Abstract: Various embodiments include a first node for providing a function to a second node for evaluation, the first node configured to form a first plurality of garbled circuits for the function, each circuit being formed from a circuit representing the function and a respective set of wire keys and including one or more logic operations, one or more input wires for inputting data into the circuit and one or more output wires for outputting the result of the function, wherein each respective set of wire keys comprises a respective subset of wire keys for each input wire and each output wire, each subset of wire keys comprising a plurality of wire keys, each wire key in the plurality being associated with a possible value for the wire; and publish a first list of the first plurality of garbled circuits for the function for access by a plurality of second nodes.

Abstract: Provided is a method for computer-aided obfuscation of program code, wherein a plurality of calculation steps is implemented in the program code, wherein predetermined calculation steps of the plurality of calculation steps are retrieved in a predetermined order with the execution of the program code, and at least some of the predetermined calculation steps are predefined calculation steps in which a respective first table that is stored in the program code and includes of a plurality of digital first tabular values is accessed in order to read a first tabular value required for the respective predefined calculation step from the first table. As part of the obfuscation of the program code, a dynamic mask formed by a plurality of digital mask values is used, wherein, for any predefined calculation step, another mask value is used to replace the first tabular value from the first table with a second tabular value.

Abstract: The system comprises a sending entity (100) and a receiving entity (200). The sending entity (100) is suitable for generating a random mask (MA) with m bits; applying an XOR operation between the raw data block to be encrypted (T) and the random mask (MA) thus generated to obtain a primary encrypted block (CPV) with m bits; and applying a permutation (PE) on the concatenation of the random mask (MA) and the primary encrypted block (CPV) to obtain a secondary encrypted block (CS). The receiving entity (200) is suitable for receiving the secondary encrypted block (CS) of 2*m bits; applying an inverse permutation (PI) on the secondary encrypted block thus received to obtain the de-concatenation of a random mask (MA) and a primary encrypted block (CPV) with m bits; and applying an XOR operation between the primary encrypted block (CPV) and the random mask (MA) thus de-concatenated to obtain a block in clear (T) with m bits.

Abstract: Embodiments of the invention relate to systems and methods for providing an anonymization engine. One embodiment of the present invention relates to a method comprising receiving a message directed at a recipient computer located outside a secure area by a privacy computer located within a secure area. The privacy computer may identify private information using a plurality of privacy rules and anonymize the message according to the plurality of privacy rules. Another embodiment may be directed to a method comprising receiving a request for sensitive data from a requesting computer. An anonymization computer may determine a sensitive data record associated with the request and may anonymize the sensitive data record by performing at least two of: removing unnecessary sensitive data entries from the sensitive data record, masking the sensitive data entries to maintain format, separating the sensitive data entries into associated data groupings, and de-contexting the data.

Abstract: A method and apparatus for energy-optimized data transmission by OPC UA protocol in radio networks is disclosed. When OPC UA communication is operated in a mobile device, e.g. as mobile access to part of a plant for maintenance, monitoring, parameterization, transmission is frequently implemented by the OPC UA's own request-response based communication behavior. Since the device is rarely able to switch off the transmitter, the battery of the device is very quickly discharged. This poses a problem, particularly in the case of devices that are intended to respond promptly to infrequent warnings or events. However, when a client device is intended to provide notification in relation to one event only, the previous polling, i.e. the periodic interrogation is dispensed with and an alternative notification through means inherent in the mobile network is used. This method uses, for example, a mobile push service supplied by the network provider.

Abstract: Multiple authentication procedures enhance security of Internet transactions. For example, a request is received from a customer to access a service. A first authentication request is sent to the customer for first authentication information. A second authentication request may be sent to the customer for second authentication information. The method then enables the customer to proceed with accessing the service if the second authentication information is received.

Abstract: Embodiments of techniques and systems associated with roots-of-trust (RTMs) for measurement of virtual machines (VMs) are disclosed. In some embodiments, a computing platform may provide a virtual machine RTM (vRTM) in a first secure enclave of the computing platform. The computing platform may be configured to perform an integrity measurement of the first secure enclave. The computing platform may provide a virtual machine trusted platform module (vTPM), for a guest VM, outside the first secure enclave of the computing platform. The computing platform may initiate a chain of integrity measurements between the vRTM and a resource of the guest VM. Other embodiments may be described and/or claimed.

Abstract: Embodiments of the invention relate to systems and methods for providing an anonymization engine. One embodiment of the present invention relates to a method comprising receiving a message directed at a recipient computer located outside a secure area by a privacy computer located within a secure area. The privacy computer may identify private information using a plurality of privacy rules and anonymize the message according to the plurality of privacy rules. Another embodiment may be directed to a method comprising receiving a request for sensitive data from a requesting computer. An anonymization computer may determine a sensitive data record associated with the request and may anonymize the sensitive data record by performing at least two of: removing unnecessary sensitive data entries from the sensitive data record, masking the sensitive data entries to maintain format, separating the sensitive data entries into associated data groupings, and de-contexting the data.

Abstract: The described embodiments relate to methods, systems, and products for providing data protection and encryption on a plurality of devices configured for electronic communication with a server. Specifically, the methods, systems, and products can automatically and securely synchronize a user's file encryption/decryption keys across a plurality of devices, authenticating the user on each device before receiving and processing information from the server necessary to recreate the user's file encryption/decryption keys.

Abstract: A method and apparatus for providing authentication are disclosed. For example, the method receives a request from a customer to access a service via a first user endpoint device, and sends a first authentication request to the customer for first authentication information. The method then sends a second authentication request to the customer for second authentication information via a second user endpoint device if the first authentication information is received, wherein the first user endpoint device is different from the second user endpoint device. The method then enables the customer to proceed with accessing the service if the second authentication information is received.

Abstract: An electronic document encrypting system 200, for accomplishing an object of providing a system capable of distributing an electronic document containing important information with a browsing restriction being set and information with none of the browsing restriction being set without removing the important information, includes: an encryption area extracting unit 19 extracting an encryption target area from an electronic document; a digital image generating unit generating a digital image on the basis of the area extracted by the encryption area extracting unit in the electronic document; an encrypting unit 11 encrypting the digital image generated by the digital image generating unit 15 on the basis of an encryption key; and an encrypted electronic document generating unit 12 generating an encrypted electronic document in which when the electronic document is output, in place of the extracted information, an encrypted image encrypted by the encrypting unit 11 is output to an area to which the information ex

Abstract: In accordance with an example embodiment of the present invention, a first bit sequence of a first length is assigned to a first group of signaling bits. Further, a second bit sequence of a second length is assigned to a second group of signaling bits. The first bit sequence is scrambled with a first scrambling sequence, and the second bit sequence is scrambled with a second scrambling sequence different from the first scrambling sequence. A first and a second orthogonal frequency-division multiplexing (OFDM) symbol are assigned to the first and the second scrambled bit sequences respectively, and the first and second orthogonal frequency-division multiplexing (OFDM) symbols are transmitted as synchronization symbols of a data frame. Further, a corresponding method for receiving the data frame, and apparatuses for transmission and reception are disclosed.

Abstract: Apparatus and method for synchronizing encryption keys among a cluster of security appliances and stand alone lifetime key management, LKM, appliances. The cluster includes security appliances where new encryption keys are generated and assigned to an SNS ID with an SNS CTR (counter). The security appliances inside a cluster have local sequence counters and share their keys. One security appliance is a coordinator with which the LKMs will synchronize. Each LKM also has a SNS ID and local sequence counter from which increasing sequence numbers are generated. In each security appliance in a cluster, the up-to-date stored sets of keys are organized with respect to SNS IDs and SNS CTRs associated with the other cluster members. The object keys are stored in the SNS space and a peer map associates a given peer with a given SNS ID, and version numbers are assigned and incremented when a key is modified.

Abstract: A method for capturing a user's view of an electronic screen having an error message in a health management application without showing private information of the user includes receiving an error message from a web service responding to a request for a web page by the user. The method includes receiving an electronic file of the web page with the error message, redacting private information of the user from the electronic file to create a redacted electronic file, and storing the redacted electronic file in a support log module.

Abstract: A method and system for authenticating a user receiving device to communicate with a partner service device includes a primary service provider. A user receiving device generates a request for a first encrypted token. The user receiving device communicates the request for the first encrypted token to an authentication web service of the primary service provider. The authentication web service generates the first encrypted token. The primary service provider communicates the first encrypted token to the user receiving device. The user receiving device communicates the first encrypted token to the partner service provider. The partner service provider communicates data to the user receiving device after receiving the first encrypted token.

Abstract: A self-synchronizing cryptographic device can be shared among a plurality of communications links. Blocks of data can be transferred to the cryptographic device, wherein each block of data includes a head portion which is the tail portion of a previous block of data for the same communication link. The head/tail portion is sufficient to reestablish cryptographic synchronization of the cryptographic device.

Abstract: A method and system for authenticating a partner service provider and a primary service provider includes a network and, a partner service provider generating a request for a first encrypted token from a partner service provider and communicating the request to the network. An authentication web service receives the request for the first encrypted token from the network and generates the first encrypted token. The partner service provider generates a request for data with the first encrypted token and communicates the request for data to the network. A data web service receives the request for data and communicates the request for data from the data web service to the authentication web service. The authentication web service validates the request for data and communicates a validation result to the data web service. The data web service communicates data to the partner service provider from the data web service after validating.

Abstract: A system and method is set forth for communicating between a user network device, a partner service provider, a primary service provider and a user network device. The user network device initiates an account set-up page from the partner service provider, provides primary service account data in response to the account setup page and communicates the primary service account data to the primary service provider setup web service. The primary service provider validates the primary service account data and generates an encrypted token in response to validating the primary service account data. The user network device generates a request for data through a partner service provider. The partner service provider communicates the request for data with the encrypted token to the primary service provider. The primary service provider validates the request for data at the authentication web service and communicates data to the client device from a data web service through the partner service provider after validating.

Abstract: A method of displaying an image includes generating a contract in the display engine, transferring the contract to the memory controller before the end of a sweep, generating a contract amendment in response to changes in the display engine, transferring the contract amendment to the memory controller, making a decision whether the contract amendment can be processed, fetching data from the memory controller according to the contract incorporating the contract amendment if the decision is that the contract amendment can be processed, sending the fetched data to the display engine in an isochronous stream; and processing the fetched data using the display engine.

Abstract: Systems and methods for authenticating access to multiple data stores substantially in real-time are disclosed. The system may include a server coupled to a network, a client device in communication with the server via the network and a plurality of data stores. The server may authenticate access to the data stores and forward information from those stores to the client device. An exemplary authentication method may include receipt of a request for access to data. Information concerning access to that data is stored and associated with an identifier assigned to a client device. If the identifier is found to correspond to the stored information during a future request for access to the store, access to that store is granted.

Abstract: The present invention relates to a method of generating a downlink frame. The method of generating the downlink frame includes: generating a first short sequence and a second short sequence indicating cell group information; generating a first scrambling sequence and a second scrambling sequence determined by the primary synchronization signal; generating a third scrambling sequence determined by the first short sequence; scrambling the first short sequence with the first scrambling sequence and scrambling the second short sequence with the second scrambling sequence and the third scrambling sequence; and mapping the secondary synchronization signal that includes the scrambled first short sequence and the scrambled second short sequence to a frequency domain.

Abstract: Methods, systems, and products are disclosed for specifying a signature for an encrypted packet stream. One method receives the encrypted stream of packets, and encryption obscures the contents of a packet. A signature for insertion into the stream of packets is specified, and the signature identifies a type of data encrypted within the stream of packets. The signature identifies the contents of the packet despite the encryption obscuring the contents.

Abstract: An image scanning system includes an image scanner and a terminal device connected with the image scanner. The terminal device accepts a password, stores an image encryption key, encrypts the image encryption key with the password, sends the encrypted image encryption key to the image scanner, receives image data encrypted from the image scanner, and decrypts the image data encrypted using one of the image encryption key and an image decryption key corresponding to the image encryption key. The image scanner receives the encrypted image encryption key from the terminal device, accepts a password, decrypts the encrypted image encryption key with the password, performs document scanning to create image data, encrypts the image data using the image encryption key decrypted, and sends the image data encrypted to the terminal device.

Abstract: A secure computing device (14) includes a secure processing section (30) having a tamper detection circuit (58) and a monotonic counter (68). The tamper detection circuit (58) detects an event which suggests that the trust associated with the secure processing section (30) may have been compromised. When such an event is detected, a security breach is declared and trusted software (38) is disabled. After a security breach is declared, the monotonic counter (68) may be reclaimed. The monotonic counter (68) provides a monotonic count value (70) that includes an LSB portion (80) and an MSB portion (82). The LSB portion (80) is obtained from a binary counter (72). The MSB portion (82) is obtained from a register (84) of independent one-time-programmable bits. The monotonic counter (68) is reclaimed by programming one of the one-time programmable bits to guarantee that future counting of the monotonic counter will be monotonic relative to all past counting.

Abstract: A method of displaying an image includes generating a contract in the display engine, transferring the contract to the memory controller before the end of a sweep, generating a contract amendment in response to changes in the display engine, transferring the contract amendment to the memory controller, making a decision whether the contract amendment can be processed, fetching data from the memory controller according to the contract incorporating the contract amendment if the decision is that the contract amendment can be processed, sending the fetched data to the display engine in an isochronous stream; and processing the fetched data using the display engine.

Abstract: In a recording medium, a device administration program for making a computer execute the following steps using a usage restriction definition file is recorded. The usage restriction definition file is capable of defining at least one administration function among a plurality of administration functions of a device and includes a device password for obtaining an authentication of the device. The steps comprises a step of reading a usage availability definition information of the administration functions and the device password from the usage restriction definition file, a step of transmitting the read device password to the device, a step of recognizing usage availabilities of a plurality of administration functions of the device based on the read definition information, and a step of executing processing for using only usage available administration function based on the recognized results.

Abstract: A communication system provides a clear channel link for transport of encrypted payload across a network of the communication system. When a source access network receives, via an air interface, a frame that is formatted pursuant to an air interface protocol and that comprises encrypted payload, the source access network demultiplexes the frame to separate the encrypted payload and assembles an Intersystem Link Protocol (ISLP) frame that comprises the encrypted payload. The source access network adds a link layer header to the ISLP frame that identifies one or more of frame type information and a sequence value associated with the frame and conveys the ISLP frame and added header across the network, for example, to a destination access network. Based on the added header, the source and destination access networks are able to perform clear channel synchronization.

Abstract: An encrypted data communication system for communicating an encrypted stream as an encrypted data stream from a device at transmitting end to a device at receiving end to suppress the effect of an erroneous detection of a dummy code is disclosed. A device at transmitting end generates a data stream having the bit sequence of a marker for determination, a synchronization marker and a location identification code after the data, encrypts the bit sequence of the data and the marker for determination and transmits the encrypted stream. A device at receiving end receives the encrypted stream, detects the bit sequence of the synchronization marker and the location identification code and decrypts the encrypted stream. In the case where the bit sequence of the data and the marker for determination is decrypted, the detection of the valid bit sequence is determined, while the detection of a dummy bit sequence is determined otherwise.

Abstract: A method and system of selectively and securely enabling an added or premium functionality in a printer can be created by transmitting or inputting to the printer an electronic key correlated to the unique serial number stored in that printer. In this way, the key used to activate an added or premium functionality in a particular printer cannot be used to activate the same functionality in any other printer. This prevents the unauthorized activation of added or premium functions in other printers.

Abstract: A satellite-based digital audio radio (SDAR) receiver is configured to temporarily store data that may be transmitted to the SDAR receiver at a time inconvenient to the subscriber. A memory arrangement buffers data output by a channel decoder. The SDAR receiver can use the buffered data prior to using any currently transmitted data. The buffered data is associated with buffered timing information that lags behind the current timing information associated with the currently transmitted data. The buffered data is available for use only once before a decryption subsystem receives the current timing information. If the subscriber uses the currently transmitted data, the decryption subsystem receives the current timing information. The decryption subsystem decrypts only data that is associated with timing information that is no earlier than the latest timing information received by the decryption subsystem.

Abstract: Encryption and decryption sites are initially assigned identical one time Vernam like pads, (OTP), and each site is provided with identical compendiums of byte modifying instructions identified by instruction IDs. Encryption is implemented by a random first subset of instructions applied to the current OTP to generate a new OTP. A second subset of random instructions is applied to the message for encryption. The list of IDs of the first subset of instructions is XORed with the current OTP. The list of IDs of the second subset of instructions and the encrypted message are each XORed with the new OTP and all XORed outputs are concatenated into the payload. Decryption is implemented by applying the encryption steps to the payload in reverse order to recover the message and new OTP. A secure, new OTP is therefore available both at the encryption and decryption sites without having been transmitted.

Abstract: A method and architecture allowing a remote user, especially an Internet remote user, to securely access private resources protected by a firewall. The architecture comprises a computer facility and many remote user terminals connected via the Internet. The computer facility comprises a security server that controls a security database. The firewall comprises a centralized security means, which is under the control of a security server and is arranged to authenticate remote users and to provide a security profile describing all resources a user may access with a single sign-on data during a single session. A user's terminal further includes a device to generate one-time passwords and the computer includes a device to decode the passwords. The accessed resources may be servers or logical units acceded though protocols having a notion of authentication.

Abstract: A facsimile apparatus is provided with changeover means that makes it possible to pass signals through or to bypass a coder, which encrypts transmission information, and a decoder, which decodes encrypted information that has been received. Whether or not a facsimile apparatus belonging to another party has an encrypting/decoding processing function is verified by a pre-procedure signal. If the other party's apparatus possesses an encrypting/decoding processing function, control is performed in such a manner that encrypting/decoding processing is applied solely to an image signal and a training-check signal transmitted before transmission/reception of the image signal, and encrypting/decoding processing is not applied to a procedure signal which accompanies transmission reception transmission/reception of the image signal.