Entries |
Document | Title | Date |
20080288780 | LOW-LATENCY DATA DECRYPTION INTERFACE - Methods and apparatus for reducing the impact of latency associated with decrypting encrypted data are provided. Rather than wait until an entire packet of encrypted data is validated (e.g., by checking for data transfer errors), the encrypted data may be pipelined to a decryption engine as it is received, thus allowing decryption to begin prior to validation. In some cases, the decryption engine may be notified of data transfer errors detected during the validation process, in order to prevent reporting false security violations. | 11-20-2008 |
20090019288 | SECURE RECOVERY IN A SERVERLESS DISTRIBUTED FILE SYSTEM - Systems and methods for secure file writes after a catastrophic event are allowed over an unauthenticated channel in a serverless distributed file system if an authenticator accompanies the secure file writes. The authenticator can be a power-of-attorney certificate with time limitations, a vector of message authenticated code, or a single message authenticator with secured with a secret shared among members of the serverless distributed file system. The serverless distributed file system includes at least 3f+1 participating computer members, with f representing a number of faults tolerable by the system. The group requires at least one authenticator for file creation and file uploads. Any changes to files stored among the members can be made over an unauthenticated channel if the file changes are secured by the authenticator and the group is able to verify the authenticator. | 01-15-2009 |
20090031138 | METHOD AND SYSTEM FOR AUTHENTICATION CONFIRMATION USING EXTENSIBLE AUTHENTICATION PROTOCOL - A method for secure and reliable authentication in a communication system. In an embodiment, the authentication method includes performing authentication of a user utilizing Extensible Authentication Protocol (EAP), and transmitting a result indication message to the user. The result indication message can include additional information for security and reliability. The method also includes receiving an acknowledgement message from the user. The acknowledgement message is sent by the user for confirming the reception of the result indication. In an embodiment, the method also includes retransmitting the result indication message if the acknowledgement message is not received within a predetermined time. The additional information for security and reliability can include Message Authentication Code (MAC) and time interval information. The additional information for security and reliability can also include a security/reliability flag. | 01-29-2009 |
20090049305 | METHOD AND SYSTEM FOR HIERARCHICAL PLATFORM BOOT MEASUREMENTS IN A TRUSTED COMPUTING ENVIRONMENT - An architecture for a distributed data processing system comprises a system-level service processor along with one or more node-level service processors; each are uniquely associated with a node, and each is extended to comprise any components that are necessary for operating the nodes as trusted platforms, such as a TPM and a CRTM in accordance with the security model of the Trusted Computing Group. These node-level service processors then inter-operate with the system-level service processor, which also contains any components that are necessary for operating the system as a whole as a trusted platform. A TPM within the system-level service processor aggregates integrity metrics that are gathered by the node-level service processors, thereafter reporting integrity metrics as requested, e.g., to a hypervisor, thereby allowing a large distributed data processing system to be validated as a trusted computing environment while allowing its highly parallelized initialization process to proceed. | 02-19-2009 |
20090094461 | INFORMATION PROCESSING APPARATUS AND AUTHENTICATION INFORMATION MIGRATION METHOD - An information processing apparatus of the present invention converts user authentication information based on a second one-way function into a second converted value if authentication with a first converted value obtained by converting the user authentication information based on the first one-way function is successful. | 04-09-2009 |
20090132826 | HYBRID ENCODING OF DATA TRANSMISSIONS IN A SECURITY SYSTEM - A security system in which wireless transmitting security devices use a hybrid or dual encoding methodology, wherein a first part of a data message is encoded in a return-to-zero (RZ) format and a second part of the data message is encoded in a non-return-to-zero (NRZ) format, thereby increasing error detection and correction. In a first aspect of the invention, status information is included in the first part of the message and redundant status information is included in the second part of the message. In a second aspect of the invention, message sequence information is included in the second part of the message to avoid processing of stale or out-of-sequence messages. | 05-21-2009 |
20090138722 | SECURE AUTHENTICATION FOR AUTHORIZATION FOR TRANSACTION PROCESSING - A method and apparatus for authenticating and authorizing online transactions. An authentication cookie is transmitted to a client system. The authentication cookie includes a user encryption key and an encrypted buffer that contains user identification data and a profile code. Subsequent requests for the particular service use the authentication cookie to generate a query that includes the encrypted buffer and user identification data entered by the user. Portions of the query are encrypted using the user encryption key. Queries received at each authentication and authorization server are authenticated by reconstructing the user encryption key using information transmitted in the clear and decrypting the query using both the reconstructed user encryption key and the secret key. The user identification data entered by the user is then compared with the user identification data in the encrypted buffer for further authentication. The profile code is analyzed for determining authorization. If the query is authenticated and authorized, the authentication and authorization server forwards the request to a server that provides the desired service. | 05-28-2009 |
20090158045 | LIGHT-OVERHEAD AND FLEXIBLE WIRELESS SENSOR MESSAGE AUTHENTICATION METHOD - The present invention relates to a wireless sensor message authentication method, which is characterized by an authentication scheme of any message authentication code applied to any secure message authentication code (MAC); an authentication scheme using the concept of error correcting code (ECC) and applied to any binary ECC to provide different feature; flexible technique tuning required throughput and faulty data detection capability by adjusting the ECC in use; end-to-end authentication; and XOR operation conducted to original MAC to secure light overhead. | 06-18-2009 |
20090158046 | HASH-BASED SYSTEMS AND METHODS FOR DETECTING AND PREVENTING TRANSMISSION OF POLYMORPHIC NETWORK WORMS AND VIRUSES | 06-18-2009 |
20090164794 | Digital Content Storage Process - The digital content store provides users with an opportunity to purchase authorized usage of digital content, such as single or multiple music tracks, video, movies, and/or video games. The users can also buy license to a desired track for a fixed number of times, e.g. preferably the users can listen on three different machines simultaneously. Users can also burn a play list of X number of times, for example ten. The burn limit preferably applies to the play list, not the song. Mixed media capability is provided that allows the purchase of digital content and/or physical media. The digital content store system comprises a unique digital rights management system and a back-end enabling system that controls these digital rights. | 06-25-2009 |
20090193261 | APPARATUS AND METHOD FOR AUTHENTICATING A FLASH PROGRAM - In one embodiment of the invention, an apparatus for authenticating a flash program is provided. The apparatus comprises a hardware unique key, a register storing a customer identity (ID) and a message authentication code (MAC) generation unit. The MAC generation unit acquires a root key corresponding to the hardware unique key and the customer ID, and generates a MAC for the flash program using the acquired root key, wherein the content of the register is locked to avoid modification of the stored customer ID until the next system reset. | 07-30-2009 |
20090249076 | INFORMATION SERVER AND MOBILE DELIVERY SYSTEM AND METHOD - A user is provided with access to his or her account information using a client. The account information is stored on a server which receives the information from a feed source and transmits the information to the client. A method for downloading and installing specialized software for viewing the account information on the client is also provided. The information can be received from different feed sources in different formats and converted to a format that is compatible with the intended receiving client. Encryption can be used to protect the privacy of the users of the system and the account information therein. Additionally, a special access password and a privileged access routine can be used to provide access to an authorized third party user on a temporary basis. | 10-01-2009 |
20090254756 | Data communication method - A data communication method capable of performing a synchronization processing at two or more computer terminals while ensuring security. A server certificate and a public key are transmitted through a host-side terminal to a guest-side terminal, whereby the guest-side terminal authenticates the server, and a guest-side hash key used in a hash function, as well as the hash function, are encrypted with the public key. A web server decrypts the hash key and the hash function, creates a digest of the contents with the guest-side hash key, and transmits the digest through the host-side terminal to the guest-side terminal. The guest-side terminal receives the contents and digest received from the host-side terminal, and compares this digest and a digest created from the received contents, whereby security can be ensured when the synchronization processing is performed. | 10-08-2009 |
20090313475 | Security in Computing Networks - A system for verifying the security of communications between a set of nodes via a high-bandwidth, insecure communications channel. A number of embodiments are described for enabling authenticated communication between the nodes in an environment wherein there is a high bandwidth Dolev-Yao network amongst the nodes and non-spoofable, low-bandwidth empirical channels between each pair of nodes. | 12-17-2009 |
20090327736 | Insider attack defense for network client validation of network management frames - Method for detecting an attack on a broadcast key shared between an access point and its wireless clients. Upon detection of the attack, actions are implemented to react to the attack as defined in one or more security policies. Detection of the attack is achieved by examining both a link message integrity check and an infrastructure management frame protection (IMFP) message integrity check contained in a broadcast management frame. | 12-31-2009 |
20090327737 | TECHNIQUES FOR ENSURING AUTHENTICATION AND INTEGRITY OF COMMUNICATIONS - Techniques are described for ensuring data integrity and authentication of received messages. One technique includes sending a request from a first module to a second module in which the request includes a first portion that is a shared secret encrypted with a public key, obtaining by the second module a private key from a secure and trusted information store, such as a license information store, including license information or other application specific information for the first module, using the private key to decrypt the first portion and obtain the shared secret, sending a response from the second module to the first module in which the response includes authentication data and at least one data item used with the shared secret to determine the authentication data, and performing by the first module verification processing to verify the authentication data included in the response. | 12-31-2009 |
20090327738 | REDUCING MEMORY REQUIREMENTS OF FIRMWARE - A mechanism for making increased amounts of firmware available to a computer pre-boot is discussed. To increase the amount of firmware available pre-boot, a design decision is made during the build process as to which segments of the firmware need to be placed on the ROM part and which segments of the firmware can be located elsewhere. The segments of the firmware that are stored remotely from the ROM are referred to as “virtual ROM modules”. Each of the virtual ROM modules is assigned a generated unique identifier, and a “message digest” is constructed for each module using an algorithm such as MD5 or SHA-1. In the software build of the ROM image, the message digest-unique identifier pair created for each Virtual ROM module is used as a logical pointer for the virtual module. Additionally, a search path variable is placed into the ROM image in non-volatile storage. The search path provides for one or more locations in which to look for the Virtual ROM modules, and may be updated at a later point in time. | 12-31-2009 |
20100031051 | Protocol And Method For Client-Server Mutual Authentication Using Event-Based OTP - The invention comprises a method of authenticating and encrypting a client-server communication, comprising the steps of: a) generating a first one-time password (OTP | 02-04-2010 |
20100031052 | LOW POWER HMAC ENCRYPTION APPARATUS - There are provided a low power SHA-1 hash algorithm apparatus having a low power structure and optimized to a trusted platform module (TPM) applied to a mobile trusted computing environment and a low power keyed-hash message authentication code (HMAC) encryption apparatus using the low power SHA-1 hash algorithm apparatus, the HMAC encryption apparatus including: a key padder padding key data for HMAC algorithm; an XOR operator XOR operating the padded key data and a padding constant; a data connector connecting a text to be encrypted, to data obtained by the XOR operating; a data padder padding the connected data; an SHA-1 hash algorithm part performing an SHA-1 hash algorithm on the padded data; a data selector selecting and applying one of a result of the SHA-1 hash algorithm and the text to be encrypted, to the data connector; and a controller controlling operations of the key padder, data connector, and data padder, a sequence of performing a hash algorithm of the SHA-1 hash algorithm part, and storing an operation result to read data required for performing an encryption operation and store data with memory. | 02-04-2010 |
20100049986 | HASH VALUE GENERATOR - To achieve high safety, large-sized nonlinear permutation is employed; however, the larger permutation processing is, the more the period of time required for the processing is, which hence is not efficient. There is provided a hash value generation method or a hash value generator which has the following aspects and which is highly safe and is capable of executing processing at a high speed.
| 02-25-2010 |
20100088522 | Method and Apparatus for Tamper Proof Camera Logs - A method and apparatus for maintaining a tamper proof device log are described. In one embodiment, the method comprises maintaining an embedded log in the device, the embedded log being a chain of log entries. In one embodiment, the method may also comprise publishing at least one log entry to a location external to the device. | 04-08-2010 |
20100115285 | MIX-NET SYSTEM - Each participant apparatus ( | 05-06-2010 |
20100138665 | AUTHENTICATED PROGRAM EXECUTION METHOD - According to a conventional technique, in the case where a program is stored into a non-volatile memory once and then activated, authentication of the program is performed immediately before such activation. However, calculations such as decryption of encrypted values are required before the activation of the program starts, which causes the problem that responsiveness is decreased in proportion to the time required for calculations. In order to solve this problem, authentication of a program is performed immediately before such program is stored, so that no authentication is performed or only a part of the authentication is performed to verify the validity of certificates at program activation time. | 06-03-2010 |
20100169657 | Message authentication code with blind factorization and randomization - The message authentication code with blind factorization and randomization is a computational method for improving the security of existing Message Authentication Code (MAC) methods through the use of blind integer factorization. Further, blind randomization is used as a countermeasure to minimize collision attacks where different plaintexts produce the same MAC. | 07-01-2010 |
20100169658 | Elliptic curve-based message authentication code - The elliptic curve-based message authentication code is a computational method for improving the security of existing message authentication code (MAC) generating methods through the use of elliptic curve cryptography. Particularly, the message authentication codes and elliptic curve cryptography are based on an elliptic curve discrete logarithm problem, which is well known in mathematics to be a computationally hard problem. | 07-01-2010 |
20100205446 | MULTI-LEVEL FILE DIGESTS - Multi-level file digests for electronic files are disclosed. A top level digest represents a single digest for the associated electronic file. Lower level digests represent digests for portions of the associated electronic file. The top level digest is derived from the lower level digests. The top level digest is useful for facilitating rapid comparison to determine whether electronic files are the same. In one embodiment, electronic files are encrypted with a block encryption scheme, and digests are efficiently calculated and stored on a block-by-block basis. Advantageously, when modifications to an encrypted electronic file occurs, only those modified blocks need to be processed to undergo decryption and re-encryption to determine the appropriate digest. | 08-12-2010 |
20100217997 | AUTHENTICATION METHOD, SYSTEM, SERVER, AND CLIENT - An authentication method is disclosed herein. The method includes: by a server, using a Trigger message nonce to generate a Trigger message, and sending the generated Trigger message to a client so that the client can extract the Trigger message nonce; after determining that the Trigger message nonce is valid, using the Trigger message nonce to generate a digest, and authenticating the Trigger message generated by using the Trigger message nonce; after the authentication succeeds, sending a session request to the server indicated by the Trigger message, where the session request carries a session ID. The corresponding system, server and client are disclosed herein. The present invention makes the authentication process more secure through the client and the server based on the DS or DM protocol. | 08-26-2010 |
20100235644 | Method and System for a Recursive Security Protocol for Digital Copyright Control - Systems and methods are described which utilize a recursive security protocol for the protection of digital data. These may include encrypting a bit stream with a first encryption algorithm and associating a first decryption algorithm with the encrypted bit stream. The resulting bit stream may then be encrypted with a second encryption algorithm to yield a second bit stream. This second bit stream is then associated with a second decryption algorithm. This second bit stream can then be decrypted by an intended recipient using associated keys. | 09-16-2010 |
20100268960 | SYSTEM AND METHOD FOR ENCRYPTING DATA - A method for encrypting data includes receiving a block of plaintext for a data set at one or more computers, acquiring a cryptographic key for the data set, generating an initialization vector for the block of plaintext based on the block of plaintext, and encrypting the block of plaintext using the cryptographic key and the initialization vector. | 10-21-2010 |
20100275030 | METHOD FOR ENSURING THE VALIDITY OF RECOVERED ELECTRONIC DOCUMENTS FROM REMOTE STORAGE - A method for electronically storing and retrieving at a later date a true copy of a document stored on a remote storage device comprises: sending a document in electronic format from a document owner's computing device to a store entity for storing the document; generating a digest of the document while the document is at the store entity by applying a hash function to the document; signing the digest electronically with a key while said document is at the store entity; generating a receipt that includes the digest and the key; sending the receipt to the document owner; and verifying, at the document owner's computing device, that the received receipt corresponds to the document sent from the owner's computing device. | 10-28-2010 |
20100275031 | METHOD FOR SECURELY TRANSMITTING CONTROL DATA FROM A SECURE NETWORK - This method securely transmits data from a secure control system [ | 10-28-2010 |
20100287380 | WRITING AREA SECURITY SYSTEM - A writing area security system ( | 11-11-2010 |
20100299529 | METHOD AND SYSTEM FOR SECURING COMMUNICATION - A method for securing communication between members. The method includes a first member obtaining a secret. An n-bit generator executing on the first member generates a message digest using the first secret. The first member extracts algorithm selector bits and an encryption key from the message digest, and selects an encryption algorithm identified by the algorithm selector bits. The method further includes the first member encrypting a communication using the encryption algorithm and the encryption key to obtain an encrypted communication, and the first member sending, to a second member of the group, the first encrypted communication. | 11-25-2010 |
20110029780 | Systems and Methods for Conducting Transactions and Communications Using a Trusted Third Party - Systems and methods are provided for managing the transfer of electronic files. In one embodiment, a sender transfers an encrypted version of a file (such as a digitally encoded audio track, movie, document, or the like) to someone who wishes to receive it. The receiver computes a hash of the encrypted file, and sends it to a trusted third party. The trusted third party compares the hash that was computed by the receiver with another hash computed by the sender. If the two hashes match, the third party sends the file decryption key to the receiver. In some embodiments, the receiver may also send the third party payment information so that the sender, the content owner, and/or the third party can be paid for their role in the transaction. In a preferred embodiment, the payment information is only sent to, and/or used by, the third party once the third party has confirmed to the satisfaction of the receiver that the encrypted file in the receiver's possession will decrypt correctly. In some embodiments, the sender computes a hash of the encrypted version of the file and sends it directly to the third party. In other embodiments, the sender encrypts this hash using a key associated with the third party and sends the encrypted hash to the receiver, who then forwards it to the third party. | 02-03-2011 |
20110035597 | SECURE INDIRECT ADDRESSING - An efficient solution for secure implementation of indirect addressing (IA) is described. IA may be used, for example, in networks of which the routing algorithms are not capable of multicast but also contain very constrained devices that, although requiring multicast, are not capable of repeated unicast. This ID is useful in wireless networks containing low-power low-cost devices. | 02-10-2011 |
20110040977 | SPONGE AND HASH FUNCTIONS USING A RUBIK'S CUBE PUZZLE PROCESS - The present method is directed, in the computer data security field, to cryptographic sponge and hash function processes which are embodied in a computer system and are typically keyless, but highly secure. The processes are based on the type of randomness exhibited by manipulation of the well known three dimensional Rubik's cube puzzle. Computation of the hash or sponge value (digest) is the result of executing in a model (such as computer code or logic circuitry) an algorithm modeling such a puzzle using the message as an input to the cube puzzle algorithm, then executing the cube puzzle algorithm. A state of the modeled cube puzzle (the final cube puzzle arrangement) after execution gives the sponge or hash digest value of the message. | 02-17-2011 |
20110040978 | SENDING SIGNED E-MAIL MESSAGES FROM A DEVICE - Sending signed e-mail messages. An output data stream is created for streaming a signed e-mail message, and streamed attachment data is read. In response to receiving a portion of the read streamed attachment data, the received portion of the attachment data is digested to generate a digest value, and the received portion of the attachment data is sent to a mail server via the output data stream. The received portion of the attachment data is smaller than the size of the attachment data. The digest value is updated as additional portions of the streamed attachment data are received and digested. In response to sending all attachment data to the mail server, a signer generates the signature data by signing the digest value using a signer's private key, and the generated signature data is sent to the mail server via the output stream. | 02-17-2011 |
20110055581 | HASH FUNCTION BASED ON PAINTING TECHNIQUES - In the computer data security field, this disclosure is of cryptographic hash function processes embodied in a computer system and which may be keyless, but are highly secure. The processes are based on the type of randomness exhibited by painting or drawing a picture. Computation of the hash value (digest) is the result of executing in computer code or logic circuitry an algorithm which models such a picture painting process using the message as an input to the picture painting algorithm, then executing the algorithm. A state of the resulting picture gives the hash digest value of the message. Message expansion or a derivation function (e.g., a pseudo random number generation process) may be applied to the message prior to execution of the picture painting process, for enhanced security. | 03-03-2011 |
20110055582 | HASH FUNCTION USING A DOMINO GAME PROCESS - In the computer data security field, cryptographic hash function processes are embodied in a computer system and may be keyless, but are highly secure. The processes are based on the type of randomness exhibited by the well known game of dominos using a set of tiles arranged by players on a surface. Computation of the hash value (digest) is the result of executing in computer code or logic circuitry an algorithm which models such a domino game using the message as an input to the domino game algorithm, then executing the domino game algorithm. A state of the game algorithm which models the final layout of the pieces (tiles) gives the hash digest value of the message. | 03-03-2011 |
20110161674 | DOCUMENT AUTHENTICATION USING DOCUMENT DIGEST VERIFICATION BY REMOTE SERVER - A method of generating a self-authenticating document while utilizing document digest stored on a server for verification purposes. Authentication information for the document is encoded in barcode which is printed on the document. A document digest is calculated from the authentication information and transmitted to a server to be stored. When authenticating a scanned copy of the document, the barcode is read to extract the authentication information. A target document digest is calculated from the extracted authentication information and transmitted to the server for verification. The server compares the target document digest with the previously stored document digest. If they are not the same, the barcode has been altered. If they are the same, the extracted authentication information is used to authenticate the scanned copy. A document ID may be generated and transmitted to the server, and used by the server to index or search for the stored document digest. | 06-30-2011 |
20110179281 | HASH FUNCTION USING A QUASI-GROUP OPERATION - In the computer data security field, a cryptographic hash function process is embodied in a computer system or computer software or logic circuitry and is keyless, but highly secure. The process is based on (mathematical) quasi-group operations such as in the known “EDON-R” hash function. But here one or more blank rounds (iterations) of the quasi-group operation are concatenated to the EDON-R hash function operations, to overcome perceived security weaknesses in EDON-R. | 07-21-2011 |
20110185182 | IMPROVEMENTS RELATED TO THE AUTHENTICATION OF MESSAGES - A method of authenticating a message from a sending party to a receiving party. The sending party generates a digest of the message using a key, and sends the digest to the receiving party. The receiving party also generating the digest of the message using the key, and compares the digests to confirm the message was sent by the sending party. The key may be sent by the sending party to the receiving party by an authenticatable method; alternatively, the parties may use a secret previously agreed key. | 07-28-2011 |
20110208973 | OVERALL OPTIMIZATION OF THE CONFIGURATION OF A MESHED WIRELESS NETWORK OF RF DEVICES IN AN AIRCRAFT - The invention relates to overall optimization of an identification system ( | 08-25-2011 |
20110213984 | SERIAL ARCHITECTURE FOR HIGH ASSURANCE PROCESSING - A processing system ( | 09-01-2011 |
20110231665 | METHOD OF PERFORMING AUTHENTICATION BETWEEN NETWORK NODES - A method of authentication between first (QNodeX) and second (QNodeY) network nodes within a network suitable for implementing quantum cryptography comprises steps in which the first and second nodes each generate a cryptographic hash ([MXY]AI, [MYX]AJ) of a message ([MXY], [MYX]) using respective authentication keys (AI, AJ) shared with a third network node (QNodeW). The messages may be those exchanged between the first and second nodes during agreement of a quantum key to be used between the nodes. An authentication key to be shared by the first and second nodes may be established using the quantum key. The invention therefore allows an authentication key to be established and shared between the first and second network nodes without direct physical intervention. Networks having large numbers of network nodes may be re-keyed following replacement or maintenance of a network node much more quickly and easily than is the case where re-keying is achieved by physically supplying shared authentication keys. | 09-22-2011 |
20110271117 | USER EQUIPMENT (UE), HOME AGENT NODE (HA), METHODS, AND TELECOMMUNICATIONS SYSTEM FOR HOME NETWORK PREFIX (HNP) ASSIGNMENT - A User Equipment (UE), Home Agent node (HA), methods, and a telecommunications system are provided for use during negotiation of IP security associations, such as during an Internet Key Exchange (IKE) procedure, between the UE and the HA. The UE sends to the HA an authentication request comprising an indicator relative to a Home Network Prefix (HNP) to be assigned to the UE. Based on the indicator, the HA assigns a new HNP or re-assigns the HNP already assigned, and sends back a response comprising the assigned HNP. If the UE performs a handover to another access network or establishes a simultaneous binding to the other access network, the UE sends its own HNP in the authentication request thus asking the HA to re-assign the same HNP for the new connection being established. If the UE makes an initial access with a network, the indicator may be left blank, asking for the assignment of a new HNP for the UE. | 11-03-2011 |
20110296193 | CODE-BASED HASHING FOR MESSAGE AUTHENTICATION CODES - Code-based hashing for message authentication code generation is described. In one aspect, a computer-implemented method receives a message and a secret key. A hash function is built based on respective portions of the secret key and a language interpreter. A formatted message is hashed using the hash function to generate a message authentication code for authentication of the message. | 12-01-2011 |
20110302422 | HASH FUNCTION USING A REPEATED FUNCTION WITH SHIFTS - In the data security field, a modular cryptographic hash function process is embodied in a computer system or hardware (circuitry). The process is based on the mode of operation of the known “Shabal” hash function which uses a keyed permutation applied to each word of the message. Here a function is substituted for the permutation and additional final rounds are added to the function. Security is further enhanced over that of the Shabal hash function by avoiding use of the message blocks in computing certain of the data arrays, in order to frustrate known message attacks. | 12-08-2011 |
20110307705 | SYSTEM AND METHOD FOR PROTECTING SECRETS FILE - A method for protecting a first secrets file. The method includes an n-bit generator generating a secrets file name for the secrets file and generating a decoy file names for decoy files. The secrets file includes a secret. Each of the decoy files includes decoy file contents, are a same size as the secrets file, and is associated with a modification time within a range of modification times. The modification time of the secrets file is within the range of modification times. The secrets file and decoy files are stored in a secrets directory. | 12-15-2011 |
20110307706 | METHOD AND SYSTEM FOR SECURING COMMUNICATION - A method for securing communication between a plurality of members. The method includes a first member sending a first input to a second member, receiving a second input from the second member, and generating, by an n-bit generator, an initial message digest using the first input and the second input. Communications between the first member and the second member are encrypted using the initial message digest. | 12-15-2011 |
20110307707 | METHOD AND SYSTEM FOR SECURING A FILE - A method for securing files. The method includes an n-bit generator, executing on a first member of a group, generating a message digest using a first secret and a file constant value. The file constant value describes a file. The member extracts an encryption solution from at least the message digest, encrypts the file using the encryption solution to create the encrypted file, and sends the encrypted file and the file constant value to a second member. | 12-15-2011 |
20120030472 | AUTHENTICATION METHOD, SYSTEM, SERVER, AND CLIENT - An authentication method is disclosed herein. The method includes: by a server, using a Trigger message nonce to generate a Trigger message, and sending the generated Trigger message to a client so that the client can extract the Trigger message nonce; after determining that the Trigger message nonce is valid, using the Trigger message nonce to generate a digest, and authenticating the Trigger message generated by using the Trigger message nonce; after the authentication succeeds, sending a session request to the server indicated by the Trigger message, where the session request carries a session ID. The corresponding system, server and client are disclosed herein. The present invention makes the authentication process more secure through the client and the server based on the DS or DM protocol. | 02-02-2012 |
20120096278 | Authenticating Messages Using Cryptographic Algorithm Constants Supplied to a Storage-Constrained Target - The present invention provides for authenticating a message. A security function is performed upon the message. The message is sent to a target. The output of the security function is sent to the target. At least one publicly known constant is sent to the target. The received message is authenticated as a function of at least a shared key, the received publicly known constants, the security function, the received message, and the output of the security function. If the output of the security function received by the target is the same as the output generated as a function of at least the received message, the received publicly known constants, the security function, and the shared key, neither the message nor the constants have been altered. | 04-19-2012 |
20120110336 | DATA VERIFICATION METHOD - (EN)An electronic system ( | 05-03-2012 |
20120166809 | SYSTEM AND METHOD FOR CRYPTOGRAPHIC KEY EXCHANGE USING MATRICES - Two parties can establish a cryptographic key using a matrix based key exchange protocol, for secure communications without any prior distribution of secret keys or other secret data, and without revealing said key to any third party who may have access to all of the transmissions between them. A common matrix M, shared in advance, is multiplied by a random matrix K on the sending side, and a different random matrix N on the receiving side. The matrix product KM is sent from the sending side to the receiving side, and the matrix product MN is sent from the receiving side to the sending side. Both sides produce the common matrix product KMN, and use it for producing a symmetric key for encrypted communications. | 06-28-2012 |
20120278629 | SYSTEM AND METHOD FOR SECURE AUTHENTICATION OF A "SMART" BATTERY BY A HOST - Systems and methods for providing a battery module | 11-01-2012 |
20120284522 | Method and System for Securing Multimedia Data Streamed Over a Network - There is provided a method of securing multimedia data for streaming over a network comprising receiving the multimedia data from a server, transforming the multimedia data into secure multimedia data using a security key associated with the multimedia data, storing the security key associated with the multimedia data, streaming the secure multimedia data to the destination server. The method further comprises receiving decoding solution requests associated with the multimedia data from one or more multimedia players for playing the multimedia data and transmitting the security key associated with the multimedia data to each of the multimedia players. | 11-08-2012 |
20120284523 | MAC Aggregation Resilient To Denial-Of-Service Attacks For Use In A Multi-Node Data Network - An improved MAC aggregation technique is disclosed that yields an aggregate MAC much shorter than the concatenation of constituent MACs while achieving improved resilience to denial-of-service (DoS) attacks. The aggregate MAC is constructed in a manner wherein upon instance of channel impairments or malicious attack (e.g., from a rogue node or man-in-the-middle attacker), only a portion of the aggregate MAC will include corrupted data, at least a portion of the aggregate MAC thereby including valid verifiable data. A source of corruption of the aggregate MAC may be ascertained based on indicia of which constituent MACs are included in the valid portion; and constituent MACs that are wholly included in the valid portion may be declared valid. | 11-08-2012 |
20120284524 | LOW OVERHEAD NONCE CONSTRUCTION FOR MESSAGE SECURITY - A system and method for data encryption/decryption and authentication using a relatively long security sequence number (SSN). The SSN is used both to encrypt data and to compute a message integrity code (MIC). However, the entire SSN need not be transmitted from sender device to receiver device. For example, only the lowest order octet of the SSN is transmitted to the receiver device. The receiver device computes the entire SSN based on the received portion. | 11-08-2012 |
20120284525 | CROSS VALIDATION OF DATA USING MULTIPLE SUBSYSTEMS - A method and apparatus for cross validation of data using multiple subsystems are described. According to one embodiment of the invention, a computer comprises a first subsystem and a second subsystem; and a memory, the memory comprising a first memory region and a second memory region, the first memory region being associated with the first subsystem and a second memory region being associated with the second subsystem; upon start up of the computer, the first subsystem to validate the second memory region and the second subsystem to validate the first memory region. | 11-08-2012 |
20120297199 | SECURE CONFIGURATION OF COMPUTING DEVICE - In accordance with a broad aspect, a method is provided to securely configure a computing device. A configuration indication is received into the computing device, including receiving a digital signature generated based on the configuration indication. Generation of the digital signature accounts for a unique identifier nominally associated with the computing device. The received configuration indication may be verified to be authentic including processing the unique identifier, the received configuration indication and the received digital signature. The computing device may be operated or interoperated with in accordance with the received configuration indication. In one example, a service interoperates with the computing device. For example, the computing device may be a portable media player, and the service may provide media to the computing device based on a capacity indication of the configuration indication. | 11-22-2012 |
20130054974 | PACKET SOURCE AUTHENTICATION METHOD USING SINGLE-BUFFERED HASH IN MULTICAST ENVIRONMENT AND APPARATUS FOR THE SAME - A source authentication method and apparatus according to the present invention are disclosed. The source authentication method is performed with respect to a transmission packet on a message transmission side, and includes generating a first hash value to which a first hash function is applied using a message to be included in a next packet and a key value, and generating the transmission packet including the first hash value, wherein the key value is one of at least one key value generated in advance by applying a second hash function. Meanwhile, according to the present invention, effective low-cost multicast authentication may be performed by reducing a variety of loads such as buffer management, key calculation costs, and the like. | 02-28-2013 |
20130132730 | Method and System for Transmitting Control Data in a Manner that is Secured Against Manipulation - A method and system for detecting manipulation when control data are transmitted from a first control unit to a second control unit via a network, which includes generating integrity check information data for the control data transmitted by the first control unit via an integrity check generating unit on the transmitter side, calculating a cryptographic checksum for the integrity check information data generated on the transmitter side via the integrity check generating unit, transmitting the integrity check information data and the cryptographic checksum to an integrity check verifying unit that verifies the cryptographic checksum on the receiver side, generating integrity check information data on the receiver side for the control data received by the second control unit using the integrity check verifying unit, and comparing the integrity check information data and the integrity check information data with the cryptographic checksum to detect the manipulation of the transmitted control data. | 05-23-2013 |
20130145169 | EFFICIENT AUTHENTICATION FOR MOBILE AND PERVASIVE COMPUTING - A method and system for authenticating messages is provided. A message authentication system generates an encrypted message by encrypting with a key a combination of a message and a nonce. The message authentication system generates a message authentication code based on a combination of the message and the nonce modulo a divisor. To decrypt and authenticate the message, the message authentication system generates a decrypted message by decrypting with the key the encrypted message and extracts the message and the nonce. The message authentication system then regenerates a message authentication code based on a combination of the extracted message and the extracted nonce modulo the divisor. The message authentication system then determines whether the regenerated message authentication code matches the original message authentication code. If the codes match, then the integrity and authenticity of the message are verified. | 06-06-2013 |
20130159724 | Method And Apparatus For A Scalable And Secure Transport Protocol For Sensor Data Collection - A new approach for a transport protocol for sensor data collection, such as a smart grid is described. In one embodiment of the invention, each server avoids keeping security and communication state per client through the notion of a secure “state-token”. The state token is issued with each server message and is subsequently attached to corresponding client messages delivered to the server. An implementation is provided in which the server encrypts and authenticates the associated session state, and then gives the resulting encryption for the client to temporarily store and return to the server with a next message. In this way, a server does not keep session state after sending the encryption back to a client and can quickly restore session state when the next message from the client arrives. | 06-20-2013 |
20130173924 | METHOD AND APPARATUS OF CIPHER COMMUNICATION FOR MANAGEMENT FRAME USING QUALITY OF SERVICE MECHANISM IN WIRELESS LOCAL AREA NETWORK SYSTEM - A method of cipher communication for management frame performed by station in wireless local area network system is provided. The method includes obtaining a first pseudonoise code sequence (PN) for a plaintext Medium Access Control (MAC) protocol data unit (MPDU), constructing an additional authentication data (AAD) by using fields in a header of the plaintext MPDU, constructing a Nonce value from the PN, an Address 2 and a Priority field in the header of the plaintext MPDU, generating a encrypted MPDU from the plaintext MPDU by using a temporal key, the AAD, and the Nonce value, and transmitting the encrypted MPDU to a peer station, wherein the plaintext MPDU is a management frame including a sequence number field, the sequence number field including access category field indicating category of data included in the plaintext MPDU, and the Nonce value includes a priority field matched with the access category field. | 07-04-2013 |
20130262871 | METHOD AND APPARATUS FOR TAMPER PROOF CAMERA LOGS - A method and apparatus for maintaining a tamper proof device log are described. In one embodiment, the method comprises maintaining an embedded log in the device, the embedded log being a chain of log entries. In one embodiment, the method may also comprise publishing at least one log entry to a location external to the device. | 10-03-2013 |
20130326227 | AUTHENTICATION APPARATUS, AUTHENTICATION SYSTEM, AUTHENTICATION METHOD AND STORAGE MEDIUM - The first authentication unit of an authentication apparatus decides whether first authentication data exists in a received message, and performs, if it is decided that the first authentication data exists, authentication based on the first authentication data. The second authentication unit of the authentication apparatus decides whether second authentication data exists in the received message, and performs, if it is decided that the second authentication data exists, authentication based on the second authentication data. If the second authentication unit decides that no second authentication data exists in the received message, and the first authentication unit decides that authentication has succeeded, it is decided that authentication for the received message has succeeded. | 12-05-2013 |
20140006792 | METHOD AND SYSTEM FOR SECURING COMMUNICATION | 01-02-2014 |
20140122892 | INSURING INTEGRITY OF REMOTE PROCEDURE CALLS USED IN A CLIENT AND SERVER STORAGE SYSTEM - A system and method generates a message integrity check. The message integrity check value is computed by hashing one or more block checksums from procedure specific parameters of an RPC and then encrypting the resulting hash value. The computed message integrity check is appended to the RPC to thereby provide a level of security approaching or equal to the level of Integrity defined by the RPCSEC_GSS protocol specification. | 05-01-2014 |
20140122893 | Multi-Tier Wireless Home Mesh Network with a Secure Network Discovery Protocol - An apparatus, system and method for a multi-tier wireless home mesh network is described. The method may include formation of an infrastructure-less wireless home mesh networking environment comprising a collection of nodes that operate as a decentralized, ad hoc wireless network with multiple sub-networks or tiers that are responsible for different functions within the network. Each node of the multi-tier network is configured to forward data to other nodes and is assigned to a particular tier based on the node's performance capabilities. A further embodiment includes identification of a wireless home mesh network. Once identified, one or more proprietary messages may be exchanged in a secure manner to establish connections with a home electronics device as either a mobile node or a stationary node of the home network. A home electronics device may wirelessly communicate to route data within one or more nodes of the wireless home mesh network. Other embodiments are described and claimed. | 05-01-2014 |
20140245021 | STORAGE SYSTEM IN WHICH FICTITIOUS INFORMATION IS PREVENTED - According to one embodiment, a storage system includes a host device and a secure storage. The host device and the secure storage produce a bus key which is shared only by the host device and the secure storage by authentication processing, and which is used for encoding processing. The host device produces a message authentication code including a message which can be stored in the secure storage based on the bus key, and sends the produced message authentication code to the secure storage. The secure storage stores the message included in the message authentication code in accordance with instructions of the host device. The host device verifies whether the message stored in the secure storage is intended contents. | 08-28-2014 |
20140281560 | SECURE ZONE ON A VIRTUAL MACHINE FOR DIGITAL COMMUNICATIONS - An apparatus implementing a secure zone on one or more virtual machines may be provided. In one aspect, the apparatus may comprise a peripheral device, a security-enhancing chip and a computer processor. The chip may comprise a non-volatile storage for storing an encryption key and a first configuration digest, and may be configured to receive configuration data, create a second configuration digest based on the received configuration data, and allow access to the encryption key based on comparison of the first and the second configuration digests. The computer processor may be configured to initialize a hypervisor, establish one virtual machine for executing code for a secure zone, and establish a second virtual machine for executing code for a non-secure. The code for the secure zone may initiate executing a task, and assume or transfer control over the peripheral device depending whether the apparatus is operating in a secure mode. | 09-18-2014 |
20140298036 | SYSTEM AND METHOD FOR PROTECTING SECRETS FILE - A method for protecting a first secrets file. The method includes an n-bit generator generating a secrets file name for the secrets file and generating a decoy file names for decoy files. The secrets file includes a secret. Each of the decoy files includes decoy file contents, are a same size as the secrets file, and is associated with a modification time within a range of modification times. The modification time of the secrets file is within the range of modification times. The secrets file and decoy files are stored in a secrets directory. | 10-02-2014 |
20140298037 | METHOD, APPARATUS, AND SYSTEM FOR SECURELY TRANSMITTING DATA - The present invention provides a method, an apparatus, and a system for securely transmitting data. A method for securely transmitting data is provided, where the method includes: sending, by a user terminal, a resource access request carrying a first authentication header field to a server, where the first authentication header field includes a user identifier and a server identifier; and receiving a request response returned by the server, where the request response includes a second authentication header field and a message body, where the second authentication header field carries a third integrity digest, and the third integrity digest is obtained by the server by performing, after receiving the resource access request, calculation by using a third message-digest algorithm further according to a user password and message content; so that M2M transmission based on the CoAP protocol can be performed securely and reliably. | 10-02-2014 |
20140310530 | MESSAGE AUTHENTICATION METHOD IN COMMUNICATION SYSTEM AND COMMUNICATION SYSTEM - Each of ECUs counts the number of messages transmitted for each of CAN IDs. A transmission node that has transmitted a main message produces an MAC from a data field and the CAN ID in the main message and a counter value corresponding to the CAN ID, and transmits the MAC as an MAC message. A reception node that has received the main message produces an MAC from the data field and the CAN ID contained in the main message and the counter value corresponding to the CAN ID, and determines whether the MAC matches the MAC contained in the MAC message. By so doing, verification whether the main message is valid or not can be made. According to this configuration, message authentication by the MAC can be made without changing a CAN protocol. | 10-16-2014 |
20150012754 | SYSTEM FOR GENERATING A SECURITY DOCUMENT - A system for generating a security document includes a plurality of computing nodes forming a computing cluster, each computing node having a node identifier for uniquely identifying the node within the cluster, each node being capable of running multiple concurrent processes, and each process having a process identifier for uniquely identifying the process within the node,
| 01-08-2015 |
20150089236 | Real-Time Frame Authentication Using ID Anonymization In Automotive Networks - A real-time frame authentication protocol is presented for in-vehicle networks. A frame identifier is made anonymous to unauthorized entities but identifiable by the authorized entities. Anonymous identifiers are generated on a per-frame basis and embedded into each data frame transmitted by a sending ECU. Receiving ECUs use the anonymous identifiers to filter incoming data frames before verifying data integrity. Invalid data frame are filtered without requiring any additional run-time computations. | 03-26-2015 |
20150089237 | METHOD AND APPARATUS OF CIPHER COMMUNICATION FOR MANAGEMENT FRAME USING QUALITY OF SERVICE MECHANISM IN WIRELESS LOCAL AREA NETWORK SYSTEM - A method and apparatus are described for performing cipher communication in a wireless local area network system. A pseudo noise (PN) code sequence for a plaintext Medium Access Control (MAC) protocol data unit (MPDU) is obtained. An additional authentication data (AAD) is constructed by using at least one field in a header of the plaintext MPDU. A Nonce is constructed from the PN code sequence, an Address 2 field in the header of the plaintext MPDU and a Priority field in the header of the plaintext MPDU. A counter mode (CTR) is generated with cipher block chaining (CBC)-MAC Protocol (CCMP) header. Encrypted data and Message Integrity Code (MIC) are generated by using a temporal key, the AAD, and the Nonce. An encrypted MPDU is generated to be transmitted to a peer station by combining the plaintext MPDU header, the CCMP header, the encrypted data and the MIC. | 03-26-2015 |
20150095653 | METHOD AND APPARATUS OF CREATING APPLICATION PACKAGE, METHOD AND APPARATUS OF EXECUTING APPLICATION PACKAGE, AND RECORDING MEDIUM STORING APPLICATION PACKAGE - A non-transitory computer readable recording medium has stored thereon an application package including at least one file, the application package including an executable file created by compiling a program code, a manifest file including a hash value of the at least one file included in the application package, a digest information file including a hash value of the manifest file, a certificate file including a hash value of the digest information file, the hash value of the digest information file being digitally signed using a private key, security information including a public key corresponding to the private key, the security information being encrypted using an encryption key, and a native library including an application programming interface (API) configured to execute the executable file. | 04-02-2015 |
20150127949 | SYSTEM AND METHOD FOR INTEGRATED MESH AUTHENTICATION AND ASSOCIATION - Systems and methods for more efficient mesh associations are disclosed. In some aspects, a non-member device may join a mesh network via a four way message exchange with any member device of the mesh network. The four way message exchange between the mesh member device and the non-member device provides for authentication and association between the two devices. As a result of the four way message exchange, a common group key is provided to the non-member device. The common group key is utilized by all mesh member devices to encrypt and decrypt group addressed mesh messages exchanged between any of the mesh member devices. Association identifiers for each of the two devices are also provided during the exchange. PHY/MAC capabilities may also be exchanged. In some aspects, IP address assignment for the two devices may also be accomplished during the four way message handshake. | 05-07-2015 |
20150149786 | NETWORK STORAGE SYSTEM FOR A DOWNLOAD INTENSIVE ENVIRONMENT - A network storage system for a download intensive environment is provided. The network storage comprises at least a data storage server (DSS) that includes an interface enabling connection of the DSS to a network at a location that enables at least a view of network transactions performed by a plurality of clients; a storage unit; and a system adapted to monitor the network transactions occurring on the network and identification of the network transactions as belonging to a registered client of the DSS, and storing in the storage the transactions with an identification corresponding to the registered client. | 05-28-2015 |
20150295930 | DEVICE REGISTRATION, AUTHENTICATION, AND AUTHORIZATION SYSTEM AND METHOD - A system includes one or more processors to receive a registration request, the registration request comprising a representation of a username and a password, verify the username and the password and transmit a one-time-use password, receive the one-time-use password and first device identifier information from a mobile computing device, receive an access request from the mobile computing device comprising the representation of the username and the password, second device identifier information, and application key information, verify the username, the password, the second device identifier information, and the application key information, and transmit a token to the mobile computing device, and receive a resource request from the mobile computing device comprising the token and third device identifier information. | 10-15-2015 |
20150318995 | SELF-VALIDATING REQUEST MESSAGE STRUCTURE AND OPERATION - A method begins by a first device generating a self-validating message by creating a master key, using the master key to create a message encryption key, encrypting a message using the message encryption key to produce an encrypted message, encrypting the master key using a public key of a second device to produce an encrypted master key, and including a message authentication code of the first device in the self-validating message. The method continues by the second device receiving and decoding the self-validating message by verifying the message authentication code of the first device, and when the message authentication code of the first device is verified, decrypting the encrypted master key using a private key of the second device to recover the master key, using the master key to create the message encryption key, and decrypting the encrypted message using the message encryption key to recover the message. | 11-05-2015 |
20150326398 | METHOD AND DEVICE FOR COMMUNICATION SECURITY - A method of authenticating communication between a first and second device over an insecure communications network, in which the first device authenticates the second device using a communications protocol including a first communications phase through a first communications channel over the insecure communications network to establish a secure mode of communications between the first and second device, followed by a second communications phase of receiving information from the second device over a second communications channel, such as an empirical channel, and enabling a comparison between the information received from the second device with information generated by the first device thereby enabling authentication of the second device in the event of the information from both devices is consistent. | 11-12-2015 |
20150358322 | Generating and Using Ephemeral Identifiers and Message Integrity Codes - Systems and methods for generating and using ephemeral identifiers are provided. One example method includes determining, by one or more computing devices, a current time-count. The method includes determining, by the one or more computing devices, a time-modified identifier based at least in part on a static identifier and the current time-count. The method includes determining, by the one or more computing devices, an ephemeral identifier based at least in part on the time-modified identifier and a rotation key. One example system includes a plurality of beacon devices, at least one observing entity, and at least one verifying entity. | 12-10-2015 |
20150365411 | SYSTEMS AND METHODS FOR CREATING AND DISPLAYING AN ELECTRONIC COMMUNICATION DIGEST - Systems and methods are disclosed for creating an electronic communication digest. In one implementation, a system receives a first electronic communication including first content, and generates an electronic communication digest that reflects the first electronic communication by including first digest content generated based on the first content. The system receives a second electronic communication that includes second content, and determines a repeated portion of the second content that is included in the first content and a unique portion of the second content that is unique to the first content. The system also update the electronic communication digest to reflect the second electronic communication by adding second digest content generated that includes the unique portion of the content and does not include the repeated portion of the second content. | 12-17-2015 |
20150365425 | MESSAGE PROTECTION - In one example, message protection may include receiving a message, encrypting the received message, storing the encrypted message in a memory, authorizing one or more applications to handle the message, notifying authorized applications of receipt of the message, decrypting the encrypted message, and permitting one of the authorized applications to display the decrypted message. | 12-17-2015 |
20160044034 | REMOTE BLIND HASHING - A remote data protection network provides a blind hashing service. A blind hashing server receives a message such as a digest from a client, and uses the message to derive a set of indices or offsets into a huge block of random data that is maintained by the remote data protection network. The corresponding extents of data in the block are combined, e.g. using a hash or HMAC function, and then returned to the invoking client, e.g. as a salt. The message and response may be salted with a unique client salt. | 02-11-2016 |
20160050073 | ROBUST MAC AGGREGATION WITH SHORT MAC TAGS - Method of producing an aggregated message authentication code (MAC). The method comprises generating or receiving, in a computer processor, a first message and its first MAC tag (m | 02-18-2016 |
20160087798 | COMPUTATION OF HASH VALUE FOR A MESSAGE BASED ON RECEIVED PORTIONS OF THE MESSAGE - Hash values for a message may be computed by a receiving computer as portions of the message are received. In one embodiment, an intermediate hash value is computed for a portion of the message and a new intermediate hash value computed for each received portion of the message based on a previous intermediate hash value and the contents of the new received portion. When all portions of the message have been received, the final calculated intermediate hash value is the hash value for the entire message. In one embodiment, such a method of calculating a hash value may be based on the SHA-256 hash algorithm or other known or later developed hash algorithms. In one embodiment, the hash calculation for portions of received messages may be applied to keyed-hashing for message authentication (HMAC). | 03-24-2016 |
20160087948 | Secure Radio Information Transfer Over Mobile Radio Bearer - Providing secure radio information transfer over a mobile radio bearer by generating one or more secret keys, applying symmetric encryption to unencrypted radio information to generate encrypted radio information, applying a keyed hash operation to the unencrypted radio information using the generated one or more secret keys to generate a message digest, and transmitting both the encrypted radio information and the message digest over a network. | 03-24-2016 |
20160105483 | Method Used for Hypertext Transfer Protocol Network, and Broadband Network Gateway - Embodiments of the present invention provide a method used for an HTTP network, including: receiving, by a BNG, a first HTTP request sent by user equipment; adding, by the BNG, an identifier of the BNG to the first HTTP request, to obtain a second HTTP request; sending, by the BNG, the second HTTP request to an application server; receiving, by the BNG, a third HTTP request sent by the application server, where the third HTTP request includes location information of an image for creating a virtual machine; and obtaining, by the BNG, the image according to the location information, and creating, by the BNG, the virtual machine in the BNG according to the image. | 04-14-2016 |
20160127901 | AUTHENTICATING MESSAGES IN A WIRELESS COMMUNICATION - Methods, systems, and devices are described for wireless communication at a wireless station. Specifically, the present disclosure prevents a station from decrypting unauthorized messages transmitted by wireless device(s) impersonating an AP. In some examples, the AP may continuously and periodically alter the keys for each transmitted message transmitted to prevent malicious interference by unauthorized devices. In some examples, the method may use a symmetric cipher (e.g., Message Integrity Code) for a message using an undisclosed MIC key. | 05-05-2016 |
20160378457 | PROGRAM UPDATE SYSTEM AND PROGRAM UPDATE METHOD - A program update system and method that are able to verify the legitimacy of an update of a program executed on a vehicle side. An exterior device stores update data including an update control program for a control device targeted for updating and a computer program that implements means for calculating a digest value relating to the update control program, means for determining whether operation of the control device after the update is normal, and means for transmitting a result of the determination as a response. The control device to receives the update data that is transmitted from the exterior device via a relay device and updates the control program using the update control program included in the update data, and determines whether operation after the update is normal and transmits a result of the determination to the relay device by executing the computer program. | 12-29-2016 |
20160380770 | System and Method for Hash-Based Data Stream Authentication - An authentication system and a method of creating a secure check value used by the system to verify the integrity and authenticity of data. The authentication system comprises one or more processors, data stores, and network interfaces that can communicate among themselves and with other devices. The secure check value is created by combining some or all of a cryptographic digest with the data to be secured and then outputting a secure check value by using a checksum or hash. The secure check value is associated with the data and can be used to verify the integrity and authenticity of the data after transferring the data and check value to a different location or at some point in the future. | 12-29-2016 |
20180026790 | EVIDENCE SYSTEM AND METHOD TO DETERMINE WHETHER DIGITAL FILE IS FORGED OR FALSIFIED BY USING SMART PHONE AND SMART PHONE HAVING CERTIFICATION FUNCTION OF SMART PHONE SCREEN CAPTURE IMAGE AND METHOD THEREOF | 01-25-2018 |
20190149326 | KEY OBTAINING METHOD AND APPARATUS | 05-16-2019 |