Abstract: Methods and systems are provided for trusted key distribution. A key distribution or an identity service acts as an intermediary between participants to a secure network. The service provisions and manages the distribution of keys. The keys are used for encrypting communications occurring within the secure network.

Abstract: An encryption key distribution method for service and content protection in a mobile broadcasting system, and a system for the same which includes generating, by a network, a first encryption key when the broadcast service is first provided; transmitting a generalized rights object message, which includes identification information for identifying the generated first encryption key, to the terminal; generating a second encryption key before the lifetime of the first encryption key expires; and transmitting the generalized rights object message, which includes identification information for identifying the generated second encryption key, to the terminal.

Abstract: Disclosed is a method for secure communication between a plurality of electronic devices in a Near Field Communication (NFC) network, and a system for supporting the method. To this end, a first electronic device shares a plurality of keys with the at least one device among the plurality of electronic devices and selects a first key among the plurality of keys and exchanges data encrypted based on the first key with the at least one device among the plurality of electronic devices and replaces the first key with at least one key among the plurality of keys while exchanging the data after at least one predetermined criterion has been satisfied.

Abstract: A rekey index generation method and a rekey index generation apparatus are provided. The rekey index generation method includes inserting join information to a first field of a rekey index when new members join a group; and inserting node numbers, corresponding to each of the new members, into a second field of the rekey index for a receiver to select a necessary key from among transmitted encoded keys.

Abstract: A primary key may be used for a first attempt by a remote node to decrypt incoming messages from a master. In the event the decrypt attempt fails at the remote node, a secondary key may then be used to attempt to decrypt the message. Initially, the primary and secondary keys may be the same. A field tool, such as a hand-held programming unit operated by a technician at a remote node location, may change the secondary key, but may not cause any change to the primary key. The secondary key may remain so changed until a new primary key is verified and/or authenticated and the secondary key is overwritten with the new primary key. The primary key may only be changed/set by the master via an encrypted request. A technician may not use a field tool to change a primary key.

Abstract: A first device (e.g. smartphone) manages a first key (e.g. password) required for a security operation with a second device (e.g., WWW server) by calculating and storing a key seed using the first key and a second key shared with a third device (e.g., wireless headset). Later (e.g., upon losing communication with the third device), at least a portion of the first and second keys is/are erased to prevent the security operation. Subsequently (e.g., when communication with third device is reestablished), the first key is regenerated by (1) receiving a key hint from the third device, (2) regenerating the second key using the key hint and a known message used to create the key hint, and (3) regenerating the first key using the key seed and the regenerated second key.

Abstract: After a radio link is established between a mobile subscriber terminal and an access network, the subscriber is authenticated by a proxy server of an intermediate network forwarding, from the access network to a home network of the subscriber, authentication message(s) containing a subscriber identification. If the subscriber is authenticated and the subscriber identification is already stored in the proxy server, the proxy server assigns a group-specific mobile key to the subscriber identification. When the home agent receives a registration request message originating from a subscriber terminal and containing a subscriber identification and transmits a key request message, containing the subscriber identification, for a mobile key to the proxy server, if the subscriber identification in the key request message matches a subscriber identification stored by the proxy server, a mobile key for cryptographic protection of mobile signalling messages is provided to the home agent by the proxy server.

Abstract: The invention discloses a method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication center, EAC; respectively performing a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC according to the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the negotiated authentication mode, and generating a shared derived key according to the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the negotiated authentication mode, and generating a session key for protecting the service.

Abstract: A communication system for transmitting data of a first mobile station to a second mobile station includes a base station and a relay device. The base station is utilized for configuring an uplink and a downlink of the data to correspond to a first connection ID and a second connection ID respectively and for transmitting a traffic encryption key to the first and second mobile stations so that the first and second mobile stations share the traffic encryption key. The relay device is coupled to the base station and the first and second mobile stations via wireless communication, and utilized for receiving the data encrypted by the traffic encryption key and transferring the data of the first mobile station to the second mobile station according to the first and second connection IDs without going via the base station.

Abstract: A method for key distribution includes steps or acts of: deprecating a first key on a server; receiving a request from a client wherein the client request includes the deprecated key; verifying the client request by using the deprecated key provided in the client request to decrypt the client request; and sending a communication to the client advising that the first key has been updated. An additional step of sending instructions to the client on obtaining the updated key may also be provided. Additionally, instructions on obtaining the updated key may be sent to the client.

Abstract: Systems and methods for updating status of digital certificate subkeys. A request is made to a key server to verify if a given key is revoked. If it is not, then the key with its subkeys is acquired from the key server. If one or more subkeys or signatures of the subkeys are different in the acquired key, then the key is replaced.

Abstract: In a system including a postage printing device and a data center, wherein the postage printing device and the data center have a first set of keys for use in requesting and downloading a plurality of postage data records from the data center for use in printing postal indicia, a method of securely transferring the postage printing device and any postage value stored therein from a first user to a second user. According to the method, a new set of keys for requesting and downloading postage data records is generated, any current postage value stored in the printer device is securely transferred to the second user using the new keys and some of the first set of keys, and the first set of keys is zeroed, thereby protecting the first user from any potential theft or fraud of postage funds on the part of the second user.

Abstract: A network security system comprises a first component that generates an address for identifying a communicating device on a network. A second component receives the address generated by the first component and facilitates transitioning from an existent address to the generated address. Such transitioning is effectuated in order to protect the network against attack while providing seamless communications with respect to the communicating device.

Abstract: An entity bidirectional authentication method and system, the method involves: the first entity sends the first message; the second entity sends the second message to the credible third party after receiving the said first message; the said credible third party returns the third message after receiving the second message; the said second entity sends the fourth message after receiving the third message and verifying it; the said first entity receives the said fourth message and verifies it, completes the authentication. Compared with the conventional authentication mechanism, the invention defines an on-line retrieval and authentication mechanism of a public key, realizes the centralized management for it, simplifies the operating condition of the protocol, and facilitates the application and implement.

Abstract: In one embodiment, a Home Agent receives a Mobile IP registration request from a group member, where the group member is a Mobile Node. The Home Agent generates a mobility binding for the group member that associates the group member with a care-of address, wherein the group member is a member of one or more groups. The Home Agent generates a Mobile IP registration reply, where the Mobile IP registration reply identifies one or more key servers. Each of the one or more key servers serves at least one of the one or more groups and is adapted for distributing group cryptography material to members of each group that is served by the corresponding key server. The Home Agent sends the Mobile IP registration reply to the group member, thereby enabling the group member to obtain cryptography material for at least one of the one or more groups from at least one of the one or more key servers to enable the group member to use the cryptography group material to securely communicate with other group members.

Abstract: A system and method of mobile content sharing and delivery in an integrated network environment, comprising; a first mobile terminal serving as information provider, a home server, and a second mobile terminal serving as information receiver. The information of said first mobile terminal is transmitted to said second mobile terminal through said home server, and that information can be stored in said home server for direct downloading of file by said second mobile terminal in an asynchronous transmission manner; when said first mobile terminal moves and switches to another network environment, said second mobile terminal still can request and download said information through said home server. A double key protection scheme is further provided in safeguarding secure transaction of information.

Abstract: A multi-stage technique of establishing a plurality of secure strings of symbols is disclosed. In the first stage, the illustrative embodiment establishes a first-stage string of symbols with each other node. The first-stage strings are chosen from a first, small, key space, which means that they can be established more quickly than a highly secure key from a large key space. The advantage of the first-stage strings is that it enables the user to transmit secure messages more quickly than messages secured with highly secure strings. The disadvantage of the illustrative embodiment is that the first-stage strings are not as secure as strings from a larger key space. This disadvantage is mitigated, however, by the fact that the first-stage strings are only used for a short amount of time—until the second-stage strings are established in the second stage.

Abstract: A method and apparatus for updating a group key of a group corresponding to a binary tree are provided. The method includes updating keys of leaf nodes that correspond to new members, in response to a join of at least two new members joining the group; determining whether both of two child nodes of a single ancestor node are updated when updating a key of the single ancestor node of the leaf nodes; establishing one of the two child nodes as an update use node when both the two child nodes are updated; and updating a key of the ancestor node using the updating node. Thus, the group key may be effectively updated with respect to multi-join.

Abstract: A mail system having high security is realized by mounting TCP2 for mail communication between client apparatuses. The present invention relates to a mail communication system which is connected to a network and exchanges mails between client apparatuses provided with the existing mailers, and each client apparatus is mounted with a TCP2 driver. A TCP2 driver 34 includes a TCP2 core 36 and a mail system core 37 and an e-mail received via the network is processed in this TCP2 driver 34 and thereafter, is supplied to an existing mailer 31 of the client apparatus. In the mail system core 37 of the TCP2 driver 34, control of mail encryption and decryption, deletion of an unnecessary mail and the like is carried out.

Abstract: A method and system for dynamically changing password-keys in a secured wireless communication system includes initiating a password key change, generating a new password key, embedding the new password key and a password key indicator in a first message, encrypting the first message using an old password key, storing the new password key, sending the formatted encrypted first message over a wireless communication system, receiving a subsequent second message, and decrypting the subsequent second message using the new password key.

Abstract: In a typical peer-to-peer network, any user of the peer-to-peer network may request a lookup of a key and its associated value. To limit access to a stored key-value pair, a user node may generate a registration message for a key-value pair. The value may include the payload to be stored at the storage node, and an access list containing one or more retrieval identifiers indicating one or more users authorized to access the payload. In some cases, the registration message may also include an encrypted payload which is encrypted with a group key. The group key may be included in the registration message, and may be encrypted with an encryption key which is known by the authorized user.

Abstract: A communication apparatus that performs encrypted communication of data to an opposing apparatus, the communication apparatus comprising, a communication unit which uses an encryption key to perform encrypted communication of the data, a rekey unit which updates the encryption key; and a control unit which, after it is confirmed that communication using the encryption key after updating has been enabled, starts encrypted communication of the data using the encryption key after updating.

Abstract: In a procedure for a mobile station (UE) to perform handover from a cell under the control of a radio base station (NB) of an UTRAN scheme to a cell under the control of a radio base station (eNB) of an E-UTRA scheme, a switching center (MME) of the E-UTRA scheme receives, from and the radio base station (eNB) of the E-UTRA scheme, a handover request acknowledge message including a transparent container including a security algorithm of an AS used in a communication between the mobile station (UE) and the radio base station (eNB) of the E-UTRA scheme; and the switching center (MME) of the E-UTRA scheme transmits, to a switching center (SGSN) of the UTRA scheme, a NAS PDU including the transparent container, a security algorithm of a NAS and a security processing parameter of the NAS.

Abstract: Provided is a storage device which partitions data from a host into multiple partitioned data and distributes, encrypts and stores them together with a parity to and in multiple memory mediums. This storage device executes processing of restoring the partitioned data or the parity stored in a memory medium to be subject to encryption re-key based on decrypted data of the partitioned data or the parity stored in each memory medium other than the memory medium to be subject to encryption re-key among the multiple memory mediums, storing the restored partitioned data or the parity in a backup memory medium while encrypting the restored partitioned data or the parity with a new encryption key, and thereafter interchanging the backup memory medium and the memory medium to be subject to encryption re-key so that the backup memory medium will be a memory medium configuring the parity group and the memory medium to be subject to encryption re-key will be the backup memory medium.

Abstract: Protected content from a media source is transmitted via a wireless link using modified wireless encryption keys. Content to be delivered under a content protection scheme, e.g. High-bandwidth Digital Content Protection (HDCP), from a media source to a media sink is received at a wireless communication device. A content protection key, or a digital rights management (DRM) key, associated with the media sink is used to generate DRM modified wireless encryption keys. These modified wireless encryption keys are used to encrypt the wireless transmission using wireless encryption techniques, such an advanced encryption standard (AES) protocol, and transmit the encrypted content over a wireless link. The DRM modified keys can be used, for example to seed a Wi-Fi Protected Access (WPA) encryption engine in place of other keys normally used in the wireless encryption process, thereby effectively integrating the DRM content protection scheme with standard wireless encryption and transmission.

Abstract: A mobile terminal for securely communicating with a network includes a user identity module (UIM). The UIM is in operable communication with a user equipment module and includes a password provisioning module (PPM), a password generating module and a response generation module (RGM). The user equipment module includes a client application. The PPM is configured to store a password. The password generating module is in operable communication with the PPM and configured to generate the password. The RGM is in operable communication with both the client application and the PPM. The RGM is configured to generate an authentication response from the password in response to a request from the client application.

Abstract: A method and a system for personalizing electronic elements, by replacing, in a non-volatile memory of each of the electronic elements a first secret key with a second secret key, by a secure authentication module automatically generating the second key after having restored the first one from an identifier of the element being personalized, including conditioning, on the authentication module side, the provision of the second key to a current element to the reception of a message confirming the key replacement of at least one preceding element.

Abstract: In an information access system, a reader/writer device encrypts, with a first encryption key, an information request and a second encryption key to thereby generate first encrypted data, and encrypts the information request with the second encryption key to thereby generate second encrypted data, and transmits cyclically an information request signal that alternately carries the first encrypted data and the second encrypted data. An active contactless information storage device receives the information request signal and decrypts the encrypted data carried by the information request signal with one encryption key stored in its memory. When the second encryption key different from the one encryption key is contained in the decrypted data, the information storage device rewrites the one encryption key with the second encryption key.

Abstract: A system, method, and program for managing a user key used to sign a message for a data processing system having an encryption chip are disclosed. A user is assigned a user key. In order to encrypt and send messages to a recipient(s), the messages are encrypted with the user key. The user key, in turn, is encrypted with an associated key. The associated key is further encrypted using an encryption chip key stored on the encryption chip. The encrypted messages are communicated to a recipient to validate an association of the user with the encrypted messages. The associated key is decrypted with the encryption chip key. The user key is decrypted with the associated key, and the messages are decrypted with the user key. Thereafter, validation of the association of messages with the user is removed by revoking the associated key. In a preferred embodiment, encryption resources are centralized in a server system having the encryption chip.

Abstract: An apparatus, system, and method enable a new platform storage system to have access to an external storage system having data encrypted thereon by an existing platform storage system. Encryption information corresponding to the encrypted data in the external storage system is stored in a memory in the existing platform storage system. The encryption information stored in the memory of the existing platform storage system is transferred to an encryption table stored in the new platform storage system, so that the new platform storage system can read the encrypted data stored in the external storage system.

Abstract: The use of suitable measures in a method for agreeing on a security key between at least one first and one second communication station to secure a communication link is improved so that the security level for the communication is increased and the improved method can be combined with already available methods. A first parameter is determined from an authentication and key derivation protocol. In addition, an additional parameter is sent securely from the second to the first communications station. A security key is then determined from the first parameter and the additional parameter.

Abstract: An approach is provided that allows an administrator to set a new password at a wireless access point, such as a traditional WAP or a wireless router. The wireless access point creates a message that includes the new password. The message is encrypted using the old password that was previously set for the wireless network. The encrypted message is wirelessly transmitted from the wireless access point to the active client devices (those clients currently accessing the wireless network). The clients decrypt the message using the old password that was previously provided to the clients. The clients retrieve the new password from the message. The clients construct a new message that is encrypted using the new password. The new message is wirelessly transmitted from the clients to the wireless access device and serves as an acknowledgement.

Abstract: A method, system, and computer-readable storage medium containing instructions for controlling access to data stored on a plurality of storage devices associated with a first platform. The method includes authenticating a user to access the first platform, wherein the first platform includes first and second storage devices, chipset encryption hardware, and a memory. Data stored on the storage devices are encrypted, with first data on the first storage device being encrypted by the chipset encryption hardware and second data stored on the second storage device being encrypted by another encryption mechanism. The data are decrypted and the user is allowed to access the first data and the second data.

Abstract: A user private key is stored in a database of the user terminal. A user public key and user information are stored in the user management DB. The encryption/decryption unit encrypts an authority private key specific to a first authority given to a user, by using a user public key associated with user information to indicate a user. The secret sharing unit shares in secret an authority private key into two or more shared authority private keys. The encryption/decryption unit encrypts the shared authority private keys, by using an authority public key specific to each of second authorities to manage the first authority in a shared manner. The authority management DB stores the encrypted authority private key and authority public key in association with the first authority, and stores the encrypted shared authority private keys in association with the second authorities.

Abstract: A mobile communication method according to the present invention communicates between a mobile station (UE) and a radio base station (eNB) by using a certain key. The method includes the step of: (A) acquiring, at a radio base station managing a re-establishment target cell for the mobile station (UE), a first key (KeNB[n+1]) for generating a certain key from a switching center (MME) in a procedure for re-establishment of the mobile station (UE), the certain key to be used for communication between the mobile station (UE) and a next re-establishment target cell for the mobile station (UE).

Abstract: Methods and devices are provided for applying a ciphering configuration in a wireless communication network. The method includes initiating an entity reset procedure by a first entity in the wireless communication network; synchronizing Hyper Frame Numbers (HFNs) associated with the first entity and a second entity, respectively, during the entity reset procedure; and applying a new ciphering configuration by the first entity and the second entity, upon completing the entity reset procedure, without updating the synchronized HFNs associated with the first entity and the second network, respectively.

Abstract: An apparatus including a key mixing circuit, an input circuit, and a decapsulation circuit. The key mixing circuit generates a plurality of seeds, each based on a predetermined temporal key, a transmitter MAC address, and a predetermined start value for a Temporal Key Integrity Protocol (TKIP) Sequence Count (TSC). The input circuit receives a message including the transmitter MAC address and the predetermined start value. The key mixing circuit generates the plurality of seeds based on the message. The input circuit receives a plurality of encapsulated MAC Payload Data Units (MPDUs). The input circuit receives the message before receiving the plurality of encapsulated MPDUs. The decapsulation circuit decapsulates each of the plurality of encapsulated MPDUs using one of the plurality of seeds that was generated based on the value for the TSC in the respective one of the N encapsulated MPDUs.

Abstract: The present invention provides a method for a data encryption device to perform network communications, the method comprising obtaining an indexed array of encryption keys, wherein the indexed array of encryption keys is shared with a data decryption device; obtaining a message to be encrypted; using a first random or pseudorandom number to determine an index; obtaining a first key from the array of encryption keys, wherein the first key corresponds to the index; selecting a second key from the plurality of encryption keys; encrypting the message using the first key and a second random or pseudorandom number; encrypting the index using the second key and a third random or pseudorandom number; transmitting the encrypted message and the encrypted index to the data decryption device.

Abstract: An inventive system and method for intrusion-tolerant group management for a network is presented. The method comprises a client broadcasting a message request to controllers and validating the rekey messages received from the controllers, and controllers validating the client's broadcast message request and broadcasting proposals, collecting proposals, constructing threshold-signed proofs, updating the view umber, performing the client's message request, generating the rekey based on the valid proposals and transmitting the rekey to the client. Simultaneously, controllers send reconciliation messages to all controllers, based on which the membership state is updated. The client updates a shared key when a predetermined number of valid rekey messages are received. The controllers can communicate via a byzantine fault-tolerant agreement. The client can use its public key to decrypt the rekey and perform validation. The client's message request can be a join or a leave.

Abstract: A method and an apparatus for managing an HFN for ciphering/deciphering at an RNC of a mobile communication system are provided. In the method, a Timing Adjustment (ToA) value is received from a base station, and a Connection Frame Number (CFN) is corrected. Whether correction of the CFN has been generated within the same cycle is determined by comparing the correction CFN with an absolute CFN serving as a reference. An HFN value is changed or maintained depending on whether the CFN correction has been generated within the same cycle.

Abstract: A method, system and computer readable medium for protecting a communications device connected to a communications system against an unauthorized intrusion, including providing a variable identifier to the communications device and entities authorized access thereto. The variable identifier is provided to a user address book and assigned with a permanent identifier and the permanent identifier, but not the variable identifier, is available to a user. The presence or absence of the correct variable identifier is sensed during an attempt to access the communications device for granting or denying access to the communications device. A new variable identifier is periodically provided to the communications device and to the authorized entities and to the user address book and assigned with the permanent identifier, wherein the permanent identifier, but not the new variable identifier, is available to the user.

Abstract: The details of an apparatus and method for determining uplink ciphering activation time in universal mobile telecommunications system user equipment are disclosed herein. The ciphering activation time is determined for radio bearers other than RB2 by measuring the data rate on each target radio bearer during the time that it takes for a polling or RRC message sent from the user equipment UE to be acknowledged by the network UTRAN. For RB2, the uplink ciphering activation time is determined by taking into account the size of the RRC response message and the data already queued on RB2 for transmission.

Abstract: A system and method of mobile content sharing and delivery in an integrated network environment, comprising; a first mobile terminal serving as information provider, a home server, and a second mobile terminal serving as information receiver. The information of said first mobile terminal is transmitted to said second mobile terminal through said home server, and that information can be stored in said home server for direct downloading of file by said second mobile terminal in an asynchronous transmission manner; when said first mobile terminal moves and switches to another network environment, said second mobile terminal still can request and download said information through said home server. A double key protection scheme is further provided in safeguarding secure transaction of information.

Abstract: The present invention relates to a method for managing a group traffic encryption key (GTEK) in a wireless portable Internet system. In the method, for higher security of a group traffic service such as a multicast service, a broadcast service, and a multicast-broadcast service (MBS), a base station periodically generates and distributes a GTEK to a subscriber station served with the group traffic service. A lifetime of a group key encryption key (GKEK) used for encrypting a GTEK is set greater than that of the GTEK. That is, the GKEK is updated once while the GTEK is updated several times. According to the present invention, security for the group traffic service is increased while reducing radio resource consumption.

Abstract: Disclosed is a method for generating a Short Term Key Message (STKM) for protection of a broadcast service being broadcasted to a terminal in a mobile broadcast system. The method includes transmitting, by a Broadcast Service Subscription Management (BSM) for managing subscription information, at least one key information for authentication of the broadcast service to a Broadcast Service Distribution/Adaptation (BSD/A) for transmitting the broadcast service, generating, by the BSD/A, a Traffic Encryption Key (TEK) for deciphering of the broadcast service in the terminal and inserting the TEK into a partially created STKM, and performing, by the BSD/A, Message Authentication Code (MAC) processing on the TEK-inserted STKM using the at least one key information, thereby generating a completed STKM.

Abstract: A key agreement method is carried out by a first system in conjunction with a second system over a bidirectional communication path, including generating a first key pair having a first public key and a first private key, sending the first public key to the second system, receiving a second public key generated by the second system, and calculating a master key based upon the first private key, the second public key, a long-term private key, and a long-term public key. The long-term private key was generated by the first system during a previous key-agreement method as part of a long-term key pair. The long-term public key was generated by the second system and received during the previous key-agreement method. The previous key-agreement method required a secret to be known to the first system and the second system, thus conferring authentication based on the secret to the long-term public key.

Abstract: Provided are a method, system, and article of manufacture for rekeying encryption keys for removable storage media. A rekey request is received for a coupled removable storage media, wherein encryption on the coupled removable storage media uses a first key and wherein the rekey request indicates a second key. The first key and the second key are accessed in response to the rekey request. The first key is used to perform decryption for the coupled removable storage media and the second key is used to perform encryption for the coupled removable storage media.

Abstract: A communication apparatus includes display control means for displaying a secret information image containing secret information, and secret information image generation means for, upon receiving a notification signal indicating that a preparation for shooting is completed from another communication apparatus, instructing the display control means to display the secret information image. Note that the display control means displays a predetermined dummy image, and the notification signal is a notification signal indicating that a shooting preparation has been completed based on the dummy image. Further, when the secret information image generation means receives a notification signal indicating that secret information contained in a secret information image is obtained from another communication apparatus, the secret information image generation means instructs the display control means to stop displaying the secret information image.

Abstract: Exemplary embodiments of methods and apparatuses to provide shielding from key cracking in wireless networks are described. In one embodiment, a first frame having a first content is identified. Determination is made whether the first frame needs to be shielded. A second frame having at least a portion of the first content is transmitted in response to determining that the first frame needs to be shielded. The first frame has data encrypted with a first encryption and the second frame has data encrypted with a second encryption.

Abstract: A method of handling security key change for a user equipment in a wireless communication system includes applying a radio resource control procedure to activate key change, where the radio resource control procedure covers two conditions where the key change is accompanied with an authentication and key agreement run and without an authentication and key agreement run.