Abstract: A fetch unit fetches a sequence of blocks of encrypted instructions of an encrypted program from an instruction cache at a corresponding sequence of fetch address values. While fetching each block of the sequence, the fetch unit generates a decryption key as a function of key values and the corresponding fetch address value, and decrypts the encrypted instructions using the generated decryption key by XORing them together. A switch key instruction instructs the microprocessor to update the key values in the fetch unit while the fetch unit is fetching the sequence of blocks. The fetch unit inherently provides an effective decryption key length that depends upon the function and amount of key values used. Including one or more switch key instructions within the encrypted program increases the effective decryption key length up to the encrypted program length.

Abstract: A system and method for securely storing and transmitting digital information includes a computing device connected to at least one of a network device or a storage device or both. The system and method also includes a communication network connected to the at least one of a network device or the at least one of a storage device, or both.

Abstract: A system and method for generating a non-repudiatable record of a communications data stream is provided, which is applicable to real-time and quasi-real-time data streams. A binary communication data stream is captured and segmented into defined frames. A key frame is generated for each of a number of data frames containing integrity and authentication information. The key frame is inserted into the data stream to provide an authenticated data stream.

Abstract: In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of sequenced rounds, the cipher is hardened against attack by a protection process. The protection process uses block lengths that are larger or smaller than and not an integer multiple of those of an associated standard cipher, and without using message padding. This is operative in conjunction with standard block ciphers such as the AES, DES or triple DES ciphers, and also with various block cipher cryptographic modes such as CBC or EBC.

Abstract: Conventional block ciphers that traffic in 128-bit block sizes are ill-suited for operating in small domains like credit card numbers. Some embodiments relate to techniques for constructing and speeding up practical and provably secure schemes for deterministically enciphering data from a small domain like credit card numbers using a conventional block cipher or other pseudorandom function.

Abstract: The aim of the present invention is to propose a method for providing attribute-based encryption for conjunctive normal form (CNF) expressions, the said CNF expression comprising at least one clause over a set of attributes, the said method using a key generation engine, an encryption engine and a decryption engine.

Abstract: A scalable and efficient array encryption architecture is provided for encrypting data with a cryptographic algorithm using a variable number of encryption cores. The architecture can be implemented as circuitry in a fixed logic device, or can be configured into a programmable integrated circuit device such as a programmable logic device (PLD). An input arbitration logic circuit may schedule timeslots within the encryption cores to maximize system bandwidth. Each one of the encryption cores may use a plurality of pipelined registers and may support simultaneous encryption operations of multiple data blocks. Each core may provide timeslot availability signals to indicate current or anticipated availability of a timeslot for processing data in that core. The same top-level design may be used for different choices of processing depth, parallelism level, and/or system throughput.

Abstract: There is provided an encryption apparatus including an idle data inserting unit that takes input of a frame including a fixed-length header and a variable-length payload and an encrypting unit that receives an output of the idle data inserting unit. If the length of a block to be processed, included in the payload, is less than a predetermined value, the idle data inserting unit appends idle data following the block and transmits the frame including the block padded with the idle data to the encrypting unit.

Abstract: A method for improving the performance of data storage and transmission systems involves applying a transformation to one or a plurality of aligned data segment(s) prior to or subsequent to the execution of data management operations. The transformation effectively reduces the number of bits in the data segment that must be employed by the data management operation processing. Data management operations performed on a data segment may include but are not limited to cryptographic security operations and data comparison operations. Since the computation requirements of data management operations can decrease as the bit lengths of input data decrease, the transformation can reduce the latencies of data management operations in hardware or software. Furthermore, performing the transformation on a data segment does not reduce the number of bits needed to encode the data segment, thus maintaining the alignment of a plurality of data segments.

Abstract: A method for securely communicating a message from a source node to a destination node over a network can comprise the steps of converting the message into an initial bit sequence, pre-processing the initial bit sequence by a modulo adding the initial bit sequence with an auxiliary key message, constructing a reduced network, determining a multitude of paths from the source node to the destination node over the reduced network, constructing an expanded bit sequence comprising the initial bit sequence and the auxiliary key message, splitting the expanded bit sequence into two or more parts, transmitting the two or more parts of the expanded bit sequence over two or more paths of the multitude of paths, re-assembling the two or more parts of the expanded bit sequence at the destination node, and recovering the initial bit sequence by modulo adding the expanded bit sequence with the auxiliary key message.

Abstract: A method includes, in a data storage device, receiving data having a particular proportion of zero values and one values and scrambling the data to generate scrambled data that has the particular proportion of zero values and one values.

Abstract: An encryption/decryption method of an endecryptor including a plurality of endecryption units supporting an XES mode with tweak and ciphertext streaming (XTS) includes dividing an input data stream into consecutive data units; inputting the divided data units to the endecryption units, respectively; and simultaneously processing the input data units at the respective endecryption units. According to the encryption/decryption method, parallel processing is performed to encrypt/decrypt data at higher speed.

Abstract: A method of protecting a circuit from attacks aiming to discover secret data used during the execution of a cryptographic calculation by the circuit, by, executing a transformation calculation implementing a bijective transformation function, receiving as input a secret data, and supplying a transformed data, executing a cryptographic calculation receiving as input a data to process and the transformed data, and executing an inverse transformation calculation receiving as input the result of the cryptographic calculation, and supplying a result that the cryptographic calculation would have supplied if it had been applied to the data to process and directly to the secret data, the data to process belong to a stream of a multiplicity of data, the transformed data being supplied as input to the cryptographic calculation for all the data of the stream.

Abstract: There is provided a highly secure cryptographic processing apparatus and method where an analysis difficulty is increased. In a Feistel type common key block encrypting process in which an SPN type F function having a nonlinear conversion section and a linear conversion section is repeatedly executed a plurality of rounds. The linear conversion process of an F function corresponding to each of the plurality of rounds is performed as a linear conversion process which employs an MDS (Maximum Distance Separable) matrix, and a linear conversion process is carried out which employs a different MDS matrix at least at each of consecutive odd number rounds and consecutive even number rounds. This structure makes it possible to increase the minimum number (a robustness index against a differential attack in common key block encryption) of the active S box in the entire encrypting function.

Abstract: At least one of a keystream and a message authentication code are generated with a partial KASUMI block cipher, without utilizing a full KASUMI block cipher.

Abstract: A system is provided that uses identity-based encryption (IBE) to allow a sender to securely convey information in a message to a recipient. A service name such as a universal resource locator based at least partly on the name of an organization may be associated with a local key server at the organization and a public key server external to the organization. Users at the organization may use the service name to access the local key server to obtain IBE public parameter information for performing message encryption and to obtain IBE private keys for message decryption. External to the organization, users may obtain IBE public parameter information and IBE private keys from the public key server using the same service name. The local key generator and the public key generator may maintain identical copies of the same IBE master secret.

Abstract: Data is transmitted between a first user and a second user via an information technology communications network, in a method comprising the steps of: generating a first hash value for a selected one of the data items; digitally signing and encrypting the first hash value with a secret identifier associated with the first user; transmitting to a second user the encrypted first hash value; receiving and storing the transmitted encrypted first hash value for audit purposes and generating a second hash value for the received encrypted first hash value; encrypting the second hash value with a private identifier associated with a second user and a public identifier associated with the first user; and returning the encrypted second hash value to the first user.

Abstract: A branch target address cache (BTAC) caches history information associated with branch and switch key instructions previously executed by a microprocessor. The history information includes a target address and an identifier (index into a register file) for identifying key values associated with each of the previous branch and switch key instructions. A fetch unit receives from the BTAC a prediction that the fetch unit fetched a previous branch and switch key instruction and receives the target address and identifier associated with the fetched branch and switch key instruction. The fetch unit also fetches encrypted instruction data at the associated target address and decrypts (via XOR) the fetched encrypted instruction data based on the key values identified by the identifier, in response to receiving the prediction. If the BTAC predicts correctly, a pipeline flush normally associated with the branch and switch key instruction is avoided.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: The present invention is directed to a game apparatus, system and method for improving in-game communications, more specifically a game apparatus, system and method for allowing players to dynamically transmit and receive communications in real-time from their coaches and/or other players on or off the field concerning game play instructions to be effected on the field or court. The system and method of the invention includes a headgear being provided to at least one player, where the headgear includes a game apparatus equipped with a circuit board, electrical wiring, battery, antennae, microprocessor, communications means and displaying means all enclosed within a housing that is affixed to the headgear. The communication means receives in real-time an encrypted signal containing a game play instruction intended for execution on the field during a game.

Abstract: A database encryption system and method, the Structure Preserving Database Encryption (SPDE), is presented. In the SPDE method, each database cell is encrypted with its unique position. The SPDE method permits to convert a conventional database index into a secure one, so that the time complexity of all queries is maintained. No one with access to the encrypted database can learn anything about its content without the encryption key. Also a secure index for an encrypted database is provided. Furthermore, secure database indexing system and method are described, providing protection against information leakage and unauthorized modifications by using encryption, dummy values and pooling, and supporting discretionary access control in a multi-user environment.

Abstract: An apparatus for encrypting and recording a broadcasting program includes a packet input unit configured to receive packets of a broadcasting program to be recorded and sequentially output the packets, an encryption selector configured to receive the packets sequentially output from the packet input unit, selectively output the received packets to a first path and to a second path, wherein packets to be encrypted are output to the first path and packets not to be encrypted are output to the second path, an encryption processor configured to encrypt the packets output to the first path based on a predetermined encryption method, and a storing unit configured to store the encrypted packets from the encryption processor or store the packets output to the second path.

Abstract: An initialization vector (IV) is employed to decrypt a block of a stream that has been encrypted with Cypher Block Chaining (CBC) encryption, without requiring decryption of previous blocks within the stream. For example, a listener who accesses a distribution point to retrieve encrypted content authenticates himself to an application server that regulates access to encrypted content on the distribution point, and responsively receives a key. The listener then requests access to a reference point within the encrypted content stream somewhere after its beginning (e.g., using preview clips). The distribution point relates the reference point to a corresponding block of the encrypted stream, and identifies an IV previously used for encryption of that block. The distribution point provides the associated encrypted block of content and the IV to the listener to enable mid-stream rendering of the encrypted content, without requiring the listener to decrypt previous blocks within the encrypted stream.

Abstract: A method for symmetric receive-side scaling (RSS) in a network device having an ingress side RRS router and an egress side RSS router and a plurality of queues for handling packets. The method comprises identifying an internet protocol (IP) version being used for the network. The transport layer headers (TLHs) existence status is identified. A secret key by each of the egress side RSS router and the ingress side RSS router is identified. The key is based on the identification of the IP version and the TLHs existence status. The secret key ensures that packets sent from a source to a destination and packets sent from the destination to the source are routed by the egress side RSS router and the ingress side RSS router to a common queue among the plurality of queues. The secret key is stored at a storage in the network device. The secret key is used by the ingress side RSS router and the egress side RSS router for routing packets.

Abstract: An apparatus (14-1, 50) for encrypting image data is disclosed, which includes: a processor (42) configured to divide encoded still image data or video data into a first element (a) and a second element (b); generate a first key (k1); generate a second key (k2) for at least every one image of the still image data or video data; encrypt a first portion (b1) of the second element (b) of the image using the first key (k1) and the second key (k2) corresponding to the at least one image; replace a second portion (b2) of the second element (b) of the at least one image other than the first portion (b1) with the second key (k2) corresponding to the image; and compose the first element (a) of the image, the encrypted first portion (b1?) of the second element (b), and the second key (k2), for at least every one image to generate encrypted data. An apparatus (16-2, 17-2, 70) for decrypting which decrypts the encrypted data generated by the encryption apparatus is also disclosed.

Abstract: Configuration data for a programmable integrated circuit device is at least partially encrypted according to at least one encryption scheme. A plurality of key stores store a plurality of decryption keys for the at least one encryption scheme. Control circuitry identifies a required key from the at least partially encrypted configuration data and generates a key selection signal. Key selection circuitry responsive to the key selection signal reads the plurality of key stores and provides the required key to the control circuitry. The control circuitry may include decryption circuitry that decrypts the at least partially encrypted configuration data using the required key. In some embodiments, different portions of the configuration data, which may represent separate partial reconfigurations of the device, require different decryption keys. Keys may be generated from combinations of the contents of the key stores.

Abstract: The invention provides a method, apparatus and system for the secure distribution of content such as audiovisual content in a way that prevents users from misusing the content and provides a mechanism for tracking pirated material back to the original location of misappropriation. A security device incorporates encryption methods to insure the broadcast encryption key remains secure. A marking device incorporates, for example, digital watermarking methods that attach to the content information to identify a location of origin of the misappropriation, such as a Set-top Box (STB) and/or smart card.

Abstract: A cipher processing apparatus for arithmetic operations of an FO function and an FL function comprising: an FL function operating unit for generating a 2N-bit output based on a first extension key; a partial function operating unit for generating an N-bit output based on second and third extension keys; an N-bit intermediate register for storing an output of the partial operating unit; a 2N-bit first data register for storing data based on the output of the FL function operating unit; and a controller for making the partial function operating unit perform six cycles, inputting an output of the intermediate register to the FL function operating unit, and storing the data based on the output of the FL function operating unit in the first data register, in a first case in which the FL function uses a result of an arithmetic operation of the FO function.

Abstract: The present invention introduces the Orange family of stream ciphers. The cipher may involve several elements including splitting with jumping, iterated transformations and padding. The construction of the cipher also involves constantly updated bit strings that may be used as multiple keystreams in transformations of various degrees. The cipher permits parameterizing speed, security and consumed memory. A customization of the cipher allows generating practically unlimited number of stream ciphers with different inner structures and IV parameters. The present invention also presents a transformation of the ERINDALE-PLUS hashing function. The transformed ERINDALE-PLUS hashing is capable simultaneously generate a ciphertext and a secure hash value of a message.

Abstract: A cryptographic process (such as the AES cipher) which uses table look up operations (TLUs) is hardened against reverse engineering attacks intended to recover the table contents and thereby the cipher key. This hardening involves removing any one-to-one correspondence between the TLU inputs and outputs, by altering the output of the TLU dynamically, e.g. at each execution (call) of the TLU. This is done by increasing the size of the tables, applying a dynamically determined mask value to the table input and/or output, or using an inverse of the table.

Abstract: An encryption and decryption processing system for achieving SMS4 cryptographic procedure can be provided. The system includes a repeating encryption and decryption data processing device comprising a first constant array storing unit, a first data registering unit and a first data converting unit. The first constant array storing unit stores a first constant array and send it to N-data converting sub-units of the first data converting unit. The first data registering unit registers data, deliver the registered data to a first data converting sub-unit. The N-data converting sub-units perform a data conversion processing, and transmit the obtained conversion data to a next data converting sub-unit for subsequent processing until the data conversion processing processes are completed, a particular number of the completed processed being equal to a value of a data depth.

Abstract: A method, system, and media are provided for securely communicating data. One embodiment of the method includes encrypting a data stream by way of a first algorithm; creating at least two subsets of data from the data stream by extracting one or more data portions from the encrypted data stream, thereby leaving a remaining portion and an extracted portion; communicating the remaining portion to a destination by way of a first communications channel; encrypting the extracted portion utilizing a second algorithm; communicating the encrypted extracted portion to the destination by way of a second communications channel; and providing for recombining the remaining portion and the encrypted extracted portion to facilitate recovery of the encrypted data stream.

Abstract: An encoding/decoding apparatus comprises a central processing unit and an encryption/decryption accelerator coupled to the central processing unit. The accelerator comprises an input for input data to be encrypted/decrypted, an arithmetic logic unit coupled to said input for performing selectable operations on data obtained from said input data and an output for encrypted/decrypted data coupled to said arithmetic logic unit.

Abstract: The present application relates to the field of technology of cloud storage data security, and in particular, relates to a data control method of cloud storage. The method comprises: converting the original data by a preset method into irreversible data blocks to form a physical part of the original data, and storing it in the cloud storage data center; outputting information necessary for data restoration of the process of converting the original data to the physical part, as a logical part of the original data, and storing the logical part of the original data in an original data owner controlled storage media. In this invention, the original data to be stored is converted into the physical part, which is then stored in a cloud storage data center. The logical part of the original data required for restoring the physical part to the original data is controlled by owners of the original data.

Abstract: A message authentication device, a message authentication method, a message authentication program and a storage medium therefor are provided, so as to realize higher speed processing than an authentication mode of existing block cipher, in combination of block cipher and one of its parts, with theoretical security in accordance with a high efficient preliminary process and with an efficient amount of available memory.

Abstract: A method and a circuit for ciphering or deciphering data with a key by using at least one variable stored in a storage element and updated by the successive operations, the variable being masked by at least one first random mask applied before use of the key, then unmasked by at least one second mask applied after use of the key, at least one of the masks being dividable into several portions successively applied to the variable and which, when combined, represent the other mask.

Abstract: There is provided a cryptographic communication apparatus for conducting a key exchange procedure with another cryptographic communication apparatus that shares a password. The apparatus includes a first encryption unit that encrypts information that is based on a first random number using a public key of the another apparatus, a second encryption unit that encrypts the information that is based on the first random number encrypted by the first encryption unit using the password, a third encryption unit that encrypts information that is based on a second random number using the first random number, and transmits a first signal and a second signal to the another apparatus, the first signal including the information that is based on the first random number encrypted by the second encryption unit, and the second signal including information that is based on the second random number encrypted by the third encryption unit.

Abstract: To improve encryption technology for a data processing apparatus in order to reduce a possibility of having communication broken by a third party. The data processing apparatus encrypts subject data and renders it as encrypted data to record it on a predetermined recording medium, and decrypts the encrypted data recorded on the recording medium to change it back to the subject data. The encryption is performed in units of plain text cut data generated by cutting the subject data by a predetermined number of bits, where the number of bits of the plain text cut data is varied and dummy data of a size having the number of bits matching with a piece of the plain text cut data of the largest number of bits is mixed with pieces of the plain text cut data other than that of the largest number of bits out of the plain text cut data.

Abstract: The invention is related to working with variable diffusion functions on a multidimensional diffusion-area (plaintext/ciphertext); every diffusion function run in a cycle times, wherein repeating one certain times on the plaintext to get a ciphertext, and afterward, repeating the other times on the ciphertext to recover the plaintext, is performed in sequence to complete the encryption and the decryption. According to FIG. 1, the system comprises of: inputting a plaintext in encryption or a ciphertext in decryption 100; reading every password segment in order, forward in encryption or backward in decryption 200; and further, converting the plaintext dimensions by the password segment 300; implementing the diffusion function of Point 410, Block 420 or Frame 430, repeated TE times in encryption, TD times in decryption 400; going back to 200 until completing all password segments 500, and outputting the ciphertext in encryption or the plaintext in decryption 600.

Abstract: The present invention relates to a content protection apparatus and method using binding of additional information to an encryption key. The content protection apparatus includes an encryption unit for creating an encryption key required to encrypt data requested by a user terminal and then generating encrypted data in which the data is encrypted. An additional information management unit manages additional information including authority information about the encrypted data. A White-Box Cryptography (WBC) processing unit generates a WBC table required to bind the encryption key corresponding to the encrypted data to the additional information. A bound data generation unit generates bound data in which the encrypted key is bound to the additional information, using a cipher included in the WBC table.

Abstract: Data encryption techniques are presented. According to an embodiment of a method, a cryptographic hash of unencrypted data for data block X?1 is generated, and a hash of an encryption key is generated. An initialization vector for data block X is generated using the cryptographic hash and the hash of the encryption key. Data block X?1 and data block X are logically contiguous and data block X?1 logically precedes data block X. Encryption data for data block X is generated from unencrypted data for data block X using the initialization vector.

Abstract: The pseudorandom number generating system repeatedly performs simple transformation of a non-secure pseudorandom number sequence that may be generated quickly, and thus may quickly generate a highly secure pseudorandom number sequence having a long period. Furthermore, the encryption system and the decryption system do not generate a large encryption function difficult to be deciphered based on a shared key 122, but prepare multiple functions 126, which perform fast, different types of transformation, and select a combination of functions determined based on information of the shared key 122, and make the selected functions transform a text multiple times, thereby encrypt the text. Each of the functions is fast, and thus transformation by the entire combination is also fast. Furthermore, since the combination of functions and repetitive count can be changed, future improvement in specification is easy. Moreover, security is high since which functions are applied in what order is unknown.

Abstract: The invention concerns a method for writing data to a memory device arrangement comprising a first and a second memory device in which the first memory device comprises data blocks numbered with block numbers and the second memory device comprises at least one reference calculated from a data block digest and its physical block number. The invention is characterized in that it comprises the following steps: calculating the digest from at least part of the data block content, receiving at least one physical block number, to which the data block contents in the first memory device is stored, encrypting the data block content, storing the data block content to the first memory device to the position pointed by the physical block number, and storing or issuing a command to save the digest, or a number derived from it, and at least one said physical block number to the second memory device. Also a system, a computer program and server computer in accordance to the invention are presented.

Abstract: A computing device-implemented method and system is provided for obtaining an interim masked substitution table value for a given input component in a cryptographic round, such as an AES cryptographic round, using a substitution table and a self-cancelling mask. A mask with a length equal to an entry in the substitution table is provided, wherein the mask comprises a plurality of mask components of equal length such that a bitwise logical inequality operation such as XOR on the mask components equals zero, and the substitution table is masked with this mask. For each of input component, an interim masked substitution table value is obtained from the substitution table thus masked.

Abstract: This specification describes technologies relating to imparting cryptographic information in network communications.

Abstract: An adaptive security policy based scalable video service apparatus includes a video streaming server, an adaptive security policy server and a terminal. The video streaming server receives a service demand via a network and generates an encrypted streaming data. The adaptive security policy server analyzes a media structure and the service demand, by using a service profile received from the video streaming server, so as to generate a security policy description. The terminal generates and transmits the service demand to the video streaming server or the adaptive security server, obtains the encrypted streaming data from the video streaming server and decrypts the encrypted streaming data for playback, storing and retransmission.

Abstract: A machine-readable medium may have stored thereon an instruction, which when executed by a machine causes the machine to perform a method. The method may include combining a first operand of the instruction and a second operand of the instruction to produce a result. The result may be encrypted using a key in accordance with an Advanced Encryption Standard (AES) algorithm to produce an encrypted result. The method may also include placing the encrypted result in a location of the first operand of the instruction.

Abstract: An information processing system and a method for use therewith, an information processing apparatus and a method for use therewith, and a program which are capable of decrypting desired portions of encrypted data are provided. Of packets 211 through 216 constituting a bit stream of layered-encoded image data 201 according to JPEG 2000, the packets 211 through 213 are each encrypted independently of the packets 214 through 216 which are also encrypted each. This produces encrypted split data 262 with the resolution at level zero (corresponding to R0) and encrypted split data 263 with the resolution at level one (corresponding to R1). The header (ranging from SOC to SOD) of layered-encoded image data 201 is appropriated for a header 261, followed by encrypted split data 262 and 263 and an EOC 264, in that order, the whole data array constituting data 251 that is output as the definitive encrypted data. This invention is particularly applicable to image delivery apparatus.

Abstract: An encryption device encrypts a first block of user data to obtain a first encryption result and encrypts a second block of user data, which follows the first block of user data, to obtain a second encryption result. The encryption device uses the first encryption result for encrypting the second block of user data. An extractor extracts a first portion of the first encryption result, the first portion being smaller than the first encryption result, and a second portion of the second encryption result, the second portion being smaller than the second encryption result. A message formatter combines the first block of user data and the first portion as a signature for the first block to produce a first transmission packet, and combines the second block of user data and the second portion as a signature for the second block to produce a second transmission packet.

Abstract: Data are converted between an unencrypted and an encrypted format according to the Rijndael algorithm, including a plurality of rounds. Each round is comprised of a fixed set of transformations applied to a two-dimensional array, designating states, of rows and columns of bit words. At least a part of the transformations are applied on a transposed version of the state, wherein rows and columns are transposed for the columns and rows, respectively.