Class / Patent application number | Description | Number of patent applications / Date published |
380045000 | Multiple key level | 42 |
20080219440 | ELECTRONIC DEVICE AND SOFTWARE INTERLOCKING SECURITY SYSTEM - The present invention provides for a security system for an electronic device that, in one embodiment, includes a processor with a software access key encrypted thereon and a software application with a processor access key encoded therein so that operation of the electronic device and execution of the software application requires both the software access key and the processor access key. | 09-11-2008 |
20080240428 | MAGNETIC RECORDING MEDIUM ENCRYPTION - Systems and methods for easily and at high speed re-encrypting data recorded on a magnetic recording medium when the data is encrypted using an encryption key and the encryption key is changed. A track where effective user data is not recorded is set as a first reserved track, then data is read out from the first updating source track and decrypted using a first encryption key KEY | 10-02-2008 |
20080240429 | STORAGE APPARATUS AND DATA MANAGEMENT METHOD - The storage apparatus of the present invention that controls the input and output of data to and from a computer includes a logical volume for storing data from the computer, a common resource for storing data pre-stored in the logical volume as update data in order to store subsequent data from the computer in the logical volume, an encryption/decryption unit for encrypting or decrypting data stored in the logical volume or update data stored in the common resource, and a key change unit for changing a key for encrypting or decrypting data stored in the logical volume, and changing a key for encrypting or decrypting update data stored in the common resource based on information of the key used for data stored in the logical volume. | 10-02-2008 |
20080267396 | METHOD OF SHARING BUS KEY AND APPARATUS THEREFOR - A method and apparatus of sharing a bus key is provided, the method including receiving at a first device a device key, encrypted using an encryption key, from a storage device; decrypting the encrypted device key using a decryption key corresponding to the encryption key; creating a random number, and generating a bus key using the created random number and the decrypted device key, by which data to be transmitted through a bus can be encrypted using the bus key; and transmitting the generated bus key to a predetermined device connected to the first device via the bus. | 10-30-2008 |
20080279372 | Secure distribution of content using decryption keys - For digital rights management (DRM) of e.g. digitally delivered music or video, a technique to make the decryption keys more secure. The technique fragments a message (song or video or other) into a number of portions, and uses a different decryption key for each portion. Each of the various keys is a function of the preceding key, in one version. In another version, each key is a function of a seed value and of the particular portion of the material with which the key is associated. | 11-13-2008 |
20080285749 | Method and apparatus for generating security key in a mobile communication system - Disclosed is an apparatus and method for generating a security key in a mobile communication system that performs security key generation. An Authentication, Authorization and Accounting (AAA) server generates a Master Session Key (MSK) and an Enhanced MSK (EMSK) from a Long Term Credential key, and a Device-MSK (D-MSK), a User-MSK (U-MSK) and a Device and User-MSK (DU-MSK) from the MSK and the EMSK. An Access Gateway (AG) generates a Root-MSK (R-MSK) from the MSK and EMSK received from the AAA server. A Signaling Radio Network Controller (SRNC) generates a Pairwise Master Key (PMK) from the R-MSK received from the AG, and a Traffic Session Key (TSK) from the PMK. A Base Station (BS) sets up a radio connection to a Mobile Station (MS) using the TSK received from the SRNC, and performs radio communication using the set radio connection. The MS generates an MSK and an EMSK, and generates there from a D-MSK, a U-MSK, a DU-MSK, an R-MSK, a PMK, an SRK and a TSK, to perform radio communication with the BS. | 11-20-2008 |
20080304663 | System and Method for the Anonymisation of Sensitive Personal Data and Method of Obtaining Such Data - A system for managing sensitive personal data (DD_A) includes two databases ( | 12-11-2008 |
20080310626 | ENCRYPTED COMMUNICATION SYSTEM, ENCRYPTED COMMUNICATION METHOD, ENCRYPTING DEVICE, AND DECRYPTING DEVICE - To allow viewers to view a plain document depending on levels of the authorized powers of the viewers without inserting identifiers into the plain document. An encrypting device includes devices for: storing encrypting role information which includes encrypting keys and key IDs of the encrypting keys; grasping the encrypting range of the plain document, and creating an encrypted part by encrypting the encrypting range using the encrypting key in the encrypting role information; creating the encrypting information configured with one, two, or more record(s) containing the front position and rear position of the encrypted part, the key ID corresponding to the encrypting key that is applied for the encrypted part, and the processing order of the encrypted part; creating the encrypted document by combining an encrypted document main body configured with a document containing the encrypted part with the encrypting information; and storing the encrypted document to a prescribed medium. | 12-18-2008 |
20090092248 | ENCRYPTION-BASED AUTHENTICATION FOR BINDING MODULES - A first electronic module authenticates a second electronic module via encrypted communications between the first electronic module and the second electronic module. In response to determining the second electronic module is authenticated, the first electronic module is configured to conduct unencrypted communications with the second electronic module. Otherwise, in response to determining the second electronic module is unauthenticated, the first electronic module is configured to disable one or more functions of the first electronic module. | 04-09-2009 |
20090103725 | SYSTEM AND METHOD FOR SECURE COMMUNICATION IN A RETAIL ENVIRONMENT - This disclosure provides various embodiments of systems and methods for secure communications. In one aspect, the system includes a secure payment module (SPM) in a fuel dispenser and a point-of-sate (POS) system. The POS system stores a public key certificate uniquely identifying the SPM and is configured to dynamically generate a first session key. The POS system encrypts the first session key with a public key associated with the public key certificate, and transmits the encrypted first session key to the SPM. The SPM, which stores a private key associated with the public key certificate, is configured to receive and decrypt the first session key. The SPM is further configured to receive a set of magnetic card data from a card reader, encrypt the set of magnetic card data with the first session key, and transmit the encrypted set of magnetic card data to the POS system. | 04-23-2009 |
20090122981 | Encryption Key Generation Device - A scramble key generation unit generates scramble keys (individual encryption keys) which are different from one another and which are for encrypting and decrypting distributing data, by subjecting a predetermined initial encryption key at least once to a unidirectional reverse replacement and at least once to a trapdoor-equipped unidirectional replacement. A time key generation unit generates a time key (master encryption key) for regenerating the scramble keys, by subjecting any of the scramble keys generated by the scramble key generation unit at least once to the unidirectional reverse replacement. Thus, it is possible to efficiently and flexibly generate the individual encryption keys for encrypting and decrypting the distribution data, and master encryption key capable of regenerating some of the individual encryption keys. | 05-14-2009 |
20090122982 | System, Method and Computer Program Product for Providing Digital Rights Management of Protected Content - A system for providing digital rights management of protected content includes a client and a DRM manager. The client is capable of receiving at least one piece of content, the piece(s) of content being encrypted with at least one encryption key regardless of client user(s) authorized to access the piece(s) of encrypted content. To facilitate the client accessing one or more of the piece(s) of content, the DRM manager is capable of transferring the encryption key(s) to the client, the encryption key(s) being encrypted with a private key of a public key/private key pair unique to a client user associated with the client. The client can thereafter decrypt the encryption key(s) using the public key of the public key/private key pair unique to the client user. Then, the client can decrypt the piece(s) of content using the decrypted encryption key(s), and access the decrypted piece(s) of content. | 05-14-2009 |
20090136027 | PROVIDING SECURE COMMUNICATIONS FOR ACTIVE RFID TAGS - Described herein in an example embodiment, is a mechanism to distribute and implement secure credentials on a WLAN (wireless local area network) employing radio frequency identification (RFID) tags. Symmetric keys are provisioned to the tag in a manner that allows for optimized re-association and secure announcements. The provisioned keys are derived in a way that enables the controller to operate without having to maintain the key state for every tag. In an example embodiment, the controller generates keys for the RFID tags that are derived from a master key associated with the controller, an identifier assigned to the RFID tag and an address associated with the RFID tag. | 05-28-2009 |
20090175444 | SYSTEM AND METHOD FOR ENCRYPTION KEY MANAGEMENT IN A MIXED INFRASTRUCTURE STREAM PROCESSING FRAMEWORK - A system and method for protecting streams in a mixed infrastructure includes determining processing elements that are to access a data stream in a stream processing environment and determining a security level for each processing element. Keys are generated per stream per processing element in accordance with the security level. The keys are associated with processing elements in an access control list in a location accessible by producing and consuming processing elements. The stream is decrypted for processing using keys released upon authenticating processing elements in accordance with the access control list. At security boundaries, the stream is re-encrypted in accordance with a next processing element. | 07-09-2009 |
20090196417 | Secure disposal of storage data - A data storage device (such as a magnetic disk drive), which has a built-in encryption function using a self generated cipher key. The data storage device uses the cipher key to routinely encrypt the incoming data without instruction and/or control by the host system or other components that are external to the device and its dedicated controls (e.g., a disk drive controller card). The encryption function is a built-in function or self-contained function of the drive and/or it dedicated controller. To permanently delete the entire content of the drive, the cipher key is located and erased to render the ciphertext that is stored in the storage device unusable. In another embodiment of the present invention, the data disposal is managed on a file basis through the use of a plurality of internally generated file-specific cipher keys, which are managed through the aid of an internal key library. | 08-06-2009 |
20090208004 | File Encrypting/Decrypting Method, Apparatus, Program, And Computer-Readable Recording Medium Storing The Program - To achieve both information confidentiality management and early discovery of information leak. | 08-20-2009 |
20090220075 | MULTIFACTOR AUTHENTICATION SYSTEM AND METHODOLOGY - A system is provided for authenticating a user who is accessing a secure network from a client device. The system comprises a software program resident on the client device, wherein said program is disposed in a tangible medium and contains suitable instructions for generating a session-specific, time-independent password on demand. | 09-03-2009 |
20090262927 | IMAGE FORMING APPARATUS, AND CONTROL METHOD THEREOF - An image forming apparatus of the invention includes a key generating unit to change an encryption key and to generate an encryption key different from the previous encryption key at each time of change, an encryption unit to encrypt image data using the encryption key generated by the key generating unit, a first storage unit to store the encrypted image data, a second storage unit to store the encryption key and a table to correlate the image data encrypted by the encryption key with the encryption key, and a decryption unit to decrypt the data stored in the first storage unit by using the encryption key correlated in the table. According to the image forming apparatus of the invention, the read data can be stored with high security into a storage apparatus such as an HDD, while an operation burden is not imposed on a user. | 10-22-2009 |
20090268903 | NETWORK STORAGE SERVER WITH INTEGRATED ENCRYPTION, COMPRESSION AND DEDUPLICATION CAPABILITY - A network storage server receives multiple write requests from a set of clients via a network and internally buffers multiple data blocks written by the write requests. At a consistency point, the storage server commits the data blocks to a nonvolatile mass storage facility. The consistency point process includes using a storage operating system in the network storage server to compress the data blocks, encrypt selected data blocks, and store the compressed and (possibly) encrypted data blocks in the nonvolatile mass storage facility. Data blocks can also be fingerprinted in parallel with compression and/or encryption, to facilitate subsequent deduplication. Data blocks can be indexed and classified according to content or attributes of the data. Encryption can be applied at different levels of logical container granularity, where a separate, unique cryptographic key is used for each encrypted data container. | 10-29-2009 |
20090290707 | Generating and Securing Multiple Archive Keys - A method and apparatus for generating multiple keys for a set of archives or portions of a set of archives. The process includes receiving a passphrase from a user and an indicator of a set of archives to be modified or created. An archive key generation process can be based on a random value generation, an algorithm for generating keys with specific characteristics, an indexing scheme, a progressive enciphering scheme or a shared secret scheme. The generated keys are enciphered using an enciphering algorithm in combination with the passphrase. The archive keys are stored with the archives in their enciphered form. Other intermediate key information is also stored with the archive to enable deciphering of the set of archives using the passphrase as needed. | 11-26-2009 |
20100020967 | HTTP AUTHENTICATION AND AUTHORIZATION MANAGEMENT - Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include an epoch manager that is used to generate authentication and authorization data that remain valid only for an epoch. The epoch manager can generate an epoch key pair that can be used to encrypt and decrypt the authentication and authorization data during the epoch that the key is valid. The epoch manager can also associate the contents of the data with the epoch in which it was created, so that at decrypting the epoch that the data was generated in can be identified. | 01-28-2010 |
20100027787 | GENERATING A TRAFFIC ENCRYPTION KEY - Apparatus and method for generating a traffic encryption key includes generating a traffic encryption key for encrypting data transmitted as part of a service, the traffic encryption key having a validity equal to a traffic encryption key validity time period; checking whether a period for the service is longer than the traffic encryption key validity time period; and if the period of the service is longer than the traffic encryption key validity time period, ascertaining a residual period which indicates by what period the service is longer than the traffic encryption key validity time period of the traffic encryption key; generating a residual traffic encryption key which is used for encrypting data transmitted as part of a service; ascertaining a residual traffic encryption key validity time period which indicates for how long the residual traffic encryption key is valid; and associating the residual traffic encryption key validity time period with the residual traffic encryption key. | 02-04-2010 |
20100054464 | PROCESS FOR ESTABLISHING A COMMON CRYPTOGRAPHIC KEY FOR N SUBSCRIBERS - A process is described which can be used to generate a cryptographic key for a group of subscribers whose number is subject to change. The process can further provide that even after the group key has been established, subscribers can be removed from or added to the key directory without great effort. | 03-04-2010 |
20100074441 | Data processing systems with format-preserving encryption and decryption engines - A data processing system is provided that includes format-preserving encryption and decryption engines. A string that contains characters has a specified format. The format defines a legal set of character values for each character position in the string. During encryption operations with the encryption engine, a string is processed to remove extraneous characters and to encode the string using an index. The processed string is encrypted using a format-preserving block cipher. The output of the block cipher is post-processed to produce an encrypted string having the same specified format as the original unencrypted string. During decryption operations, the decryption engine uses the format-preserving block cipher in reverse to transform the encrypted string into a decrypted string having the same format. | 03-25-2010 |
20100150344 | Methods and devices for a chained encryption mode - An encryption chaining mode takes plaintext block N, generates encryption key N by combining, preferably by XOR, encryption key N−1 and plaintext block N−1 and encrypts plaintext block N using an encryption algorithm with encryption key N to output ciphertext block N. Encryption key for the first plaintext block is generated by XOR-ing a random Initialization vector and a random initialization key K. In a preferred embodiment, initialization key K is subkeys resulting from a key schedule algorithm and encryption key N−1 is only one of the subkeys. Encryption key for the first plaintext block is generated by XOR-ing a random Initialization vector and one subkey resulting from a key schedule algorithm. Also provided is a corresponding decryption method, an encryption device, a decryption device. | 06-17-2010 |
20100278335 | Arrangements for Location-Based Security Systems and Methods Therefor - Aspects are applicable to secure encryption such as in the generation of a cryptographic key from location information as may be useful in portable/wireless communication devices. As an example, one embodiment is implemented as a method of generating cryptographic keys from location information derived from a signal received from a publicly-used wireless communication system. The location information is protected from fraudulently generated signals using direction of arrival of the received signal. The method attempts to verify that the direction of arrival corresponds to an expected direction of arrival for a received signal of the primary signal type, and in response to the direction of arrival being verified for the direction of arrival, and then enables use of an encryption key that is generated from positional information derived from the received signal | 11-04-2010 |
20100290619 | ENCIPHERING APPARATUS AND METHOD, DECIPHERING APPARATUS AND METHOD AS WELL AS INFORMATION PROCESSING APPARATUS AND METHOD - The invention provides an enciphering apparatus and method, a deciphering apparatus and method and an information processing apparatus and method by which illegal copying can be prevented with certainty. Data enciphered by a 1394 interface of a DVD player is transmitted to a personal computer and a magneto-optical disk apparatus through a 1394 bus. In the magneto-optical disk apparatus with which a change to a function is open to a user, the received data is deciphered by a 1394 interface. In contrast, in the personal computer with which a change to a function is open to a user, the enciphered data is deciphered using a time variable key by a 1394 interface, and a result of the decipherment is further deciphered using a session key by an application section. | 11-18-2010 |
20110038479 | DEVELOPING INITIAL AND SUBSEQUENT KEYID INFORMATION FROM A UNIQUE MEDIAID VALUE - A technique for using a key repository to store data encryption keys provides a way to access key records in the key repository using a key identifier constructed from a media identifier associated with a data storage medium on which encrypted data is or will be stored. The media identifier is hashed and added to a counter value to produce the key identifier. In some embodiments, the technique is implemented in an encryption switch that provides data-at-rest encryption for a storage access network, but in other embodiments, the technique may be implemented in other devices, including data storage devices and hosts. | 02-17-2011 |
20110044451 | INFORMATION PROCESSING APPARATUS AND FALSIFICATION VERIFICATION METHOD - An object of the present invention is to provide an information processing apparatus in which a secure CPU and a non-secure CPU are included, that is capable of reliably detecting falsification of programs. The information processing apparatus according to the present invention includes a secure CPU | 02-24-2011 |
20110051930 | VIRTUALIZATION OF CRYPTOGRAPHIC KEYS - A cryptographic key is virtualized to provide a virtual cryptographic key. To virtualize the key, an operation, such as an exclusive OR operation, is used with the key and a mask. The virtual key is usable by a guest of a virtual environment in cryptographic operations. | 03-03-2011 |
20110081017 | KEY MIGRATION DEVICE - Provided is a key migration device which can securely and reliably control the migration of keys. A migration authority ( | 04-07-2011 |
20120069997 | ENCRIPTION DEVICE AND DECRYPTION DEVICE - According to one embodiment, an encryption device includes a storage unit, an input unit, first to fourth partial encryption units, a generation unit, and an output unit. The first partial encryption unit calculates first intermediate data from input plain data to store in the storage unit. The generation unit generates a round key, which is used in calculations for the first intermediate data and N-th intermediate data, from the secret key. The second partial encryption unit calculates (i+1)th intermediate data from i-th intermediate data (i is smaller than N) and the round key to store in the storage unit. The third partial encryption unit performs an arithmetic operation including predetermined conversion for mixing the N-th intermediate data, and calculates (N+1)th intermediate data to store in the storage unit. The fourth partial encryption unit obtains encrypted data by performing an arithmetic operation including inverse conversion of the conversion on the (N+1)th intermediate data. | 03-22-2012 |
20120128153 | SYMMETRIC-KEY ENCRYPTION METHOD AND CRYPTOGRAPHIC SYSTEM EMPLOYING THE METHOD - Symmetric-key encryption method for transforming a sequence of plaintext symbols into a sequence of ciphertext symbols, includes an iterative encryption process including: computing an altered current internal state by combining a current internal state with a current memory symbol; computing a next internal state from the altered current internal state; generating a keystream symbol from the next internal state; verifying whether the generated keystream symbol satisfies a condition related to data-format/syntax rules; iteratively computing next internal states and iteratively generating keystream symbols; and iteratively encrypting plaintext symbols by employing next keystream symbols to obtain the sequence of ciphertext symbols. | 05-24-2012 |
20120140923 | METHOD AND SYSTEM FOR ENRYPTION KEY VERSIONING AND KEY ROTATION IN A MULTI-TENANT ENVIRONMENT - Various techniques and procedures related to encryption key versioning and rotation in a multi-tenant environment are presented here. One approach employs a computer-implemented method of managing encrypted data and their associated encryption keys. In accordance with this approach, a key splitting process securely stores a master key used to encrypt tenant-level encryption keys, a key versioning process is used to securely track updated encryption keys, and a key rotation process is used to rotate encrypted data to an updated version of a tenant-level encryption key. | 06-07-2012 |
20120155638 | SECURING KEYS OF A CIPHER USING PROPERTIES OF THE CIPHER PROCESS - In the field of computer enabled cryptography, such as a block cipher, the cipher is hardened against an attack by protecting the cipher key, by applying to it a predetermined linear permutation before using one key to encrypt or decrypt a message. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during its execution. This method and the associated computing apparatus are useful where the key is derived through a process and so is unknown when the software code embodying the cipher is compiled. This is typically the case where there are many users of the cipher and each has his own key, or where each user session has its own key. | 06-21-2012 |
20120321079 | SYSTEM AND METHOD FOR GENERATING ROUND KEYS - A system and method for generating round keys used for encrypting and decrypting an input text block. A received cipher key is used to generate round keys that include round key words. Two round key words are generated at the same timebased on the word lengths of the input text block and the cipher key. The generation of round keys may be paused depending on the word lengths of the input text block and the cipher key. | 12-20-2012 |
20140093074 | SECURE PROVISIONING OF SECRET KEYS DURING INTEGRATED CIRCUIT MANUFACTURING - A method, of an aspect, includes challenging a set of Physically Unclonable Function (PUF) cells, of an integrated circuit device, and receiving a set of PUF bits from the PUF cells in response. A PUF key is generated based on the set of PUF bits. An encryption of the PUF key with an embedded key is output from the integrated circuit device. The integrated circuit device receives an encryption of a fuse key with the PUF key. Fuses of the integrated circuit device are programmed with at least one of the fuse key and the received encryption of the fuse key with the PUF key. Other methods, apparatus, and systems are also disclosed. | 04-03-2014 |
20140105388 | LEVEL-TWO ENCRYPTION ASSOCIATED WITH INDIVIDUAL PRIVACY AND PUBLIC SAFETY PROTECTION VIA DOUBLE ENCRYPTED LOCK BOX - A method substantially as shown and described the detailed description and/or drawings and/or elsewhere herein. A device substantially as shown and described the detailed description and/or drawings and/or elsewhere herein. | 04-17-2014 |
20140321643 | METHOD OF GENERATING MULTI-DIMENSIONAL KEY - A method of generating multi-dimensional key comprises both generating three-dimensional coordinate sequences and generating public key and private key, wherein generating three-dimensional coordinate sequences is: setting the base of three-dimensional key as M comprising of m×l×h key elements, each layer in a three-dimensional matrix being a two dimension matrix sized m×l along Z axis, wherein, m is the number of rows in each layer of M | 10-30-2014 |
20150381363 | SYSTEM AND METHOD FOR PERFORMING SECURE COMMUNICATIONS - A method of providing a new enhanced public key by a secure communications terminal for securing system communications, the secure communications terminal having a processor operably connected to a memory and a communications interface, the method comprising: generating, by the processor, a first portion for verifying a client account; generating, by the processor, a second portion for authenticating a public key server; generating, by the processor, an asymmetric public key and a corresponding asymmetric private key; combining, by the processor, the first portion, the second portion and the asymmetric public key to form the new enhanced public key; normalizing, by the processor, the enhanced public key based on a size of the asymmetric public key. | 12-31-2015 |
20160191240 | ELECTRONIC DEVICE AND METHOD FOR ENCRYPTING AND DECRYPTING DATA - A data encrypting and decrypting method which functions in an electronic device is activated when an application program is activated in the device. Data arising from user input is generated and a public and private key pair is also generated. The data is encrypted with the public key to obtain cryptographs and the cryptographs are sent to the application program. The method allows for decryption of the cryptographs with the private key to obtain the original data. | 06-30-2016 |
20160380767 | RE-ENCRYPTION KEY GENERATOR, RE-ENCRYPTION APPARATUS, ENCRYPTION APPARATUS, DECRYPTION APPARATUS, AND STORAGE MEDIUM - According to one embodiment, a re-encryption key generator which generates the re-encryption key based on the first private key, the second re-encryption key generation key, and a plurality of random numbers. The second re-encryption key generation key comprises a plurality of system-specific values and the second private key. The re-encryption key includes an exponent having a numerator portion and a denominator portion or a scalar having a numerator portion and a denominator portion. The numerator portion is in form of a linear coupling of the second private key on which at least one of a plurality of private values specifying relations between the system-specific values and the random numbers is allowed to act. The denominator portion is the first private key. | 12-29-2016 |