party key distribution protocol) and the Diffie-Hellman password protocol. The three party password protocol also uses physiological values in place of passwords in one of the key exchanges. The other key exchanges in the protocol use symmetric key cryptography. The combination of the Bellare-Rogaway three-party key distribution protocol and the Diffie-Hellman password protocol allows two sensors which do not measure the same environmental data to authenticate and establish keys. | 10-29-2009 |
| 20090274305 | METHOD AND APPARATUS FOR TRANSMITTING CONTENT KEY - Provided is a method of transmitting content keys to nodes arranged in a hierarchical structure which includes a plurality of node groups each including a predetermined number of the nodes. In this method, revoke information that includes identifiers of revoked node groups in the hierarchical structure, the total number of independent revoked nodes, and identifiers of the independent revoked nodes is generated. The revoked node groups are node groups consisting of only revoked nodes, and the independent revoked nodes are revoked nodes not belonging to any of the revoked node groups. Then, encrypted content keys are obtained by encrypting content keys using broadcast encryption, by using an encryption key set that has a form that cannot be generated using a decryption key set that the revoked nodes possess, and a set of encrypted content keys is generated. Thereafter, the revoke information and the set of the encrypted content keys are transmitted to all of the nodes arranged in the hierarchical structure. | 11-05-2009 |
| 20090279703 | SECURE SHELL USED TO OPEN A USER'S ENCRYPTED FILE SYSTEM KEYSTORE - The present invention provides a computer implemented method, apparatus, and data processing system for associating a private part of a keystore of a user with a user authentication process in an encrypting file system. A secure shell daemon server establishes the user authentication process with a secure shell client such that the user authentication process is associated with a user and the user is authenticated. The secure shell daemon server obtains an acknowledgment from the secure shell client. The secure shell daemon server accesses a user public key of the user from the keystore of the user, responsive to receiving the acknowledgment. The secure shell daemon obtains a public secure shell cookie associated with the user from the keystore of the user. The public secure shell cookie is an access key in encrypted form. The access key is based on the user's public key to form the public secure shell cookie. The secure shell daemon server obtains the access key from the secure shell client. The private part of the keystore is associated with the user authentication process, wherein the private part is accessed based on the access key. | 11-12-2009 |
| 20090279704 | MOBILE INTERNET PROTOCOL SYSTEM AND METHOD FOR UPDATING HOME AGENT ROOT KEY - A MIP system and a method for updating an HA-RK are disclosed. The AAA server generates and delivers a new HA-RK before expiry of the old HA-RK, thus eliminating the time gap between expiry of the old HA-RK and obtaining of the new HA-RK and making the MIP registration seamless. In the system, if the remaining lifetime of the old HA-RK is less than or equal to the lifecycle of the MSK in the EAP process, a new HA-RK is delivered; otherwise, no new HA-RK needs to be delivered. If both a new HA-RK and an old HA-RK are valid on the network entity at a time, then only the old HA-RK applies and the new HA-RK is not active until expiry of the old HA-RK. Alternatively, both the new HA-RK and the old HA-RK are active concurrently, and are differentiated by an SPI. | 11-12-2009 |
| 20090279705 | METHOD AND SYSTEM FOR DISTRIBUTING KEY OF MEDIA STREAM - A method and a system for distributing key of media stream are provided. The method comprises: determining, by a security management server, whether a domain to which the calling terminal belongs and a domain to which a called terminal belongs subscribe a key distribution protocol; generating a key based on encryption capability information obtained in a calling process, and distributing the generated key to the calling terminal and the called terminal, if the protocol has been subscribed; generating a key based on encryption capability information obtained in a calling process, and distributing the generated key to the terminal at the same side as the security management server, if the protocol has not been subscribed. By applying the disclosure, the key is generated by the security management server, so that complexity may be reduced for media stream key negotiation to facilitate promotion of media stream encryption service. | 11-12-2009 |
| 20090310788 | METHOD FOR MANAGING AND CONTROLLING THE ACCESS KEYS TO SERVICES IN A COMMUNICATION SYSTEM - A method for managing keys making it possible for a user to access one or more given services S in a communication system, in which the user is not able to be continuously connected to this service. A key K(t) is generated, which provides access to the service of day [t] for all the t| 12-17-2009 | |
| 20090316909 | UTILIZATION APPARATUS, SERVICER APPARATUS, SERVICE UTILIZATION SYSTEM, SERVICE UTILIZATION METHOD, SERVICE UTILIZATION PROGRAM, AND INTEGRATED CIRCUIT - Provided are a utilization apparatus, a server apparatus, and a key utilization system which enable the utilization apparatus to control deletion of the old key without using a secure clock and allow encrypted communications irrespective of whether the accessed server has updated its key or not. In key utilization system | 12-24-2009 |
| 20090316910 | METHOD AND DEVICE FOR MANAGING CRYPTOGRAPHIC KEYS IN SECRET COMMUNICATIONS NETWORK - A cryptographic key management method and device are provided by which cryptographic keys of multiple nodes can be managed easily and stably. A system includes at least one first node and a plurality of second nodes connected to the first node, and the first node individually generates and consumes a cryptographic key with each of the second nodes connected to the first node itself. A cryptographic key management device in such a system has a monitor that monitors the stored key amounts of cryptographic keys of the individual second nodes, stored at the first node, and a key management control section that performs key generation control on the first node, based on the stored key amounts. | 12-24-2009 |
| 20090323968 | DESCRAMBLING APPARATUS AND DESCRAMBLING METHOD IN A TV SYSTEM - A descrambling apparatus and a descrambling method to descramble a scrambled data in a receiver of a digital TV system are provided. The descrambling apparatus comprises: a receiving module, a storing module, a comparator, a retrieving module and a descrambler. The receiving module receives a packet, wherein the packet comprises a key-status field, a packet identifier field and a scrambled data; the storing module stores a key data and a formerly received packet data; the comparator compares the formerly received packet data and a key-status value of the key-status field to generate a compare result; the retrieving module retrieves a descramble key from the key data and the formerly received packet data according to the compare result, the key-status value and a packet identifier value of the packet identifier field; and the descrambler descrambles the scrambled data according to the descramble key to generate a descrambled data. | 12-31-2009 |
| 20100002885 | Efficient multiparty key exchange - A system for providing secure communications includes a telecommunications network. The system includes N nodes and a new node in communication with the network to form a session, where N is greater than or equal to three and is an integer. Each node has media streams, and a unique cryptographic media key for each media stream which each node sends to every other node of the session over the telecommunications network. One of the N nodes is a key master which distributes a master key to every other node in the session over the network. Each node encrypts with its own respective media key and the master key each of its media streams. When the new node first joins the session, the new node sends its unique cryptographic media keys for each of its media streams to the N nodes of the session. The key master then generates a new master key with the media keys of the new node and distributes the new master key to the new node and the N nodes using only a single signalling message to each of the N nodes and the new node without any other signalling messages to establish secure communications between the new node and the N nodes in the session. A method for providing secure communications. | 01-07-2010 |
| 20100008509 | COMMUNICATION APPARATUS, KEY SERVER, AND MANAGEMENT SERVER - A communication apparatus obtains file information indicating all or a part of first and second encrypted pieces obtained by encrypting a plurality of pieces constituting a part of a content and version management information with which it is possible to judge whether the file information has validity and receives, for each of the pieces, one of the first encrypted piece and the second encrypted piece from another communication apparatus, by using the file information. The communication apparatus transmits, to a key server, a request message for requesting decryption keys each being used for decrypting the one of the first encrypted piece and the second encrypted piece received for a different one of the pieces and the version management information of the file information used to obtain the one of the first encrypted piece and the second encrypted piece in correspondence with each of the pieces and receives the decryption keys. | 01-14-2010 |
| 20100014677 | GROUP SUBORDINATE TERMINAL, GROUP MANAGING TERMINAL, SERVER, KEY UPDATING SYSTEM, AND KEY UPDATING METHOD THEREFOR - Provided is a group subordinate terminal in a key updating system that includes a server and a group of terminals including: a group managing terminal; and group subordinate terminals including the group subordinate terminal, the group subordinate terminal comprising: a group withdrawal request processing unit which transmits a group withdrawal request to the group managing terminal in response to an instruction to update its apparatus-unique key, the group withdrawal request requesting for withdrawal of the group subordinate terminal from the group; an update apparatus-unique key requesting unit which requests for another apparatus-unique key by transmitting to the server a group withdrawal certificate indicating that the withdrawal of the group subordinate terminal from the group of terminals is completed through invalidation of its group key; and an update processing unit which updates the apparatus-unique key held in an apparatus-unique key holding unit to the another apparatus-unique key obtained from the server. | 01-21-2010 |
| 20100027798 | METHOD AND APPARATUS FOR STORAGE OF SECURE INFORMATION, WHICH IS REQUIRED FOR SHORT-RANGE COMMUNICATION, ON A COMMUNICATION TERMINAL - A method of storing secure information that is required for a near-field communication on a communication terminal includes transmitting a request to store information and a key required for securing the information on the communication terminal from an issuer of the information to a central facility, transmitting the information and the key required for securing the information from the issuer via the central facility to the communication terminal when the central facility has confirmed the request to store the information and the key required for securing the information on the communication terminal, storing the information and the key required for securing the information in the communication terminal, and transmitting a notification relating to storing of the information and of the key required for securing the information from the communication terminal via the central facility to the issuer of the information, wherein the key required for securing the information is furnished by a central facility while being uniquely allocated to the secure information. | 02-04-2010 |
| 20100034392 | ELECTRONIC APPARATUS, METHOD FOR CONTROLLING FUNCTIONS OF THE APPARATUS AND SERVER - An electronic apparatus, having functions on which use limitations can be imposed, in which a variety of functions are loaded on the electronic apparatus by hardware circuitry or by computer programs. Use of a certain function(s) is limited by setting a function limiting flag to “1”, provided that an other function(s) are usable within a period of a preset number of days of possible test use. An application is made from the apparatus to a key issuing source for purchasing usable functions. The key issuing source then issues a limitation removing key. The limitation removing key may be acquired from the key issuing source by a mobile phone terminal and transmitted to the apparatus by infrared ray communication. The apparatus rewrites the function limiting flag by this limitation removing key. If the number of days of actual test use has reached the number of days of possible test use, the CPU of the apparatus does not carry out the function(s) the function limiting flag of which is “1”. | 02-11-2010 |
| 20100040236 | METHOD, SYSTEM AND DEVICE FOR GENERATING GROUP KEY - A method for generating a group key are provided in the field of network communications. The method includes the following steps: Group members select DH secret values and generate DH public values. An organizer generates an intermediate message and broadcasts a DH public value and the intermediate message. The group members generate a group key according to a DH secret value selected by the organizer and DH public values of the other group members except the organizer. A system for generating a group key and communication devices are also disclosed in the present invention. | 02-18-2010 |
| 20100054479 | DRM KEY MANAGEMENT SYSTEM USING MULTI-DIMENSIONAL GROUPING TECHNIQUES - A key management system is provided. The key management system includes a key server. The key server generates secret keys by constructing a rights hierarchy and a resource hierarchy, associating the rights hierarchy with the resource hierarchy, and converting a rights-resource relationship into a node in a service hierarchy. The rights hierarchy includes a rights node and the resource hierarchy includes a resource node. The rights hierarchy is set above the resource hierarchy. The right hierarchy and the resource hierarchy are in a partial order relationship. | 03-04-2010 |
| 20100061557 | SYSTEM AND METHOD FOR EFFECTIVELY PRE-DISTRIBUTING KEY FOR DISTRIBUTED SENSOR NETWORK - A system for effectively pre-distributing keys for a distributed sensor network is disclosed, The system includes: a plurality of sensor nodes, each of which has a sensing function, a calculation function, and a wireless communication function; and a base station which is connected to the sensor nodes over a wireless network, receives data from the sensor nodes, acts as a data central station, and distributes keys for inter-sensornode security authentication to the sensor nodes. A key management unit contained in the base station, generates a set of the sensor nodes used for security authentication between the sensor nodes, decomposes the set of the sensor nodes into a plurality of matrices, distributes the matrices to the sensor nodes, and allows the sensor nodes to search for a common private key required for the security authentication using the received matrices. Therefore, the system can always search for a common private key between the sensor nodes. | 03-11-2010 |
| 20100067701 | Method and System for High Rate Uncorrelated Shared Secret Bit Extraction From Wireless Link Characteristics - A new methodology to exchange a random secret key between two parties. The diverse physical characteristics of the wireless medium and device mobility are exploited for secure key exchange. Unique physical characteristics of wireless channels between the two devices are measured at different random locations. A function of these unique characteristics determines the shared secret key between the two devices. | 03-18-2010 |
| 20100074447 | SYSTEM AND METHODS FOR QUANTUM KEY DISTRIBUTION OVER WDM LINKS - A system and a method for quantum key distribution between a transmitter and a receiver over wavelength division multiplexing (WDM) link are disclosed. The method includes providing one or more quantum channels and one or more conventional channels over the WDM link; assigning a different wavelength to each of the one or more quantum channels and each of the one or more conventional channels; transmitting single photon signals on each of the one or more quantum channels; and transmitting data on each of the one or more conventional channels. The data comprises either conventional data or trigger signals for synchronizing the transmission of the single photon signals on the quantum channels. All channels have wavelengths around 1550 nm. The WDM link can be a 3-channel WDM link comprising two quantum channels for transmitting single photon signals and one conventional channel for transmitting conventional data or triggering signals. | 03-25-2010 |
| 20100166187 | QKD USING HIGH-ALTITUDE PALTFORMS - Systems and methods for performing quantum key distribution (QKD) using one or more high-altitude platforms (HAPs) are disclosed. The system includes a second QKD station (Alice) supported by the HAP so as to be in free-space communication with the first QKD station (Bob) over an optical path (OP) via an optical quantum communication channel that carries quantum signals (P | 07-01-2010 |
| 20100166188 | IMPLICIT CERTIFICATE SCHEME - A method of generating a public key in a secure digital communication system, having at least one trusted entity CA and subscriber entities A. For each entity A, the trusted entity selects a unique identity distinguishing the entity A. The trusted entity then generates a public key reconstruction public data of the entity A by mathematically combining public values obtained from respective private values of the trusted entity and the entity A. The unique identity and public key reconstruction public data of the entity A serve as A's implicit certificate. The trusted entity combines the implicit certificate information with a mathematical function to derive an entity information ƒ and generates a value k | 07-01-2010 |
| 20100189263 | METHOD AND APPARATUS FOR GENERATING AND UPDATING SECURITY CODES - A system and method for creating a target cryptographic key. In one embodiment the system includes a first cryptographic module including a first cryptographic key, and a loader including a second cryptographic key, a communications port for the first cryptographic module; and a communication link for transmitting the target cryptographic key. When the first cryptographic module is connected with the communications port of the loader, the first cryptographic module loads the second cryptographic key and creates the target cryptographic key in response to the first cryptographic key and the second cryptographic key. In one embodiment the method of creating a cryptographic key, includes the steps of: loading a second cryptographic key into a first cryptographic module; calculating, by the first cryptographic module, a target cryptographic key in response to a first cryptographic key and a second cryptographic key; and loading the target cryptographic key to a loader. | 07-29-2010 |
| 20100208896 | COMMUNICATION APPARATUS AND CONTROL METHOD THEREOF - A first communication apparatus that functions as a providing apparatus that provides an encryption key or as a receiving apparatus that receives an encryption key provided by a providing apparatus, and that performs a key sharing process for sharing an encryption key with another apparatus, the first communication apparatus includes: acquisition means for acquiring identification information of a second communication apparatus that functioned as the providing apparatus in the key sharing process performed among a plurality of apparatuses present on a network which the first communication apparatus is to join; and determination means for determining whether the first communication apparatus is to function as the providing apparatus or as the receiving apparatus based on the result of a comparison between the identification information of the second communication apparatus acquired by the acquisition means and identification information of the first communication apparatus. | 08-19-2010 |
| 20100232607 | INFORMATION PROCESSING DEVICE, CONTENT PROCESSING SYSTEM, AND COMPUTER READABLE MEDIUM HAVING CONTENT PROCESSING PROGRAM - An information processing device and method include storing encrypted content, storing a key for decrypting the encrypted content stored, decrypting the encrypted content stored using the key, storing a deletion table storing information indicating whether or not the key stored is to be deleted when a transition from an operating state to one of other states is made, the information corresponding to the other states, and checking the information in the deletion table corresponding to the one of the other states and deleting the key when the information indicates that the key is to be deleted. | 09-16-2010 |
| 20100254537 | Scalable and Secure Key Management For Cryptographic Data Processing - A method and system for secure and scalable key management for cryptographic processing of data is described herein. In the method, a General Purpose Cryptographic Engine (GPE) receives key material via a secure channel from a key server and stores the received Key encryption keys (KEKs) and/or plain text keys in a secure key cache. When a request is received from a host to cryptographically process a block of data, the requesting entity is authenticated using an authentication tag included in the request. The GPE retrieves a plaintext key or generate a plaintext using a KEK if the authentication is successful, cryptographically processes the data using the plaintext key and transmits the processed data. The system includes a key server that securely provides encrypted keys and/or key handles to a host and key encryption keys and/or plaintext keys to the GPE. | 10-07-2010 |
| 20100266130 | METHOD FOR DISTRIBUTING KEYS AND APPARATUS FOR USING THE SAME - The method and apparatus for distributing keys according to the IEEE 802.11r standard broadcast at least one notify packet from a first access point to other access points within an extended service set when a station has connected to the first access point. If the R0 key holder identifier in a key request packet coming from a second access point matches the R0 key holder identifier held by the first access point, a key response packet is forwarded to the second access point to speed up the handoff procedure between the station and the second access point. | 10-21-2010 |
| 20100296655 | KEY DISTRIBUTION SYSTEM - A key distribution system for controlling access to content by rendering devices, comprising an epoch module to provide epochs, each epoch including service key periods, a service key module to provide a batch of service keys, a group module to provide group keys for each epoch such that each rendering device is assigned a group key grouping together the devices having the same group key, thereby defining groups, in different epochs the devices are grouped differently, an encryption module to encrypt, for each epoch, each service key in the batch of service keys, individually with each group key yielding a plurality of group-key-encrypted service keys from each service key, and a delivery module to distribute to the devices, for each one of the epochs, the group-key-encrypted service keys for the batch of service keys and the group keys of the one epoch. Related apparatus and methods are also described. | 11-25-2010 |
| 20100329463 | GROUP KEY MANAGEMENT FOR MOBILE AD-HOC NETWORKS - Group key management in a mobile ad-hoc network (MANET) may be provided. Each network node associated with the MANET may comprise a group distribution key and a list of authorized member nodes from which a group key manager may be elected. The group key manager may periodically issue a new group key to be used in protecting communications among the network nodes. A compromised node may be excluded from receiving updated group keys and thus isolated from the MANET. | 12-30-2010 |
| 20100329464 | SYSTEMS AND METHODS FOR IMPLEMENTING SUPPLY CHAIN VISIBILITY POLICIES - Methods, storage medium and systems for implementing visibility policies within a supply chain include storing event data on a computer-readable storage medium of a first partner, the event data corresponding to at least one event associated with an item while the item was in possession of the first partner, the item having traveled through the supply chain, transferring evidence of possession between the plurality of partners as the item travels through the supply chain, and requesting access to the event data by a second partner. Implementations further include determining that the item traveled through a portion of the supply chain based on the evidence, authenticating an identity of the second partner, and authorizing the second partner to access the first event data, when it is determined that the item traveled through the portion of the supply chain and when the identity of the second party is authenticated. | 12-30-2010 |
| 20110007903 | Universal file packager for use with an interoperable keychest - There is provided a system and method for a universal file packager for use with an interoperable key chest. There is provided a method for distributing media contents to distributors, comprising obtaining a first key, a second key and a content, encrypting the second key using the first key to generate an encrypted second key, encrypting the content using the second key to generate an encrypted content, generating a key information file including the encrypted second key, generating a universal file including the encrypted content and a first network address for a central key repository (CKR), providing the key information file for storage in the CKR, and providing the universal file to the distributors. The universal file can then be provided to users for digital e-commerce and transferred across different distributors with the CKR negotiating key access for granting new interoperable DRM licenses. | 01-13-2011 |
| 20110033054 | METHOD FOR DISTRIBUTING ENCRYPTION MEANS - The present invention relates to method for operating a trust centre for distributing key material to at least one radio station, comprising the steps of at the trust centre, dividing an identifier of the radio station, said identifier being a code word consisting a first number of bits, into a plurality of subidentifiers, and generating for each subidentifier, an keying material function selected out of a set of keying material functions on the basis of the considered subidentifier at the trust centre, transmitting to the radio station the identifier and the key material comprising the generated encryption functions. | 02-10-2011 |
| 20110038482 | Scalable Key Archival - A solution for scalable key archival includes, at a network device, determining whether a key management device that is not part of a current key management device configuration has been newly added to a network. The method also includes, if the key management device has been newly added to the network, determining whether the network device has a first application program interface (API) or device driver for communicating with the key management device. The method also includes, if the network device does not have the first API, obtaining the API. The method also includes creating a binding between a virtual device driver of the network device and the key management device via the first API, the network device having a second API for communications between the virtual device driver and a security processor of the network device. The security processor communicates with the key management device using the second API. | 02-17-2011 |
| 20110069839 | AUTHENTICATION INFORMATION GENERATING SYSTEM, AUTHENTICATION INFORMATION GENERATING METHOD, CLIENT APPARATUS, AND AUTHENTICATION INFORMATION GENERATING PROGRAM FOR IMPLEMENTING THE METHOD - A secret information server | 03-24-2011 |
| 20110075847 | KEY DISTRIBUTION IN A HIERARCHY OF NODES - Methods, a client node and a key server node are provided for distributing from the key server node, and acquiring at the client node, self-healing encryption keys. The client node and the key server node are part of a key distribution network that comprises a plurality of client nodes. An encryption key is obtained from a combination of a forward key with a backward key, wherein the backward key is distributed at a time separated from the time of the forward key by a self-healing period. The forward and backward keys are updated in a multicast rekey message, at a given time, encrypted by an encryption key defined for a previous time. Optionally, when a sibling of the client node joins or leaves the key distribution network, a unicast rekey message is used to renew the forward and backward keys at the client node. | 03-31-2011 |
| 20110135097 | Updating Encryption Keys in a Radio Communication System - Encryption keys in a communication system are updated according to rekey groups having a common set of encryption keys or CKRs. Each group includes a number of radios with active and inactive keysets. A database records the relationships between rekey groups and keys, and the status of their keysets. An operator first determines one or more keys to be updated. New keys are then transmitted to each radio in one or more rekey groups using respective rekey messages. The new keys are stored in the inactive keysets of the radios. The inactive keysets are then activated using respective changeover messages. Deployment of new keys is carried out by software in the form of automated update tasks. | 06-09-2011 |
| 20110142241 | COMMUNICATION APPARATUS CONFIGURED TO PERFORM ENCRYPTED COMMUNICATION AND METHOD AND PROGRAM FOR CONTROLLING THE SAME - In a communication apparatus, a storage device stores encryption keys for encrypted communication with another communication apparatus on a network. A determination is made based on a storage state of encryption keys stored in the storage device whether to provide first encryption key information and second encryption key information wherein the first encryption key information is for encrypted communication using a common encryption key among all communication apparatuses on a network and the second encryption key information is for encrypted communication using an encryption key different for each communication apparatus on the network. Communication parameters including the first encryption key information and the second encryption key information are provided to an apparatus that request for provision of communication parameters based on the determination. | 06-16-2011 |
| 20110158411 | REGISTERING CLIENT DEVICES WITH A REGISTRATION SERVER - In a method of registering a plurality of client devices with a device registration server for secure data communications, a unique symmetric key is generated for each of the client devices using a cryptographic function on a private key of the device registration server and a respective public key of each of the client devices, and a broadcast message containing the public key of the device registration server is sent to the client devices, in which the client devices are configured to generate a respective unique symmetric key from the public key of the device registration server and its own private key using a cryptographic function, and in which the unique symmetric key generated by each client device matches the respective unique symmetric key generated by the device registration server for the respective client device. | 06-30-2011 |
| 20110194697 | MULTICASE KEY DISTRIBUTION METHOD, UPDATED METHOD, AND BASE STATION BASED ON UNICAST CONVERSATION KEY - A multicast key distribution method, an update method, and a base station based on unicast conversation key, the distribution method includes the following steps: 1) the base station composes groups of multicast key distribution; 2) the base station broadcasts the groups of multicast key distribution to all terminals; 3) the terminals acquire the multicast conversation key by calculating. The present invention solves the problem that the efficiency of the multicast key distribution based on unicast conversation key is low in the prior art, and provides a multicast key distribution method based on unicast conversation key. | 08-11-2011 |
| 20110206206 | Key Management in a Communication Network - A method and apparatus for key management in a communication network. A Key Management Terminal KMS Terminal Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device. | 08-25-2011 |
| 20110243331 | SHARED RANDOM NUMBERS MANAGEMENT METHOD AND MANAGEMENT SYSTEM IN SECRET COMMUNICATION NETWORK - In a secret communication network including a center node and multiple remote nodes, the center node is provided with a virtual remote node which functions as a remote node similar to each of the remote nodes. Random numbers shared between the center node and each remote node are managed based on random number sequences used in cipher communication between the virtual remote node and one of the remote nodes. | 10-06-2011 |
| 20110249816 | HYBRID KEY MANAGEMENT METHOD FOR ROBUST SCADA SYSTEMS AND SESSION KEY GENERATION METHOD - Disclosed is a hybrid key management method for a supervisory control and data acquisition (SCADA) system in which a master terminal unit (MTU), a plurality of sub-master terminal units (sub-MTUs), and a plurality of remote terminal units (RTUs) are sequentially and hierarchically structured, the hybrid key management method comprising the steps of: (a) creating, by the MTU and the sub-MTUs, their own secret numbers and making and exchanging digital signatures; (b) creating, by the MTU, group keys; and (c) distributing, by the MTU, the group keys to the sub-MTUs and encrypting and decrypting the group keys using the secret numbers. | 10-13-2011 |
| 20110255696 | KEY DISTRIBUTION METHOD AND SYSTEM - The present invention discloses a key distribution method and system, and the method includes: a card issuer management platform generating initial keys of a supplementary security domain corresponding to an application provider, importing the initial keys and a Trust Point's public key for external authentication to the supplementary security domain, and sending the information of the supplementary security domain and the initial keys to the application provider management platform ( | 10-20-2011 |
| 20110261962 | METHOD AND SYSTEM FOR DISTRIBUTING CRYPTOGRAPHIC KEYS IN A HIERARCHIZED NETWORK - A method is presented for distributing cryptographic keys in a hierarchized network including at least one device in charge of a higher group of devices, wherein at least one of the devices of the group of devices is also in charge of a lower group of devices. The method includes the steps of: a) storing ( | 10-27-2011 |
| 20110261963 | METHOD FOR SHARING AN INFORMATION CIPHERING AND DECIPHERING KEY, A KEY SHARING SYSTEM AND AN ACCESS CONTROL SYSTEM APPLYING THIS METHOD - This method is characterized in that it includes the following steps, a step for establishing a key root database in the transmitter and said at least one receiver, a step for generating in the transmitter a sequence of bits called an index, a step for having this index bit sequence transmitted by the transmitter to the receiver, and a step for having the key extracted from the index and from the key root database by the transmitter and said at least one receiver. | 10-27-2011 |
| 20110293097 | VIRTUAL MACHINE MEMORY COMPARTMENTALIZATION IN MULTI-CORE ARCHITECTURES - Techniques for memory compartmentalization for trusted execution of a virtual machine (VM) on a multi-core processing architecture are described. Memory compartmentalization may be achieved by encrypting layer 3 (L3) cache lines using a key under the control of a given VM within the trust boundaries of the processing core on which that VMs is executed. Further, embodiments described herein provide an efficient method for storing and processing encryption related metadata associated with each encrypt/decrypt operation performed for the L3 cache lines. | 12-01-2011 |
| 20120063601 | SYSTEMS AND METHODS FOR REMOTELY LOADING ENCRYPTION KEYS IN CARD READER SYSTEMS - Systems and methods for remotely loading encryption keys in card reader systems are provided. One such method includes storing, at a card reader, a device identification number for identifying the card reader, a first magnetic fingerprint of a data card, and a second magnetic fingerprint of the data card, wherein each of the first and second fingerprints includes an intrinsic magnetic characteristic of the data card, encrypting, using a first encryption key derived from the second fingerprint, information including the device identification number and first fingerprint, sending the encrypted information to an authentication server, receiving, from the authentication server, a score indicative of a degree of correlation between the first fingerprint and second fingerprint, and receiving, when the score is above a preselected threshold, a second encryption key from the authentication server, the second encryption key encrypted using a third encryption key derived from the first fingerprint. | 03-15-2012 |
| 20120099729 | METHOD AND SYSTEM FOR DELAYING TRANSMISSION OF MEDIA INFORMATION IN INTERNET PROTOCOL ( IP) MULTIMEDIA SUBSYSTEM - A method for transmitting deferred media information in an Internet Protocol (IP) multimedia subsystem (IMS) includes: a sending party of the media information sends a key generation parameter encrypted with a Ka to a mailbox application server of a receiving party of the media information, the mailbox application server stores or saves the encrypted key generation parameters, and sends the encrypted key generation parameters to a key management server (KMS); the KMS generates a media key K and forwards it to the sending party through the mailbox application server of the receiving party; the receiving party obtains the encrypted key generation parameter from the mailbox application server and sends it to the KMS; the KMS generates the K and sends it to the receiving party; the receiving party decrypts the encrypted media information by using the K. A corresponding system is also disclosed. The method and system decrease signaling interaction between the sending party and the KMS, reduce the storage pressure of the KMS; realize the end-to-end secure transmission of the deferred media in the IMS. | 04-26-2012 |
| 20120155646 | SUPPORTING DNS SECURITY IN A MULTI-MASTER ENVIRONMENT - Multiple peer domain name system (DNS) servers are included in a multi-master DNS environment. One of the multiple peer DNS servers is a key master peer DNS server that generates one or more keys for a DNS zone serviced by the multiple peer DNS servers. The key master peer DNS server can also generate a signing key descriptor that identifies the set of one or more keys for the DNS zone, and communicate the signing key descriptor to the other ones of the multiple peer DNS servers. | 06-21-2012 |
| 20120155647 | CRYPTOGRAPHIC DEVICES & METHODS - A client device which utilizes a unit derivation key (UDK), a current unit key, a current unit key index (UKI) and a received UKI. The client device includes a processor to receive the received UKI, compare the received UKI with a current UKI, if the received UKI is not equivalent to the current UKI, utilize the UDK, the current unit key and the received UKI to derive a new unit key. A headend facility (HF) device which utilizes a current unit key and a current unit key index (UKI). A key infrastructure center (KIC) device which utilizes a derivation key. | 06-21-2012 |
| 20120224695 | COMMUNICATING DEVICE AND COMMUNICATING METHOD - The debugging unit writes a public key of the key issuing server and an initializing program given from outside, to the storage unit. The instruction executing unit reads and executes the initializing program stored in the storage unit. The debug disabling unit disables the debugging unit. The public-key encrypting unit encrypts the random number by the public key in the storage unit, the random number generated by the random number generating unit after the debugging unit is disabled. The transmitting unit transmits the encrypted random number to the key issuing server. The receiving unit receives an individual key encrypted by the random number from the key issuing server. The individual-key writing unit decrypts the encrypted individual key by the random number to obtain the individual key and write the individual key to the storage unit. | 09-06-2012 |
| 20120250865 | SECURELY ENABLING ACCESS TO INFORMATION OVER A NETWORK ACROSS MULTIPLE PROTOCOLS - There is disclosed a method that includes providing encrypted information to a plurality of receiving devices, and transmitting by one of a multicast and broadcast a release key to the plurality of receiving devices to enable access to the encrypted information, wherein the release key is received at or about the same time by the plurality of receiving devices. The release key may be transmitted and or received over a multicast or broadcast network. The release key may be transmitted and/or over a distributed network. The transmission of the release key may be synchronized using a timing mechanism. | 10-04-2012 |
| 20120250866 | COMMUNICATION APPARATUS AND COMMUNICATION SYSTEM - A communication apparatus communicates with another communication apparatus by using a first key. The communication apparatus includes a processing unit that conducts a handshake process for a key exchange with the another communication apparatus and a key encryption unit that conducts an encryption process by using a second key. The processing unit conducts a first handshake process with the another communication apparatus without exchanging information on the first key while serving as a reception side of key information. Then, the processing unit conducts a second handshake process with the another communication apparatus to transmit the information on the first key encrypted by the key encryption unit by using the second key to the another communication apparatus. | 10-04-2012 |
| 20120263303 | GROUP KEY MANAGEMENT APPROACH BASED ON LINEAR GEOMETRY - A group key management approach based on linear geometry is disclosed. The approach includes the following steps: step 1: a group controller selects a mapping f and a finite field F; each group member selects a m-dimensional private vector over the finite field F, and sends it to the group controller via secure channel; step 2: the group controller selects a mapping parameter in the finite field F randomly, and maps the private vectors of all the group members into a new set of vectors by using the mapping f according to the mapping parameter; step 3: the group controller selects a random number k in the finite field F as a group key, and constructs a system of linear equations by using the new set of vectors and the group key; the group controller computes the central vector, and sends the central vector and the mapping parameter to all the group members via open channel; step 4: after the group members receive the central vector and the mapping parameter, the private vector of each group member is mapped to a new vector in a vector space according to the mapping parameter, and the group key is obtained by calculating the inner product of the new vector and the central vector. This invention requires small memory and little computation, has high security property, and is effective against brute-force attacks. | 10-18-2012 |
| 20120281840 | METHOD AND SYSTEM FOR PACING, ACKING, TIMING, AND HANDICAPPING (PATH) FOR SIMULTANEOUS RECEIPT OF DOCUMENTS EMPLOYING ENCRYPTION - A method of facilitating substantially simultaneous receipt of electronic content by a plurality of intended recipients is disclosed. The electronic content is encrypted. The encrypted electronic content is transmitted to the plurality of intended recipients. An acknowledgement packet is received from each of the plurality of intended recipients within a predetermined timeout period. A handicap time is calculated for transmitting a decryption key to each of the intended recipient based on a time associated with the acknowledgement packet last received. Decryption keys are transmitted to the plurality of intended recipients using a delay based on the handicap time, where a decryption key having a smaller handicap time is transmitted prior to a decryption key having a larger handicap time. | 11-08-2012 |
| 20120300938 | Systems and Methods for Authenticating Mobile Devices - Embodiments of the invention provide systems and methods for authenticating mobile devices. Device identifying information may be received for a mobile device. A base level key may also be communicated to the mobile device. The base level key may be utilized by the mobile device to derive unique transaction specific keys to encrypt subsequent communications output by the mobile device. A communication encrypted with a unique transaction specific key may be received from the mobile device. Based at least in part upon the device identifying information and the base level key, a derived key may be generated, and the derived key may be utilized to decrypt the received communication and authenticate the mobile device. In certain embodiments, the above operations may be performed by one or more computers associated with a service provider. | 11-29-2012 |
| 20120300939 | KEY MANAGEMENT AND NODE AUTHENTICATION METHOD FOR SENSOR NETWORK - A key management and node authentication method for a sensor network is disclosed. The method comprises the following steps of: 1) keys pre-distribution: before deploying the network, communication keys for establishing security connection between nodes are pre-distributed to all of nodes by a deployment server. 2) Keys establishment: after deploying the network, a pair key for the security connection is established between nodes, which includes the following steps of: 2.1) establishment of shared keys: the pair key is established between neighbor nodes in which the shared keys are existed; 2.2) path keys establishment: the pair key is established between the nodes in which there is no shared keys but there is a multi-hop security connection. 3) Node identity (ID) authentication: before formally communicating between nodes, the identity is authenticated so as to determine the legality and the validity of the identity of the other. It is possible for effectively resisting attacks such as wiretapping, tampering, and replaying and the like for the network communication, realizing the secret communication between the nodes, effectively saving resources of the nodes of the sensor network, and prolonging the service lift of the sensor network in the method. | 11-29-2012 |
| 20120314868 | SYSTEM AND METHOD FOR GRID BASED CYBER SECURITY - A method and system for providing a secure communication network using an electrical distribution grid is disclosed. A device connected to the electrical distribution grid initiates a request for a secured key token by signaling an intelligent communicating device residing at or near an edge of the grid. The intelligent communicating device forwards the request to a receiver at a distribution substation on the electrical grid. This receiver enhances the properties of the request such that a grid location for the request can be inferred. The enhanced request is forwarded to a server at the distribution substation, which compares the request grid location to a Grid Map and Policies of known secure grid locations. Any inconsistencies between the grid location inferred from the enhanced request and the Grid Map and Policies locations are considered evidence of tampering, and the server rejects the request. | 12-13-2012 |
| 20120321087 | CONTROLLING ACCESS TO PROTECTED OBJECTS - A device operated by a user may store an object to which access is to be regulated, which may be achieved by encrypting the object with an encryption key and sending the key to a server having a key store. When a user of the device requests access to the object, the server may authenticate the user (e.g., according to a credential submitted by the user) and verify a trust identifier of the device (e.g., authorization to access the object through the device, and/or the integrity of the device), before sending to the device a ticket granting access to the key. The device may send the ticket to the server, receive the key from the server, decrypt the stored encrypted object, and provide the object to the user. This mechanism promotes rapid access upon request and efficient use of the server, and enables remote revocation of access. | 12-20-2012 |
| 20130003977 | DEVICE-INDEPENDENT MANAGEMENT OF CRYPTOGRAPHIC INFORMATION - Some embodiments provide an account-based DRM system for distributing content. The system includes several devices that are associated with an account and a set of DRM computers that receives a request to access a piece of content on the devices associated with the account. The DRM computer set then generates a several keys for the devices, where each particular key of each particular device allows the particular device to access the piece of content on the particular device. In some embodiments, the DRM computer set sends the content and keys to one device (e.g., a computer), which is used to distribute the content and the key(s) to the other devices associated with the account. In some embodiments, the DRM computer set individually encrypts each key in a format that is used during its transport to its associated device and during its use on this device. | 01-03-2013 |
| 20130044882 | Enhancing provisioning for keygroups using key management interoperability protocol (KMIP) - A key management protocol (such as Key Management Interoperability Protocol (KMIP)) is extended via set of one or more custom attributes to provide a mechanism by which clients pass additional metadata to facilitate enhanced key provisioning operations by a key management server. The protocol comprises objects, operations, and attributes. Objects are the cryptographic material (e.g., symmetric keys, asymmetric keys, digital certificates and so on) upon which operations are performed. Operations are the actions taken with respect to the objects, such as getting an object from a key management server, modifying attributes of an object and the like. Attributes are the properties of the object, such as the kind of object it is, the unique identifier for the object, and the like. According to this disclosure, a first custom server attribute has a value that specifies a keygroup name that can be used by the key management server to locate (e.g., during a Locate operation) key material associated with a named keygroup. A second custom server attribute has a value that specifies a keygroup name into which key material should be registered (e.g., during a Register operation) by the server. A third custom server attribute has a value that specifies a default keygroup that the server should use for the device passing a request that include the attribute. Using these one or more custom server attributes, the client taps into and consumes/contributes to the key management server's provisioning machinery. | 02-21-2013 |
| 20130101121 | SECURE MULTI-PARTY COMMUNICATION WITH QUANTUM KEY DISTRIBUTION MANAGED BY TRUSTED AUTHORITY - Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution (“QKD”) are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group. | 04-25-2013 |
| 20130129095 | Key Delivery - A multi-hierarchical key system is provided such that users receive timely key renewals when required so that access to authorized content is not disrupted. Timely renewals of keys may occur continuously for various services while minimizing network traffic. The multi-hierarchical key system may be used in an adaptive streaming environment. | 05-23-2013 |
| 20130136265 | METHOD AND APPARATUS FOR KEY DISTRIBUTION USING NEAR-FIELD COMMUNICATION - An apparatus and method to provision and distribute a traffic key amongst a plurality of radios enables secure communication, for a predetermined group or a predetermined event. Each radio has a controller, a radio transceiver for electromagnetic radio communications, and a near-field transceiver for near-field communications (NFC). The traffic key (or traffic keys) is provisioned locally at one radio and distributed to the remaining radios utilizing the NFC over a non propagating link. The same traffic key is distributed amongst all radios, and additional restrictions may be applied if desired. The same radios can later be re-provisioned for a different group or event. The local provisioning and distribution is highly advantageous for markets that do not require permanent assignment of radios. | 05-30-2013 |
| 20130156197 | SECURE BROADCASTING AND MULTICASTING - Techniques are presented for secure broadcasting and multicasting. Communications for multicasting and broadcasting are encrypted and decrypted using a secure communication key. The secure communication key is represented in a broadcast value that is sent to selected parties. The broadcast value represents the product of unique prime numbers and an additional number plus the secure communication key. Each party is represented by one of the unique prime numbers. Each party can acquire the secure communication key by dividing the broadcast value by its particular prime number to obtain a remainder, which is the secure communication key. | 06-20-2013 |
| 20130223630 | COMMUNICATION APPARATUS, CONTROL METHOD THEREOF, AND STORAGE MEDIUM - A first communication apparatus that functions as a providing apparatus that provides an encryption key or as a receiving apparatus that receives an encryption key provided by a providing apparatus, and that performs a key sharing process for sharing an encryption key with another apparatus, confirms whether or not the first communication apparatus functioned as the providing apparatus in the key sharing process performed among a plurality of apparatuses present on a network in which the first communication apparatus is joining; compares identification information of a second communication apparatus that has newly joined the network with identification information of the first communication apparatus; and determines whether or not the first communication apparatus is to function as a providing apparatus in the key sharing process performed between the first and the second communication apparatuses based on the result of the confirmation and the comparison. | 08-29-2013 |
| 20130259235 | KEY AGREEMENT IN WIRELESS NETWORKS WITH ACTIVE ADVERSARIES - A network and related methods for transmitting processes in a network secretly and securely is described. The network use keys, through path-key establishment and a key pool bootstrapping, to ensure that packets are transmitted and received properly and secretly in the presence of one or more adversarial nodes. | 10-03-2013 |
| 20130272524 | SECURE MULTI-PARTY COMMUNICATION WITH QUANTUM KEY DISTRIBUTION MANAGED BY TRUSTED AUTHORITY - Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution (“QKD”) are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group. | 10-17-2013 |
| 20140003608 | KEY MANAGEMENT SYSTEM | 01-02-2014 |
| 20140029751 | DOCUMENT-AUTHORIZED ACCESS TO A SHARED WORKSPACE - Various embodiments described herein each provide one or more of systems, methods, software, and data structures that facilitate document-authorized access to a shared workspace. Some of these embodiments provide access to a shared workspace, such as a document review comment repository, through data embedded within a document. Mere possession of a document with a key, or other data element, allows a possessor of the document to participate in a workflow process. | 01-30-2014 |
| 20140126723 | METHOD, APPARATUS, AND SYSTEM FOR PROTECTING CLOUD DATA SECURITY - The present invention relates to a method, an apparatus, and a system for protecting cloud data security. A key management center encrypts original data M sent by a first terminal using a key K, and uploads encrypted data C | 05-08-2014 |
| 20140169567 | METHOD FOR GRANTING A PLURALITY OF ELECTRONIC COMMUNICATION DEVICES ACCESS TO A LOCAL AREA NETWORK - Method for granting a plurality of electronic communication devices access to a local area network (LAN) via an access point using a single cryptographic key to secure communications exchanged through the LAN. The method comprising an activation phase performed once at initialization of the LAN and an operating phase wherein the electronic communication devices accesses the LAN. The activation phase comprising: providing the cryptographic key in a digital form by the access point; transferring the cryptographic key to a master device, switching the access point into a secure mode in which any further communication with the access point is secured with the cryptographic key. The operating phase comprising: transferring the cryptographic key from the master device to the electronic communication devices. The cryptographic key is converted from its digital form into a graphic form and then transferred in the graphic form to the electronic communication devices during the operating phase. | 06-19-2014 |
| 20140233740 | Secure Distribution of Content - Methods and systems are described for secure delivery of a content item from at least a first content distribution network (CDN1) to at least one content receiving entity using a split-key cryptosystem comprising encryption and decryption algorithms E and D, a cipher algorithm for generating encryption and decryption keys e,d on the basis of secret information S and a split-key algorithm using secret information S for splitting e into i different split-encryption keys e | 08-21-2014 |
| 20140334624 | SIMPLIFIED MANAGEMENT OF GROUP SECRETS BY GROUP MEMBERS - A method for key management is disclosed, wherein in adding a new device to a device group, the device group including a plurality of devices, wherein each device in the device group possesses device keys of all other devices in the device group for encryption of messages, except its own device key and wherein the device group includes a group manager device that possesses all device keys of the devices in the device group, the method includes, establishing a secure connection between the new device and the group manager device in the device group; sending, by the group manager device in the device group, the device keys of all devices in the device group to the new device; generating and distributing, a device key of the new device to all other devices in the device group. This approach is also generalized to k-resilient schemes. | 11-13-2014 |
| 20150036824 | TRANSMITTER, RECEIVER, QUANTUM KEY DISTRIBUTION (QKD) SYSTEM AND QUANTUM KEY DISTRIBUTION METHOD - According to an embodiment, a transmitter transmits first transmission key data and second transmission key data as quantum information. The transmitter includes a first privacy amplifier and a second privacy amplifier. The first privacy amplifier generates first secure key data by performing privacy amplification to remove information that has possibly been acquired by an eavesdropper of the first transmission key data on the first transmission key data. The second privacy amplifier generates second secure key data by performing the privacy amplification to remove information that has possibly been acquired by the eavesdropper of the second reception key data on the decoded key data. | 02-05-2015 |
| 20150036825 | COMMUNICATION APPARATUS, COMPUTER PROGRAM PRODUCT, AND COMMUNICATION SYSTEM - According to an embodiment, a communication apparatus includes a cryptographic key storage, a transmitter, a receiver, and a sharing controller. The cryptographic key storage stores therein one or more cryptographic keys shared with an external device. The transmitter transmits specifying information that specifies at least one of the cryptographic keys to the external device. The receiver receives determination information that indicates a result of determination, which is made by the external device based on the specifying information, on whether the shared cryptographic key is consistent between the apparatus and the external device. When receiving the determination information indicating that the shared cryptographic key is inconsistent between the apparatus and the external device, the sharing controller deletes the cryptographic key specified by the specifying information from the cryptographic key storage. | 02-05-2015 |
| 20150086020 | CENTRALIZED POLICY MANAGEMENT FOR SECURITY KEYS - Example embodiments include centralized systems for managing cryptographic keys and trust relationships among systems. Embodiments may include a centralized key store and a centralized policy store. Key sets comprising public/private keys may be stored in or identified by key objects. Key objects within the key store may be organized into key sets and trust sets. Policies may apply at any level within the key store. Policies and associated keys may be grouped and organized to manage groups of keys according to common policies and to present complex relationships to a user. Lower level keys may inherit policy properties from higher levels. Higher levels may be locked to preclude changes at lower levels. Policies may include a variety of properties/fields to facilitate key management. Policies may determine what actions are taken with respect to a key or group of keys. | 03-26-2015 |
| 20150092943 | DIGITAL DATA DISTRIBUTION SYSTEM - A digital data distribution system and method for distributing a digital data stream to consumer electronic devices is disclosed. The data distribution system is configured to distribute the same media information in a digital data stream to a plurality of consumer electronic devices. The digital data distribution system comprises at least one encrypter configured to encrypt a portion that is less than all and more than none of the same media information in the digital data stream in a different manner for at least a predetermined some that is less than all of the consumer electronic devices to form consumer encrypted data streams. A distributor is also provided to distribute each of the consumer encrypted data streams to its predetermined some consumer electronic devices, for example, over the Internet. | 04-02-2015 |
| 20150296377 | SHARING SECURITY KEYS WITH HEADLESS DEVICES - Systems and methods for provisioned configuration of wireless devices to allow access to restricted wireless networks are provided. Using an open wireless or wired network, a user of a wireless device may be authenticated. A configuration application, which includes the parameters and policies of the provisioned configuration, is generated, transferred to, and executed on the wireless device. Following configuration by the application, the wireless device is allowed to access the restricted wireless network within the parameters and policies of the provisioned configuration. | 10-15-2015 |
| 20150304841 | MTC KEY MANAGEMENT FOR SENDING KEY FROM NETWORK TO UE - A root key (K_iwf) is derived at a network and sent to MTC UE ( | 10-22-2015 |
| 20150312232 | METHOD AND APPARATUS FOR HANDLING KEYS USED FOR ENCRYPTION AND INTEGRITY - A method and an arrangement for providing keys for protecting communication between a terminal ( | 10-29-2015 |
| 20150358813 | METHOD AND APPARATUS FOR APPLYING SECURITY INFORMATION IN WIRELESS COMMUNICATION SYSTEM - A method and apparatus for applying security information in a wireless communication system is provided. A user equipment (UE) obtains first security information and second security information, applies the first security information to a first set of radio bearers (RBs) which is served by a master eNodeB (MeNB), and applies the second security information to a second set of RBs which is served by a secondary eNodeB (SeNB). | 12-10-2015 |
| 20150372808 | PRIVATE AND DISTRIBUTED COMPUTATION OF PROBABILITY DENSITY FUNCTIONS - One embodiment of the present invention provides a system for privacy-preserving aggregation of encrypted data. During operation, the system distributes secret keys to a plurality of devices. The system receives at least a pair of encrypted vectors from each device of a subset of the plurality of devices. One of the encrypted vectors is associated with a set of numerical values and the other encrypted vector is associated with corresponding square values of the set of numerical values. Each pair of encrypted vectors is encrypted using a respective secret key distributed to a device of the plurality of devices. The system then computes, for each pair of encrypted vector elements associated with a numerical value and a square of the numerical value, a mean and variance of a probability density function. The system then generates a plurality of probability density functions based on the computed mean and variance values. | 12-24-2015 |
| 20150381360 | PORTABLE KEYING DEVICE AND METHOD - A portable encryption key installation system is disclosed that includes a portable keying device for installing a data communications encryption key in an electronic terminal. The portable keying device securely reprograms the encryption key in the electronic terminal without having to remove the terminal from its shipping container or ship the electronic terminal offsite. Furthermore, the portable keying device securely reprograms the encryption key in the electronic terminal without having to dismantle the terminal, deactivate any anti-tampering features, or re-bond the terminal. | 12-31-2015 |
| 20160013936 | SECURE MULTI-PARTY COMMUNICATION WITH QUANTUM KEY DISTRIBUTION MANAGED BY TRUSTED AUTHORITY | 01-14-2016 |
| 20160050190 | ENABLING A CONTENT RECEIVER TO ACCESS ENCRYPTED CONTENT - There is described a method of enabling a content receiver to access encrypted content, the content receiver forming part of a home network. The method comprises executing, on a device that also forms part of the home network, a key provisioning application. The method further comprises the key provisioning application receiving a key provisioning message and, based on the key provisioning message, providing to the content receiver via the home network one or more content decryption keys for decrypting the encrypted content. There is also described a device arranged to carry out this method. In addition, there is described a content receiver arranged to (a) receive from the aforementioned device, via a home network, one or more content decryption keys for accessing encrypted content; and (b) decrypt encrypted content using the one or more content decryption keys. Related computer programs and computer readable mediums are also described. | 02-18-2016 |
| 20160065362 | SECURING PEER-TO-PEER AND GROUP COMMUNICATIONS - Systems, methods and apparatus embodiments are described herein for leveraging security associations to enhance security of proximity services. Existing security associations are leveraged to create security associations that are used by proximity services. For example, existing keys may be leveraged to derive new keys that may be used to secure peer-to-peer communications. | 03-03-2016 |
| 20160105283 | SYSTEM AND METHOD FOR ROTATING CLIENT SECURITY KEYS - Systems, methods, and non-transitory computer-readable storage media for rotating security keys for an online synchronized content management system client. A client having a first security key as an active security key may send a request to a server for a new security key as a replacement for the first security key. The server may receive the request and generate a candidate security key. The server can issue the candidate security key to the client device. After receiving the candidate security key, the client may send a key receipt confirmation message to the server. In response to the confirmation message, the server may mark the candidate key as the new security key for the client and discard the client's old security key. The server may send an acknowledgment message to the client device. In response, the client may also mark the candidate key as its new active key. | 04-14-2016 |
| 20160119783 | METHOD FOR ALLOCATING COMMUNICATION KEY BASED ON ANDROID INTELLIGENT MOBILE TERMINAL - Disclosed is a method for allocating a communication key based on an Android intelligent mobile terminal. By establishing a universal secret communication platform on the bottom layer of an Android operating system, an intelligent mobile terminal is equipped with the functions of being able to interact with a secret communication support network, receiving a two-level key and using a received service key after decrypting same, thereby being able to provide universal bottom-layer support for a VoIP secret call, a secret short message, a secret video call, file encryption transmission, secure mobile payment and other communication services which require secrecy support. The secret communication support network provides the service keys required for various communication services for a reformed intelligent mobile terminal, and after obtaining the service keys, the intelligent mobile terminal uses same to conduct the secret communication. | 04-28-2016 |
| 20160127895 | Autonomous-Mode Content Delivery and Key Management - Multimedia content may be delivered to content consumer devices via a content-delivery network. Encrypted content and cryptography keys for decrypting the content may be distributed from a data center to various nodes of the content-delivery network, each node acting as a semi-independent content-delivery system. Each content-delivery system is capable of delivering received content to end-users and implementing a key-management scheme to facilitate secure content-delivery and usage tracking, even when the content-delivery system is disconnected from the data center. In other words, the disclosed systems and methods facilitate the operation of nodes which may operate in “autonomous mode” when disconnected from a larger content-delivery network, thus maintaining content-delivery capabilities despite having little if any connectivity to external networks. | 05-05-2016 |
| 20160156462 | Cryptographic Device with Detachable Data Planes | 06-02-2016 |
| 20160254907 | System and Method for Synchronized Key Derivation across Multiple Conditional Access Servers | 09-01-2016 |
| 20160254908 | KEY AGREEMENT IN WIRELESS NETWORKS WITH ACTIVE ADVERSARIES | 09-01-2016 |
| 20160380764 | COMMUNICATION CONTROL DEVICE, COMMUNICATION DEVICE, AND COMPUTER PROGRAM PRODUCT - According to an embodiment, a communication control device includes a generating unit and a sending unit. The generating unit refers to specification information, which specifies the communication device belonging to a group from among a plurality of communication devices, and generates identification information, which enables identification of the communication device specified in the specification information, by implementing, from among a plurality of generation methods for generating the identification information, a generation method in which the size of the generated identification information is smaller than the other generation methods. The sending unit sends the identification information to a plurality of communication devices. | 12-29-2016 |
| 20170237558 | SYSTEM AND METHOD FOR QUANTUM KEY DISTRIBUTION | 08-17-2017 |
| 20190149320 | CRYPTOGRAPHIC KEY GENERATION FOR LOGICALLY SHARDED DATA STORES | 05-16-2019 |
| 20190149330 | MULTIPLE TRANSCEIVERS FOR WIRELESS KEY UPDATE | 05-16-2019 |
